Since all risks cannot be totally eliminated in practice, the fundamental basis of a Disaster Recovery Plan is that residual risks always remain. Despite the organization's very best efforts to avoid, prevent, or mitigate them, incidents will still occur. Particular situations, combinations of adverse events, or unanticipated threats and vulnerabilities may conspire to bypass or overwhelm even the best information security controls designed to ensure confidentiality, integrity, and availability of information assets.
The Disaster Recovery Team reacts to all major incidents and disasters, formulating flexible plans before the fact and marshaling suitable resources that will come into play in the event, whatever actually occurs. The very word 'contingency' implies that the activities and resources that will be required following major incidents or disasters are contingent (dependent) on the exact nature of the incidents and disasters that actually unfold.
Directions: Prepare a document that specifies the individuals who will comprise the Disaster Recovery Team. This document will become part of the larger developed plan that you will create throughout the term.
In your document, make sure to:
Specify the people or groups of people who will comprise the DR team.
Identify the roles and responsibilities of any individuals or groups on the DR team.
Use proper APA citation where research is required.
At this time, you should have already chosen a Disaster Recovery Plan template that you will use to create a plan for the business or organization you've chosen. If you need to modify your plan, research various Disaster Recovery Plan templates using a search engine like Google or Bing. This research will help you determine what your plan should look like in its final form. Below are two examples of a Disaster Recovery Plan.
Roles and responsibilities
1.1 Background, concepts and key terms
The fundamental basis of Contingency Planning (CP)is that, sinceall risks cannot be totally eliminated in practice,residual risks always remain. Despite the organization’s very best efforts to avoid, prevent or mitigate them, incidents will still occur. Particular situations, combinations of adverse events or unanticipated threats and vulnerabilities may conspire to bypass or overwhelm even the best information security controls designed to ensure confidentiality, integrity and availability of information assets.
In the context of this document, CP is defined as the totality of activities, controls, processes, plans etc. relating to major incidents and disasters. It is the act of preparing for major incidents and disasters, formulating flexible plans and marshaling suitable resources that will come into play in the event, whatever actually eventuates. The very word ‘contingency’ implies that the activities and resources that will be required following major incidents or disasters are contingent (depend) on the exact nature of the incidents and disasters that actually unfold. In this sense, CP involves preparing for the unexpected and planning for the unknown.
The basic purpose of CP is to minimize the adverse consequences or impacts of incidents and disasters.Within the field of CP, a number of more specific terms and activities are distinguished in this document and form the basis of rôles identified below:
• Availability Management and Continuity Planningpractices involve resilience measures designed to keep essential business processes and the supporting IT infrastructure running despite incidents and (limited) disasters:
Business Continuity Planning (BCP) involves measures to ensure, as far as possible, that critical business processes continue to operate satisfactorily despite a wide range of incidents. This includes aspects such as running parallel activities at disparate locations, using deputies and understudies, having alternative suppliersetc.;
IT Continuity Planning (ITCP) involves measures to ensure that, as far as possible, IT systems, networks and associated infrastructure and processes supporting critical business processes remain in operation despite disasters. This includes aspects such as fault tolerant, resilient or high availability system/network designs and configurations, built-in redundancy and automated failover of the supporting IT systems, capacity and performance management etc.
• Recovery and Resumption Planningrelatesto recovering or resuming business and IT operationsfollowing incidentsand disasters, typically from alternative locations, using fallback equipment etc.:
Business Resumption Planning (BRP) involves planning to resume or restore critical and important business processes to something approaching normality following disasters or major incident that overwhelm the resilience capabilities noted above. This includes activities such as relocating employees to alternative office locations, manual fallback processing, temporary relaxation of divisions of responsibility and delegated authorities etc.;
IT Disaster Recovery Planning (IT DRP) involves planning for the recovery of critical IT systems and services in a fallback situation following a disaster that overwhelms the resilience arrangements; examples include manually restoring IT systems and data on alternate/standby equipment from backups or archives, utilizing emergency communications facilities etc.
• Incident and Crisis Managementactivities are focused on managing incident and disaster scenarios “live”, as they occur:
Incident Management (IM) involves activities and processes designed to evaluate and respond to information security-related incidents of all sorts. Most IM activities are routinely exercised in the normal course of business, dealing with all manner of minor incidents. Best practice proactive IM processes incorporate ‘corporate learning’ through continuously updating the processes, systems and controls, and improving resilience and recovery activities in response to actual incidents and disasters plus near misses;
Crisis Management (CM) involvesemergency managementactivitiesassociated with the management of major incidents and crises, primarily relating to health and safety aspects. Key activities in the crisis phase typically inc...