Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
57 Cards in this Set
- Front
- Back
|
Business Impact Analysis (BIA)
|
Identify and prioritize critical business functions
Determine maximum tolerable downtime (MTD) Assess exposure to outages (local, regional, global) Define recovery objectives |
|
|
Recovery Strategy
|
Implement backup storage strategy (offsite, electronic vaulting, tape rotation)
Recovery site strategies |
|
|
Disaster Recovery Process
|
Response
Personnel Communications Assessment Restoration Provide Training |
|
|
Roles - Senior Management
|
(responsible for just about everything)
Final plan approval Setting the BCP Prioritizing critical business functions Allocating resources Oversight Directing and review results Ensuring maintenance of the plan |
|
|
Roles - Senior Functional management
|
Develop and Test
Identify critical systems |
|
|
Roles - BCP commitee
|
** Must include someone from ALL business units including senior management
Execute the BIA |
|
|
Roles - BCP teams
|
Rescue
Recovery Salvage |
|
|
Rescue
|
employee safety and evacuation
"crashing" the server room BCP team is the responsible party |
|
|
Recovery
|
get the alternate facility up and running
BCP team is the responsible party |
|
|
Salvage
|
The return of operations to the original or permanent facility
BCP team is the responsible party |
|
|
Continuity of operations plan (COOP)
|
Provide procedures and capabilities for essential, (mission critical) system and strategic functions at an alternate site for up to 30 days
|
|
|
Liability
|
Executive held liable under several laws and regulations to ensure BCP and DRP are developed and put into place
|
|
|
BCP order of process
|
Project initiation
Business Impact Analysis Risk Analysis Risk Mitigation - being proactive (preventative) Implementation Testing <---> Maintenance |
|
|
Disaster Recovery Plan
|
Provide detailed procedures to facilitate recovery of capabilities at an alternate site
often IT focused |
|
|
Occupant Emergency Plan (OEP)
|
provide coordinated procedures for minimizing loss of life or injury and protecting property damage
|
|
|
BCP depends most upon what?
|
BIA
|
|
|
RPO - Recovery Point Objective
|
maximum sustainable data loss based on backup schedules and data needs
|
|
|
MTD - Maximum Tolerable Downtime
|
maximum time a business can tolerate the absence of services
|
|
|
RTO - Recovery Time Objective
|
duration of time required to bring critical systems back online (NOT data)
|
|
|
WRT - Work Recovery Time
|
The duration of time needed to recover lost data and to complete manual data that occurred during outage.
Not UP until WRT is completed |
|
|
MTBF
|
Mean time between failures
|
|
|
MTTR
|
Mean time to Repair (Replace)
|
|
|
MOR
|
Minimum Operating requirements
|
|
|
System rating system - Category 1
|
Mission Critical 0-12 hours
|
|
|
System rating system - Category 2
|
Vital 13-24 hours
|
|
|
System rating system - Category 3
|
Important - 1-3 days
|
|
|
System rating system - Category 4`
|
Minor - more than 3 days
|
|
|
Results of the BIA
|
Identified Critical departments and resources
Identified threat and risks Impact company can handle with each risk Outage time that would not be critical Recovery alternatives |
|
|
RACI
|
Responsible
Accountable Consulted Informed |
|
|
# 1 Priority of Disaster Recovery
|
Safety of People
People come first (even before data :-) ) |
|
|
Secondary priority of Disaster Recovery
|
Protect the company as a whole
minimize property damage |
|
|
Phases following a disruption
|
1. Notification/Activation
2. Recovery (Failover) 3. Reconstitution |
|
|
Notification/Activation Phase
|
Notifying recovery personnel
performing an damage assessment |
|
|
Recovery (failover)
|
actions take by the recovery team to restore IT operations at an alternate site or using contingency capabilities
|
|
|
Reconstitution (failback)
|
Outlines actions taken to return the system to normal operating conditions at the original site
|
|
|
Subscription Services
|
Hot, warm and cold sites
|
|
|
Reciprocal Agreement
|
Two different companies agreeing to use each other's site in the event of a disaster at one's site.
Not very common |
|
|
Redundant/Mirrored
|
These sites considered "owned" by the company
|
|
|
Redundant/Mirrored Site
|
Occupancy within 24 hours
Fully redundant in every way Highest cost "owned" by the company |
|
|
Hot Site
|
Occupancy within 24 hours
Fully configured equipment and communication Needs most recent data Higher costs |
|
|
Rolling Hot Site
|
Occupancy within 24 hours
Fully configured equipment and communication but data center operations only ** Mission Critical Only ** High costs |
|
|
Warm site
|
Occupancy within a week
between hot and cold site. Partially configured equipment and does not contain any live data some activation activity needed Medium costs |
|
|
Cold site
|
Occupancy within 30 days
Typically contains basic electrical, hvac No equipment No communication links Lowest cost |
|
|
Disk Shadowing
|
Mirroring technology
|
|
|
Vaulting
|
Backup is batched and batched to offsite facility
daily, weekly,nightly |
|
|
Remote journaling
|
only the transaction log to a remote location
|
|
|
Reconstitution or resumption
|
Getting everything up and running back at the primary site
Salvage team is responsible |
|
|
Rescue Team responsibility
|
get people to safety
|
|
|
Recovery team responsibility
|
prepare offsite facility and move to it
|
|
|
Salvage team responsibility
|
Bring primary site back online
They give the "green light" |
|
|
Returning to primary site
|
bring least critical departments first
|
|
|
DRP Testing
|
at least once a year
(or after a major change including the contingency plan) |
|
|
Checklist test
|
proofreading the plan
functional managers |
|
|
Structure Walk Through (table top) test
|
representatives from each dept go over the plan
|
|
|
Simulation Test
|
go thru a disaster scenario
continues up to the actual relocation |
|
|
Parallel Test
|
systems moved to alternate site and processes
going to disrupt some processes |
|
|
Full-Interruption Test
|
Original site shut down
all processing moved to offsite |
