Disaster recovery
Encyclopedia
Disaster recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural
Natural disaster
A natural disaster is the effect of a natural hazard . It leads to financial, environmental or human losses...

 or human-induced disaster
Disaster
A disaster is a natural or man-made hazard that has come to fruition, resulting in an event of substantial extent causing significant physical damage or destruction, loss of life, or drastic change to the environment...

. Disaster recovery is a subset of business continuity
Business continuity
Business continuity is the activity performed by an organization to ensure that critical business functions will be available to customers, suppliers, regulators, and other entities that must have access to those functions. These activities include many daily chores such as project management,...

. While business continuity
Business continuity
Business continuity is the activity performed by an organization to ensure that critical business functions will be available to customers, suppliers, regulators, and other entities that must have access to those functions. These activities include many daily chores such as project management,...

 involves planning for keeping all aspects of a business functioning in the midst of disruptive events, disaster recovery focuses on the IT or technology systems that support business functions.

History

Disaster recovery as a concept developed in the mid to late 1970s as computer center managers began to recognize the dependence of their organizations on their computer systems. At that time most systems were batch-oriented mainframes which in many cases could be down for a number of days before significant damage would be done to the organization.

As awareness of Disaster Recovery grew an industry developed to provide backup computer centers, with Sun Information Systems (which later became Sungard Availability Systems) becoming the first major US commercial hot site vendor, established in 1978 in Philadelphia.

During the 1980s and 1990s, IT disaster recovery awareness and the disaster recovery industry grew rapidly, driven by the advent of open systems and real-time processing (which increased the dependence of organizations on their IT systems). Another driving force in the growth of the industry was increasing government regulations mandating business continuity and disaster recovery plans for organizations in various sectors of the economy.

With the rapid growth of the Internet through the late 1990s and into the 2000s, organizations of all sizes became further dependent on the continuous availability of their IT systems, with many organizations setting an objective of 99.999% availability of critical systems. This increasing dependence on IT systems, as well as increased awareness from large-scale disasters such as 9/11, contributed to the further growth of various disaster recovery related industries, from high-availability solutions to hot-site facilities.

Importance of disaster recovery planning

As IT systems have become increasingly critical to the smooth operation of a company, and arguably the economy as a whole, the importance of ensuring the continued operation of those systems, or the rapid recovery of the systems, has increased.

It is estimated that most large companies spend between 2% and 4% of their IT budget on disaster recovery planning, with the aim of avoiding larger losses in the event that the business cannot continue to function due to loss of IT infrastructure and data. Of companies that had a major loss of business data, 43% never reopen, 51% close within two years, and only 6% will survive long-term.

As a result, preparation for continuation or recovery of systems needs to be taken very seriously. This involves a significant investment of time and money with the aim of ensuring minimal losses in the event of a disruptive event.

Classification of Disasters

Disasters can be classified in two broad categories. The first is natural disasters such as floods, hurricanes, tornadoes or earthquakes. While preventing a natural disaster is very difficult, measures such as good planning which includes mitigation measures can help reduce or avoid losses. The second category is man made disasters. These include hazardous material spills, infrastructure failure, or bio-terrorism. In these instances surveillance and mitigation planning are invaluable towards avoiding or lessening losses from these events.

Control measures in recovery plan

Control measures are steps or mechanisms that can reduce or eliminate various threats for organizations. Different types of measures can be included in BCP/DRP.

Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking) and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity. This article focuses on disaster recovery planning as related to IT infrastructure.
Types of measures:
  1. Preventive measures - These controls are aimed at preventing an event from occurring.
  2. Detective measures - These controls are aimed at detecting or discovering unwanted events.
  3. Corrective measures - These controls are aimed at correcting or restoring the system after disaster or event.


These controls should be always documented and tested regularly.

Strategies

Prior to selecting a disaster recovery strategy, a disaster recovery planner should refer to their organization's business continuity plan which should indicate the key metrics of recovery point objective
Recovery point objective
-Recovery point objective :When computers used for normal "production" business services are affected by a "Major Incident" that cannot be fixed quickly, then the Information Technology Service Continuity Plan is performed, by the ITSC recovery team...

 (RPO) and recovery time objective
Recovery Time Objective
The recovery time objective is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in business continuity....

 (RTO) for various business processes (such as the process to run payroll, generate an order, etc.). The metrics specified for the business processes must then be mapped to the underlying IT systems and infrastructure that support those processes.

Once the RTO and RPO metrics have been mapped to IT infrastructure, the DR planner can determine the most suitable recovery strategy for each system. An important note here however is that the business ultimately sets the IT budget and therefore the RTO and RPO metrics need to fit with the available budget. While most business unit heads would like zero data loss and zero time loss, the cost associated with that level of protection may make the desired high availability solutions impractical.

