Disaster Recovery Plan

Disaster Recovery
&
Business Continuity
Template
ISO 27000 (17799), Sarbanes-Oxley, HIPAA, PCI DSS and
ITIL Compliant
Prepared by
Park City, UT 84060
email - [email protected]
Web sites – http://www.e-janco.com - http://www.it-toolkits.com -- http://www.itproductivity.org
Version 5.0
© 2008 Copyright Janco Associates, Inc. ALL RIGHTS RESERVED
License Conditions:
This product is NOT FOR RESALE or REDISTRIBUTION in any physical or electronic format. The
purchaser of this template has acquired the rights to use it for a SINGLE Disaster Recovery Plan unless
the user has purchased a multi-use license. Anyone who makes an unlicensed copy of or uses the
template or any derivative of it is in violation of United States and International copyright laws and
subject to fines that are treble damages as determined by the courts. A REWARD of up to 1/3 of those
fines will be paid to anyone reporting such a violation upon the successful prosecution of such
violators.
The purchaser agrees that derivative of this template will contain the following words within the first
five pages of that document. The words are:
Derived from the Disaster Recovery / Business Continuity Template of Janco Associates, Inc.
© 2001 - 2008 Copyright Janco Associates, Inc. – ALL RIGHTS RESERVED
All Rights Reserved. No part of this book may be reproduced by any means without the prior written
permission of the publisher. No reproduction or derivation of this book shall be re-sold or given away
without royalties being paid to the authors. All other publisher’s rights under the copyright laws will
be strictly enforced.
Published by: Janco Associates Inc.

11 Eagle Landing Court
Park City, UT 84060
435 940-9300
e-mail - [email protected]
Publisher cannot in any way guarantee the procedures and approaches presented in this book are being used for the
purposes intended and therefore assumes no responsibility for their proper and correct use.
Printed in the United States of America
ISBN13 (978-1-881218-02-9)
HandiGuide is a registered trademark of Janco Associates, Inc.
Easy use steps:

1. Read this License Conditions
2. Print the first two pages of this template
3. Delete the first two pages.
4. Save As ―your file name‖
5. Edit replace ―ENTERPRISE‖ with your enterprise’s name.
6. Edit replace ―Enterprise logo‖ with your enterprise’s logo
7. Save As ―your filename.v001‖
8. As you modify the plan continue to save the DRP with a name that has an
updated version number.
DISASTER RECOVERY BUSINESS
CONTINUITY PLAN
FOR
Enterprise logo here
© 2001 - 2008 copyright Janco Associates, Inc. – ALL RIGHTS RESERVED

NOT FOR RESALE
Janco Associates, Inc. provides the licensed user of the Disaster Recovery Plan
document the right to use this document for INTERNAL USE ONLY for the enterprise
of this user only. If the licensed user is a consultant or consulting entity, using this
document for a third party (client or customer of the licensed user), a separate
license must be purchased for each client facility and or customer location.
All questions about this via email at [email protected] or by phone at
435-940-9300.
The single user license is for one enterprise for one facility. If this template is used
for more than one facility than either an enterprise version or multiple copies of the
template should be purchased.
Any document that is created using this template must have © 2001-2008
copyright Janco Associates, Inc within the new document. All of this original
material remains the property of Janco Associates, Inc. and the user is granted a
limited use license.
Prepared by:
Park City, UT 84060

[email protected]
Version 5.0
Enterprise logo here Disaster Recovery Business Continuity
Table of Contents1
1.0 Plan Introduction ................................................................................................................. 9
1.1 Mission and Objectives ........................................................................................... 10
Compliance ........................................................................................................ 10
Implication of Legislated and Industry Standards Requirements .....................10
Sarbanes-Oxley ...............................................................................................10
COSO .......................................................................................................13
PCI DSS .......................................................................................................14
ISO 27000 Compliance Process ............................................................................. 15
Define the Control Environment.......................................................................15
Control the Environment by Implementation and Management .......................15
Audit and Examine the Control Processes ......................................................16
1.2 Disaster Recovery / Business Continuity Scope ..................................................... 17
1.3 Authorization ........................................................................................................... 18
1.4 Responsibility ......................................................................................................... 19
1.5 Key Plan Assumptions ............................................................................................ 20
1.6 Disaster Definition................................................................................................... 22
1.7 Metrics .................................................................................................................... 23
1.8 Disaster Recovery / Business Continuity and Security Basics .................................... 25
Servers ........................................................................................................ 25
Network ........................................................................................................ 27
Clients ........................................................................................................ 27
Recovery Procedures ............................................................................................. 27
Communication ....................................................................................................... 28
Designated operators ............................................................................................. 28
Designated manager .............................................................................................. 28
External resources .................................................................................................. 28
Insurance ........................................................................................................ 29
2.0 Business Impact Analysis .................................................................................................. 30
2.1 Scope ..................................................................................................................... 31
2.2 Objectives ............................................................................................................... 32
2.3 Critical Time Frame ................................................................................................ 33
2.4 Application System Impact Statements .................................................................. 34
Essential ........................................................................................................ 34
Delayed ........................................................................................................ 34
Suspended ........................................................................................................ 34
2.5 Information Reporting ............................................................................................. 35
2.6 Best Data Practices ..................................................................................................... 36
2.7 Summary ................................................................................................................ 37
3.0 Backup Strategy ........................................................................................................................ 39
3.01 Site Strategy ........................................................................................................... 40
3.02 Data Capture and Backups..................................................................................... 42
Backup Strategy ..................................................................................................... 43
3.03 Communication Strategy and Policy ....................................................................... 44
DRP / BCP Communication Policy ......................................................................... 45
3.04 ENTERPRISE Data Center Systems ...................................................................... 46
1
Major sections of this document were extracted from Client Server Management HandiGuide, PC Policies and
Procedures HandiGuide, Metric for the Internet and IT Management HandiGuide, and the IT Position Description
HandiGuide which are copyrighted by M. V. Janulaitis and published by Janco Associates, Inc. These copyrighted
materials remain the property of the copyright owners and the licensed user of this document is only granted a limited
use license of this material. For more information see www.e-janco.com
Version 5.0 CONFIDENTIAL Page 2

Backup Files ....................................................................................................46

Storage Rotation..............................................................................................46
ENTERPRISE Data Center ..........................................................................46
Off Site Storage ...........................................................................................46
3.05 Departmental File Servers ...................................................................................... 47
Backup Files ....................................................................................................47
Department ..................................................................................................47
Off Site Storage ...........................................................................................48
3.06 Wireless Network File Servers ................................................................................ 49
Backup Files ....................................................................................................49
Wireless Network File Server Area ..............................................................49
Off Site Storage ...........................................................................................50
3.07 Data at Outsourced Sites (including ISP’s) ............................................................. 51
Backup Files ....................................................................................................51
Outsourced Sites .........................................................................................51
Off Site Storage ...........................................................................................52
3.08 Branch Offices (Remote Offices & Retail Locations) .............................................. 53
Backup Files ....................................................................................................53
Laptop location.............................................................................................54
Off Site Storage ...........................................................................................54
3.09 Desktop Workstations (In Office) ............................................................................ 55
Backup Files ....................................................................................................55
Desktop Workstation location.......................................................................55
Off Site Storage ...........................................................................................56
3.10 Desktop Workstations (Off site including at home users) ....................................... 57
Backup Files ....................................................................................................57
Desktop Workstation location.......................................................................57
Off Site Storage ...........................................................................................58
3.11 Laptops ................................................................................................................... 59
Backup Files ....................................................................................................59
Laptop location.............................................................................................59
Off Site Storage ...........................................................................................60
3.12 PDA’s and Smartphones ........................................................................................ 61
Backup Files ....................................................................................................61
Laptop location.............................................................................................62
Off Site Storage ...........................................................................................62

4.0 Recovery Strategy ............................................................................................................. 63

4.1 Approach ................................................................................................................ 64
4.2 Escalation Plans ..................................................................................................... 65
4.3 Decision Points ....................................................................................................... 66
Plan 1 ........................................................................................................ 66
Plan 2 ........................................................................................................ 68
Plan 3 ........................................................................................................ 69
5.0 Disaster Recovery Organization ........................................................................................ 70
5.1 Recovery Team Organization Chart ....................................................................... 71
5.2 Disaster Recovery Team ........................................................................................ 73
5.3 Recovery Team Responsibilities............................................................................. 74
5.3.1 Recovery Management ................................................................................ 74
Senior Recovery Manager Responsibilities .....................................................75
Pre-Disaster .................................................................................................75
Post-Disaster ...............................................................................................75
Recovery Manager Responsibilities ................................................................76
Pre-Disaster .................................................................................................76
Post-Disaster ...............................................................................................76
5.3.2 Damage Assessment and Salvage Team .................................................... 77
Damage Assessment and Salvage Team Responsibilities ..............................77
Pre-Disaster .................................................................................................77
Post-Disaster ...............................................................................................77
5.3.3 Physical Security.......................................................................................... 79
Pre-Disaster .................................................................................................79
Post-Disaster ...............................................................................................79
5.3.4 Administration .............................................................................................. 80
Pre-Disaster .................................................................................................80
Post-Disaster ...............................................................................................80
5.3.5 Hardware Installation ................................................................................... 82
Pre-Disaster .................................................................................................82
Post-Disaster ...............................................................................................82
5.3.6 Systems, Applications and Network Software .............................................. 83
Pre-Disaster .................................................................................................83
Post-Disaster ...............................................................................................83
5.3.7 Communications .......................................................................................... 84
Pre-Disaster .................................................................................................84
Post-Disaster ...............................................................................................84
5.3.8 Operations ................................................................................................... 85
Pre-Disaster .................................................................................................85
Post-Disaster ...............................................................................................85
6.0 Disaster Recovery Emergency Procedures ....................................................................... 87
6.1 General ................................................................................................................... 89
6.2 Recovery Management........................................................................................... 91
6.3 Damage Assessment and Salvage ......................................................................... 94
6.4 Physical Security .................................................................................................... 98
6.5 Administration ....................................................................................................... 100
6.6 Hardware Installation ............................................................................................ 102
6.7 Systems, Applications & Network Software .......................................................... 104
6.8 Communications ................................................................................................... 107
6.9 Operations ............................................................................................................ 109
7.0 Plan Administration ......................................................................................................... 111
7.1 Disaster Recovery Manager ................................................................................. 112
7.2 Distribution of the Disaster Recovery Plan ........................................................... 113
7.3 Maintenance of the Business Impact Analysis ...................................................... 115
7.4 Training of the Disaster Recovery Team .............................................................. 116
7.5 Testing of the Disaster Recovery Plan.................................................................. 117
7.6 Evaluation of the Disaster Recovery Plan Tests ................................................... 120

7.7 Maintenance of the Disaster Recovery Plan ......................................................... 121

8.0 Appendix ......................................................................................................................... 123
8.01 Plan Distribution.................................................................................................... 125
8.02 ENTERPRISE Sales Offices ................................................................................. 126
8.03 Disaster Recovery Team Call List......................................................................... 127
8.04 Vendor Phone/Address List .................................................................................. 129
8.05 Off-Site Inventory .................................................................................................. 131
8.06 Personnel Location Form ...................................................................................... 132
8.07 Hardware/Software Inventory ............................................................................... 133
8.08 People Interviewed ............................................................................................... 135
8.09 Preventative Measures ......................................................................................... 136
8.10 Sample Application Systems Impact Statement ................................................... 137
8.11 JOB Descriptions .................................................................................................. 138
Disaster Recovery Manager ................................................................................. 139
Position Purpose ...........................................................................................139
Problems and Challenges .............................................................................139
Essential Position Functions ..........................................................................139
Principal Accountabilities ...........................................................................139
Authority .....................................................................................................140
Contacts .....................................................................................................140
Position Requirements ...............................................................................140
Manager Disaster Recovery and Business Continuity .......................................... 141
Position Purpose ...........................................................................................141
Problems and Challenges .............................................................................141
Essential Position Functions ................................................................................. 141
Principal Accountabilities ...........................................................................141
Authority .....................................................................................................142
Contacts .....................................................................................................142
Position Requirements ...............................................................................142
8.12 Application Inventory and Business Impact Analysis Questionnaire ..................... 143
Facility / Business Function / Application ..........................................................145
Sarbanes-Oxley Compliance ............................................................................146
ISO – 27000 Compliance - System of Internal Controls ....................................147
User Environment .............................................................................................148
Operating Environment .....................................................................................150
Criticality of Application .....................................................................................151
Processing Information .....................................................................................153
Application / File Servers ..................................................................................155
Historical Information ........................................................................................156
Database / File Names ......................................................................................157
Documentation ..................................................................................................158
Security .............................................................................................................158
Application Support and Maintenance...............................................................158
Resource Usage ...............................................................................................159
Equipment Requirements by Department ........................................................159
Backups ............................................................................................................160
8.13 Key Customer Notification List .............................................................................. 161
8.14 Resources Required for Business Continuity ....................................................... 162
8.15 Critical Resources to be Retrieved ....................................................................... 163
8.16 Business Continuity Off-Site Materials.................................................................. 165
Off Site Stored Materials ...................................................................................165
Recovery Box ....................................................................................................165

8.17 Work Plan ............................................................................................................. 167

Project Initiation.................................................................................................168
Project Scheduling ............................................................................................169
Business Impact Analysis .................................................................................170
Backup and Recovery Strategy .........................................................................171
Initial Implementation ........................................................................................172
Post Implementation .........................................................................................173
8.18 Audit Disaster Recovery Plan Process ................................................................. 174
Audit Program ...................................................................................................... 175
Audit Program Overview ...................................................................................175
Suggested interviewees for Audit ......................................................................175
Objective #1 - Backup Procedures ....................................................................175
Objective #2 - Off-site Storage Facility ..............................................................175
Objective #3 - Disaster Recovery Plan..............................................................176
8.19 Vendor Disaster Recovery Planning Questionnaire .............................................. 177
Vendor / Partner Information .............................................................................178
DRP and Business Continuity Strategy .............................................................179
Crisis Communication .......................................................................................181
Backup Facilities ...............................................................................................182
Testing ..............................................................................................................184
Testing (cont’d) .................................................................................................185
Prior DRP and BCP Plan Activations ................................................................185
DRP and BCP Support......................................................................................185
8.20 Departmental DRP and BCP Activation Workbook ............................................... 187
QUICK REFERENCE GUIDE ...........................................................................188
Team Alert List ..................................................................................................189
Team Responsibilities .......................................................................................190
Team Leader Responsibilities / Checklist .........................................................190
General ......................................................................................................190
Critical Functions...............................................................................................190
Normal Business Hours Response ...................................................................191
After Normal Business Hours Response ...........................................................192
Primary Location ...............................................................................................193
Alternate Location .............................................................................................193
Team Recovery .................................................................................................194
Business Resumption Plan Copies ............................................................194
Cellular Phone (TBD) .................................................................................194
Team Work Area ........................................................................................194
Notifications ...............................................................................................194
Team Recovery Steps ...............................................................................194
The team leader responsibilities ................................................................194
Departmental Meeting: ..................................................................................194
Personnel Location Form ...........................................................................195
Status Report .............................................................................................195
Travel Arrangements .................................................................................195
Notification ........................................................................................................196
Notification Checklist ..................................................................................196
Notification Procedure .......................................................................................197
Notification Call List...........................................................................................198
Project Status Report ........................................................................................199
Planned Activities for the Period ......................................................... 199
Accomplished Planned Activities ........................................................ 199
Planned Activities Not Accomplished .................................................. 199
Unplanned Activities Performed or Identified ...................................... 199
Planned Activities for the Next Period .................................................200
Cost Data To Date ..............................................................................200
Open Issues and Resolutions .............................................................200
Comments ..........................................................................................200

8.21 Web Site Disaster Recovery Planning Form ......................................................... 202

Backup Site .......................................................................................................203
Software Required to Operate Web Site ...........................................................205
9.0 Version Changes ..................................................................................................................... 206
Version 4.5 to 5.0 – Release date February 21, 2008 ..................................................... 206
Version 4.4 to 4.5 – Release date November 2, 2007 ..................................................... 206
Version 4.3 to 4.4 – Release date September 1, 2007 .................................................... 206
Version 4.2 to 4.3 – Release date July 26, 2007 ............................................................. 206
Version 4.1 to 4.2 – Release date February 1, 2007 ....................................................... 206
Version 4.0 to 4.1 – Release date August 28, 2006 ........................................................ 207
Version 3.1 to 4.0 - Release date March 5, 2006 ............................................................ 207
Version 3.0 to 3.1 - Release date January 2, 2006 ......................................................... 207
License Conditions .......................................................................................................... 209

*** IMPORTANT*********************************************
In order to get support you MUST register your product by going to
http://www.e-janco.com/register.asp
If your product is not registered you will have to pay for support via
a credit card (MasterCard, Visa, or American Express). Please have
your credit card ready prior to calling.
***********************************************************
The DRP/BCP template and thier associated documents are saved
in two formats both Office 2003 and 2007. For example:
1. disaster recovery plan.doc is in WORD 2003 format

2. disaster recovery plan.docx is in WORD 2007 format
3. work plan.xlm is in EXCEL 2003 format
4. work plan.xlsm is in EXCEL 2007 format
Both of these documents are the same but we have provided them in
both for your use. If you have any questions on these documents please
send an email to [email protected] and reference your order
number.
Telephone support can be obtained if you have registered your product

by going to http://www.e-janco.com/register.asp
If you register your product within thirty (30) days of purchase

and follow the instructions provided Janco will send you a coupon for
10% off on your next purchase from any of Janco's direct sites.
These include:
1. http://www.e-janco.com
2. http://www.itproductivity.org
3. http://www.ejobdescription.com
4. http://www.it-toolkits.com
In order to use the some of the Janco excel spread sheets

you need to enable macros. Macros can be enbled
easily by hitting the f1 key (help) and typing in enable macros to
get detail instruction from Microsoft Excel.

1.0 Plan Introduction

ENTERPRISE recognizing their operational dependency on computer systems,
including the Local Area Network (LAN), Database Servers, Internet, Intranet
and e-Mail, and the potential loss of revenue and operational control that may
occur in the event of a disaster; authorized the preparation, implementation and
maintenance of a comprehensive disaster recovery plan.
The intent of a Disaster Recovery Plan is to provide a written and tested plan
directing the computer system recovery process in the event of an interruption in
continuous service resulting from an unplanned and unexpected disaster.
The Disaster Recovery Plan preparation process includes several major steps as
follows:
 Identify Systems and Applications currently in use

 Analyze Business Impact of computer impact and
determination of critical recovery time frames
 Determine Recovery Strategy
 Document Recovery Team Organization
 Document Recovery Team Responsibilities
 Develop and Document Emergency Procedures
 Document Training & Maintenance Procedures
These steps were conducted and this document represents the completed effort in
the preparation of the ENTERPRISE Disaster Recovery Plan.
Derived from the Disaster Recovery Plan Template of Janco Associates.

www.e-janco.com

1.1 Mission and Objectives

The mission of the Disaster Recovery Plan is to establish defined
responsibilities, actions, and procedures to recover the ENTERPRISE
computer, communication, and network environment in the event of an
unexpected and unscheduled interruption. The plan is structured to attain the
following objectives:
 Recover the physical network within the Critical Time Frames2

established and accepted by the user community
 Recover the applications within the Critical Time Frames
established and accepted by the user community
 Minimize the impact on the business with respect to dollar
losses and operational interference
Compliance
Implication of Legislated and Industry Standards Requirements
There3 are a number of legally mandated and standards mandated

issues that need to be covered in the Disaster Recovery / Business
Continuity Planning Process.
In addition to the Security & Exchange Commission (SEC)

requirements of Sarbanes-Oxley, there are PCI DSS requirements
issued by credit card companies, security requirements of HIPAA,
and individual state requirements (California and New York) that
needed to be considered in the plan.
Sarbanes-Oxley
With the rise of both financial (Sarbanes- Oxley for SEC – US

Security and Exchange Commission) and industry ITIL (Version 3
of the Information Technology Infrastructure Enterprise) standards
2
Critical time frames include both the point in time that the recovery will be set to and the point in time
that the recovery will be completed and the enterprise can be back in operation.
3
This section is for informational purposes and can be excluded from the plan.

specific additional requirements have been added to the Disaster

Recovery / Business Continuity processes.
Sarbanes-Oxley Section 404 is an important aspect of managing a

company’s overall risk, including its continuation as a going
concern, is its ability to effectively address business continuity and
disaster recovery, particularly with respect to those business
processes that are critical to the successful achievement of the
company’s business objectives. A company’s processes, systems,
and controls must make available all material information needed
for fair presentation and disclosure in its SEC reports, including
the update of accounting estimates with current and reliable
information. On a more strategic scale, an organization’s business
continuity methodology and approach must be agreed to by
management as the foundation for mitigating financial and
reputation risk posed by business interruption.
The ability of a company to continue as a going concern is not a

new concept under SOX. This "assumption of a going concern" is
addressed annually by management and the external auditors and is
not changed or impacted by SOX. If the auditors were able to
report on prior-year financial statements without giving
consideration to business continuity planning (BCP), they in effect
agreed with management that last year the "going concern
assumption" was met given the state of BCP in place at that time.
As always, business situations can change and new plans could be
required: however, if "things were fine" last year, SOX alone only
should apply as discussed below.
A company should have a responsive business continuity plan,

including an IT disaster recovery plan, addressing the findings
from a Business Impact Analysis (BIA). The purpose of the BIA is
to identify recovery objectives for critical business processes and
IT assets, as well as continuity-related risks to which the
organization may be vulnerable. Once an adequate BIA is
completed, the company can evaluate whether changes are needed
in its business continuity and disaster recovery plans. These plans
must be kept up to date and periodically tested to maintain their
adequacy in providing reasonable assurance the company can
fulfill its obligations to shareholders and under SOX.

