Incident Response Plan

profilesepola
bd_ch_10_sect_03_06.html
Home>Computer Science homework help>Incident Response Plan

Simple Disaster Recovery Plan

Figure 10-8 shows an example of what may be found in a simple DR plan. The plan has nine major sections, each of which is outlined below. Many organizations—particularly ones with multiple locations and hundreds of employees—would find this plan too simple. Nevertheless, the basic structure provides a solid starting point for any organization.

  1. Name of Company—The first section identifies the department, division, or institution to which this particular plan applies. This identification is especially important in organizations that are large enough to require more than one plan.

  2. Date of Completion or Update of the Plan and the Date of the Most Recent Test.

  3. Staff to Be Called in the Event of a Disaster—This roster should be kept current; it will not help the organization to have a list of employees who are no longer with the company. This section should also identify key support personnel, such as building maintenance supervisors, physical security directors, legal counsel, and the starting points on the alert roster. A copy of the alert roster (also known as the telephone tree) should be attached.

  4. Emergency Services to Be Called (if Needed) in Event of a Disaster—While dialing 911 will certainly bring police, fire, and ambulance services, the organization may have equally pressing needs for emergency teams from the gas, electric, and water companies. This section should also list electricians, plumbers, locksmiths, and software and hardware vendors.

  5. Locations of In-House Emergency Equipment and Supplies—This section should include maps and floor plans with directions to all critical in-house emergency materials, including shut-off switches and valves for gas, electric, and water. Directions to key supplies, including first aid kits, fire extinguishers, flashlights, batteries, and a stash of office supplies, should also be provided. It is a good idea to place a disaster pack on every floor in an unlocked closet or readily accessible location. These items should be inventoried and updated as needed.

  6. Sources of Off-Site Equipment and Supplies—These items include contact sources for mobile phones, dehumidifiers, industrial equipment (such as forklifts and portable generators), and other safety and recovery components.

  7. Salvage Priority List—While the IT director may have just enough time to grab the last on-site backup before darting out the door in the event of a fire, additional materials can most likely be salvaged if recovery efforts permit. In this event, recovery teams should know what has priority. This list should specify whether to recover hard copies or if the effort should be directed toward saving equipment. Similarly, it specifies whether the organization should focus on archival records or recent documents. The plan should include the locations and priorities of all items of value to the organization. When determining priorities, ask questions such as: Are these records archived elsewhere (i.e., off-site), or is this the only copy? Can these records be reproduced if lost, and if so, at what cost? Is the cost of replacement more or less than the cost of the value of the materials? It may be useful to create a simple rating scheme for materials. Data classification labels can be adapted to include DR information. For example, some records may be labeled “Salvage at all costs,” “Salvage if time and resources permit,” or “Do not salvage.”

  8. Disaster Recovery Procedures—This very important section outlines the specific assignments given to key personnel, including the DR team, to be performed in the event of a disaster. If these duties differ by type of disaster, it may be useful to create multiple scenarios, each listing the duties and responsibilities of the parties involved. It is equally important to make sure that all personnel identified in this section have a copy of the DR plan stored where they can easily access it, and that they are familiar with their responsibilities.

  9. Follow-up Assessment—The final section details what is to be accomplished after disaster strikes—specifically, what documentation is required for recovery efforts, including mandatory insurance reports, required photographs, and the AAR format.

Figure 10-8. Example Disaster Recovery Plan Simple Disaster Recovery Plan Simple Disaster Recovery Plan Simple Disaster Recovery Plan Simple Disaster Recovery Plan Listen webReader by ReadSpeaker Open/close toolbar