Human life is uncertain. We cannot predict what will happen to us or our businesses tomorrow. Anytime natural calamities like fire, hurricanes, floods, landslides, lightning etc can cause serious bad impact and also complete shutdown of businesses. A Disaster Recovery Plan (DRP), (also known as Business Continuity Plan (BCP)) defines the procedures and policies how an organization has to deal with disasters. A Disaster Recovery Plan mainly consists of the precautions which must be followed to minimize the impact of the disaster, and resume the important functions as quickly as possible.
Businesses cannot avoid disasters. Proper Disaster Recovery Planning (DRP) prepares the organization to be always ready for a disaster, minimize the effects of the disaster and rollback to normal state as quickly as possible..
In computing and networking world, disasters can also result from intentional or non-intentional actions of employees. Example – Accidentally delete all important data in a server, bring viruses and malicious software programs that may cause data loss and network outage, fire caused by a cigarette butt, theft and other malicious attacks. Disaster Recovery Plans must also include the precautions against man made disasters. Businesses must be prepared for disasters long before a disaster actually occurs.
In Disaster Recovery/Business Continuity planning, safety of employee’s and other human's life must be of most priority. Basically Disaster Recovery/Business Continuity planning aims at identifying the risks and threats to business operation how to mitigate them. Disaster Recovery/Business Continuity planning must include a detailed analysis of multiple levels of business practices and requirements. As we discussed before, Disaster Recovery/Business Continuity planning, must include how the mitigate natural and man made disasters.
As a network security engineer, you must make sure the following points are addressed well in your organizations Disaster Recovery/Business Continuity plan.
Disaster Contact information: Your organization must have immediate contact phone numbers if a disaster occurs. Disaster contact officials must be available round the clock, 24/7. These numbers must be available to all employees.
Impact Analysis: Proper analysis to determine a disaster impact to business. Analysis must include assets lost analysis and the cost to replace lost assets.
Copies of agreements and property deeds: Organization must have the copies of property deeds and all important agreements with partners at redundant sites. All property deeds and partner agreement originals must be kept in highly secure fire proof/water proof/theft proof environments.
Availability of Data: You have to make sure proper onsite/offsite/cloud backups of critical data is happening regularly. All business transaction data must be backed up in multiple locations. Soft copies of important registers/log books mast have redundant copies at multiple sites.
Backup Hardware, OS, Software Applications and Drivers: Spare hardware, Operating System copies, Applications and Drivers and related drivers stored at multiple locations can make the recovery fast, in case of a natural disaster.
Hardware/Software Compatibility information: Proper tabulated information about the current hardware list, software in use, drivers and other compatibility list must be kept properly.
Server Clustering: Server Clustering technologies are helpful in allowing multiple server nodes to perform transparently acting as a single node to the end user.
Multiple Network Connectivity: If the impact of the disaster is so big chances are that ISP's also can fail. Businesses Continuity plan should also include options for backup network connectivity via different ISPs.
Redundant Uninterruptible Power Supplies: Redundant power supply an important factor. We have to make sure that we have backup power if the main supply is down. Backup Generators are also an option.
Proper Recovery Plan: Proper disaster recovery plan must include estimated time for recovery and complete steps and order of the items to be recovered.
Proper Business Continuity Plan: Business Continuity Plan defines how the business can run the show if a disaster occurs.
Disaster Recovery Drills: Organizations must often conduct Disaster Recovery Drills so that employees should know what to do if a disaster occurs. Disaster Recovery Drills should be planned in step-by-step and must conform to all necessary safety standards.