In addition to the required quarterly certifications under SOX

Section 302, the CFO and CEO are required by Section 404 to
issue an annual report on the effectiveness of internal controls over
financial reporting. Their ability as certifying officers to provide
the required representations in public reports would be affected if
there were inadequate BCP processes that could lead to periods of
time during the year when data and controls could not be relied
upon to produce timely, accurate, and complete financial reports as
required by the SEC.

COSO
The Committee of Sponsoring Organizations of the Treadway

Commission (COSO) Assertions relating to business continuity,
influencing the outcome of the SOX evaluation process, primarily
relate to Completeness and Accuracy, as well as Presentation and
Disclosure. The question is whether the company maintains the
ability to meet its obligations to file timely reports in accordance
with established deadlines.
The key financial reporting processes which are often affected by

business continuity issues include:
 Capturing, authorizing and processing transactions;

 Processing cut-offs;
 Ability to develop disclosure data;
 Consolidation;
 Fair-value information pricing; and
 Trading position and current market exposures.
The timeliness of reporting could also affect other processes such

as the month-end close process. A company’s financial system that
supports the outputs of the close-the-books process could be
affected, causing filing delays or certification of potentially
inaccurate or incomplete information.

PCI DSS
PCI Standard requires that any enterprise that processes credit card
information must do the following:
 Build and Maintain a Secure Network
o Install and maintain a firewall configuration to protect
cardholder data
o Do not use vendor-supplied defaults for system
passwords and other security parameters
 Protect Cardholder Data
o Protect stored cardholder data
o Encrypt transmission of cardholder data across open, public
networks
 Maintain a Vulnerability Management Program
o Use and regularly update anti-virus software
o Develop and maintain secure systems and applications
 Implement Strong Access Control Measures
o Restrict access to cardholder data by business need-
to-know
o Assign a unique ID to each person with computer
access
o Restrict physical access to cardholder data
 Regularly Monitor and Test Networks
o Track and monitor all access to network resources
and cardholder data
o Regularly test security systems and processes
 Maintain an Information Security Policy
o Maintain a policy that addresses information
security

ISO 27000 Compliance Process
Define the Control Environment
Today’s4 business environment is characterized by mounting pressure to

comply with a growing variety of laws and regulations concerning IT
standards and controls. To create a pathway to compliance for your
organization requires having a clear understanding of your current control
environment and a solid plan for creating policies that promote
compliance.
This DRP/BCP template helps ENTERPRISE to:
 Understand your business requirements, outline control

objectives, and perform IT risk assessments as they relate to
the DRP/BC process;
 Analyze the IT control environment to identify gaps between

internal policies and external requirements;
 Create, disseminate, and document policies using a risk-based

approach, track user acceptance, and manage exceptions and
waiver requests; and
 Translate imprecise regulatory mandates into actionable IT

policies through an effective control framework.
Control the Environment by Implementation and Management
The enterprise DRP/BC team needs to establish controls that can be easily
managed and monitored in order to assess compliance and remediate any
problems.
A key strategy for reducing the risk and cost associated with implementing
controls as they are associated with the DRP/BCP is to define policies and
procedures that support the compliance process. By minimizing costly and
error-prone un-defined process, you can eliminate the fragmentation and
duplication of effort and transform your controls environment into a
proactive risk management system.
4
This section is for informational purposes and can be excluded from the plan.

 Implement controls, policies, procedures and document

operational management process to meet policy and business
requirements;
 Assess controls compliance for all major operating systems and

identify and remediate deviations to proactively sustain the
control environment; and
 Maintain a secure control environment, assess security threats,

and receive early warning to take proactive countermeasures.
Audit and Examine the Control Processes
Lastly, the enterprise needs to analyze the effectiveness of controls,

optimize them when required, and demonstrate due diligence to both
internal and external constituencies.
A key challenge organizations face in today’s compliance environment is

how to tie all the tools and information together to provide a universal
view of compliance—across all relevant regulations and a common set of
actionable IT controls.
 Audit and examine the control environment on a continuing

basis;
 Author and publish reports to measure the effectiveness of

security controls in meeting a variety of standards and
regulations and demonstrate due care of compliance;
 Map control information to specific policies in order to provide

recommendations for improvements to the control
environment; and
 Collect, integrate, and retain trend analyses and evidentiary

information from disparate control mechanisms for audits and
documentation requests.

1.2 Disaster Recovery / Business Continuity Scope

The scope of the plan is to recover computer information services provided by
the ENTERPRISE data center and networks located at ___________________
_________________________. The LAN network encompasses the
following:
 General business applications, such as word-processing,

spreadsheet and database applications
 e-Mail
 File servers supporting all business operations
 Gateway to the host applications and other sites
 WEB / e-commerce processing
 Wireless Networks
 Non-ENTERPRISE infrastructure including power grids,
telephone switching centers, microwave towers, and cell and
wireless transmission sites within a ten (10) mile radius of the
facility

1.3 Authorization
The management of ENTERPRISE recognizes the need for a Disaster
Recovery Plan for all operations directly or indirectly dependent on data
processing. The Chief Information Officer for ENTERPRISE has authorized
the development and ongoing maintenance of this plan.
The Disaster Recovery Plan and Process have been reviewed by the executive
management of ENTERPRISE and necessary changes in the ―BY-LAWS‖
and or ―CHARTER‖ of ENTERPRISE has been approved by Board of
Directors, Stockholders or other legal entities as required.

1.4 Responsibility
Responsibility for the development and maintenance of the plan is assumed by
the Information Technology group. Specific responsibility for ensuring the
plan is maintained and tested rests with the ENTERPRISE DRP Support
Group. In consideration of this responsibility, the end user community is
responsible to coordinate with the Project Manager for their information
technology requirements.

1.5 Key Plan Assumptions

The following assumptions have been established as the basis for the
development of the Disaster Recovery Plan:
 The plan is designed to recover from the "worst case"

destruction of the ENTERPRISE operating environment. The
worst case includes any non-data processing function that may
be in close proximity to the data center or workstations.
 The ―worst-case‖ destruction assumes the loss of the total
facility, supporting infrastructures (power grids, telephone
switching centers, microwave towers, and cell and wireless
transmission sites within a ten (10) mile radius of the facility),
and key personnel on the DRP team due to injury and or death.
In that case the plan should be documented to the extent that an
employee (or contractor if so authorized) can assume the key
management role in the execution of the DRP.
 Although the plan is designed for worst case, inherent in the
plan strategy is the ability to recover up to the most minor
interruption, which is perhaps a more likely situation.
 The plan is based upon a sufficient number of center staff not
being incapacitated to implement and affect recovery.
Therefore, the level of detail of the plan is written to a staff
experienced in the ENTERPRISE’s computer services.
Development, testing and implementation of new technologies
and applications are suspended so that all resources are
available to recover existing critical production processing.
 Off-site inventory and equipment acquired through vendors is
considered the only resource with which to recover computer
processing. Items at the original site are not expected to be
salvageable and used for recovery. This includes items stored
in any on-site security location.
 An alternate site (backup computer facility) in which to
establish recovery of computer processing is necessary. Time
frame requirements to recover computer processing are
significantly less than estimated times to repair/reconstruct a
data center on an emergency basis.

 The computer facilities of the alternative site are not within the
scope of this plan and are assumed not to be impacted by any
disaster that may interrupt computer operations at
ENTERPRISE offices.

1.6 Disaster Definition

The Damage Assessment Team is charged with assessing the damage to the
data center and reporting to the Management Team. The objective is to report
the assessment of damage within four hours of the interruption.
The Management Team makes a decision whether to stay and repair the
damage, or move computer operations to the off-site recovery location.
Therefore, the definition of a disaster is:
 A disaster is any interruption to the computer operation

that prompts a decision to go to the off-site recovery
location.
 Interruptions can include the loss of infrastructures that

are not the property of ENTERPRISE but ones that
ENTERPRISE depends on. This can include: power
grids, telephone switching centers, microwave towers,
and cell and wireless transmission sites within a ten
(10) mile radius of the facility.

1.7 Metrics
Preparation for Disaster Recovery / Business Continuity in light of SOX,

HIPAA, and ISO 27000 (formerly 17799) is a must for enterprises of all sizes.
The first concern is putting systems in place to protect financial and other data
required to meet the reporting regulations and to archive the data to meet
future requests for clarification of those reports. The second is to document
all these procedures so that in the event of a SOX audit, the auditors clearly
see that the DR plan exists and will appropriately protect the data.
Questions asked are: where will your management team be when disaster
strikes? They could be anywhere --at work -- on vacation-- or in the car. How
will you find each other? Will you know if your employees are safe?
Disaster can strike quickly and without warning. It can force you to evacuate
your offices or confine you to your home. What would you do if basic
services -- water, gas, electricity or telephones -- were cut off? Local officials
and relief workers will be on the scene after a disaster, but they cannot reach
everyone right away.
Enterprises can - and do - cope with disaster by preparing in advance and

working together as a team.
Metrics provide the mechanism by which you can measure the success of your
disaster recovery and business continuity process.
Metrics for disaster recovery and business continuity are somewhat different
from those used to measure other functions, because they are a combination of
project status and test runs of infrastructure.
Metrics include:
1. Frequency of reports from the disaster recovery and business

continuity group to senior management.
2. Percentage of the enterprises employees represented on

the recovery team that are involved in disaster recovery and business
continuity processes.
3. Number and frequency of tests and audits to verify implementation of

the disaster recovery and business continuity and the scope of
the reports on gaps and risks.

4. Frequency of review and updated processes that includes the

deployment of new solutions.
5. Timelines and success of the disaster recovery and business continuity

handling, effectiveness, and impact on the business (after a disaster
occurs).

1.8 Disaster Recovery / Business Continuity and Security

Basics
In the Disaster Recovery / Business Continuity Plan that follows, details of
this section are expanded to the meet the needs of ENTERPRISE. There is a
focus not only on disaster recovery and business continuity, but also on
security. The Disaster Recovery / Business Continuity Plan define both
preventive measures and remedies in the following areas:
Servers
Room - The server room should be secured. Methods to do this
include biometric locks, combination locks, and reinforced doors
with a deadbolt at last 1.5 inches long. If the room has windows,
they should be barred. The room should have both fire/heat
detection and water detection sensors which set off a local alarm
and send a signal to an off-premises monitoring facility. The
server room should have fire extinguishers suitable for electrical
fires. A fire suppression system is also suggested.
Heat - In the server room, ENTERPRISE should augment its

building air conditioning with a room-size air conditioner that
kicks-in when its thermostat shows the temperature in the room has
risen above a specified level, typically 68 degrees. A thermostat
with an alarm should be placed inside any cabinet that has a
cooling fan. When a fan fails and the temperature rises, an alarm
should be triggered.
Water – There should be no water pipes in the ceiling or walls.

The server(s) and associated peripheral equipment should be rack-
mounted so that up to six inches of standing water will not affect
the equipment.
Power - A UPS (uninterruptible power supply) should be used to

protect all servers against surges, spikes, brownouts, and blackouts.
The UPS should have a rating which is it least twice the total KVA
requirements of the devices they protect. The UPS should provide
power long enough for an orderly shutdown of all servers. In
addition, a back-up diesel generator should be available to provide
power it there is an extended power outage. Sufficient diesel fuel
should be available to operate the generator for at least 72 hours.

Database server – A firewall (software and hardware) should be

in place to protect that database5. This firewall is in addition to
any network firewalls. The firewall, such as a proxy-server6
between the database and the Web server, would provide an
additional layer of security protection. The disaster recovery plan
needs to ensure that this level of security is maintained in any
remote recovery site that is included in the plan.
Backup - Each server and database should be configured with a

logging device. Each evening the logging media should be
removed and stored away from the server room and a new media
mounted for server and database backup. Overnight, the content of
the disk drives should be written to another media (typically tape7).
The next morning, the backup media should be removed and stored
away from the server room and new media mounted for logging
that day's transactions. Other considerations include
 ENTERPRISE may choose to do a backup only once a

week. If so, all of the logging tapes for the week should
be saved so that they and the previous week's backup
tape can be used to restore the files. The logging tapes
and the previous week's backup tape should be stored
away from the server room. In a large facility than may
be at the opposite end of the building, but for smaller
facilities it should be off-site.
 At least once per week, a current backup media should

be sent to an off-site storage facility to protect against
the loss of the on-site backup media.
 RAID (Reduced Array of Inexpensive Disks) should be

used for all mission critical data. RAID technology
mirrors everything written to one disk on another disk.
If a disk fails, the mirroring disk provides access to the
information without resorting to the rebuilding of files
from the combination of backup and logging tapes.
5
The database server should be available only to enterprise staff in the enterprise and the vendor of the
automated enterprise system. It should not be available to others via the Internet or by dial-up.
6
A proxy server shields the database server from direct access by initiating a separate inquiry, rather than
passing the external inquiry through to the database server.
7
In the case of tape, it can become unstable with repeated use; therefore, seven logging tapes--one for each
day of the week--should be used. Seven backup tapes should also be used. All of the tapes should be
replaced at least every year.

Network
Network hardware should be secured in locked data
communications closets or cabinets. All data jacks should be
capable of being de-activated when no enterprise equipment is
connected to them. The practice of distributing a large number of
data jacks around a building for use with laptops should be avoided
unless these jacks are on a separate LAN segment that can be
isolated from the database server of the automated enterprise
system.
For the wireless LAN, access should be limited to that segment of

ENTERPRISE’s LAN, one that can be isolated from the database
servers.
A network firewall should be installed. The firewall can be

configured not only to restrict access to specific categories of users
or specific types of queries, but can also be configured to facilitate
access to enterprise-selected resources.
Clients
Laptop and desktop computers are the most vulnerable technology
in ENTERPRISE. Viruses are the greatest threat. Anti-virus
software is essential. Products from companies such as McAfee
and Norton detect computer virus signatures and alert the user to
them before they enter the client. Anti-virus software should be
updated at least weekly by downloading the latest version.
Almost all viruses travel via e-mail attachments or diskettes. Staff

should, be instructed not to open an attachment if the source of the
e-mail is not known or the attachment is not expected. Staff
should be instructed not to bring software from home for loading
on enterprise machines, nor to carry USB media and other forms of
electronic storage back and forth between home and work
machines.
Recovery Procedures
It is important to state in the disaster plan not only what recovery
procedures are to be followed if a disaster occurs, but also who has
what responsibility. Who calls whom and what information should
they be prepared to give? Who performs the needed diagnostics?
Who restores the files? What are the instructions for packing and
shipping the corrupted files?

Communication
It should be assumed that regular telephone service would NOT be
available. Key personnel should have cell phones for use when
regular telephone service fails or is overloaded. The ―charged‖
and ―activated‖ cell phone in the server room should be stored in a
wall-hung watertight cabinet on the wall adjacent to the entrance
door. The instructions for dealing with a computer/network
disaster should be stored in the same cabinet. All important
telephone numbers should be stored in each cell phone.
Designated operators
There should be a server operator on duty at all times. This may
be a member of the help desk's support staff- the staff which
usually is in the facility whenever ENTERPRISE is open for
business or staff use. The designated person would perform the
end-of-day swap of the logging and backup tapes as part of his/her
routine duties.
The designated operator on duty at the time of a disaster should

have instructions to call the support desks for the business and IT
operations that are affected.
Each designated operator should participate in an occasional

disaster drill that simulates an actual disaster that affects one or
more servers.
Designated manager
An operator may encounter a situation that overwhelms him/her.
There should always be a designated manager in the enterprise or
available by telephone 24 hours per day, seven days per week.
While there may rarely be a need to decide about evacuation of the
enterprise or another major action, the plan and processes to do so
must be in place.
External resources
Key vendors are an important resource in diagnosing problems that
result from a disaster. When drawing the contract, make it clear
that vendor(s) shall be liable not only for the performance of their
product, but they shall have the ability to conduct remote
diagnostics. If coverage has not been purchased for 24 hours a day
and seven days a week, there should be provision for emergency

support at agreed upon hourly rates outside the normal coverage

hours.
Many vendors operate service bureaus for firms that do not wish to
maintain their own computer systems. ENTERPRISE should
discuss the terms for its vendor to offer its service bureau as a
backup facility should the enterprise not be able to restore its own
system within a day or so. This will involve establishing a basic
profile and maintaining a relatively recent copy of the
ENTERPRISE's database at the vendor's site.
Sources of support for all other servers should be identified and

their telephone numbers encoded in the server room's telephone
and in the cell phone that have been provided for backup.
One or more data recovery firms should be identified. These firms

recover data from hard drives, diskettes, or any other storage
medium that has been damaged by flood, fire, physical impact, or a
virus.
Insurance
ENTERPRISE should carry insurance that includes coverage for
its servers, network, and clients. In order to make claims, it is
essential to have an absolutely current inventory of all hardware
and software, including purchase data and price. A copy of this
information should be stored at a remote site.
In case of damage that is visible, photographs should be taken

promptly after the disaster to substantiate an insurance claim.

2.0 Business Impact Analysis

A Business Impact Analysis was conducted to ascertain the impact of a disaster
on the operations of each operating unit within ENTERPRISE. The Business
Impact Analysis drives the Disaster Recovery Plan by identifying and
substantiating those applications and systems with the greatest impact on the
business in the event of a disaster.
In turn, this provides for the determination of the most cost effective recovery
time-period for each system and application. Recovery times are established and
accepted by the user community.

2.1 Scope
The scope of the Business Impact Analysis is the ENTERPRISE operating
departments supported by data center facilities located at ____________
______________________________. This network encompasses the
following information technology services:
 General business applications, such as word-processing,
spreadsheet and database applications
 e-Mail
 File servers supporting all business operations
 Gateway to the host applications and other sites
 WEB / e-commerce processing
 Wireless Networks
 Non-ENTERPRISE infrastructure including power grids,
telephone switching centers, microwave towers, and cell and
wireless transmission sites within a ten (10) mile radius of the
facility
To determine the maximum time frame allowable, the following

ENTERPRISE operating departments were interviewed (See Appendix -
People Interviewed):
 Information Technology
 Sales
 Marketing
 Credit
 Finance
 Human Resources
 Manufacturing
 Distribution
 Customer Service
 Accounting
 Investor Relations

2.2 Objectives
The Business Impact Analysis is completed to determine the Critical Time
Frame in which the application system capabilities and functionality must be
available after an interruption in service to minimize the operational loss of
control and potential loss of revenue. In addition, the Business Impact
Analysis assists in identifying alternative manual procedures which may be
used during an interruption in service. Therefore, the objectives of the
Business Impact Analysis are:
 Educate user on the need for a disaster recovery plan

 Identify the Critical Time Frames for each application by user
 Identify alternative manual procedures which may temporarily
minimize impact due to an interruption in computer service
 Identify the shortest Critical Time Frame for each application

2.3 Critical Time Frame

The purpose of the Business Impact Analysis is to determine the maximum
time frame that each ENTERPRISE operating department can be without the
functionality of the system without incurring material operational interference
in the event of a disaster. This time frame will be referred to as the Critical
Time Frame.
The Critical Time Frame is defined in business days as the elapsed time
between the points of the interruption up to the point where the system must
be functional.
Recovery procedures in the plan are staged around the most critical
application which has the shortest Critical Time Frame to the application with
the longest Critical Time Frame. According to the Business Impact Analysis
the application with the shortest Critical Time Frame is the
___________________ and the longest is the _____________________.
Although each system may have a different time frame, the plan as a whole
carries the time frame on the application with the shortest. Therefore, the plan
as a whole has a _____ day Critical Time Frame.

2.4 Application System Impact Statements

The result of the interviews with the ENTERPRISE operating departments is a
narrative of the effect of a system outage or interruption assuming a worst
case scenario. There is a narrative for each utilized application by operational
department located in _______________________________. The narrative
indicates the operational department’s dependency on computer support and
indicates the Critical Time Frame that the operational department can be
without the applications functionality.
Application System Impact Statements, the output of the Business Impact

Analysis8, are used to classify each application into the categories of essential,
delayed or suspended.
Essential
An application is considered ―essential‖ if its loss would affect
ENTERPRISE’s ability to remain solvent through financial loss or impart
a serious loss of operational control.
Delayed
An application is classified as ―delayed‖ when the function can survive
without computer processing support for a period of time. Resumption of
computer processing begins only when resources are available in excess of
the requirements for the essential category; however, the passage of time
can escalate the criticality of the application.
Suspended
Some business functions may have computer support "suspended" or
discontinued indefinitely. Resumption of processing begins again when
full computer capability is restored. Typically, the passage of time does
not cause the escalation of the criticality of suspended systems; however,
they may be processed using any available resources when the
requirements of the essential and delayed systems are satisfied.
8
The ―Application Inventory and Business Impact Analysis Questionnaire‖ (see Appendix for sample
forms) should be filled for each business function prior to the completion of this section of the Disaster
Recovery Plan.

2.5 Information Reporting

ENTERPRISE operates in an environment that depends on information. In
the event of a disaster, it will be necessary to assure the ―as of date‖ for all
data as well as which data is included.
NOTE: THIS IS JUST A SAMPLE AND MUST BE

UPDATED FOR YOUR COMPANY
Item Metric Key User(s) Importance

Sales Status Units and Volumes  Executive Management 1
 Sales 1
Inventory On Hand Balances  Distribution 2
 Sales 5
 Customer Service 6
Customer Data A/R Balances  Credit 4
 Sales 5
Liquid Assets Treasury Balances  CFO 2
Supplier A/P Balances  CFO 4
Importance = Critical 1 / Necessary 5 / Can wait 9

2.6 Best Data Practices

The Disaster Recovery Business continuity process must consider all data that
is required to resume and maintain the operations of the enterprise. In order to
comply with Sarbanes-Oxley, the DRP/BC plan needs to take into
consideration the best data practices the enterprise follows.
The best practices followed for data destruction are:

 Data is destroyed on a consistent basis based on the data retention
policy of the enterprise.
 All data has a defined destruction plan which includes what data, when
it is to be destroyed, why the data is to be deleted, who is responsible
for performing the destruction, and how this impacts the Disaster
Recovery – Business Continuity Plan.
 Validation that all copies of data are destroyed.
 Wiping all data from ―retired‖ equipment and systems.
 Validation testing to ensure that data that is destroyed is completely
gone.
The best practices followed for data retention are:
 Inventory and categorize all data
 Understand all laws and regulations that affect the enterprise and keep
all data for the period mandated.
 Validate that the Disaster Recovery – Business Continuity Plan
includes all data is covered it.
 Once any investigation begins immediately retain all data that could be
needed and ensure that the data destruction process does not destroy
any such data.
 Inform and educated all employees, contractors, vendors, and
outsource providers on the data retention polices, procedures, and
practices of the enterprise.
 Do not create data that could generate an adverse impact on the
enterprise such as e-mails that are not accurate or place the enterprise
in a bad light.

2.7 Summary
A summary of the Application System Impact Statements9, outlining the
period of time before an application’s loss becomes critical and classifying
each application as essential, delayed or suspended, is as follows:
NOTE: THIS IS JUST A SAMPLE AND MUST BE UPDATED

FOR YOUR COMPANY
Business Impact Analysis Matrix
1-2 3-5 6-10 11-14 Two

Application Days Days Days Days Weeks + Category
Gen. Business Apps. MN MD CT Delayed

cc:Mail MN MN MN MN MD Suspended
SQL server MD CT Essential
Mainframe Gateway MD CT Essential
ADP Payroll Access CT Essential
MN = Minimum Impact
MD = Moderate Impact
CT = Critical Impact
9
Recovery Plan.

The Business Impact Analysis dictates a phased recovery strategy as follows:
Application Critical Time Frame

ADP Payroll Access 2 Days
Access to Mainframe 5 Days
SQL Server 5 Days
LAN (5 workstations) 7 Days
cc:Mail 14 Days

3.0 Backup Strategy

With ENTERPRISE data stored at remote ISP10 , personal desktops, laptops, and
PDA11 in addition to file servers and legacy mainframe processing centers a
strategy for backing widely scattered information. Based on the size of the
operation and the need for recovery of the data the following backup strategy
should be implemented. Strategies for each are discussed in the sections that
follow for:
 Communication Strategy and Policy

 ENTERPRISE Data Center Systems
 Departmental File Servers
 Wireless Network File Servers
 Data at Outsourced Sites (including ISP’s)
 Desktop Workstations (In Office)
 Desktop Workstations (Off site including at home users)
 Laptops
 PDA’s
10
Internet Service Providers and other ―outsourced‖ service providers.
11
Personal Digital Assistants

3.01 Site Strategy

Most organizations have more than one recovery site strategy in place, since
different business processes have different cost factors and service-level
requirements. For example, for data center operations with large capital
investments in hardware required for a secondary site, a shared-cost
commercial hot-site service provider may be the most effective option. In
contrast, provisioning of client-side alternate workspace may be more
economically and effectively provisioned internally. Recovery time objectives
(―How quickly do I need to be back online?‖) and data currency objectives
(―How much data can the enterprise afford to lose?‖) will often place
restrictions on recovery site options (see Chart 1).

Site Strategy Recovery Comments

Time
Commercial 24 to 48 Often the most cost effective strategy for data center recovery strategies. This
Hot Site hours is a market dominated by SunGard and IBM Global Services. Clear contract
terms need to be .defined which meets the enterprise service objectives.
Consideration should be made for disasters which impact entire regions such
as hurricanes and earthquakes.
Mobile Data Center / 24 to 48 Pre-configured mobile resources for data center or client workspace recovery.
Office Space hours This approach avoids employee travel issues but has limitations on equipment
availability and outbound bandwidth if very small aperture satellite terminal
(VSAT) links must be used for communications. Businesses also typically
assume that they can be placed in the parking lot of the affected site, so if the
disaster profile includes events such as hurricanes, floods or toxic spills, these
solutions may not be appropriate.
Internal Hot Site 1 to 12 This is typically the most expensive option since there is an added cost for
hours internal provisioning of the necessary excess capacity. If costs can be shared
among multiple facilities within the enterprise, internal provisioning can be
cost competitive with commercial alternatives. In light of legislation such as
Sarbanes –Oxley and the need for protection of sensitive information this is
often the best solution.
Organizations with strict data currency needs and aggressive recovery-time

objectives have found internal hot-site strategies to be the only viable option.
If no appropriate secondary space is available within existing property, hosting
and ―co-location‖ facilities providers offer managed raised-floor space at very
attractive rates as an alternative to building out secondary sites.
Cold Site 72 plus "Environmentally appropriate" space can be either provisioned internally or
hours contracted from a commercial facilities service provider. Cold-site strategies
are usually based on "quick-ship" delivery agreements to allow server, storage,
and communications hardware and network service providers to quickly build
out the data center and/or client workspace infrastructure.
In the case of an extensive disaster such as a hurricane or earthquake this

option is less favorable
Reciprocal Site 12 to 48 This is typically a formal agreement between two trusted, non-competing
hours partners in different industries in which each provides secure sites for the
other. This option is the least favorable and has the greatest risk associated
with it.

3.02 Data Capture and Backups

There are three major degrees of data capture, which translate to three main
types of backups.
 A full backup contains every single piece of data every time,

regardless of whether or not a file or folder has been modified. Full
backups take a long time to execute and require a lot of storage space.
However, there's never any doubt about getting a wholly accurate
restore. In addition, that restore can be done in one fell swoop. Since
everything's included, there's no picking and choosing involved.
 An incremental backup copies only files that have changed since the
most recent backup, be it a full backup or a prior incremental.
 A differential backup copies only files that have changed since the
original full backup.
Most strategies start with periodic full backups, and then add more
frequent incremental or differential backups to minimize storage
requirements, as both require less space than a full backup. If a restore is
necessary, the full backup is added first, with data filled in from the
subsequent incremental or differential backups.
While incremental and differential backups save space, they can generate
inaccuracies upon restore. Due to the nature of the data snapshots taken in
these types of backups, files can be restored in multiple versions and/or
multiple locations, even after they were purposely deleted. This can
necessitate a manual clean-up that adds to the overall restore time.

Backup Strategy
Backups can be accomplished locally, centrally or both. There
are advantages and disadvantages to each. The table below
lists some of the advantages and disadvantages of each.
Disaster Recovery
Advantage Disadvantage
Backup Alternatives
 Backup quicker  More hardware required
 Minimal bandwidth usage  More staff required
Local Backup  Quicker restore in minor  Security risks increased
recovery situation  Riskier restore in a major
recovery situation.
 Hardware requirement less  More bandwidth required
 Less staff required  Backup takes longer to
Central Backup  Less training complete
 Quicker restore in a major  Restore takes longer in
recovery situation. minor recovery situation
 Security risks lower
 Recovery time eased  More hardware required
Coordinated Local  Enterprise risks reduced  More staff required
and Central Backup  Easier to coordinate DRP  More training required
and Business Continuity  More bandwidth required
Plans

3.03 Communication Strategy and Policy

Without an communication strategy effective in place, disruptions to
enterprise operations or services can cause substantial financial loss,
unnecessary personal or property damage, and serious impacts to
communities. Disaster Recovery and Business Continuity planning are
enhanced by means of wireless solutions.
After a disaster, landlines are often out. The only workable solutions often are
cellular, satellite, and Wifi. These need to be incorporated in the preparation
for catastrophic events, power outages, weather-related incidents, and similar
threats. That requires forward-looking procedures, a responsive
communication network, and a framework of supporting technology.
Including an effective mobile BCP strategy includes establishing best

practices to make sure the solution is:
 Designed to minimize potential revenue loss and brand damage
 Reliable and easy to use
 Secure and confidential
 Capable of communicating promptly to stakeholders during crisis
 Engineered for efficient usage of battery, processing, and network
resources
 Designed to protect employees and other corporate assets
 Compliant with regulatory mandates and reporting requirements
By incorporating mobility into a DRP / BCP plan, organizations can generate

alerts promptly, access procedures readily, and ensure a quicker response to
unfolding events. Ten years ago, organizations typically dealt with
emergency procedures by creating a binder of protocols and procedures and
making it available to staff members. Most workers, however, did not have
access to this vital information when they most needed it. Organizations
required a more convenient and effective DRP / BCP system that would
enable them to respond to incidents more efficiently.
Improvements in wireless networks, devices and applications over the last

decade now make it possible to distribute information that was previously
contained in a hard-copy emergency binder across the organization. Mobile
devices and mobility application can deliver access to crisis information at
any time, from any location.

DRP / BCP Communication Policy

ENTERPRISE responsibility for electronic communication resources
when the DRP / BCP have been activated resides with the Disaster
Recovery / Business Continuity Manger. He must approve all installations
of access points used for the effected locations.
Equipment and users must follow general communications policies:
 Electronic communication after the DRP / BCP is activated are

subject to the same rules and policies that govern other electronic
communications services at ENTERPRISE
 Abuse or interference with other activities is a violation of
acceptable use
 Interference or disruption of other authorized communications or
unauthorized interception of other traffic is a violation of policy
 Only hardware and software approved by ENTERPRISE shall be
used for electronic communication after the plan is activated so as
to minimize interface issues
 Facility Managers are responsible for the installation of electronic
communication access points (i.e. portable cell towers) within
ENTERPRISE facilities used following Disaster Recovery /
Business Continuity Manger recommendations.
 No installations must interfere with existing installations and
cooperation must be awarded to ensure baseline levels of
connection service quality.
 Installation of antennas must comply with all federal and state
regulations for antennas.
 The installation of access points and bridging devices must be
consistent with health, building, and fire codes.

3.04 ENTERPRISE Data Center Systems

All data that is at the ENTERPRISE data centers should have copies made
weekly (monthly / quarterly /annual) of all master files and software necessary
to restore and access the data for normal operations. Daily (weekly / monthly
/ quarterly / annual) transactions files copies should made.
Backup Files
At least two copies should be made of all master and transaction files.
One copy should remain at the data center under approved security
procedures. One copy should be moved to an offsite storage facility. That
facility should be secure and at least 20 miles from the data center.
System and application software necessary to access that data should also
be stored along with any changes made to either. The ―Change Control
System‖12 is integrated with the Disaster Recovery Plan and is the trigger
for creating new backup files of system and application software.
Storage Rotation
ENTERPRISE Data Center

At least one copy of several generations of master files,
transaction files, operation system software (including
patches), and application system software should be in a
secure location at the data center. On a quarterly (monthly
/ semiannual / annual) basis these files should be tested for
their viability as vehicles to restore the data center systems.
Off Site Storage
secure location at the offsite storage facility. On a
quarterly (monthly / semiannual / annual) basis these files
should be tested for their viability as vehicles to restore the
data center systems.
12
The change control system is the set of procedures and processes that are followed as system and
application programs are altered by ENTERPRISE.

3.05 Departmental File Servers

All data that resides on a departmental file servers should have copies made
Backup Files
At least three copies should be made of all master and transaction files.
One copy should remain in a secure area of the department under
approved security procedures. One copy should be retained at
ENTERPRISE data center under approved security procedures. One copy
should be moved to an offsite storage facility. That facility should be
secure and at least 20 miles from the data center. System and application
software necessary to access that data should also be stored along with any
changes made to either. The ―Change Control System‖13 is integrated
with the Disaster Recovery Plan and is the trigger for creating new backup
files of system and application software.
Storage Rotation
Department
secure location in the department. On a quarterly (monthly
their viability as vehicles to restore the department file
servers.
their viability as vehicles to restore the department file
servers.
13

Off Site Storage

department file servers.

3.06 Wireless Network File Servers

All data that resides on a wireless network file servers should have copies
made weekly (monthly / quarterly /annual) of all master files and software
necessary to restore and access the data for normal operations. Daily (weekly
/ monthly / quarterly / annual) transactions files copies should made.
Backup Files
One copy should remain in a secure area of the wireless server area under
approved security procedures. One copy should be moved to the
Storage Rotation
Wireless Network File Server Area

secure location in the department. On a quarterly (monthly
their viability as vehicles to restore the wireless network
file servers.
their viability as vehicles to restore the wireless network
file servers.
14

Off Site Storage

wireless network file servers.

3.07 Data at Outsourced Sites (including ISP’s)

All data that resides at outsourced sites should have copies made weekly
(monthly / quarterly /annual) of all master files and software necessary to
restore and access the data for normal operations. Daily (weekly / monthly /
quarterly / annual) transactions files copies should made.
Backup Files
One copy should remain in a secure area of the outsourced site under
approved security procedures. One copy should be moved to the
Storage Rotation
Outsourced Sites
secure location at the outsourced site. On a quarterly
(monthly / semiannual / annual) basis these files should be
tested for their viability as vehicles to restore outsourced
site(s)16.
their viability as vehicles to restore the outsourced site(s).
15
application programs are altered by COMPANY.
16
This test should be conducted at a site other than the outsourced site at least annually. That test should
insure the ability to create all of the systems that run on the outsourced service provider at another site if
the outsourced service provider ceases to function.

Off Site Storage

outsourced site(s).

3.08 Branch Offices (Remote Offices & Retail Locations)

Branch Offices (remote offices and retail locations) present unique challenges
for data protection. Backup solutions must protect all computers at the remote
site, must enable quick restores of data, and must provide a strategy for long-
term offsite storage of backups to protect against disasters. Because remote
offices have limited IT resources and personnel, the solutions must also be
easy to set up and use.
At small remote offices, data resides primarily on desktops and laptops, which
can contain up to 80% of a ENTERPRISE’s business-critical data. These
computers can be difficult to backup at scheduled times. Desktops might be
turned off when employees leave for the evening. Laptops are often
disconnected from the network when employees go home or travel on
business. Backups are made more difficult because small offices have very
limited IT resources to administer backup operations.
All unique data that resides in branch offices should have copies made weekly
Backup Files
At least three copies should be made of all unique master and transaction
files that reside on Branch Office devices. One copy should remain in a
secure area of the close to the Branch Office under approved security
procedures. One copy should be moved to the ENTERPRISE data center
under approved security procedures. If the application is critical, one copy
secure and at least 20 miles from the Branch Office. System and
application software necessary to access that data should also be stored
along with any changes made to either. The ―Change Control System‖17 is
integrated with the Disaster Recovery Plan and is the trigger for creating
new backup files of system and application software.
17

Storage Rotation
Laptop location
At least one copy of several generations of unique master
files, transaction files, operation system software (including
secure location near the Branch Office. On a quarterly
(monthly / semiannual / annual) basis these files should be
tested for their viability as vehicles to restore the Branch
Office devices18.
their viability as vehicles to restore the Branch Office
devices.
Off Site Storage
If critical, at least one copy of several generations of unique
master files, transaction files, operation system software
(including patches), and application system software should
be in a secure location at the offsite storage facility. On a
Branch Office devices.
18
This test should be conducted on all devices in the Branch Office at least annually. That test should
insure the ability to create all of the systems that run in the Branch Office if the facility ceases to exist
(function).

3.09 Desktop Workstations (In Office)

All data that resides desktop workstations should have copies made weekly
Backup Files
One copy should remain in a secure area of the close to the desktop
workstation under approved security procedures. One copy should be
moved to the ENTERPRISE data center under approved security
procedures. If the application is critical, one copy should be moved to an
offsite storage facility. That facility should be secure and at least 20 miles
from the data center. System and application software necessary to access
that data should also be stored along with any changes made to either.
The ―Change Control System‖19 is integrated with the Disaster Recovery
Plan and is the trigger for creating new backup files of system and
application software.
Storage Rotation
Desktop Workstation location

secure location near the desktop workstation. On a
should be tested for their viability as vehicles to restore
desktop workstation(s)20.
19
20
This test should be conducted on a workstation other than the workstation at least annually. That test
should insure the ability to create all of the systems that run on the desktop workstation on another desktop
if the desktop workstation ceases to function.

their viability as vehicles to restore the desktop

workstation(s).
Off Site Storage
If critical, at least one copy of several generations of master
desktop workstation(s).

3.10 Desktop Workstations (Off site including at home

users)
All data that resides desktop workstations should have copies made weekly
Backup Files
One copy should remain in a secure area of the close to the desktop
workstation under approved security procedures. One copy should be
off site storage facility. That facility should be secure and at least 20
miles from the data center. System and application software necessary to
access that data should also be stored along with any changes made to
either. The ―Change Control System‖21 is integrated with the Disaster
Recovery Plan and is the trigger for creating new backup files of system
and application software.
Storage Rotation
Desktop Workstation location

secure location near the desktop workstation. On a
desktop workstation(s)22.
21
22
This test should be conducted on a workstation other than the workstation at least annually. That test
should insure the ability to create all of the systems that run on the desktop workstation on another desktop
if the desktop workstation ceases to function.


their viability as vehicles to restore the desktop
workstation(s).
Off Site Storage
desktop workstation(s).

3.11 Laptops
All data that resides laptops should have copies made weekly (monthly /
quarterly /annual) of all master files and software necessary to restore and
access the data for normal operations. Daily (weekly / monthly / quarterly /
annual) transactions files copies should made.
Backup Files
One copy should remain in a secure area of the close to the laptop user’s
primary location under approved security procedures. One copy should be
offsite storage facility. That facility should be secure and at least 20 miles
from the data center. System and application software necessary to access
that data should also be stored along with any changes made to either.
The ―Change Control System‖23 is integrated with the Disaster Recovery
Plan and is the trigger for creating new backup files of system and
application software.
Storage Rotation
Laptop location
secure location near the laptop user’s primary location. On
a quarterly (monthly / semiannual / annual) basis these files
laptop(s)24.
23
24
This test should be conducted laptop other than the laptop at least annually. That test should insure the
ability to create all of the systems that run on the laptop on another laptop if the laptop ceases to function.


their viability as vehicles to restore the laptop(s).
Off Site Storage
laptop(s).

3.12 PDA’s and Smartphones

During the recovery period of a Disaster, PDA’s25 and Smartphones26 man be
the only source of quick information retrieval. However, the longer the
recovery takes the greater the likely-hood that information and data that
resides in the recovered information and the PDA’ and Smartphones s will no
longer be in synchronization.
All unique data that resides PDA’s and Smartphones should have copies made
Backup Files
At least three copies should be made of all unique master and transaction
files that reside on PDA’s and Smartphones. One copy should remain in a
secure area of the close to the PDA’s and Smartphones user’s primary
location under approved security procedures. One copy should be moved
to the ENTERPRISE data center under approved security procedures. If
the application is critical, one copy should be moved to an offsite storage
facility. That facility should be secure and at least 20 miles from the data
center. System and application software necessary to access that data
should also be stored along with any changes made to either. The
―Change Control System‖27 is integrated with the Disaster Recovery Plan
and is the trigger for creating new backup files of system and application
software.
25
PDA and Smartphones are referred to as PDA’s in this document.
26
By providing ENTERPRISE employees with convenient mobile access to email, business applications,
customer information and critical corporate data, businesses have become more productive, streamlined
business processes and enabled better decision making. This in turn has created a new set of issues that
need to be addressed in the DR / BC planning process because:
 Smartphones and handhelds are more easily lost or stolen than laptop or desktop computers.
 Users often treat smartphones and handhelds as personal devices and must be trained to consider
the security risks when they use these devices to access corporate data and networks.
 Because smartphones and handhelds frequently connect wirelessly, robust wireless security
becomes essential.
27

Storage Rotation
Laptop location
secure location near the PDA’s and Smartphones user’s
primary location. On a quarterly (monthly / semiannual /
annual) basis these files should be tested for their viability
as vehicles to restore the PDA(s)28 and Smartphones.
their viability as vehicles to restore the PDA(s) and
Smartphones.
Off Site Storage
If critical, at least one copy of several generations of unique
master files, transaction files, operation system software
(including patches), and application system software should
be in a secure location at the offsite storage facility. On a
PDA(s) and Smartphones.
28
This test should be conducted for PDAs and other than the PDAs at least annually. That test should
insure the ability to create all of the systems that run on the PDA on another PDA if the PDA ceases to
function.

4.0 Recovery Strategy

The Recovery Strategy developed is based upon the results of the Business Impact
Analysis, including the Critical Time Frames and available alternative manual
procedures in the event of an extended computer outage. The Recovery Strategy
will be discussed in three sections as follows:
 Approach
 Escalation Plans
 Decision Points

4.1 Approach
The Critical Time Frame is the basis for selecting an alternate site in the worst
case scenario. Information Technology recommended the ________________
_______________________________________. This alternative site
provides immediate access to the mainframe and technical facilities to assist
in the recovery process. The key contact and address of the alternate site (the
alternative site must be at least ten (10) miles from the site and within a
different power grid, telephone switching centers, microwave towers, and cell
and wireless transmission sites within a ten (10) mile radius of the facility) is:
Contact Phone Number
Name
Address Line
City, State ZIP
Phone (999) 999-1212
Cell (999)-999-1212
The decision to utilize the alternative site is dependent upon two factors:
1) The length of the anticipated outage and
2) The portion of the business cycle ENTERPRISE is in at the time of
the outage.
Therefore, based upon these two factors, three escalation plans have been
devised to drive the recovery process.

4.2 Escalation Plans

Since not all interruptions are expected to be worst case, a concise method of
communicating the estimated outage time frame is established. The principal
reason for these plans is based on an understanding with some users that
interim procedures can be used while the system is out-of-service. The user
needs to know as soon as possible what the estimated outage period is so that
interim procedures can be implemented if necessary.
The escalation plans below have been developed based on the time frames
depicted on the Business Impact Analysis matrix.
Plan 1: 1-3 days estimated outage - recovery will proceed at

ENTERPRISE offices.
Plan 2: 4 -7 days outage - recovery location will vary depending on

business cycle interruption point. The Senior Recovery
Manager will determine recovery site based upon damage
assessment and current business cycle.
Plan 3: 8 days or longer estimated outage - recovery will commence at

the alternative site.
Emergency notification procedures are contained in section 5.0 of this plan.

When these procedures are activated, escalation plan 1, 2 or 3 is use to notify
the ENTERPRISE as a whole.

4.3 Decision Points
NOTE: THIS IS JUST A SAMPLE AND MUST BE UPDATED

FOR YOUR COMPANY
Plan 1
Where the damage assessment indicates recovery is possible in 72

hours or less, the Management Team shall coordinate the recovery
of the ENTERPRISE system on location.
Other than Payroll processing, a three day interruption in service

will create minimal financial and operational impact. Payroll has
indicated a 48 hour Critical Time Frame (CTF) if the interruption
occurs in the period just preceding the Wednesday ADP payroll
cutoff. This 48 hour CTF is to allow sufficient time for input of
payroll information and payroll release through the electronic PC
dial-up modem connection to ADP. Payroll information is input
over the four days just preceding the Wednesday 3:00 PM release
point.
In the worst case scenario where the ADP access is disabled just
prior to the Payroll release or input of the payroll information, the
recovery strategy for payroll processing is as follows:
 This function would immediately relocate to an

available PC with similar capabilities. There are
several existing PC workstations located at
ENTERPRISE which can temporarily be
configured to accommodate this function.
OR
 ADP will accept a verbal release of the payroll

in the event of a disaster. The password used
for the electronic connection with ADP will
serve as verification on a verbal request.

Therefore, for purposes of this Disaster Recovery Plan, payroll

processing will be treated external and independent from the LAN.
The coordination of the relocation and configuration of an existing
alternative PC workstation is the responsibility of the
Administration Team with technical support provided by the
Systems, Applications and Network Team in the event of a
disaster.

Plan 2
Where the damage assessment indicates recovery is possible within

4 to 7 business days, the Management Team shall coordinate with
ENTERPRISE department and division heads on the decision as to
the recovery location.
During this outage time period, minimal financial and operational

impact to the operating divisions within ENTERPRISE is
anticipated. However, two applications; the SQL server; and
access to the mainframe may require recovery within 5 business
days, depending upon the existing business cycle at the time of the
outage. An ambitious recovery of a limited LAN environment
containing 5 workstations at the alternative site is estimated to take
3-4 business days. Depending upon the business cycle, extent of
damage to the existing LAN, equipment, network and
communications availability; recovery within seven business days
at the existing data center may prove to be the optimal solution.

Plan 3
Where the damage assessment indicates recovery will take a

minimum of eight or more business days at the present data center,
the Management Team shall place the Recovery Team in full
mobilization in executing a move to the alternative site to establish
a temporary data center.
During an outage of greater than 7 days, several ENTERPRISE

operating departments will experience a significant loss in
operational control, potential loss of revenue, and/or an increase in
expenditures. In this case credit cards, cell phones and checks
should be available to all key team members so they will be able to
execute their roles.
If the alternative site is selected, the recovery strategy is to

immediately install 5 terminals to provide access to the mainframe.
This is a temporary short term solution to provide immediate
access to the mainframe during the recovery of the system. The
installation of the terminals directly connected to the Host system
is estimated to take 8 hours. After installation of the terminals,
attention is then focused on the recovery of 5 PC workstations
connected to the LAN server. The Business Impact Analysis
indicates that in five of the six operational departments
interviewed, one workstation would allow sufficient access on the
LAN environment to continue operations with minimum
inconvenience for at least one month. If the outage is anticipated
to extend beyond one month, additional workstations attached to
the LAN would be required. In the sixth operating department
(Information Technology), no PC workstations attached to the
LAN would be immediately required. All development would be
discontinued. Production control would continue through dial-up
capabilities to the Mainframe using laptops or terminals with direct
access at the alternative site.

5.0 Disaster Recovery Organization

The effectiveness and operability of the Disaster Recovery Plan is dependent on
the knowledge and expertise of the personnel who develop and execute the plan.
It is essential to determine which talents are required and to assign personnel who
meet those requirements.
A recovery from a disaster is best conducted by teams of personnel that are

formed to perform specific functions (e.g., hardware acquisition, hardware
installation, operations). The number and types of teams are dictated by the size
and type of computer processing capabilities and facility the plan is being
developed to recover.
The organization of the staff to recover the system is designed for the worst case
situation. The worst case, requiring a move to the alternative site, must be
executed by a coordinated team to minimize the operational impacts to end-users,
senior management and ENTERPRISE as a whole.
The Disaster Recovery Team Organization, therefore, is set up to accomplish:
 Expeditious and efficient recovery of computer processing;

 Intermediate and minor impact/expenditure decisions within
the Information Technology personnel during the recovery
process;
 Major impact/expenditure decisions at the management level;
and
 Streamline reporting of recovery progress from recovery teams
upward to senior management and end-users.

5.1 Recovery Team Organization Chart
Senior Recovery
Manager
Recovery
Manager
Systems,
Damage Physical Administration Hardware Application & Communications Operations
Assessment & Security Installation Network Software
Security


5.2 Disaster Recovery Team

The members of the Disaster Recovery Team will be assigned by Executive
management. They shall be reviewed at least once every three (3) months.
Each will be issued a ENTERPRISE cell phone / pager and credit card.
During the recover there will be the need to make purchases of
equipment, services, and supplies. These will have to be accomplished
without the aid of the formal Purchase Order Process. Each team
member will have the authorization to purchase up to $10,000 without
a secondary signature (this can be done via a ENTERPRISE credit
card). If a purchase is between $10,001 and $50,000 the approval of
two team members will be required. If more than $50,001 is to be
spent two team members plus an officer (Vice President or above) will
have to approve the purchase. The approval can be verbal; if it is
verbal it should be documented as soon as possible

5.3 Recovery Team Responsibilities
5.3.1 Recovery Management

The Recovery Management is responsible for managing the
recovery effort as a whole, ensuring restoration occurs within
planned Critical Time Frames and assists in resolving problems
requiring management action. The Recovery Management
Team consists of the Senior Recovery Manager and the
Recovery Manager. The team is activated at the call of the
Senior Recovery Manager when a disaster occurs. All other
recovery teams report directly to the Recovery Management
Team. Specifically, the Recovery Management Team is
charged with:

Senior Recovery Manager Responsibilities
Pre-Disaster
 Approves the final Disaster Recovery Plan
 Ensures the Disaster Recovery Plan is maintained
 Ensures Disaster Recovery training is conducted
 Authorizes periodic Disaster Recovery Plan testing
Post-Disaster
 Declares that a disaster has occurred and the Disaster
Recovery Plan is activated
 Determines the plan strategy to be implemented (i.e.: Plan
1, 2 or 3)
 Determines alternate team members (if any) and other
support members of the recovery process
 Authorizes travel and housing arrangements for team
members
 Authorizes expenditures in excess of $5,000
 Manages and monitors the overall recovery process
 Advises Senior ENTERPRISE and user management on the
status of the disaster recovery efforts
 Coordinates media and press releases

Recovery Manager Responsibilities
Pre-Disaster
 Maintains and updates the plan as scheduled
 Distributes Disaster Recovery Plan to recovery team
members
 Appoints recovery team members and alternates as required
 Coordinate the testing of the plan
 Trains disaster recovery team members in regard to the
Plan
Post-Disaster
 Assists in assessing extent of damage to ENTERPRISE
facilities and ability to provide data processing service to
the organization
 Provides the initial notification of disaster declaration to
recovery team
 Coordinates all recovery teams
 Notifies alternative site of pending activation
 Notifies systems, application and network software teams
to request off-site system backups, manuals, equipment and
documentation
 Notifies administration team to make necessary travel or
hotel accommodations for designated recovery team
members
 Authorizes purchases and required disbursements
 Reports to senior recovery manager the status of recovery
effort

5.3.2 Damage Assessment and Salvage Team

Responsible for the damage assessment of the LAN and LAN
facilities as quickly as possible following a disaster and reports the
level of damage to the Disaster Management Team. The teams
oversees salvage operations required to cleanup and repair the
LAN data center and reestablishes the LAN data center in the
reconstituted or a new site. Specifically, the Damage Assessment
and Salvage Team are responsible for:
Damage Assessment and Salvage Team Responsibilities
Pre-Disaster
 Understands the role and responsibilities within the
Disaster Recovery Plan
 Works closely with recovery management team to reduce
possibility for disaster in the data center (See Preventative
Measures in Appendix)
 Trains employees in emergency preparedness
 Participates in Disaster Recovery Plan tests as required
Post-Disaster
 Determines accessibility to building and ENTERPRISE’s
offices
 Assesses the extent of the damage to ENTERPRISE’s LAN
and data center
 Assesses the need for physical security, such as security
guards
 Estimates time to recover based upon damage assessment
 Identifies salvageable hardware and communication
equipment
 Apprises the senior management team on the extent of
damage, estimated recovery time, physical security
requirements, and salvageable equipment
 Maintains a log of salvageable hardware and equipment

 Coordinates with vendors and suppliers in restoring,

repairing or replacing salvageable computer and
network hardware and ancillary equipment
 Provides support in the cleanup of the data center
following the disaster

5.3.3 Physical Security

The Physical Security Team provides personnel identification and
access limitations to the building and floors and acts as liaison with
emergency personnel. This is crucial during the time of a disaster
because of the uncommonly large number of vendors, contractors
and other visitors requiring access to the offices.
Pre-Disaster
 Works closely with recovery management team to ensure
physical security of existing system, LAN and facilities
 Becomes familiar with emergency phone numbers
Post-Disaster
 Cordons off data center to restrict unauthorized access
 Coordinates with Building Management for authorized
personnel access
 Provides security guards as required
 Acts as liaison with emergency personnel, such as fire and
police departments
 Schedules security for transportation of files, reports and
equipment
 Provides assistance in any official or insurance
investigation of the damaged site

5.3.4 Administration
The Disaster Recovery Administration team is responsible for
providing secretarial, filing, procurement, travel and housing, off-
site storage and other administrative matters not performed by
other team members. Included is limited authority to provide
funds for emergency expenditures other than for capital equipment
and salaries.
Pre-Disaster
 Ensures sufficient comprehensive and business interruption
insurance is maintained
 Ensures sufficient emergency funds will be available
during recovery process
 Assesses the needs for alternative means of communication
if telephones service and network service is unavailable
Post-Disaster
 Prepares, coordinates and obtains appropriate approval for
all procurement requests
 Coordinates deliveries of all procurement requests
 Processes requests for payment of all invoices relating to
recovery process
 Arranges for travel and lodging as required by recovery
team
 Provides for acquisition of telephone equipment and
services, including voice, dial-up data and leased lines
 Provides for alternative means of communication between
recovery team members in the event regular telephone
service and network service is unavailable
 Arranges for temporary secretarial, filing, and other
administrative services required by the recovery
team

 Documents everything necessary for necessary

local, state and federal agencies.
 Documents and maintains records of all inventories
of equipment and supplies, expenses incurred for
services and any other expenses that can or may be
filed with ENTERPRISE’s insurance carrier.

5.3.5 Hardware Installation

The Hardware Team is responsible for site preparation, physical planning,
and installation of data processing equipment to meet the required
processing capacity of ENTERPRISE in the event of a disaster. This
includes responsibility for ordering and installing hardware for both the
alternative site and the permanent site.
Pre-Disaster
 Work closely with recovery management team to reduce
possibility for disaster in data center (See Preventative
Measures in Appendix)
 Maintains current system and LAN configuration in off-site
storage
Post-Disaster
 Verifies with the alternative site pending occupancy
requirements
 Inspects the alternative site for physical space requirements
 Interfaces with software, communications and operations
team members on space configuration of alternative site
 Coordinates transportation of salvageable equipment to
alternative site
 Notifies administration team of equipment required
 Ensures the installation of ___ temporary terminals
connected to alternative site mainframe
 Prepares plans for hardware installation at the alternative
site
 Installs hardware at the alternative site
 Plans and coordinates the transportation and installation of
hardware at the permanent site, when available

5.3.6 Systems, Applications and Network Software

The Systems, Applications and Network Software Team are
responsible for the installation and configuration of all systems,
application29 and network software on the LAN.
Pre-Disaster
physical security of existing LAN and facilities
Post-Disaster
 Arranges for delivery of off-site storage containers
 Receives delivery of off-site storage containers
 Restores operating system, applications and network
software from backup media
 Tests and verifies the operating system, applications and
network software are up and operational
 Modifies LAN configuration to meet alternative site
configuration
 Returns backup media in storage containers to off-site
storage
29
Recovery Plan.

5.3.7 Communications
The Communications Team is responsible for establishing voice
and data links to the alternative site. This includes connecting
local and remote users to the alternate site.
Pre-Disaster
 Maintains current communication and network
configuration in off-site storage
Post-Disaster
 Coordinates with damage assessment and salvage team in
the assessment of communications and network equipment
viability
 Retrieves communications configuration from off-site
storage
 Plans, coordinates and installs communication and network
equipment at alternative site
 Plans, coordinates and installs communication and network
cabling at alternative site

5.3.8 Operations
The Operations Team is responsible for operating the production
systems at the backup data center and for assisting the other
recovery teams in establishing operations at the backup site.
Pre-Disaster
 Ensures backups are completed as scheduled
 Ensures backups are sent to off-site storage as scheduled
Post-Disaster
 Assist hardware, software and communications team
members as required
 Schedules new pickup point with off-site storage
 Initializes new tapes and portable electronic/magnetic
media as needed in the recovery process
 Conducts the backups at the off-site location
 Ensures backup tapes, electronic and magnetic media are
sent secondary to the off-site storage facility
 Sets up and operates a sign-in, sign-out procedure for all
materials sent to and from the alternative site
 Checks floor configuration of alternative site after disaster
to assist hardware, software and communications team
members
 Monitors security of the alternative site and the LAN
network
 Coordinates transfer of equipment, furniture and personnel,
as necessary to the alternative site


6.0 Disaster Recovery Emergency Procedures

The primary purpose of a Disaster Recovery Plan is to establish written
emergency procedures which the Recovery Team can follow to expedite the
recovery process. The procedures are in a structured step by step format. This
format, during conditions of a disaster results in minimal confusion thereby
expediting the recovery process. These procedures are dynamic in that as
business requirements and environments change so will the emergency
procedures. It is imperative each Team Member fully understands his/her role
and responsibilities during a disaster and that the emergency procedures are tested
on a recurring basis (see Plan Administration).
The emergency procedures have been structured to provide the individual
recovery steps required and serve as a log of the recovery process. Following
each step is a place to initial and indicate the date and time the step was
completed.
The objectives of the emergency procedures are to:
 Minimize injury to personnel
 Minimize damage to equipment and facilities
 Achieve a report of injury to personnel and damage assessment
within four hours of the interruption
 Recover the system and LAN capabilities and functionality
within the Critical Time Frames specified earlier
As the first objective indicates, the safety of every ENTERPRISE employee in the
event of an emergency is of top priority. In an emergency situation where your
life is threatened or you are in danger of physical harm, immediately leave the
facility. Never place yourself in a dangerous situation or take unnecessary risks.

The emergency procedures to be discussed are follows:
 General
 Recovery Management
 Damage Assessment and Salvage
 Physical Security
 Administration
 Hardware Installation
 Systems, Applications, Network Software
 Communications
 Operations

6.1 General
Mission: To report a potential or actual disaster so appropriate
action can be taken to minimize injury to ENTERPRISE
personnel and damage to facilities and equipment.
IN A LIFE THREATENING SITUATION - STOP HERE

IMMEDIATELY LEAVE THE FACILITY
1) To report an emergency situation dial 9 (to obtain an outside

line) and then 911. Report the type of emergency and your
name and address.
ENTERPRISE office address is:

________________________
________________________
 Initials: __________ Date: __________ Time: __________
2) Immediately notify the Office Manager, ________________

(Extension _________) as to the type of emergency. If the
Office Manager is not available, immediately notify your
superior.
3) Notify the Recovery Management Team of the potential or actual

disaster. The Recovery Management Team may be reached at:
Name Extension Phone Numbers

Home: (999) 555-1212
Home: (999) 555-1212
Cellular: (999) 555-1212
Home: (999) 555-1212

4) Evacuate the building as instructed by emergency personnel or as

established by the building management.

6.2 Recovery Management

Mission: To decide which escalation plan to be implemented,
oversee and coordinate the entire disaster recovery
operation, notify user of estimated time of outage and
assist in resolving problems requiring management
action.
1) Upon notification of a potential or actual disaster, immediately notify

the remaining Management Team members and the Damage
Assessment and Salvage Team to conduct a survey and damage
assessment of the data center facilities. In the case of a total loss of the
primary facility and or the loss of key personnel due to injury or death,
the highest ranking employee (or contractor if so designated by the
DRP) who is in a position to direct the DRP process must assume the
primary management role until relieved by someone senior from the
enterprise.
2) Make an outage assessment based upon the verbal report from

the Damage Assessment and Salvage Team.
3) Senior Recovery Manager determines where the recovery will

be conducted; at the ENTERPRISE office or the alternative site
(alternative site).
4) Gain approval for activation of the necessary Recovery Teams

and alternative site, if required.

5) Notify other Recovery Team members of the disaster and

request they assemble at a designated location for a briefing on
the damage assessment and selected escalation plan. The
designated location will either be the ENTERPRISE offices or
the alternative site, depending upon the severity of the disaster.
6) Notify ENTERPRISE department and division heads on the severity of

the disaster and the estimated recovery time.
7) Conduct a briefing with all Recovery team members and

apprise them of the severity of disaster and determine:
 Travel and hotel arrangements
 Equipment acquisitions
 Equipment repairs
8) Monitor the Recovery Teams that are functioning at the

alternative site to resume operations.
9) Assist the Recovery Teams as needed with procurement or any

other problems which may require management involvement.
10) The Recovery Manager, reporting to the Senior Recovery

Manager provides the coordination and assistance to the
Recovery Teams in performing their recovery functions.

11) Coordinate and issue any media press releases regarding the
disaster as it relates to ENTERPRISE.

6.3 Damage Assessment and Salvage

Mission: To assess the damage to the systems and data center
within four hours, notify the Management Team of
assessment, and coordinate salvage of equipment where
possible.
1) Assess the requirement for physical security, minimize possible injury,

unauthorized persons entering the facility, and elimination of the
potential for vandalism to ENTERPRISE assets.
2) Utilizing the following checklist as a guideline, survey the systems and

data center facilities to assess damage upon notification from the
Management Team of the need for damage assessment.
I. Building
A. Exterior
B. Interior
1. Data Center
a) Walls
b) Ceiling
c) Floor
II. Environmental/Control
A. Electrical
1. UPS
2. Transformers
3. Emergency/Building
B. HVAC
1. Air Handling
2. Air Conditioning
3. Water
C. Fire Suppression
1. HALON
2. CO 2
3. Water

III. Computer Room Contents

A. Equipment
1. Servers
2. External Disk Drives
3. Tape Backup
4. Network Cabling
5. Communications
6. Terminals
7. Equipment
B. Other
1. Magnetic Tape Media
2. Spare Parts
3. Documentation
IV. ENTERPRISE Office Contents
A. Workstations
B. Modems
C. Terminals
The purpose of the above checklist is to provide a guide in the

review and assessment of damage following a disaster to
ENTERPRISE facilities, the network and/or the data center
facilities. In using the checklist, the Damage Assessment and
Salvage Team must consider:
 Is the area safe for employees or vendors to work in?

 Can the equipment under examination function, and if so, at
what percent of normal capacity?
 What must be done to recover damaged equipment so that the
LAN will be functional?
 How long will it take to repair or replace the damaged
equipment so that the LAN will be functional?

3) Based upon damage assessment, determine the estimated time

to recover based upon to following guidelines.
Level I Minimal damage to facility and/or equipment.

Estimated time to complete repairs is less than 72
hours.
Level II Moderate damage to facility and/or equipment.

Estimated time to complete repairs is between 72
hours and 7 business days.
Level III Extensive damage to facility and/or equipment.

Estimate time to complete repairs is greater than 7
business days.
4) Identify equipment, documentation or spare parts which are

immediately salvageable or need repair.
5) Verbally notify the Management Team of survey, assessment

of damage, estimated time to recover from damage and
potentially salvageable equipment.
6) Document findings from the survey and damage assessment.
7) Attend the recovery briefing as scheduled by the Senior

Recovery Manager to apprise Recovery Team members of
findings.

8) If the Senior Recovery Manager decides recovery will take

place at the recovery site and following insurance
ENTERPRISE and management approval, salvageable
equipment is removed and prepared for transportation to the
alternative site or where is can be repaired.
9) A log is prepared and maintained to record all salvageable

equipment and is disposition and location.
10) Coordinate with the Administrative Team, vendors and

suppliers in restoring or replacing salvageable equipment.
11) Assist in the cleanup of the disaster area in regard to the

computer facilities to permit eventual renovation and/or
reconstruction.
Under no circumstances should the Damage Assessment and Salvage Team

make any public statements regarding the disaster, its cause or its effect on the
operation at ENTERPRISE.

6.4 Physical Security

Mission: To ensure the physical security of the disaster site, the
alternative site and for files, reports and equipment
while in transit and act as liaison with emergency
personnel.
1) Upon notification of a disaster by the Management Team assemble at

the designated site for a briefing on the extent of damages, escalation
plan implemented and support required.
2) Establish physical security at the ENTERPRISE facilities to

restrict access to the damaged area to those individuals whose
functions require their being in the immediate area, such as the
Damage Assessment and Salvage Team, insurance
ENTERPRISE investigators, ENTERPRISE vendors, and
building engineers.
Considerations in the level of security required are:
 Is entry into the damaged area safe?

 Is the damage exclusively to the ENTERPRISE offices?
 Is there damage to the entire building or has access to
the building been restricted by emergency personnel or
building management personnel?
 Are guards required to restrict access to ensure
personnel safety or to eliminate possible vandalism or
theft of ENTERPRISE property?

3) Depending upon the extent of the damage to the physical

building, coordinate with emergency personnel and building
management access to the building office for those requiring
access to the building, such as the Damage Assessment and
Salvage Team, insurance ENTERPRISE investigators and
ENTERPRISE vendors.
The Building Management ENTERPRISE contact is:
__________________
__________________
__________________
__________________
__________________
8AM-5PM Phone: (999) 555-1212
24 Hour Phone: (999) 555-1212
4) Schedule security for all files, reports, and equipment in transit

as requested by the Management Team.
5) Assist in any way possible the authorized investigation of the

damaged site.
Under no circumstances should the Physical Security Team make any public
statements regarding the disaster, its cause or its effect on the operations at
ENTERPRISE.

6.5 Administration
Mission: To provide administrative support to all Disaster
Recovery Teams, including procurement of equipment
and supplies, telephones (acquisition and installation),
travel and housing arrangements, and other
administrative functions not provided by other team
members.

2) Coordinate, prepare and submit for authorization to the Management

Team procurement requests for equipment, supplies and services
required to support the recovery process as requested by the Recovery
Team members.
3) Maintain log of all procurements in process and scheduled

delivery dates. Notify Recovery Team members of scheduled
delivery dates and coordinate with vendors to ensure deliveries
or service requests are completed as required.
4) Arrange for travel and lodging required by Recovery Team members

or other ENTERPRISE personnel as directed by the Senior Recovery
Manager.
5) Complete the acquisition and installation of telephone equipment and

services as required by the Recovery Team members.

6) Supply required secretarial, filing and other administrative

support as required by Recovery Team
Under no circumstances should the Administration Team make any public

ENTERPRISE.

6.6 Hardware Installation

Mission: To plan, design, schedule, install, and verify computing
hardware required to provide computer capabilities
within the time frame specified. Coordinate with the
vendors in support of the equipment.

2) Verify with the alternative site the pending occupancy, if

occupancy is required, via telephone.
3) Inspect physical space availability at alternative site and notify

Software, Communications and Operation Team members.
4) Retrieve the equipment, system and LAN configuration from

the storage containers delivered by the off-site storage vendor.
5) Review the Hardware/Software Inventory list found in the

appendix to determine the equipment required.
6) Coordinate with the Damage Assessment and Salvage Team on

equipment to obtain an inventory of usable and salvageable
equipment.

7) Coordinate with the Administration Team in the procurement

of any additional equipment required in the recovery process.
8) Coordinate with the alternative site for installation and

connection of 5 temporary terminals to provide access to the
Mainframe for ENTERPRISE employees.
This also needs to include all of the necessary support

equipment such as office desk, chair, files, printer, scanners
and any other required equipment.
Contact Phone Number
(999) 555-1212
9) Coordinate with the alternative site and the Disaster Recovery

Team, if activated, for installation and connection of ____
workstations and a server on the network to support the
applications and the various servers, if required.
Under no circumstances should the Hardware Installation Team make any

public statements regarding the disaster, its cause or its effect on the
operations at ENTERPRISE.

6.7 Systems, Applications & Network Software

Mission: To obtain off-site tape backups, restore and test the
operating systems, applications and network software
needed to provide the capabilities required within the
Critical Time Frames specified.


2) Contact the off-site storage facility and request the off-site storage
backup tapes, equipment, manuals and documentation. You will need
to provide them with the following:
ENTERPRISE Account Number
________________________
Employee Account Number
This number is contained on your DRP Card (a

quick reference card should be created for all key
members of the DRP team). This card should be
carried with you at all times. If you are not an
authorized card holder or have lost your card,
contact an alternative card holder.
The following people have a valid DRP
______________________
______________________
______________________
______________________
______________________
______________________
Backup Medium Storage Container Numbers
Determined from the pick-up slips located in the backup

log book maintained by the system Administrator. If the
backup log book is not available, have the vendor look up
in their records and deliver the last two containers they
picked up.

Documentation/Equipment Storage Container Numbers
These numbers will be found in the Appendix - Off-site

Inventory.
3) Receive delivery of backup tapes, manuals and documentation

at recovery site.
4) Restore the operating system, applications, network software,

and production data from the backup tapes.
5) Test and verify that the restore completed successfully.
6) Modify configuration of operating and network software to

meet configuration.
7) Return backup medium in storage containers to off-site storage.
Under no circumstances should the Systems, Applications & Network

Software Team make any public statements regarding the disaster, its cause or
its effect on the operations at ENTERPRISE.

6.8 Communications
Mission: To design, install and verify the communications
equipment and network cabling. In the case of a total
disaster of the primary site and the loss of key
personnel due to injury or death, others may have to
assume these roles at facilities other than the primary
recovery facility.

2) Review the Hardware/Software Inventory list found in the

appendix to determine the communications and network
equipment required.
3) The Communications Team coordinates with the Damage

Assessment and Salvage Team on equipment to obtain an
inventory of usable and salvageable communications
equipment.
4) Coordinate with the Administration Team in procuring

communications equipment and telephone lines required in the
recovery process.
5) Coordinate with the Administration Team in procuring the

necessary network cabling and cabling installation required in
the recovery process.

Under no circumstances should the Communications Team make any public

ENTERPRISE.

6.9 Operations
Mission: To provide operating support for the production
systems at the backup data center and assist the other
recovery teams in establishing operations at the backup
site.

2) Schedule new pickup point with off-site storage vendor.
3) Initialize new tapes as required for recovery process.
4) Complete daily backups of entire UNIX system and coordinate

with off-site storage vendor to ensure tapes are sent off-site
daily.
5) Set-up and operate a sign-in, sign-out procedure for all

materials sent to and from the alternative site.
6) Monitor security of the alternative site and the UNIX network.
7) Provide production support to users as required.

Under no circumstances should the Operations Team make any public

ENTERPRISE.

7.0 Plan Administration

This Disaster Recovery Plan is a living document. Administration procedures are
for the purpose of maintaining the Disaster Recovery Plan in a consistent state of
readiness. The procedures specify direct Information Technology administrative
responsibilities and coordination responsibilities with users of the data center.
These procedures apply to the continued maintenance, testing and training
requirements of the Disaster Recovery Plan.
They apply to Information Technology management and user management as a
whole to promote awareness of the Disaster Recovery Plan and the need for
disaster recovery preparedness. The procedures also apply to specific functional
areas within Information Technology that have direct responsibility for
maintaining the plan current and accurate.
The coordination of the Disaster Recovery Plan is the responsibility of the
Disaster Recovery Manager.

7.1 Disaster Recovery Manager

The function of the Disaster Recovery Manager is critical to maintaining the
plan in a consistent state of readiness. The Recovery Manager’s role is
multifaceted. Not only does the Recovery Manager assume a lead position in
the ongoing maintenance of the plan, but is a member of the Recovery
Management Team in the event of a computer disaster. The areas in which
the Manager assumes a lead position and conducts reviews of effectiveness in
the plan administration are as follows:
 Distribution of the Disaster Recovery Plan
 Maintenance of the Business Impact Analysis
 Training of the Disaster Recovery Team
 Testing of the Disaster Recovery Plan
 Evaluation of the Disaster Recovery Plan Tests
 Review, change and update of the Disaster Recovery Plan

7.2 Distribution of the Disaster Recovery Plan
The Recovery Manager is responsible for the authorized distribution of the

plan and the location of each plan copy. As this document is confidential, the
authorized distribution list is developed on a need-to-know basis. The
distribution list is approved by the Chief Information Officer. The original
and all copies of the Disaster Recovery Plan should be maintained in a secure
location.
The concept of disaster planning is to minimize the likelihood of a disaster

ever occurring and further, to minimize injury to personnel, and damage to
equipment and facilities if a disaster does occur. The Plan reveals in detail the
essence of ENTERPRISE’s recovery strategy, personnel, addresses, locations,
and inventories that should not be for general publication to non-participating
employees or outsiders.
Copies of the Disaster Recovery Plan will be assigned a sequential number.

The Recovery Manager must maintain a log to track the number of copies
produced and/or distributed and their location. The original Disaster
Recovery Plan must be kept in a secure place to avoid unauthorized
duplication or misuse.
The distribution transmittal cover page should contain instructions regarding

the proper handling and safekeeping of issued plan copies and the requirement
for its return upon removal as a Recovery Team member. Recovery Team
members will be assigned one copy of the Disaster Recovery Plan. Each
Recovery Team member must be informed, signify their recognition of the
confidential nature of the plan, and maintain their copy in a secure location
off-site, primarily in their principal place of residence. This will allow access
to the plan by each Team member in the event access to the ENTERPRISE
office is deemed unsafe or not permitted because of a disaster.
In addition to the Recovery Team members, one copy of the plan is

maintained in a container (number TBD) at the off-site storage facility as well
as one copy at the alternative site. Additional copies of the Disaster Recovery
Plan will be assigned to personnel on an as-required basis and as approved by
the Chief Information Officer.

The offsite copies of the plan also need to have an individual trained and
assisted to assume the start of the recovery in the event the entire primary
facility is impacted by the disaster. In that case the corporate by laws
(charter) may need to be altered to allow the individuals to act in such a
fashion that would be able to drive the recovery of the basic operations of the
enterprise.

7.3 Maintenance of the Business Impact Analysis

As ENTERPRISE’s business and systems environment changes, so does the
dependency on the computer systems used to support the business. Therefore,
no less than every two years, the Recovery Manager shall conduct an
Application Inventory and Business Impact (Risk) Analysis30 to update the
Priority List and Critical Time Frames for the systems recovery process. This
analysis will provide insight as to required plan modifications and whether a
change in the overall recovery strategy is warranted.
30
forms) for each function and business area should be completed and maintained as part of the Disaster
Recovery Plan. .

7.4 Training of the Disaster Recovery Team

The Recovery Manager is responsible for the coordination of training relating
to the Disaster Recovery Plan. The purpose of disaster recovery training is
twofold:
 To train Recovery Team participants who are required to

execute plan segments in the event of a disaster.
 To train ENTERPRISE management and key employees in

disaster prevention and awareness and the need for disaster
recovery planning.
Initially, upon the acceptance of the Disaster Recovery Plan, training of

ENTERPRISE management in disaster recovery planning benefits and
objectives is crucial. A Disaster Recovery Plan must have the continued
support from ENTERPRISE’s key user management to ensure future effective
participation in plan testing and updating. As discussed later, it is not solely
the responsibility of the Recovery Manager to initiate updates to the Disaster
Recovery Plan. User management must be aware of the basic recovery
strategy; how the plan provides for rapid recovery of their information
systems support structure; and how the plans effectiveness may be
compromised without notification to the Recovery Manager as their business
operations evolve and expand significantly.
It is the responsibility of each Recovery Team participant to fully read and

comprehend the entire plan, with specific emphasis on their role and
responsibilities as part of the Recovery Team. On-going training of the
Recovery Team participants will continue through plan tests and review of the
plan contents and updates provided by the Recovery Manager.

7.5 Testing of the Disaster Recovery Plan

The Recovery Manager is responsible for testing of the Disaster Recovery
Plan not less than once every year to ensure the viability of the plan and
recovery of computing capabilities will be within the Critical Time Frames
established by the Business Impact Analysis. On an on-going basis this
frequency appears to be adequate considering the systems involved.
However, special tests are to be given consideration whenever there has been
a major revision to the plan or significant changes in the software, hardware or
data communications have occurred.
The objectives of testing the Disaster Recovery Plan are as follows:
 To determine the effectiveness of the Plan procedures;
 To determine the state of readiness and ability of
designated Recovery Team personnel to perform their
assigned recovery responsibilities;
 To determine if sufficient recovery inventories are stored
off-site to support the recovery process; and
 To determine if the disaster recovery plan requires
modifications or updates to ensure recovery within the
Critical Time Frames established and accepted buy the
users.
Plan testing is normally accomplished when there is less demand for
information technology service to end-users since IT personnel and time will
be committed to the test process. Costs to conduct such tests and availability
of personnel are prime considerations in determining the scope and timing of
the test(s). The initial test of the plan will be in the form of a structured walk-
through and should occur within two months of the Disaster Recovery Plan’s
acceptance. Subsequent tests should be to the extent determined by the
Recovery Manager that are cost effective and meet the benefits and objectives
desired.

The Recovery Manager is responsible for making recommendations to the

Vice President of Information Technology concerning the test scenarios and
frequency of tests for the Disaster Recovery Plan. Such recommendations
include sufficient rationale concerning the benefits expected from the test and
the specific objectives to be accomplished. Wide latitude is employed in
developing test scenarios. Some considerations in development of the test
scenario employed and test frequency are:
 Significant modifications to the recovery strategy or
emergency procedures;
 Inclusion of Recovery Teams requiring more involvement to
sustain familiarity with their respective functions;
 Different severity damage levels to files, documents, materials,
and equipment required in support of the recovery process;
 Critical applications that are new or have not been previously
tested;
 Re-testing plan segments which were determined to be
deficient in past tests; and
 Additions or changes to Recovery Team personnel.
Planning for the test is a two to six week process depending on the complexity
of the tests employed and the number of individuals involved. However,
without sufficient planning, achievable benefits and objectives from the
testing process may never materialize. The steps in planning for the Disaster
Recovery Test in checklist format are:
 Determine Objectives of the Test

 Determine Scope of the Test
 Determine Announced or Unannounced Test
 Determine Personnel Resource Requirements
 Establish Test Date and Duration
 Determine Anticipated Test Costs
 Obtain Test Schedule and Cost Approval
 Schedule Test with Participants
 Schedule Test with Alternative Site
 Schedule Delivery with Off-site Storage

 Make Required Hotel or Travel Arrangements

 Develop Detailed Test Work Plan
 Ensure Recovery Material and Equipment Availability
 Notify Users of Test
 Review Work Plan with Participants

7.6 Evaluation of the Disaster Recovery Plan Tests

The Recovery Manager is responsible for coordinating the review and analysis
of the test results and updating the plan accordingly. A Test Coordination
Team is appointed and headed by the Recovery Manager for each test
conducted. This team is charged with the following responsibilities:
 To be familiar with the entire plan;
 To understand thoroughly the objectives of the tests to be
conducted;
 To organize itself to be able to monitor and observe all the
activities of the Recovery Teams involved in the test;
 To inspect and review the results of the test from the point of
view of the Information Technology personnel and the users;
and
 To document their findings related to the strengths and
weaknesses observed during the test.
The Recovery and Test Coordination Teams document the test results
immediately after the plan test. The Recovery Manager reviews the test
results with the Recovery and Test Coordination Team during at postmortem
meeting to discuss weaknesses and resolve problem areas. The Recovery
Manager chairs the meeting and makes changes and updates to the plan
accordingly.

7.7 Maintenance of the Disaster Recovery Plan

The Recovery Manager is responsible for ensuring that the plan is maintained
current and in a state of readiness. The purpose of a plan review is to
determine whether updates to the plan or additional training of Recovery
Team personnel is required based on the occurrence of an event or action
affecting the plan.
Two primary responsibilities of the Recovery Manager will drive revisions to
the Disaster Recovery Plan; 1) updates to the Business Impact Analysis and
2) testing of the Disaster Recovery Plan. However, it is also the responsibility
of all ENTERPRISE management to initiate a plan review when an event or
action affecting the plan has occurred.
The following paragraphs incorporate checklists for ENTERPRISE
management which could prompt a review and subsequent update of the plan:
Information Technology Checklist
 Change in LAN server(s), terminals, or personal computer

workstations
 Change in operating system and utility software programs
 Change in the design of production systems or files
 Addition of deletion of a production system
 Change in the scheme of backing up data or equipment
 Change in the communications network design
 Change in personnel assignments or the Information
Technology organization
 Change in off-site storage facilities, location or methods of
cycling items
 Improvements or physical change to the current LAN data
center
 Review of time frames for availability and delivery of
replacement computer components

Corporate Checklist
 Is the Disaster Recovery Plan in conformance with the

corporate by laws?
 Are Executive Management and the Board of Directors
aware of the state and status of the Disaster Recovery Plan
and Processes?
 Has a new division or department been formed?
 Has a new system been developed for computer
processing?
 Has a system for computer processing been discontinued?
 Have individuals within the Recovery Team been
transferred, promoted or terminated?
 Has an internal system been significantly modified to
change the basic functions, data flow requirements or
accounting requirements?
 Has a sales office been opened, moved or closed?
 Are there any user computer equipment inventory changes?

8.0 Appendix


8.01 Plan Distribution
Name Location Date Date Date Version

Phone Provided Trained Tested

8.02 ENTERPRISE Sales Offices
ATLANTA
CHICAGO
CLEVELAND
DALLAS
LOS ANGELES
NEW YORK
SAN FRANCISCO
MINNEAPOLIS

8.03 Disaster Recovery Team Call List

This call list should be updated at least monthly and whenever there is any organizational changes or new personnel
assume any of these roles
Role Individual Office Phone e-mail address Alternate e-mail Cell Phone / Pager / Home Credit Card Issued
address Phone
Recovery Senior
Manager:
Alternate:
Recovery
Manager:
Alternate:
Damage
Assessment and
Security:
Alternate
Physical Security:
Alternate:

Role Individual Office Phone e-mail address Alternate e-mail Cell Phone / Pager / Home Credit Card Issued
address Phone
Administration:
Alternate:
Hardware
Installation:
Alternate:
Systems,
Applications &
Network
Software:
Alternate:
Communications:
Alternate:
Operations:
Alternate:

8.04 Vendor Phone/Address List
Product/Service:
Vendor Name:
Street Address:
City/State/Zip:
Contact Person: Phone No.:
24 Hour No.:
Alternate Contact: FAX No.:
Other No.:
Comments:
Product/Service:
Vendor Name:
Street Address:
City/State/Zip:
24 Hour No.:
Other No.:
Comments:
Product/Service:
Vendor Name:
Street Address:
City/State/Zip:
24 Hour No.:
Other No.:
Comments:
Product/Service:
Vendor Name:
Street Address:
City/State/Zip:
24 Hour No.:
Other No.:
Comments:

Product/Service:
Vendor Name:
Street Address:
City/State/Zip:
24 Hour No.:
Other No.:
Comments:
Product/Service:
Vendor Name:
Street Address:
City/State/Zip:
24 Hour No.:
Other No.:
Comments:
Product/Service:
Vendor Name:
Street Address:
City/State/Zip:
24 Hour No.:
Other No.:
Comments:
Product/Service:
Vendor Name:
Street Address:
City/State/Zip:
24 Hour No.:
Other No.:
Comments:

8.05 Off-Site Inventory
The following documents are maintained in storage container number TBD at

the off-site storage facility:
Item Description Container Numbers

Listing of PC Workstation TBD
including serial number under
IBM warranty
LAN Configuration TBD
Communications Configuration TBD
Software, License Copies and TBD

Serial Number Inventory

8.06 Personnel Location Form

Facility Date
Prepared Time
By
Function Individual Contact Last Location
Performed Number Contacted
Signature

8.07 Hardware/Software Inventory
Local Area Network
Hardware
LAN Server:
Communications:
Peripherals:
SQL Server:

e-Mail:
Software
System/Utility:
Applications:
Server System/Utility:
e-Mail
Gateway:

8.08 People Interviewed
Name Title Ext.

8.09 Preventative Measures
A Disaster Recovery Plan is an essential document to ensure continued

computer operations in the event of a disaster. However, it is also essential
for preventative measures be taken to reduce the possible likelihood of a
disaster ever occurring. Following are several preventative measures that,
when implemented and monitored on a regular basis will reduce the chance of
a computer disaster ever occurring or minimize its impact. (This does not
imply these procedures are not currently being followed).
 Restrict access to the computer facility to authorized personnel

only
 Ensure there are no combustible materials located in the
computer facility, such as solvents, paper, etc.
 Conduct regularly scheduled service on support systems, such
as the Air Conditioning, Fire Retardant and UPS systems
 Check for overloaded circuits or worn/damaged electrical and
power cables
 Perform regularly scheduled backups and store at off-site
facility
 Store copies of vital documentation off-site, such as the
Disaster Recovery Plan, Configuration Schematics,
Maintenance and Service Contracts, etc.

8.10 Sample Application Systems Impact Statement
Interviewee: Sample Name
Interview Date: 7/2/02
Department: Accounts Receivable and Credit
Application Name: MSA
Narrative: Cash receipts are received directly at a bank lock box. Input of
cash receipts to the MSA system is done through the LAN
gateway based upon the manual reports received from the
bank.
 During a computer outage, input of cash receipts would

cease. Impact is measured in loss of productivity and
possible overtime required to "catch up" when system is
again available. Possible customer relations impact if
customer statements do not reflect recent payments.
 When the computer is restored, will resume input of

cash receipts from manual bank reports. Cash receipts
are to be applied effective day received and will need
to process the daily cycles missed.
Classification: Essential
Critical Time Frame: 1 to 2 weeks depending upon business cycle. Inability to input
cash receipts during the last two weeks of a month will have
direct impact on ability to complete corporate reporting as
required. Significant operational and reporting impact would
be felt after two weeks.

8.11 JOB Descriptions

The job description that follows complies with the Americans’ with
Disabilities Act.

Disaster Recovery Manager
Position Purpose
The Disaster Recovery Manager is responsible for managing the

disaster recovery process and developing planning for the disaster
recovery functions of IT. In addition, during a disaster this
individual is responsible for the continued operation of the
business’ infrastructure. The manager is also responsible for long-
range disaster recovery planning to provide the highest level of
protection possible for the enterprise.
Problems and Challenges
Disaster recovery is an absolutely critical function of the

enterprise’s everyday business operations requiring substantial
advance planning. The coordinator faces the challenge of
developing an ever-current disaster recovery plan and managing a
recovery in an efficient an effective manner. The disaster recovery
plan must be reviewed and updated on a regular basis.
Essential Position Functions
Principal Accountabilities
1. Plans and charts the direction for the disaster recovery process.
2. Establishes procedures and priorities for the disaster recovery
process.
3. Manages all activities during the disaster recovery process, and
during semi-annual disaster recovery testing.
4. Works closely with all business operational groups in
developing and managing the creation of business continuity
plan for all functions that interface with the technology
infrastructure.
5. Reports all hardware and software removed (stolen) from the
scene of a disaster to appropriate personnel.
6. Coordinates and supervises all special projects relating to
disaster recovery process and capacity.
7. Recognizes and identifies potential areas where existing
disaster recovery policies and procedures require change, or
where new ones need to be developed, especially regarding
future business expansion.

8. Strives to learn the job functions of the position’s immediate

superior as well as peer-level positions with whom the
individual interacts. It is the responsibility of the individual to
be prepared for temporary re-assignment and/or promotion due
to extended illness, personal emergency or business necessity.
9. Fulfills departmental requirements in terms of providing work
coverage and administrative notification during periods of
personnel illness, vacation or education.
10. Interacts at a senior level with all user departments within the
enterprise.
11. Perform at or above the enterprise’s Information Technology
Department’s standards and maintains the disaster recovery procedures.
Authority
 Develop, maintain, and implement, if necessary, the disaster
recovery plan.
 Manages the entire recovery process.
 Manages all special disaster recovery projects within the
enterprise IT area.
Contacts
Routine contact is required with IT managers’ at all organizational
levels and with technology vendors. Within the business, periodic
contact is required with executives in charge of the key business
units using IT services.
Position Requirements
 BS or BA degree in computer science, business administration
or related field preferred
 5 - 7 years Information Technology operation with disaster
prevention/recovery experience
 Ability to handle full scope supervisory responsibility of 5-10
employees during the disaster recovery process
 Knowledge of the hardware and software environment, job
control and scheduling tools, problem management systems,
and disaster recovery methodology

Manager Disaster Recovery and Business Continuity
Position Purpose
The Manager Disaster Recovery and Business Continuity is responsible

for managing the disaster recovery process and developing planning for
the disaster recovery functions of business functions of the enterprise. In
addition, during a disaster this individual is responsible for the continued
operation of the business’ infrastructure. The manager is also responsible
for long-range disaster recovery planning to provide the highest level of
protection possible for the enterprise.
Problems and Challenges
Disaster recovery is an absolutely critical function of the enterprise’s

everyday business operations requiring substantial advance planning. The
coordinator faces the challenge of developing an ever-current disaster
recovery plan and managing a recovery in an efficient an effective
manner. The disaster recovery plan must be reviewed and updated on a
regular basis.
Essential Position Functions

Principal Accountabilities
1. Plans and charts the direction for the disaster recovery process.
2. Establishes procedures and priorities for the disaster recovery
process.
3. Manages all activities during the disaster recovery process, and
during semi-annual disaster recovery testing.
4. Works closely with all business operational groups in developing and
managing the creation of business continuity plan for all functions
that interface with the technology infrastructure.
5. Reports all hardware and software removed (stolen) from the scene
of a disaster to appropriate personnel.
6. Coordinates and supervises all special projects relating to disaster
recovery process and capacity.
7. Recognizes and identifies potential areas where existing disaster
recovery policies and procedures require change, or where new ones
need to be developed, especially regarding future business
expansion.
8. Strives to learn the job functions of the position’s immediate superior
as well as peer-level positions with whom the individual interacts. It

is the responsibility of the individual to be prepared for temporary re-

assignment and/or promotion due to extended illness, personal
emergency, or business necessity.
9. Fulfills departmental requirements in terms of providing work
coverage and administrative notification during periods of personnel
illness, vacation, or education.
10. Interacts at a senior level with all user departments within the
enterprise.
11. Perform at or above the enterprise’s Information Technology
Develops and maintains disaster recovery procedures with the
performance standards.
Authority
 Develop, maintain, and implement, if necessary, the disaster
recovery plan.
 Manages the entire recovery process.
 Manages all special disaster recovery projects within the
enterprise IT area.
Contacts
Routine contact is required with IT managers’ at all organizational
levels and with technology vendors. Within the business, periodic
contact is required with executives in charge of the key business
units using IT services.
The Manager Disaster Recovery and Business Continuity interacts
with the security functions of the enterprise on an on-going basis.
Position Requirements
 BS or BA degree in computer science, business administration or
related field preferred
 5 - 7 years Information Technology operation with disaster
prevention/recovery experience
 Ability to handle full scope supervisory responsibility of 5-10
employees during the disaster recovery process
 Knowledge of the hardware and software environment, job
control and scheduling tools, problem management systems, and
disaster recovery methodology

8.12 Application Inventory and Business Impact Analysis

Questionnaire
This questionnaire is the basis for documentation necessary to understand the
business impact and risk associated with each application that the
application/function has on ENTERPRISE.
A ―BEST PRACTICE‖ is to complete this questionnaire for each application,
business function, department and organizational entity at least once every
two business operating cycle. In addition these should be reviewed annually.
Once this is completed a summary of the major functions with the Importance
(Impact) to ENTERPRISE should be prepared.
Item Metric Key User(s) Importance

Sales Status Units and  Executive Management 1
Dollar Volumes  Sales 1
Inventory On Hand Balances  Distribution 2
 Sales 5
 Customer Service 6
Customer Data A/R Balances  Credit 4
 Sales 5
Liquid Assets Treasury Balances  CFO 2
Supplier A/P Balances  CFO 4
Importance = Critical 1 / Necessary 5 / Can wait 9

Scoring
1. Catastrophic – as a result ENTERPRISE could cease to exist and/or would be
placed in material legal and/or financial jeopardy.
2. Very High - as a result ENTERPRISE would not be able to meet its material
contractual and/or service obligations. Or do material damage to
ENTERPRISE’s reputation and have major negative long term implications on
ENTERPRISE’s ability to continue being a going concern.
3. Noticeable - ENTERPRISE would not be able to operate effectively and

efficiently, thus reducing productivity and service levels.
4. Minor – E ENTERPRISE would be affected in a minor way with little productivity
and/or service level loss.
5. Non essential – ENTERPRISE could operate indefinitely without this physical

location, business function, or IT application.

ENTERPRISE
Business and IT Impact Questionnaire
The purpose of this questionnaire is to determine the criticality of the applications used at ENTERPRISE. The information
provided will be used to develop a Application Inventory that can be used in the Disaster Recovery Plan that minimizes
the impact of the loss of this application in the event of a disaster. (PLEASE USE ADDITIONAL BLANK PAPER OR
ATTACHMENTS WHEREVER NECESSARY)
Facility / Business Function / Application
Name: _______________________________________________________________________________________
Provide a brief description/purpose – mission: _______________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
What are the main functions? ____________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
Was this developed in-house or purchased from a vendor? If purchased from a vendor, do you hold the plans,
source code etc. _______________________________________________________________________________
____________________________________________________________________________________________
If the application is a purchased package, are there extensive modifications to this application (briefly describe
modifications): ________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
What programming language was used to create the application? _______________________________________
____________________________________________________________________________________________
How old is this application (maturity)? ______________________________________________________________
Who is the owner of this application (i.e. Joe Smith of Accounting)? _____________________________________
____________________________________________________________________________________________

ENTERPRISE
Sarbanes-Oxley Compliance
Must this application comply with Sarbanes-Oxley?  YES  NO  N/A

(If No checked skip to the next section)
Which portions of this system affect the financial records (reports of the Enterprise):
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
When was the last time that this application was audited by an external entity?
When this application was audited by an external entity what were the findings? Explain
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________

ENTERPRISE
ISO – 27000 Compliance - System of Internal Controls
Describe the System of Internal Controls for this application:
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
Does management (executive, senior and line) accept responsibility for control?  YES  NO  N/A
Does management routinely monitor controls in this application?  YES  NO  N/A
Does management assign responsibilities for training and monitoring controls?  YES  NO  N/A
Are periodic and systemic evaluations of controls conducted?  YES  NO  N/A
Are evaluations documented and reviewed by qualified outside parties?  YES  NO  N/A
Are appropriate criteria established to evaluate controls?  YES  NO  N/A
Are deficiencies reported to higher levels of management?  YES  NO  N/A
Are deficiencies corrected in a timely manner?  YES  NO  N/A
For each question that has a no response (or N/A) explain why (use as many additional sheets as necessary):
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________

ENTERPRISE
User Environment
Provide the following information for each department that uses the application:
 Department name
 How the application is used (example: Department A inputs patient information, Department B enters billing information etc.)
 Primary contact (i.e. primary user or department head name)
 Number of people in department that use the application
 What attribute best describes the users that have access to this application:
Public
Customers and Employees
Groups of Employees
Specific Employees
Other __________
Department Name Purpose or Use Primary Contact Number of User Attribute

Users
 Public
 Customers
 Employees
 Groups of Employees
 Specific Employees
 _______________
 Public
 Customers
 Employees
 _______________
 Public
 Customers
 Employees
 _______________
 Public
 Customers
 Employees
 _______________
 Public
 Customers
 Employees
 _______________
 Public
 Customers
 Employees
 _______________
 Public
 Customers
 Employees
 _______________

ENTERPRISE
User Environment Continued
How would the data generated by this application be classified?
 Sensitive
 Confidential
 Internal Use
 Public
Describe the ownership to the data:
 Not defined _____________________________________________________________________

 Multiple owners’ _________________________________________________________________
 Group owners’ __________________________________________________________________
 Individual owner _________________________________________________________________
Describe the Environment: _____________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________

ENTERPRISE
Operating Environment
What platform(s) does this application use (i.e. LAN, Internet, IBM Mainframe etc.)?
Platform 1
Platform 2
Platform 3
What Operating system(s) does this application run on (i.e. Novell, VM, VSE, UNIX etc.)?
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
What sub-systems does the application run under (i.e. CICS, TSO, Windows, UNIX (Version) etc.)?
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
What applications and business functions feed this application (i.e. what provides input to this application)?
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________

ENTERPRISE
Operating Environment Continued
What applications and Business Functions use the output from this application?
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
What are the other applications and Business Functions impacted by the failure of this application?
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
What is the file structure of the data (example: SQL, Oracle, VSAM, Relational DBMS, etc.):
____________________________________________________________________________________________
What is the communication access methodology for this application?

 Internet
 Intranet
 Public Telephone
 Network
 Leased Lines
 No Communication
 Other
How is the application information data stored:

 In one Database
_______________________________________________________________________
 In many Databases at one location
________________________________________________________
 Many Databases at many locations

________________________________________________________
 Disk files
 Tape files
 Other
Criticality of Application

ENTERPRISE
Are there any particular aspects of this system's operation or function that should be considered in determining the
system's criticality to the organization?
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
If a disaster occurred and normal processing capability were unavailable, in which of the following categories would you
classify this system:
Category I  Must be processed in normal mode, no degradation is acceptable.
Category II  Only high priority (i.e., high dollar item) transactions or critical reports
would be processed.
Category III  Processed would be carried out on a "Time Availability" only basis.
Category IV  Processing would be suspended, but data collection would continue.
Category V  No processing or data collection would be carried out until normal

computer capacity was re-established.
How long can application be down before having a significant business impact on the organization?
 0 - 8 Hours  8 - 24 Hours  24 - 48 Hours
 3 - 5 Days  5 - 10 Days  Greater Than 10 Days
What would be the first major affect if system were to go down (i.e. Patients would not receive medicine?
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
How long until the next impact (i.e. monthly processing could not be performed)?
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________

ENTERPRISE
Criticality of Application Continued
Could you accept input without processing (i.e. data input is stored in a holding file and processed at night):
 YES  NO  N/A
If so, how long can data be stored without processing before having a significant business impact?
____________________________________________________________________________________________
____________________________________________________________________________________________
Provide the following information for each department that uses the application:
 Department name
 If down-time procedures exist for manual processing
 If a training program for down-time procedures exist
 Number of days the department can function without this application
 Additional resources required for manual processing (i.e. personnel, equipment, etc.)
Department Name Down-time Training Number of Additional Resources

Procedures Program Days
(Y/N) (Y/N)
 YES  YES
 NO  NO
 YES  YES
 NO  NO
 YES  YES
 NO  NO
 YES  YES
 NO  NO
 YES  YES
 NO  NO
 YES  YES
 NO  NO
 YES  YES
 NO  NO
 YES  YES
 NO  NO
Processing Information

ENTERPRISE
What is the estimated volume of transactions processed by this application (example: 10,000 transactions per hour)
____________________________________________________________________________________________
Is this a batch, on-line real time, and/or internet application?  Batch  On-Line  Internet
If application processes in batch mode, what is the length of processing time per batch?
Average:
Maximum:
How often is the application scheduled to run (daily, weekly, as required):
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
Does the application have a standard scheduled run-time.? If so, when (i.e. 1st Saturday of the month at 3:00 p.m.):
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
What is the estimated run-time of the application?
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
What time of day must the application be available to users?
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________

ENTERPRISE
Application / File Servers
Provide the following information for each application and file server:
 Host name
 IP address and mask for the server
 Administrative contact for the server and security contact (i.e. primary user or department head name and phone number)
 User Types
 Operating system including version number
 Application Software including version number
 Review status (Yes/No, Date. Reviewer)
 Connectivity (Internet, Intranet, modem In, modem out, other
 Physical location (Address / phone number for contact
Host Name: _________________________ Reviewer Name: _______________________________ Date: _________________
IP Address / Mask User Types Administrative Contact Connectivity Physical Location
 Public Name: _______________________  Internet Address: __________________

___.___.___.___
 Customers  Intranet
 Employees Email: _______________________  Modem In Bound Contact::__________________
___.___.___.___  Groups Employees  Modem Out Bound
(mask)  Specific Employees Phone: ______________________  Other: ____________ Phone: ___________________
 _______________
IP Address Range Operating System Version / Reviewed Application Version / Reviewed
___.___.___.___  Windows WS Ver: ____________  Yes  No  _________________ Ver: _________  Yes  No

 Windows Server Ver: ____________  Yes  No  _________________ Ver: _________  Yes  No
 Unix Ver: ____________  Yes  No  _________________ Ver: _________  Yes  No
to  Lynx Ver: ____________  Yes  No  _________________ Ver: _________  Yes  No
 Other Ver: ____________  Yes  No  _________________ Ver: _________  Yes  No
___.___.___.___ _______________  _________________ Ver: _________  Yes  No
Comments: __________________________________________________________________________________________
____________________________________________________________________________________________________
____________________________________________________________________________________________________
____________________________________________________________________________________________________
____________________________________________________________________________________________________
____________________________________________________________________________________________________
____________________________________________________________________________________________________
____________________________________________________________________________________________________
____________________________________________________________________________________________________

ENTERPRISE
Historical Information
Has this application had processing problems in the last twelve months?
What is the frequency of these processing problems?
Have the processing problems lead to significant application down-time:
____________________________________________________________________________________________
____________________________________________________________________________________________
What was the impact of this down-time (example: loss of patients, delay in sending bills etc.)?
____________________________________________________________________________________________
____________________________________________________________________________________________
Did user departments have fall-back procedures during these down-times?
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
What additional resources did the departments need (example: additional temporary people to clear backlog):
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
How long did it take to clear the backlog?
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
___________________________________________________________________________________________
___________________________________________________________________________________________
(Note: This segment of information would be helpful if provided by each user department)

ENTERPRISE
Database / File Names
Please provide on this form or attach a list of relevant files associated with this application with locations:
Include:
 Database / Filename
 Job Procedures and Job Control enterprise
 Source enterprise
 Object enterprise
 Data enterprise
 Disk pack
 Drive
 Other
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________

ENTERPRISE
Documentation
Does User Functional Documentation exist, (location?):
Last Reviewed by and date:
Does Application Documentation exist: (location?)
Does IT Operation’s Documentation exist: (location?)
Security
Is there application level security?
Who administers this security?
Is there system-wide security software?
Who administers system-wide security?
Application Support and Maintenance
Which programmers or Project Groups are responsible for maintenance?
____________________________________________________________________________________________
What is the average Programmer experience on this application?
____________________________________________________________________________________________
____________________________________________________________________________________________
What training and/or background are required by the support staff?
____________________________________________________________________________________________
____________________________________________________________________________________________

ENTERPRISE
Resource Usage
What are the disk storage requirements?
____________________________________________________________________________________________
____________________________________________________________________________________________
What are the tape storage requirements?
____________________________________________________________________________________________
____________________________________________________________________________________________
Equipment Requirements by Department
How many workstations (A) does each department have that can access this application:
What is the minimum number of workstations (B) that each department will need in the event of a disaster:
Department Business Function Primary Contact Number User Function

Name A/B

ENTERPRISE
Backups
How often this application is Backed-Up (daily, weekly, monthly, and yearly, etc.):
 Daily Time: ____________________________________________________________

 Weekly Day of week and Time: _______________________________________________
 Monthly Day of Month and Time: ______________________________________________
 Annually Day of Year and Time: _______________________________________________
 Other Day of Year and Time: _______________________________________________
Who performs the backup?
____________________________________________________________________________________________
____________________________________________________________________________________________
Where are the Backups stored (example: fire-proof vault on premises, off-site, etc.):
____________________________________________________________________________________________
____________________________________________________________________________________________
How and where are the non-electronic (paper) files stored?
____________________________________________________________________________________________
____________________________________________________________________________________________
If the function was moved what non-electronic (paper) would be required?
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
____________________________________________________________________________________________
Preparer _________________________________________ Date ____________________________

8.13 Key Customer Notification List
Product/Service:
Customer Name:
Street Address:
City/State/Zip:
24 Hour No.:
Other No.:
Comments:
Product/Service:
Customer/Client Name:
Street Address:
City/State/Zip:
24 Hour No.:
Other No.:
Comments:
Product/Service:
Street Address:
City/State/Zip:
24 Hour No.:
Other No.
Comments:
Product/Service:
Street Address:
City/State/Zip:
24 Hour No.:
Other No.
Comments:

8.14 Resources Required for Business Continuity

For each function, an estimate should be made for resources that will be required in order to maintain
business operations. This form can be used to achieve that objective.
Function / 24 hours 48 hours 72 hours 1 week 2 weeks 1 month

Resources
Function
Staff
Area size
Desks
Chairs
Telephones
Faxes
PCs
Printers
(Other)
List only the increased amounts in each column. For example the team needs 35 people over all. They assign
15 at the 24 hours slot, another 5 in the 48 hours slot and 15 more in the 72 hours slot.

8.15 Critical Resources to be Retrieved

Many incidents do not completely destroy contents of offices. Depending on the circumstances, it might be
possible to clean and dry paper, microfilm or microfiche. Even if computer diskettes, tapes and hard drives
have been water, smoke or soot damaged, it might be possible to extract the information from them. Do not
attempt to do this yourself. Contact your technical support area or facilities staff for help when the incident
occurs.
Following the incident, if authorities and your facilities staff determine your affected building is safe to enter,
you might be allowed into your building for a short time. This could be for as little as 15 minutes or one half-
hour. Create a list of the critical items that you would need to retrieve if you could get into your building. This
assumes, of course, that the items are salvageable.
You should list these items in order of importance.
Some examples of items you might need to retrieve include: computer disks, computers, selected paper files
and work in process.
Examples of items that you should not list include: family pictures, unimportant files and information that are
duplicated somewhere else.

Note: Use this form to document the materials that should be retrieved if you are able to enter your facility
following the incident and the items are not badly damaged.
Business Unit: ________________________________________________________
Bldg./Floor: Location on Floor: (e.g. Northwest Corner)
Items To Be Retrieved Comments Condition*

CRITICAL RECORDS:
EQUIPMENT:
OTHER:
* Complete “Condition” at the time of the incident.

8.16 Business Continuity Off-Site Materials
Off Site Stored Materials
Copies of critical documents, computer/PC backup floppies and tapes, critical supplies etc. may be available
from a number of sources:
 Other ENTERPRISE facilities may have similar resources or copies of critical documents.
 Clients or contractors may have copies of critical documents.
 Commercial storage facilities will usually pick up backup tapes and documents and store them in a
climate controlled and secure area.
Recovery Box
Create a “Recovery Box” for your business unit. This Recovery Box could contain specific items that the
business unit would need if the building were not accessible. Some items that could be contained in this box
include:
 Copies of forms your business unit would need right away

 Copies of Procedure Manuals
 A small supply of unique supplies your business unit would need right away
This box must, of course, be stored at an off-site location. The box and an inventory listing of its contents are
both critical records and should be documented as such.

Recovery Boxes
Function:
Storage Location:
Contact Name:
Box Identification:
Contents Comments
Box Identification:
Contents Comments
1. Storage location refers to the name of the offsite storage facility.

2. Contact name refers to the person who coordinates retrieval of recovery boxes.
3. Box Identification refers to the identifying code on the outside of the box.
4. Contents/Comments identify the items stored in the box and special concerns such as update / maintenance or
shelf life.

8.17 Work Plan
Below are a set of tasks that can be used to create a work plan to implement the Disaster Recovery
Planning process as defined in this template31. Each of the tasks should have an individual or
steering committee member assigned to the task along with start date, end date and deliverable
defined. For example, a deliverable for a status meeting could be defined as approved minutes of the
meeting and the deliverable for a function assessment could be a completed Application Inventory
and Business Impact Questionnaire for the function (see page 143).
31
An Excel spreadsheet that comes with this document that can be use for the actual planning and reporting process.
Project Initiation
1. Identify ENTERPRISE executive management sponsor

 Deliverable - Organizational responsibility assigned
2. Create DRP Steering Committee and schedule update meetings through plan
completion (if possible through plan implementation)
 Deliverable - Steering Committee minutes and meeting schedule
3. Define scope of effort (see DRP Scope page 17)
 Deliverable - Disaster Recovery Plan - Scope
4. Define status reporting mechanism
 Deliverable - Reporting Relationships
5. Review and Modify Plan Assumptions (see page 20)
 Deliverable - Disaster Recovery Plan - Plan Assumptions
6. Assign responsibility for day-to-day project management
 Deliverable - Staff Assignments
7. Allocate staffing resources for DRP creation (see Recovery Team Members page
71). Note: members and alternates should be assigned
 Deliverable - Staff Assignments
8. Schedule project team orientation
 Deliverable - Team Orientation Agenda and Schedule
9. Create and distribute project announcement for ENTERPRISE (See Authorization
page 18)
 Deliverable - Announcement Letter and Distribution List

Project Scheduling
1. Modify DRP Template to use ENTERPRISE name in document

 Deliverable - Disaster Recovery Plan Document version .01
2. Distribute to team members (see Recovery Team Members page 71)
 Deliverable - Disaster Recovery Plan Document version .01 copies
3. Conduct orientation meeting.
 Deliverable - Team Orientation Minutes
4. Identify functions to be inventoried (see Application Inventory and Business
Impact Questionnaire page 143).
 Deliverable - Function / Location / Department List
o Assign responsibility with start and end dates for each function
includes function user responsibility and DRP team responsibility.
 Deliverable - Updated project plan with all responsibilities, start
dates, end dates and deliverables defined
o Distribute questionnaires
 Deliverable - Confirmation that all questionnaires have been
distributed

Business Impact Analysis
1. Complete Application Inventory and Business Impact Analysis

 Deliverable - Completed Application Inventory and Business
Impact Analysis forms for each Function / Location / Department
2. Analyze completed forms
 Deliverable - Documented analysis notes
3. Assign risk factors to each function
 Deliverable - Risk factors for each Function / Location /
Department
4. Define impact based on duration of outage by function
 Deliverable - Impact Analysis for each Function / Location /
Department
5. Create Application Impact statement (see Application Impact page 34 and
137)
 Deliverable - Application Impact Statement for each Function /
Location / Department
6. Develop Business Impact Matrix (see page 37)
 Deliverable - Disaster Recovery Plan - Business Impact Matrix
7. Document locations (see page 126)
 Deliverable - Location specific documentation
8. Document people interviewed (see page 135)
 Deliverable - Interviewee List

Backup and Recovery Strategy
1. Develop Strategy for both backup and recovery

 Deliverable - Disaster Recovery Plan - Documented Strategy
2. Review with Steering Committee
 Deliverable - Steering Committee minutes
3. Review with external entries (comply with Sarbanes-Oxley)
 Deliverable - External Entities confirmation letter
4. Update backup strategy in DRP (see pages 39 through 62)
 Deliverable - Disaster Recovery Plan - Backup Strategy
5. Update recovery strategy in DRP (see pages 63 through 69)
 Deliverable - Disaster Recovery Plan - Recovery Strategy
6. Review with Steering Committee and business functions

Initial Implementation
1. Define and modify Disaster Recovery Organization (see 70)

 Deliverable - Disaster Recovery Plan Document version .08
o Develop Detail Job Descriptions
 Deliverable - Job Descriptions
2. Define and modify Disaster Recovery Emergency Procedures (page 87)
 Deliverable - Disaster Recovery Plan - Emergency Procedures
3. Create initial plan distribution list (see page 125)
 Deliverable - Disaster Recovery Plan - Distribution List
4. Update disaster recovery call list (see page 127)
 Deliverable - Disaster Recovery Plan - Call List
5. Update vendor call list (see page 129)
 Deliverable - Disaster Recovery Plan - Vendor List
6. Update off-site inventory (see page 131)
 Deliverable - Disaster Recovery Plan - Off Site Inventory
7. Update hardware and software inventory (see page 133)
 Deliverable - Disaster Recovery Plan - Hardware / Software
Inventory
8. Assemble plan and schedule test
 Deliverable - Disaster Recovery Plan Document version .09 and
Test Schedule
9. Review and obtain approval from steering committee
10. Review and obtain approval from external entities (Sarbanes-Oxley)
 Deliverable - External Entities confirmation letter
11. Publish and distribute plan
 Deliverable - Disaster Recovery Plan Document version 1.0

Post Implementation
1. Conduct test
 Deliverable - Test completion confirmation
2. Review results with steering committee and external entities
3. Document results and actions taken
 Deliverable - Disaster Recovery Plan - Test Results
Documentation
4. Modify plan as necessary
5. Create procedures to maintain plan
6. Schedule future test
 Deliverable - Test Schedule
7. Create a training program for ENTERPRISE employees, vendors and
suppliers
 Deliverable - Training Program Syllabus and Training Schedule

8.18 Audit Disaster Recovery Plan Process
While dry runs are indispensable for testing a disaster recovery plan, by their nature they
are not comprehensive because they do not exercise every contingency in the plan. A
disaster recovery audit, by contrast, attempts to check all the contingencies. An audit
doesn't have the training value of a disaster recovery exercise, but it should provide a
broader check of the plan's workability and value. This is particularly important when
you have an outside vendor in the picture, because you want to make sure the outside
vendor is properly backed up and secured.
The mission of ENTERPRISE’s Business Continuity Program is to establish and support

an on-going contingency planning program to evaluate the impact of significant events
that may adversely affect customers, assets, or employees. This program is designed to
ensure that ENTERPRISE can recover its mission critical functions, meeting its fiduciary
responsibility to its stakeholders and complying with the requirements of the Securities
and Exchange Commission (SEC), and other mandated requirements. ENTERPRISE has
developed detailed Business Continuity Plans and Disaster Recovery Plans for the
restoration of critical processes and operations. ENTERPRISE has dedicated resources to
its contingency planning and disaster recovery program. Key features of this process
include:
 Employee safety strategies and communications

 Systems and telecommunications accessibility
 Alternate physical site location and preparedness
 System backup and recovery
The audit process focuses on the guidelines, which incorporate industry best practices, for
critical business units including
 Business Impact Analysis

 Business Continuity and Disaster Recovery Plans
o Identifies time sensitive, mission critical processes’ recovery time
objectives (RTO) and business impacts.
o .Updates and tests its business continuity and disaster recovery
plans to support the business needs.
o Reviews crisis management processes, employee communication
vehicles, alternate site requirements, recovery management, and
site-specific checklists.
 Work Area Recovery Strategy
 Testing processes (in accordance with regulatory requirements)
 Executive Management and Board of Directory Communication

Audit Program
Audit Program Overview
 Adequate plans should exist for the routine backup of critical data, programs,
documentation, and personnel and for the recovery of these items after an
interruption of processing.
 A written plan for resuming information processing activities in the event of a
disaster should be developed and periodically tested. An arrangement for an
alternate site is needed in the event the computer facility is inoperable or
destroyed in a disaster.
Suggested interviewees for Audit

 Operations Manager
 Chief Information Officer
 Chief Technology Officer
 Chief Security Officer
Objective #1 - Backup Procedures

 Review the backup materials.
 Determine if the backup and recovery procedures are being followed.
 Interview IS personnel to determine if they have been cross-trained.
 Review training records to determine the amount of cross-training provided.
Objective #2 - Off-site Storage Facility

 Tour the off-site storage facility.
 Determine if the facility is adequate.
 Compare the log of items stored at the facility with the items present at the
facility.
 Determine if the log is complete and up-to-date.

Objective #3 - Disaster Recovery Plan

 Obtain and review a copy of the disaster recovery plan and the alternate site
agreement.
 Determine if agreements are complete and current, and if executive management
has signed off on the plan.
 Determine who was responsible in developing the plan and if users and all facets
of data processing were adequately involved in its development.
 Determine if a risk assessment has been prepared and if it appears reasonable.
 Determine if executive management has approved the funding for an alternate and
testing of the disaster recovery plan.
 Observe a test of the plan.
 Review the results of the test of the disaster recovery plan.
 Determine if corrective action has been taken on any problems incurred during the
test.
 Visit the alternate processing site.
 Assess its suitability and compatibility with the current computer facility.
 Interview users and/or IT personnel to determine if they have been trained in their
responsibilities in the event of an emergency or disaster.
 Determine if users and/or IT personnel are aware of manual procedures that are to
be used when processing is delayed for an extended period of time.

8.19 Vendor Disaster Recovery Planning Questionnaire

The objective of the Vendor Disaster Recovery Planning Questionnaire is to understand the business
continuity and IT disaster recovery plans of vendors and partners used by ENTERPRISE.
The ENTERPRISE intends to distribute this survey to all key vendors and business partners used by
groups within ENTERPRISE, who are critical to the operational readiness of ENTERPRISE. It is
anticipated some vendors and business partners will opt not to complete this survey. In these
instances, we may extend an invitation to those vendors to address key questions outlined in the
survey by giving a presentation to members of the ENTERPRISE Task Force, individual business
groups and/or other support groups as needed.
A cover letter should be sent to each vendor/partner requesting that they complete the questionnaire
and return it as soon as possible.

ENTERPRISE
Vendor Disaster Recovery Planning Questionnaire
Vendor / Partner Information
Name: ____________________________________________________________________
Address: _______________________________________________________________
City/State/Zip/Country: ____________________________________________________
Main Phone Number: ____________________________________________________
Description of relationship: ____________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
Primary Contact Individual: ___________________________________________________

Address: _______________________________________________________________
City/State/Zip/Country: ____________________________________________________
Phone Numbers (Office / After Hours):________________________________________
e-mail: ________________________________________________________________
Job Functions ___________________________________________________________
Date Completed: ______________ Signature:______________________________________

ENTERPRISE
DRP and Business Continuity Strategy
1 In the event of a disaster or significant Yes ________ or No ________

disruption, does your organization have
documented plans for business continuity
and IT disaster recovery? (NOTICE: if
your firm has no plan in place and has not
intention of implementing a plan then your
firm should be aware that our vendor /
partnership relationship is subject to
cancellation)
2 What type of failure scenarios or outages ___________________________________________

do you plan for? ___________________________________________
___________________________________________
3 What duration of time is assumed for each ___________________________(please specify #

type of failure scenario or outage you plan and hours, days, weeks, months, etc. for each type)
for?
4 Does the plan establish critical business Yes ________ or No ________

functions with recovery priorities?
0 – 4 hours _____
5 If you answered “Yes” to Question (4), 4 – 8 hours _____
what is the expected recovery time for Within one day _____
your critical business functions? 1 – 2 days _____
More than 2 days _____
Other (please specify) _____
N/A _____
6 Does the plan account for Yes ________ or No ________

interdependencies both internal and
external to your organization?

ENTERPRISE
DRP and Business Continuity Strategy (cont’d)
7 Does the plan cover some, most, or all Some

locations from which you provide your Most
services? All
Other (please specify)
N/A
8 What percentage of “business as usual” 1 – 10% _____

servicing capability is the plan designed to 11 – 20% _____
address? 21 – 30% _____
31 – 50% _____
51 – 75% _____
76 – 99% _____
100% _____
9 Do you have a dedicated team of Yes ________ or No ________

professionals focused on business
continuity and/or IT disaster recovery?
10 If you answered “No” to Question (9), do Yes ________ or No ________

you use an external BCP/DR service
provider to handle your planning needs?
11 Is your main IT facility or data center Yes ________ or No ________

located in the same building or office
complex occupied by your main business
or operations staff?
12 Please provide an illustration or schematic ___________________________________________

of how your organization’s primary, ___________________________________________
secondary, and/or tertiary servicing
centers are setup to provide redundant
services to ENTERPRISE.

ENTERPRISE
Crisis Communication
1 Do you have a documented crisis Yes ________ or No ________

management process within your
organization?
2 If you answered “Yes” to Question (1), Yes ________ or No ________

does this process cover internal and
external communications during a crisis
event?
3 How would you notify ENTERPRISE of an ___________________________________________

outage? ___________________________________________
___________________________________________
___________________________________________
4 Do you provide ENTERPRISE with Yes ________ or No ________

detailed contact information in the event of
an outage or emergency?
5 Please describe how you notify your team ___________________________________________

of an incident and direct them through the ___________________________________________
recovery. ___________________________________________
___________________________________________

ENTERPRISE
Backup Facilities
1 Does your organization have an alternate Yes ________ or No ________

site location for data center recovery
purposes?
2 If you answered “Yes” to Question (1), __________________________ (please specify #

what is the approx. distance between your and kilometers, miles, city blocks, etc.)
production (primary) site and alternate
(secondary) site for data center recovery
purposes?
Does your organization have an alternate Yes ________ or No ________

site location for work area recovery
3 purposes?
4 If you answered “Yes” to Question 3), ___________________________ (please specify #

what is the approx. distance between your and kilometers, miles, city blocks, etc.)
production (primary) site and alternate
(secondary) site for work area recovery
purposes?
5 Do you use an external BCP/DR service Yes ________ or No ________

provider for your data center recovery
needs?
6 Do you use an external BCP/DR service Yes ________ or No ________

provider for your work area recovery
needs?
7 If you answered “Yes” to Question (C6), is Yes ________ or No ________

your contract with your BCP/DR service
provider honored on a first-come/first-
served basis?

ENTERPRISE
Backup Facilities (cont’d)
8 What recovery strategy does your Active/Active _______

organization use for mainframe systems? Active/Backup _______
Vendor Supplied _______
Other _______
N/A _______
9 What type of recovery strategy does your Active/Active _______

organization use for distributed systems? Active/Backup _______
Vendor Supplied _______
Other _______
N/A _______
10 Is the processing capacity of your backup Yes ________ or No ________

facility equal to that of your primary
facility?
11 If you answered “No” to Question (10), 1 – 10% _____

what is the capacity ratio of your backup 11 – 20% _____
to your primary facility? 21 – 30% _____
31 – 50% _____
51 – 75% _____
76 – 99% _____
100% _____
N/A _____
12 Is it feasible to run from you backup facility Yes ________ or No ________

for an extended period? (e.g. at least eight
weeks)

ENTERPRISE
Testing
1 Is the plan periodically tested? Yes ________ or No ________
2 If you answered "Yes" to Question (1), Annually _____

how frequently is the plan tested? Semi-annually _____
Other (please specify) _________________________
3 Do you have DRP and BCP test dates Yes ________ or No ________
scheduled over the next 12-18 months?
4 If you answered "Yes" to Question (3), _______

please list those dates _______
_______
_______
_______
5 If you answered "Yes" to Question (1), do IT staff only _____

you involve IT staff, business unit or Business Unit or Operations Staff only _____
operations staff or both in your internal Both IT and Business Unit or Operations Staff______
DRP and BCP tests?
6 If you answered "Yes" to Question (1), Yes ________ or No ________

would you involve ENTERPRISE in your
external DRP and BCP tests?
7 If you answered "Yes" to Question (1), do Yes ________ or No ________

internal or external auditors review your
DRP and BCP tests?

ENTERPRISE
Testing (cont’d)
8 If you answered “Yes” to Question (1) Applications ______

what components of your systems and Middleware ______
infrastructure are tested? Databases ______
Data networks ______
(internal and external)
Voice networks ______
(internal and external)
Desktop ______
Facilities ______
Voice equipment ______
Prior DRP and BCP Plan Activations
1 Did your organization invoke its business Yes ________ or No ________

continuity or IT disaster recovery plan(s)
as a result of the September 11 tragedy?
2 Has your organization enhanced its Yes ________ or No ________

business continuity planning initiative, or is
in the process of enhancing its plans in
light of September 11?
3 Has your DRP and BCP been activated in Yes ________ or No ________
the last 24 months?
4. If you answered “Yes” to Question (3)

provide a description of the reasons for
activations, results of the activation
process, and success / failure of DRP and
BCP process. (attach as a separate
document)
DRP and BCP Support
1 Please provide primary and alternate

contact information for communication ___________________________________________
during an emergency. ___________________________________________

ENTERPRISE
Department DRP and BCP Activation Workbook

ENTERPRISE
8.20 Departmental DRP and BCP Activation Workbook

The objective of the Department DRP Activation Workbook is to have a
HandiGuide® (a registered trademark of Janco Associates, Inc.) which
departments and functional groups with ENTERPRISE can use in the event of
an emergency when the DRP and BCP are activated.

ENTERPRISE
QUICK REFERENCE GUIDE

(Recovery team contact information on next page)
 Receive alert notification - Normal business hours - after hours
 Notify Recovery Team
 Meet Recovery Team at Assembly Site

 Location:
 Time:
 Contact Name:
 Use employee contact list (attach local list to the back of the plan) to notify
appropriate additional personnel to:
 Proceed to Assembly Site
 If appropriate, bring resumption plan
 If appropriate, be prepared to travel
 Bring ID Badge(s)
 Bring pertinent resources from home or off-site
 DO NOT TALK TO THE NEWS MEDIA
 If directed, meet the Emergency Management Team at the Command Center

 Location:
 Time:
 Phone Number:
 Document information provided at the briefing
 Contact vendors and or clients if appropriate
 Report status of critical functions and potential concerns to the Emergency

Management Team during the briefing
 Meet appropriate staff at Assembly Site
 Brief staff on the situation
 If Assembly Site is not the Work area instruct appropriate staff to report to the Work
area
 Begin team recovery activities

ENTERPRISE
Team Alert List
(Team Leader Name) ________________________________________________

Home: Date/Time:
Cell phone: Pager: Status:
For Emergency:
Contact: Relation: Phone:
The Team Leader calls the following:
(Alternate Team Leader Name) __________________________________________

Home: Date/Time:
For Emergency:
(Name) _____________________________________________________________
Home: Date/Time:
For Emergency:
(Name) _____________________________________________________________
Home: Date/Time:
For Emergency:
Contact: Relation: Phone
(Name) _____________________________________________________________
Home: Date/Time:
For Emergency:
(Name) _____________________________________________________________
Home: Date/Time:
For Emergency:
Contact: Relation: Phone
(Name) _____________________________________________________________
Home: Date/Time:
For Emergency:
Record the date and time that each person was notified or last attempt made. Add the contact
status BSY-Busy, NA-No Answer, PNA Person-not Available.
After the team notification has been completed. This checklist should be given to the Emergency
Operations Center staff or Emergency Management Team.

ENTERPRISE
Primary Contact: Alternate:
Team Responsibilities
When notified by the Emergency Management Team that the Disaster Recovery Plan and Business Resumption
Plan (BRP) has been activated, the primary responsibilities of the team will be to use their resources to support
the corporate recovery effort and to activate their Recovery procedures.
Team Leader Responsibilities / Checklist
Read the entire section before performing any assignments.
General
The Primary responsibility of the Team Leader is to provide leadership of the recovery team and coordinate
support for the recovery effort. Other responsibilities include:
1. Participate in Resumption meetings with the Emergency Management Team.

2. Direct the Business Continuity efforts of your team.
3. Oversee communications activities of the team.
4. Coordinate with the Emergency Operations Center regarding all administrative issues.
Critical Functions
Restore the following critical functions:
RTO* Critical Function
______ ___________________________________________
______ ___________________________________________
______ ___________________________________________
* Recovery Time Objective (Amount of down time before outage threatens the survival of the
ENTERPRISE. RTO is determined by Senior Executives)

ENTERPRISE
Normal Business Hours Response
During an emergency that happens during normal business hours, follow the corporate emergency procedures to
ensure the life and safety of all employees.
If the building is not accessible, the team personnel should assemble at:
- Primary site :
- Alternate site:
Immediate actions to be taken by the department leader or assigned alternate:
1. Take a head count to make sure all team members are safe and available. Notify the
Emergency Management Team immediately if anyone is missing.
2. Look for a member of the Emergency Management Team to get instructions.
3. Record all the information and instructions given by the Emergency Management Team. Use the Notification
Checklist located in this section as a guideline and work paper.
4. Before contacting anyone else review the Notification Procedure located in this section.
5. Notify department personnel not already notified. Use the Notification Call List located in this section; it
contains a list of who to call and what information to pass on.
6. If instructed by the Emergency Management Team, activate the Recovery procedures are located in this
section.

ENTERPRISE
After Normal Business Hours Response
When notified by the Emergency Management Team that the Business Resumption Plan has been activated, the
team leader will:
1. Record all the information and instructions given by the Emergency Management Team. Use the Notification
Checklist located in this section as a guideline and work paper.
2. Before contacting anyone else review the Notification Procedure located in this section
3. You may be instructed to only notify your alternate team leader, your entire team or as many department
personnel as possible. Use the Team Alert List located in the front of the plan or the Employee Call List
located in the back of the plan. Record the status of all notifications and give the completed call list to the
team leader.
4. If instructed by the Emergency Management Team, report to the Emergency Operations Center.
5. If instructed by the Emergency Management Team to activate your Recovery Team, procedures are located in this
section.
6. When you activate your team, have them meet you at the primary or alternate meeting place listed below.

ENTERPRISE
Primary Location
Facility Name:
Street Address: Floor:
City/State/Zip:
Contact Person: Phone No:
24 Hour No:
Alternate Contact: FAX No:
Other No.:
Security Considerations:
Alternate Location
Facility Name:
Street Address: Floor:
City/State/Zip:
Contact Person: Phone No:
24 Hour No:
Alternate Contact: FAX No:
Other No.:
Security Considerations:

ENTERPRISE
Team Recovery
Business Resumption Plan Copies
The team leader should ensure that sufficient copies of the Business Resumption Plan are available.
Cellular Phone (TBD)

The team leader has a cellular phone for team use. The Emergency Management Team should be notified
immediately of the cellular phone number.
Team Work Area

The Emergency Management Team will provide the team with a work area for their use. Use the Business
Recovery Work area Checklist in the appendix to ensure that the area is setup to match the requirements that
the Recovery Team will need to support the recovery operation and resume essential business functions.
Notifications
Provide notification of the problem to vendors. The information provided should be reviewed with the
Emergency Management Team before calling.
Team Recovery Steps

The following recovery actions are to be used as a guide. During a real disaster, circumstances may dictate
that some or all of the steps documented may have to be altered. The team leader should use his/her
judgment while managing the recovery operation.
The team leader responsibilities

Should contact the Emergency Management Team to find out:
1. When voice communications will be available at the work area and

2. When servers will be operational and how current the master files will be.
Departmental Meeting:
 Key department personnel should meet to determine actions to be taken and establish the
priority of restoring business functions based on the work area and resources available. The
department leader should explain the goals and objectives identified by the Emergency
Management Team.
 Review tasks to be performed and assign personnel.
 Personnel should be assigned to contact vendors and advise them about the situation and
when they can expect service to be restored. Use the Vendor Notification in the appendix for
contact information.
 Determine if some personnel will have to travel to the business recovery site.
 Distribute copies of any forms that will be needed during the recovery operation.
 Distribute copies of the news media statement that has been prepared. Copies can be obtained
from the Emergency Management Team. Instruct everyone not to makes statements to the
news media.
 Personnel should be assigned to provide recovery support needed by other teams, as needed.
ENTERPRISE
 Identify the category in which personnel should be alerted. Consider:

o Personnel that might be need to give aid to other teams / departments.
 Personnel that will be needed at the work area to resume normal business functions.
o Personnel who should stay home and remain on standby (they will be needed when the
initial group needs rest).
 Contact personnel that will be needed to report to the assigned work area.
 Designate space for personnel reporting to the work area.
 Implement procedures to resume time dependent functions based on the priority established.
 Instruct all department personnel to carry photo identification with them at all times and be
prepared to show it to security or local authorities.
 As progress continues during the recovery operation, the team should be prepared to move
back to the affected facility and resume normal business operations.
Personnel Location Form

After the department personnel have been deployed, the department leader should complete the
Personnel Location Control Form in the appendix. Completed forms should be sent to the Administrative
Team to allow location tracking of all employees. Continue to update the information throughout each
day of the recovery operation.
Status Report
The department leader should prepare written status reports frequently for the Emergency Management
Team to keep them apprised of the current situation. Use the Status Report Form that is at the end of
the.
Travel Arrangements
The department leader can get assistance for any team travel arrangements from the Administrative
Support Team. This includes travel needs either inside of or out of the metro area.

ENTERPRISE
Notification
Notification Checklist
When notified by the Emergency Management Team that the Business Resumption Plan (BRP) has been activated,
the team leader or alternate should record the following information that will be passed along to department
personnel:
1. Brief description of the problem: _________________________________________
____________________________________________________________________
2. Location of the Emergency Operations Center: ______________________________
____________________________________________________________________
3. Phone number to contact the Emergency Operations Center: ___________________
4. Any immediate support requested by the Emergency Management Team:
____________________________________________________________________
____________________________________________________________________
5. Whether or not the facility can be entered: Yes ( ) No ( )
6. If the facility cannot be entered, the location that the team should use for a work area or meeting place:
____________________________________________________________________

ENTERPRISE
Notification Procedure
The team leader, alternate or assigned individual upon activation of the Business Resumption Plan will contact
team personnel using the following procedure:
During notifications of an alert or declared disaster, use this procedure to alert all personnel. Read the procedures
thoroughly prior to making a call. By using the following instructions, you will not unnecessarily alarm family members of an
employee who was working at the affected site at the time of the disaster.
Place phone call and say, “May I speak with (individual)?”
1. If available, provide the information you called to convey.

 Remind the person to make no public statements about the situation.
 Remind the person not to call co-workers (unless instructed to) and to advise their family not to call other
employees.
 Record the information in the contact status column.
2. If not available, say, “Where may I reach (individual)?”

 If at any location other than the data center, get the phone number. Call the other location and providing the
information you wanted to convey.
 If the individual was working at the affected site, indicate that you will reach the individual there. DO NOT discuss
the disaster with the person answering the phone.
 Immediately notify the Emergency Operations Center.
3. If contact is made with an answering machine: Make no statement regarding the situation.
 Provide the phone number to call at Emergency Operations Center; ask that the employee make contact at that
number as soon as possible.
4. If no answer:
5. If no answer and the individual have a beeper / blackberry / PAD:

 Place a call to the beeper number.
 Enter the number of the Emergency Operations Center for the individual to call.

ENTERPRISE
Notification Call List
Using the team member contact list in the front of the plan, the team leader, alternate or assigned individual
should convey the following information when contacting the team personnel:
 Brief description of the problem.

 Location of the Emergency Operations Center and / or the Business Recovery Site
 Phone number of the Emergency Operations Center.
 Immediate actions to be taken.
 Whether or not the facility can be entered.
 Location and time the team should meet.
 All team members should carry photo identification with them at all times and be prepared to show it to
security or local authorities.
 Instruct everyone notified not to make any statements to the media.
All callers should record status of everyone they call, noting the time the call was placed and whether the person
was contacted. Make a reasonable number of attempts if the phone was busy or there was no answer. Forward
the completed list to the EOC and the staff will continue to attempt to contact team members.

ENTERPRISE
Project Status Report
Date Submitted:
Recovery Task
Task Manager
Report Period
Report Prepared By
Planned Activities for the Period
Accomplished Planned Activities
Planned Activities Not Accomplished

Activity Reason Expected completion
Unplanned Activities Performed or Identified

Activity Reason Impact on project

ENTERPRISE
Planned Activities for the Next Period
Cost Data To Date
Open Issues and Resolutions
Comments

Web Site Disaster Recovery Planning Form
(If user ids and passwords are included on this form then extra security precautions need to be taken with its distribution)

8.21 Web Site Disaster Recovery Planning Form
Web site: ______________________________________________________
Hosting Company: ________________________________________________
Contact: __________________________________
Phone: __________________________________
Address: __________________________________
__________________________________
__________________________________
Domain Registrar: __________________ Phone: ________
Admin web site: _______________________
User ID: _____________________________
Password: ____________________________
Controlling e-mail address: ______________

(address used by enterprise to communicate with registrar)
Secure Certificate:  Yes  No __________________________ Provider:
Contact Phone: _______________________
Admin web site: _______________________
User ID: _____________________________
Password: ____________________________
Controlling e-mail address: ______________

(address used by enterprise to communicate with provider)

Backup Site
Primary Backup: _______________________________________________
Contact: __________________________________
Phone: __________________________________
Address: __________________________________
__________________________________
__________________________________
DNS Addresses: ____-____-____-____ ____-____-____-____
FTP Address: ____-____-____-____
User ID: _____________________________
Password: ____________________________
Data Base  SQL  Oracle  Other: _____
Address: ____-____-____-____
User ID: _____________________________
Password: ____________________________
Name: ______________________________

Backup Site (Secondary)
Secondary Backup: _______________________________________________
Contact: __________________________________
Phone: __________________________________
Address: __________________________________
__________________________________
__________________________________
DNS Addresses: ____-____-____-____ ____-____-____-____
FTP Address: ____-____-____-____
User ID: _____________________________
Password: ____________________________
Data Base  SQL  Oracle  Other: _____
Address: ____-____-____-____
User ID: _____________________________
Password: ____________________________
Name: ______________________________

Software Required to Operate Web Site

Software License Number Version / Comments

Version Data
9.0 Version Changes

Version 4.5 to 5.0 – Release date February 21, 2008
1. Updated Disaster Recovery / Business Continuity Plan Audit Program to be

compliant with ISO 27000 Series (ISO 27001 and ISO 27002)
2. Added a section on Communication Strategy and Policy to be implemented when the
Disaster Recovery / Business Continuity Plan is activated
3. Added a section on Disaster Recovery / Business Continuity and Security basics
4. Added Personnel Location Report
5. Added Project Status Report Form
Version 4.4 to 4.5 – Release date November 2, 2007
1. Added Disaster Recovery / Business Continuity Plan Audit Program

2. Updated excel work plan to refer to sections versus pages
Version 4.3 to 4.4 – Release date September 1, 2007
1. Section added on implications of Sarbanes-Oxley, Treadway Commission, and PCI

DSS requirements
2. Disaster Planning Branch Offices added
3. Backup strategy table added
4. Backup strategy for PDA’s updated to reflect smartphones
Version 4.2 to 4.3 – Release date July 26, 2007
1. Defined generic metrics for DR/BC success

2. Business & IT Impact Analysis Questionnaire Updated
3. Updated references to DRP card
4. Updated formatting to meet WORD 2007 requirements
Version 4.1 to 4.2 – Release date February 1, 2007
1. Added Section defining the ISO 17799 compliance requirements

2. Review and modified entire DRP/BCP template to ensure compliance with ISO
17799
3. Business & IT Impact Questionnaire updated to meet ISO 17799 compliance
requirements
4. Corrected errata
5. Added Best Data Retention and Destruction Practices Section

Version Data
Version 4.0 to 4.1 – Release date August 28, 2006
1. Department DRP / BCP Activation Workbook Updated in the appendix

2. Correct work plan formatting and numbering for project initiation
3. Web Site Disaster Recovery Planning Form added to the appendix
Version 3.1 to 4.0 - Release date March 5, 2006
1. Vendor Disaster Recovery Planning Questionnaire added to the appendix

2. Department Disaster Recovery Planning Workbook added to the appendix
3. Vendor Phone List form updated
4. Key Customer Notification List form added
5. Critical Resources to be Retrieved form added
6. Business Continuity Off-Site Materials form added
Version 3.0 to 3.1 - Release date January 2, 2006
1. Site Strategy section added (Section 3.1) all other section numbers in Chapter 3 were
increased to adjust for this modification.
2. Audit Disaster Recovery Plan Process added (Section 8.13)
3. Manager Disaster Recovery and Business Continuity job description added
4. Entire template reviewed to validate compliance with Sarbanes-Oxley

Version Data
© 2008 Janco Associates, Inc. - All Rights Reserved
If you have any suggestions please forward them to [email protected] or contact us directly via phone at 435 940-9300
See http//www.e-janco.com and http://www.it-toolkits.com for additional offerings
© 2001 - 2008 copyright Janco Associates, Inc. – ALL RIGHTS RESERVED

NOT FOR RESALE
Janco Associates, Inc. provides the licensed user of the Disaster Recovery Plan
document the right to use this document for INTERNAL USE ONLY for the enterprise
of this user only. If the licensed user is a consultant or consulting entity, using this
document for a third party (client or customer of the licensed user), a separate
license must be purchased for each client facility and or customer location.
All questions about this via email at [email protected] or by phone at
435-940-9300.
The single user license is for one enterprise for one facility. If this template is used
for more than one facility than either an enterprise version or multiple copies of the
template should be purchased.
Any document that is created using this template must have © 2001-2008
copyright Janco Associates, Inc within the new document. All of this original
material remains the property of Janco Associates, Inc. and the user is granted a
limited use license.

Version Data
License Conditions
This product is NOT FOR RESALE or REDISTRIBUTION in any physical or electronic format. The purchaser of
this template has acquired the rights to use it for a SINGLE Disaster Recovery Plan unless the user has purchased a
multi-use license. Anyone who makes an unlicensed copy of or uses the template or any derivative of it is in
violation of United States and International copyright laws and subject to fines that are treble damages as determined
by the courts. A REWARD of up to 1/3 of those fines will be paid to anyone reporting such a violation upon the
successful prosecution of such violators.
The purchaser agrees that derivative of this template will contain the following words within the first five pages of
that document. The words are:
Derived from the Disaster Recovery Plan Template of Janco Associates, Inc.
All Rights Reserved. No part of this book may be reproduced by any means without the prior written permission of
the publisher. No reproduction or derivation of this book shall be re-sold or given away without royalties being paid
to the authors. All other publisher’s rights under the copyright laws will be strictly enforced.
Published by:
Janco Associates Inc.

11 Eagle Landing Court
Park City, UT 84060
435 940-9300
e-mail - [email protected]

Disaster Recovery Plan

Uploaded by

Copyright:

Available Formats

Disaster Recovery Plan

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Disaster Recovery Plan

Uploaded by

Copyright:

Available Formats

Disaster Recovery

Park City, UT 84060

Published by: Janco Associates Inc.

Easy use steps:

© 2001 - 2008 copyright Janco Associates, Inc. – ALL RIGHTS RESERVED

Park City, UT 84060

Version 5.0 CONFIDENTIAL Page 2

Backup Files ....................................................................................................46

Version 5.0 CONFIDENTIAL Page 3

4.0 Recovery Strategy ............................................................................................................. 63

Version 5.0 CONFIDENTIAL Page 4

7.7 Maintenance of the Disaster Recovery Plan ......................................................... 121

Version 5.0 CONFIDENTIAL Page 5

8.17 Work Plan ............................................................................................................. 167

Version 5.0 CONFIDENTIAL Page 6

8.21 Web Site Disaster Recovery Planning Form ......................................................... 202

Version 5.0 CONFIDENTIAL Page 7

In order to get support you MUST register your product by going to

1. disaster recovery plan.doc is in WORD 2003 format

Telephone support can be obtained if you have registered your product

If you register your product within thirty (30) days of purchase

In order to use the some of the Janco excel spread sheets

Version 5.0 CONFIDENTIAL Page 8

1.0 Plan Introduction

 Identify Systems and Applications currently in use

Derived from the Disaster Recovery Plan Template of Janco Associates.

Version 5.0 CONFIDENTIAL Page 9

1.1 Mission and Objectives

 Recover the physical network within the Critical Time Frames2

Implication of Legislated and Industry Standards Requirements

There3 are a number of legally mandated and standards mandated

In addition to the Security & Exchange Commission (SEC)

With the rise of both financial (Sarbanes- Oxley for SEC – US

Version 5.0 CONFIDENTIAL Page 10

specific additional requirements have been added to the Disaster

Sarbanes-Oxley Section 404 is an important aspect of managing a

The ability of a company to continue as a going concern is not a

A company should have a responsive business continuity plan,

Version 5.0 CONFIDENTIAL Page 11

In addition to the required quarterly certifications under SOX

Version 5.0 CONFIDENTIAL Page 12

The Committee of Sponsoring Organizations of the Treadway

The key financial reporting processes which are often affected by

 Capturing, authorizing and processing transactions;

The timeliness of reporting could also affect other processes such

Version 5.0 CONFIDENTIAL Page 13

Version 5.0 CONFIDENTIAL Page 14

ISO 27000 Compliance Process

Define the Control Environment

Today’s4 business environment is characterized by mounting pressure to

This DRP/BCP template helps ENTERPRISE to:

 Understand your business requirements, outline control

 Analyze the IT control environment to identify gaps between

 Create, disseminate, and document policies using a risk-based

 Translate imprecise regulatory mandates into actionable IT

Control the Environment by Implementation and Management

Version 5.0 CONFIDENTIAL Page 15

This DRP/BCP template helps ENTERPRISE to:

 Implement controls, policies, procedures and document

 Assess controls compliance for all major operating systems and