CASE STUDY-BUSINESS CONTINUITY/DISASTER RECOVERY PLAN FOR LOCAL GOVERNMENT AGENCY 1. Disaster Recovery for City Hall Server #3 a. RTO/RPO for Hardware/Software: The Recovery Time Objective (RTO) is the determined length of time from when a disruption occurs in which a department’s functionalities, systems, applications, etc. must recover. The RTOs for the City Clerk, HR, and Finance Departments are as follows: RTO: Recovery Time Objective APPLICATIONS CITY CLERK HR FINANCE Millennium – Internal Payroll Processing 1 Day 4 Hours 1 Day Access to External Ameripay Payroll Service 1 Day 4 Hours 1 Day Collector’s Office System (Access) 1 Month 1 Month 1 Month Building Department System (Access) 1 Month 1 Month 1 Month Water …show more content…
Furthermore, this particular strategy is the only one which will accommodate a RPO of zero (0) for those applications identified herein as tolerating no data loss. d. Strategy Justification: i. As stated above, this strategy is appropriate for City Hall in consideration of its RPO of zero (0) for three of its apps. This is the only strategy to provide a RPO of zero (0). The utilization of a Hot Site with continuous availability at an Internal Facility will ensure City Hall’s ability to meet its business criticalities in the event a disaster should occur. iii. Other options exist for Disaster Recovery. Following is a brief description of each. Option #2 – Hot Site with Replication/High Availability Prior to a disruption, the Hot Site would be equipped with the required infrastructure in order to facilitate the immediate recovery of critical business functions. This includes all hardware, telecommunications, environmental components, and software to ensure continuous availability of the critical applications to serve users from either site. This strategy typically involves a manual switchover to the Hot Site at time of disaster. Data (production and recovery) is continuously synchronized at a timeframe (i.e., 1 minute, 10 minutes, 1 hour, etc.) selected by City Hall. This option is not the optimal strategy because it does not provide
• IT System recovery procedures (i.e., mission critical IT systems, applications, and data, VoIP /
Also, in preparation for the disaster recovery solution, a decision needs to be made whether or not to house the system in multiple locations. Since the company leaders are highly concerned about business continuity, multiple locations will be helpful in the event of fires and natural disasters that could interrupt business operations (Ricardo 2012).
For this task I will be Investigating disaster recovery options and discuss how and when they would be used. I will support this discussion with examples.
Primary IT systems and data center, regional utility failure. All critical business operations moved off-site. Large-scale work-from-home/alternate site and remote access. All operations resume on-site in <30 days or a new site is required. Category-III type systems and application are desirable for carrying out least critical business operation and the plan will list them.
When it comes to the company XYZ Computers the disaster recovery plan needs to incorporate a lot of different questions that have to be answered before you can implement whatever they want achieved. The main questions that are brought up when assessing any question is,”How do we fix this? What are the costs associated with the plan presented?” Another question that should be asked but often isn’t, is “Can we anticipate this problem to help block it before it happens?” From there different categories should be implemented as manmade although not as common as a natural disaster that will affect your system, it still needs to be considered. There should also be a ranking system in the plan using two categories, these
The business continuity & disaster recovery is written into the policy to ensure each department knows and has a plan in case of an unexpected event such as a fire, vandalism, and natural disaster that would disrupt normal business. This part of the plan also states that data administrators are the ones responsible to implement procedures for critical backup of data and how long the recovery time would be which is set by the data stewards and other stockholders.
An organizational holistic approach involving many departments working interprofessionally to collaborate and combine resources for optimal execution of the recovery plan will be employed. These departments include, but are not limited to: executive management, IT (infrastructure and applications), facilities site services, finance, supply chain, personnel services, information system vendors, and legal services. All members are required to be aware of this policy and abide by its
First, Incident Response (IR) plan “is a detailed set of processes and procedures that anticipate, detect, and mitigate the effects of an unexpected event that might compromise information resources and assets.” (Whitman, 2013, p. 85). Consequently, Incident response planning (IRP) is the planning for an incident, which occurs when an attack affects information systems causing disruptions. On the other hand, Disaster Recovery (DR) plan “entails the preparation for and recovery from a disaster, whether natural or human-made.” (Whitman, 2013, p. 97). For instance, events categorized as disasters include fire, flood, storm or earthquake. Thus, the differences between an Incident Response (IR) plan and a Disaster Recovery (DR)
* The technical assessment team is responsible for monitoring all sources of alerts, logs, and other warnings in the environment. In the event of an incident, they are responsible for determining if a response is necessary and notifying the coordinator.
4. What is the definition of Recovery Time Objective (RTO)? Why is this important to define in an IT Security Policy Definition as part of the Business Impact Analysis (BIA) or Business Continuity Plan (BCP)? Is the targeted duration of time and a service level within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity. The reason for identifying security policy definitions is to make it clear to the organization what these areas are and how you plan to fix them.
Disasters weather man-made, natural, or technological are ineluctable. Community stakeholders, leaders, and citizens are ultimately culpable for ensuring that a sound disaster preparedness and recovery plan is in place should a calamity materialize. Failure to enact such a plan comes with immeasurable consequences. Over the discourse of this paper, the Banqiao Dam disaster will be examined as a case analysis, to render what preparedness and recovery plans were sanctioned, as well as the scope of the response effort.
Disaster Recovery Planning is the critical factor that can prevent headaches or nightmares experienced by an organization in times of disaster. Having a disaster recovery plan marks the difference between organizations that can successfully manage crises with minimal cost, effort and with maximum speed, and those organizations that cannot. By having back-up plans, not only for equipment and network recovery, but also detailed disaster recovery plans that precisely outline what steps each person involved in recovery efforts should undertake, an organization can improve their recovery time and minimize the disrupted time for their normal business functions. Thus it is essential that disaster recovery plans are carefully laid
Owning a business can have many stressors day to day. When starting a business there is a lot of planning and preparation involved. Many small businesses are owners who have put their own money into the business and look at it as an investment. Unfortunately with all the planning that goes into starting a business, one thing is often over looked. Most of the time the “what ifs”, are not part of the planning stage. One reason for this is that people do not like to think of the bad things that could or may happen. So with all the time and planning put into starting a business why not put some extra thought into a plan B if a disaster strikes? This plan B could be a business continuity plan or a disaster recovery plan. Business continuity plans are an essential part of the modern day business. There are so many potential disasters for small businesses that could seize the production or even close the business down for good. A recent study from Gartner Inc., found that “90% of companies that experience data loss go out of business within two years. It also found that 80% of company owners have not thought about how they would keep their businesses up and running if a data disaster occurs.” According to the Association of Records Managers and Administrators, “about 60 percent of businesses that experience a major disaster such as a fire close
Valuable assets, including network connectivity, stored data, processes and procedures, and client information can survive centralized disruption or destruction and can be revived quickly through the agency’s
The conventional DRP of the company has not been updated or tested for several years. Under the existing program, system recovery could take up to 20 days which is unacceptable timeframe for a utility relied upon by numerous states for critical infrastructure services.