The following is a list of the most common strategies for data protection.
  • Backups made to tape and sent off-site at regular intervals
  • Backups made to disk on-site and automatically copied to off-site disk, or made directly to off-site disk
  • Replication of data to an off-site location, which overcomes the need to restore the data (only the systems then need to be restored or synchronized). This generally makes use of storage area network
    Storage area network
    A storage area network is a dedicated network that provides access to consolidated, block level data storage. SANs are primarily used to make storage devices, such as disk arrays, tape libraries, and optical jukeboxes, accessible to servers so that the devices appear like locally attached devices...

     (SAN) technology
  • High availability systems which keep both the data and system replicated off-site, enabling continuous access to systems and data


In many cases, an organization may elect to use an outsourced disaster recovery provider to provide a stand-by site and systems rather than using their own remote facilities.

In addition to preparing for the need to recover systems, organizations must also implement precautionary measures with an objective of preventing a disaster in the first place. These may include some of the following:
  • Local mirrors of systems and/or data and use of disk protection technology such as RAID
  • Surge protectors — to minimize the effect of power surges on delicate electronic equipment
  • Uninterruptible power supply (UPS) and/or backup generator to keep systems going in the event of a power failure
  • Fire preventions — alarms, fire extinguishers
  • Anti-virus software and other security measures

See also

  • Adjusters International
    Adjusters International
    Adjusters International, formed in 1985, is a public adjusting and disaster recovery company, who assists clients with financial recovery from insurance claims and U.S. Federal Emergency Management Agency grants. The company's headquarters is in Utica, New York...

  • Backup site
  • Business Continuity
    Business continuity
    Business continuity is the activity performed by an organization to ensure that critical business functions will be available to customers, suppliers, regulators, and other entities that must have access to those functions. These activities include many daily chores such as project management,...

  • Continuous data protection
    Continuous data protection
    Continuous data protection , also called continuous backup or real-time backup, refers to backup of computer data by automatically saving a copy of every change made to that data, essentially capturing every version of the data that the user saves...

  • Data recovery
    Data recovery
    Data recovery is the process of salvaging data from damaged, failed, corrupted, or inaccessible secondary storage media when it cannot be accessed normally. Often the data are being salvaged from storage media such as internal or external hard disk drives, solid-state drives , USB flash drive,...

  • Disaster prevention
  • FEMA
  • IT Service Continuity
    IT service continuity
    IT Service Continuity is a specific form of business continuity planning. It is the process of assessing and managing risks associated with information technology departments...

  • Remote backup service
    Remote backup service
    A remote, online, or managed backup service is a service that provides users with a system for the backup and storage of computer files. Online backup providers are companies that provide this type of service to end users ....

  • Seven tiers of disaster recovery
    Seven tiers of disaster recovery
    The Seven Tiers of Disaster Recovery was originally defined by Share to help identify the various methods of recovering mission-critical computer systems as required to support business continuity....

  • Virtual tape library
    Virtual Tape Library
    A virtual tape library is a data storage virtualization technology used typically for backup and recovery purposes. A VTL presents a storage component as tape libraries or tape drives for use with existing backup software.Virtualizing the disk storage as tape allows integration of VTLs with...


International Organization for Standardization

  • ISO/IEC 27001:2005 (formerly BS 7799-2:2002) Information Security Management System
  • ISO/IEC 27002:2005 (remunerated ISO17999:2005) Information Security Management - Code of Practice
  • ISO/IEC 22399:2007 Guideline for incident preparedness and operational continuity management
  • ISO/IEC 24762:2008 Guidelines for information and communications technology disaster recovery services
  • IWA 5:2006 Emergency Preparedness—British Standards Institution --
  • BS 25999-1:2006 Business Continuity Management Part 1: Code of practice
  • BS 25999-2:2007 Business Continuity Management Part 2: Specification
  • BS 25777:2008 Information and communications technology continuity management - Code of practice—Others --
  • "A Guide to Business Continuity Planning" by James C. Barnes
  • "Business Continuity Planning", A Step-by-Step Guide with Planning Forms on CDROM by Kenneth L Fulmer
  • "Disaster Survival Planning: A Practical Guide for Businesses" by Judy Bell
  • ICE Data Management (In Case of Emergency) made simple - by MyriadOptima.com
  • Harney, J.(2004). Business continuity and disaster recovery: Back up or shut down.
  • AIIM E-Doc Magazine, 18(4), 42-48.
  • Dimattia, S. (November 15, 2001).Planning for Continuity. Library Journal,32-34.

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK