Disaster Recovery Planning - Essay Example

Enterprise Business Continuity and Disaster Recovery Plan Bryant Wiersema American Public System Foltz Without the electronic information flow, MemaTech Company will come to a standstill. When the company’s data systems and networks of communication are damaged and processes disrupted, the problem can be very serious and the effect far-reaching. The implications can be higher than the consequences. Disruptions to the company’s IT system can lead to fear, distrust, and even chaos. This means vital digital records and documents will get lost. A loss in accountability and productivity will also take place in the company. These will also lead to a loss of commerce and revenue. Disasters which shut down the mission of the company crucial applications for any given period of time have bad indirect and direct costs to the company and its performance make Mematech come up with a disaster recovery and business continuity plan essentials. The company’s Chief Information Offer will have an obligation in ensuring that the company’s continuing in that position of emergency. It is therefore, appropriate that the company comes up with steps to prepare before, during, and after the crisis takes place. Disaster Recovery Planning These planning offers framework of interim mechanism to recover the services of IT after the system has been disrupted. Some of the interim measures that the company will take include; IT system and operations relocation, to an alternative site, and the recovery of functions connected to IT using alternative machines and equipment, executive agreement with entities that are outsourced. This is because Mematech have vulnerable system to various disruptions that range from the minor outages to severe disruptions that involve destruction of equipments from various sources like natural disasters or even terrorist actions. While various vulnerable may be reduces or removed through operational solutions, management solutions, and technical solutions as part of the company’s risk management effort. It is quite impossible to eliminate the risks completely. In various scenarios, crucial resources may dwell outside the company’s control like electric power or even telecommunication). (Fong, 2001). The company might be unable to ensure that it is available. Therefore, effective and efficient recovery testing, planning, and execution are important to mitigate the system risks and unavailability of services. Accordingly, for the disaster recovery to be successful the Information officer of Mematech will ensure that the critical employee must comprehends the information technology disaster recovery and business continuity planning and its position within the general continuity of business continuity and operations plan process. The company will re-examine or develop the disaster recovery process and planning policy that includes the preliminary planning, business effect analysis, selection alternate and recovery mechanisms. Mematech Company will re-examine or develop Information Technology disaster recovery plans and planning policies with emphasis in maintaining, exercising, and training the contingency plans. The company will develop a tool-kit that comprises of checklists that address certain contingency planning guidelines to follow prior, during, and after the crisis situation. The planning stage, prior to the disaster, describes the processes of plan preparation and guidelines and testing the plans in preparation of possible network failure. The execution stage during the disaster will describes the coordinated mechanism that involves reconstitution of the system and outlines certain actions that return the information Techno logy environment to a normal condition. The final stage, after the disaster outlines the gap analysis and transitions that happens after the crisis has already been mitigated. The toolkit will also offer accompanying tasks worksheet’ thinking sideways” to help in disaster recovery planning with the concerned employees). (“Disaster recovery plan”. 2009). The checklist will be divided into three sections; before the crisis, during the crisis, and after the crisis. Before the crisis, the business and strategic planning responsibilities will outline the responsibilities of the Chief information officer, and the role of the company’s policies. Secondly, the top steps of the company will be required to cement the partnership with companies ahead of the crisis. Here the agreements of pre-disasters with partner organizations and other companies are done before any risk happens. The checklist will help the company to make the business in case redundancy occurs especially to the company’s legislature, the company’s executive branch and the budget officials of the company. Consequently, before the crisis the general Information Technology services and infrastructure will handle the protecting systems and the redundancy types. During the crisis, the company will work with relevant institutions and local companies and first responders in tactical use of the technology. Additionally, after the crisis, the company will work with critical staff, company partners, and local agencies to resume the daily operations, and undertake gap analysis for the effectiveness of the plan. Before the crisis, the Chief Information Officer will focus on the capabilities that are required in any disaster situation. The officer will also identify functional requirement, and then planning based on the crisis degree from minor service disruptions to extreme incidents. He will also establish requirements of service level for the business continuity. The CIO will also update and revise the plan by having crucial partners that review the plan. He will also work hard and produce digital copies for the plan that are stored in various locations for the security. The CIO of Mematech will also ask and answer what the top business functions are and the essential services that the company cannot operate without (Fong, 2001). The CIO will also answer how the operation’s vital records, facilities, and other crucial assets might be protected. He will also answer how the disruption to the company’s operations can be minimized. Additionally, the CIO should develop a business resumption mechanism. The strategies will lay out interim guidelines to disaster in a risk until conventional business operation resumes. The plan will be organized and arrange by guidelines to follow in the 12, 24, and 48 hours of disruption. The officer will conduct strategic assessment and physical asset’s inventory. Like telecom resources and computing. The officer should also carry out contingency planning during the loss of personnel. This will involve training of crucial personnel that can be disposed to other companies in a service is lost (Arnold, 2008). The company will be required to cement the private partnership during a crisis. The company will utilize the business partnership by keeping the dialogue with the business partner by periodically calling them for briefing on the company’s disaster recovery and plans of business continuity. The company will also develop hardware contracts and standby services. When the company have contracts for services and products that may be required when a state of emergency is declared. The company will also develop a template with a single or two work times. The company will also outsource their back site, but this is limited with time therefore, outsourcing back up will be necessary for leap frog continuity. The company will also place advertisement in their contract reporter quarterly and the continuous recruitment for a good business practice. The company should also make sure that the Information Technology procurement staff are included in the plan and are certain of the responsibilities in executing the contracts in case a disaster happens, also they should be to include relevant information of the contact (“Disaster recovery plan”, 2009). The CIO should also create the guidelines for emergency purchases for the agencies and have response system in place. The CIO will also think widely through partnership with any institution having redundant capabilities. Some of the risk assessment that could result to business continuity need include the geological hazards, meteorological hazards, biological hazards, human caused events, and also intentional hazards. Therefore, the company needs to carry out education and awareness. Here the awareness and education program will be crafted for law makers. It employees and budget officials to make sure that all the parties on similar pages regarding the plan and requirement for such plans. The company will prepare talking points that specify the importance for the planning. They will also utilize external resources like DVD on risk discovery (Arnold, 2008). For the company’s general services and infrastructure, the officers will be required to make sure that the information is backed up regularly. The company will need to keep their data securely in a location that can be accesses but not near the institution in question. Such areas should have software, hardware, and agency data that can be used readily in case of an emergency. The company will also protect the current system by controlling access, having uninterrupted power supple and back-up generators with diesel fuel contracts and fuel suppliers that have back up in case there is a power outage. The company should also have strategic location by locating crucial facilities from vulnerable sites to manmade and natural disasters. The company also needs to have interactive voice response that will access the back-up databases. Reference Arnold, R. (2008). Disaster recovery plan. Wellesley, Mass.: QED Information Sciences. Disaster recovery plan. (2009). Sacramento, Calif.: California Department of Transportation. Fong, A. (2001). The disaster recovery plan. Hong Kong: Business Research Centre, Hong Kong Baptist College. Read More