This article is about . For societal , see . For other uses, see . Disaster recovery (DR) the process, policies and procedures that are related to preparing for recovery or continuation of technology infrastructure which are vital to an organization after a or . focuses on the or that support business functions, as opposed to , which involves planning to keep all aspects of a business functioning in the midst of disruptive events. is a subset of . Contents History Disaster recovery is developed in the mid- to late 1970s as computer center managers began to recognize the dependence of their organizations on their computer systems. At that time most systems were -oriented which in many cases could be for a number of days before significant damage would be done to the organization. As awareness of disaster recovery grew, an industry developed to provide backup computer centers, with Sun Information Systems (which later became Sungard Availability Systems) becoming the first major UScommercial vendor, established in 1978 in Philadelphia. During the 1980s and 1990s, IT disaster recovery awareness and the disaster recovery industry grew rapidly, driven by the advent of open systems and (which increased the dependence of organizations on their IT systems). Another driving force in the growth of the industry was increasing government regulations mandating business continuity and disaster recovery plans for organizations in various sectors of the economy. With the rapid growth of the through the late 1990s and into the 2000s, organizations of all sizes became further dependent on the continuous of their IT systems, with many organizations setting an objective of 99.999% availability of critical systems. This increasing dependence on IT systems, as well as increased awareness from large-scale disasters such as tsunami, earthquake, flood, and volcanic eruption, contributed to the further growth of various disaster recovery related industries, from solutions tofacilities. Classification of disasters Disasters can be classified into two broad categories. The first is natural disasters such as floods, hurricanes, tornadoes or earthquakes. While preventing a natural disaster is very difficult, measures such as good planning which includes mitigation measures can help reduce or avoid losses. The second category is man made disasters. These include hazardous material spills, infrastructure failure, and bio-terrorism. In these instances surveillance and mitigation planning are invaluable towards avoiding or lessening losses from these events. Importance of disaster recovery planning Recent research supports the idea that implementing a more holistic pre-disaster planning approach is more cost-effective in the long run. Every $1 spent on hazard mitigation(such as a )saves society $4 in response and recovery costs. As have become increasingly critical to the smooth operation of a company, and arguably the economy as a whole, the importance ofensuring the continued operation of those systems, and their rapid recovery, has increased. For example, of companies that had a major loss of business data, 43% never reopen and 29% close within two years. As a result, preparation for continuation or recovery of systems needs to be taken very seriously. This involves a significant investment of time and money with the aim of ensuring minimal losses in the event of a disruptive event. Control measures Control measures are steps or mechanisms that can reduce or eliminate various threats for organizations. Different types of measures can be included in disaster recovery plan (DRP). Disaster recovery planning is a subset of a larger process known as business continuity planning and includes planning for resumption of applications, data, hardware, electronic communications (such as networking) and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisiscommunication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity. IT disaster recovery control measures can be classified into the following three types: Preventive measures – Controls aimed at preventing an event from occurring. Detective measures – Controls aimed at detecting or discovering unwanted events. Corrective measures – Controls aimed at correcting or restoring the system after a disaster or an event. Good disaster recovery plan measures dictate that these three types of controls be documented and exercised regularly using so-called “DR tests”. Strategies Prior to selecting a disaster recovery strategy, a disaster recovery planner first refers to their organization’s business continuity plan which should indicate the key metrics of (RPO) and (RTO) for various business processes (such as the process to run payroll, generate an order, etc.). The metrics specified for the business processes arethen mapped to the underlying IT systems and infrastructure that support those processes. Incomplete RTOs and RPOs can quickly derail a disaster recovery plan. Every item in the DR plan requires a defined recovery point and time objective, as failure to create them may lead to significant problems that can extend the disaster’s impact. Once the RTO and RPO metrics have been mapped to IT infrastructure, the DR planner can determine the most suitable recovery strategy for each system. The organization ultimately sets the IT budget and therefore the RTO and RPO metrics need to fit with the available budget. While most business unit heads would like zero data loss and zero time loss, the cost associated with that level of protection may make the desired high availability solutions impractical. A often dictates which disaster recovery measures are implemented. Some of the most common strategies for include: backups made to tape and sent off-site at regular intervals backups made to diskon-site and automatically copied to off-site disk, or made directly to off-site disk replication of data to an off-site location, which overcomes the need to restore the data (only the systems then need to be restored or synchronized), often making use of (SAN) technology Hybrid Cloud solutions that replicate both on-site and to off-site data centers. These solutions provide the ability to instantly fail-over to local on-site hardware, but in the event of a physical disaster, servers can be brought up in the cloud data centers as well. Examples include Quorom, rCloud from Persistent Systems or EverSafe. the use of high availability systems which keep both the data and system replicated off-site, enabling continuous access to systems and data, even after a disaster (often associated with ) In many cases, an organization may elect to use an outsourced disaster recovery provider to provide a stand-by site and systems rather than using their own remote facilities, increasingly via . Inaddition to preparing for the need to recover systems, organizations also implement precautionary measures with the objective of preventing a disaster in the first place. These may include: local mirrors of systems and/or data and use of disk protection technology such as surge protectors — to minimize the effect of power surges on delicate electronic equipment use of an (UPS) and/or backup generator to keep systems going in the event of a power failure fire prevention/mitigation systems such as alarms and fire extinguishers anti-virus software and other security measures See also References Computer Business Research… Retrieved 3 August 2012. Georgetown University. University Information Services. Retrieved 3 August 2012. IBM. Retrieved 3 August 2012. A Brief History of Disaster Recovery, SunGard Data Systems: Company history, BottomLineIT. Retrieved 3 August 2012. . University of Oregon’s Community Service Center. Retrieved 2013-05-23. . Data Recovery Hospital. Retrieved 11 May2013. Continuity Central. 24 April 2009. Retrieved 3 August 2012. . FEMA. 25 October 2012. Retrieved 11 May 2013. Gregory, Peter. CISA Certified Information Systems Auditor All-in-One Exam Guide, 2009. . Page 480. . Dell.com. Retrieved 2012-06-22. Site to Site replication solutions Hybrid Cloud Business Continuity and Disaster Recovery Solutions Brandon, John (23 June 2011). . Inc. Retrieved 11 May 2013. Further reading ISO/IEC 22301:2012 (replacement of BS-25999:2007) Societal Security – Business Continuity Management Systems – Requirements ISO/IEC 27001:2013 (replacement of ISO/IEC 27001:2005 [formerly BS 7799-2:2002]) Information Security Management System ISO/IEC 27002:2013(replacement of ISO/IEC 27002:2005 [remunerated ISO17799:2005]) Information Security Management – Code of Practice ISO/IEC 22399:2007 Guideline for incident preparedness and operational continuity management ISO/IEC 24762:2008 Guidelines for information and communications technology disaster recovery servicesIWA 5:2006 Emergency Preparedness—British Standards Institution — BS 25999-1:2006 Business Continuity Management Part 1: Code of practice BS 25999-2:2007 Business Continuity Management Part 2: Specification BS 25777:2008 Information and communications technology continuity management – Code of practice—Others — “A Guide to Business Continuity Planning” by James C. Barnes “Business Continuity Planning”, A Step-by-Step Guide with Planning Forms on CDROM by Kenneth L Fulmer “Disaster Survival Planning: A Practical Guide for Businesses” by Judy Bell ICE Data Management (In Case of Emergency) made simple – by MyriadOptima.com Harney, J.(2004). Business continuity and disaster recovery: Back up or shut down. AIIM E-Doc Magazine, 18(4), 42-48. Dimattia, S. (November 15, 2001).Planning for Continuity. Library Journal,32-34. External links Wikibooks has a book on the topic of: – Guide to getting started with disaster recovery – Disaster recovery-focused magazine publication This article usesmaterial from the Wikipedia article , which is released under the .
Share this:
Related
Disaster Recovery
