Tags:





In need of a Disaster Recovery Template
August 12, 2009 11:56 AM   RSS feed for this thread Subscribe

Does anyone have an outline or template for an IT Disaster Recovery Plan?

I have been tasked with creating our disaster recovery plan. The old plan is so old as to be pretty worthless so I am starting from scratch.

Any advice would be helpful.. a template or outline would be extremely helpful.

We know what we are going to do as far as the actual technology goes, so I don't need any help there. The difficulty is in writing the plan and the process itself.
posted by MattScully to technology (9 comments total) 16 users marked this as a favorite
A plan is a list of things that don't happen.

That said, the right format for this if you want it to be useful is as a timeline.

1. Incident Type 1 (server crash)
1a. Notification methods (aka "how we notice")
1b. Within 10 minutes.
1c. First hour
1d. Hour 3-6
...
1m. The Next Day
...
1q Six weeks later
----
2. Incident Type 2 (earthquake takes out data center)
2a. Notification methods
2b. Within 10 minutes.
2c. First hour
2d. Hour 3-6
...
----
18. Incident Type 18 (employee posts all private data on personal blog)
...

And so on. I say this is the useful format because it isn't just to soothe worried executives: it's an actual step by step roadmap to follow when something does happen, which can be very helpful if people are rushing under stress in such a real emergency.

Just follow the steps....
posted by rokusan at 12:02 PM on August 12


UC Berkeley has a Business Continuity Planning Tool which might be of some assistance.
posted by purephase at 12:04 PM on August 12


I'm actually working on updating my department's Business Continuity Plan as well, which has a pretty decent basic template:

- Identify the critical services in order of priority, and give an estimate for how soon they must be back online in order to avoid major damages to operations. Try to also give an estimate for potential impacts of various levels of service interruptions.

- Identify the dependencies of those services - what they impact when they go down, and what they require to come back up.

- Identify the critical personnel, including alternate/non-office contact information, and specify what kind of access they have from home.

- Identify the conditions under which the continuity/disaster plan would be triggered - kind of what rokusan has outlined, but more generic. Something like "If events A and B occur, a disaster is declared".

- Identify the information needed to carry out operations if critical personnel aren't available: where are the contact lists for clients/support? Is there documentation for all the "technical stuff"? What are the data back-up procedures?

- Clarify a communication plan: who tells the clients what, and when? How are employees notified if they need to stay home/pull overtime/go to an alternate? Communication is extremely important in times of crises.

- Create a summary of events that need to occur for service to go back online, again similar to what rokusan has outlined. If day 0 is the day of the server crash/solar flare/sun going supernova, what events should happen on day 0? Should executive level employees should be assembling, deciding on courses of action, and relaying those instructions to employees? Where does that happen? What do those employees then do? Then on day 1, how do you continue communicating with people? Do the abovementioned critical personnel go to an alternate data centre site to continue working?

Pursuant to the above, you could include a listing of the minimum equipment/etc needed for business continuity/recovery, in case the thing that took out your data centre was an earthquake and you need replacement equipment for your employees to keep working. The summary of events should be in point form, and super clear. If something happened now and all eyes are on your CEO to take action, they should be able to look at the summary of events (in table format, for example, with columns specifying tasks, responsible personnel, and timeline) and know exactly what to do when even if that's the first time he's looked at the table. Avoid lingo and corporate-speak as much as possible - that's what's been giving me the most headaches on my project.

I hope that helps a little bit. good luck!
posted by Phire at 12:17 PM on August 12 [2 favorites has favorites]


I found Practical Disaster Recovery Planning by CA XOSoft to be an excellent guide (login required) It outlines your plan sections and has sample templates. I based our DM plan on it.
posted by clarkie666 at 12:21 PM on August 12


Direct link to above from CA Site.
posted by clarkie666 at 12:29 PM on August 12


The SANS Institute has some white papers you might find useful.
posted by jmd82 at 12:41 PM on August 12


i haven't looked at it, but fema has a mitigation planning tool that might at least give you some ideas.
posted by msconduct at 3:38 PM on August 12


Chiming in to agree with jmd82, SANS has published a few papers regarding disaster recovery. Scroll down the page to July 2009.
posted by Lynsey at 10:07 PM on August 12


Thanks to everyone!!! All of this is extremely helpful!
posted by MattScully at 6:19 AM on August 13


« Older How to kill grass on a playgro...   |   Five days in New Zealand, star... Newer »

You are not logged in, either login or create an account to post comments