Disaster Recovery Planning

Document Sample
Disaster Recovery Planning Powered By Docstoc
					Standard No: TBD

Status: Final v1.0

Date of Effect: 01/09/05

Revision date: 01/09/06

ICT STANDARD DR01 ICT Disaster Recovery Planning
The standard has been prepared in the standards template and following compliance date addition will be forwarded to the ICT Policy Committee for endorsement.

Why is Disaster Recovery Planning important?
By following the DRP process a DRP development team will establish the foundations necessary to ensure that: i. ii. iii. iv. v. vi. vii. Site Reviews become part of the annual cycle of DR activities; ICT Recovery Plans are coordinated and aligned to Crisis Management and Business Continuity Management plans; Business recovery demands are identified in layers of Maximum Acceptable Outage (MAO) times; Recovery Strategies to service the MAO time layers are developed and implemented; Detailed Recovery Plans will utilize the strategies and schedule recovery of the business services they support in line with the business recovery requirements; The teams, tasks, deadlines, and sequences of recovery can then be the subject of training, testing and maintenance; These processes can then be the subjects of an improvement cycle that will ensure that the DRP remains effective.

The benefits to the Department/Agency include: • The recovery strategies and plans are driven by business requirements and the plan is kept current and effective through training, testing and maintenance

Page 1

ICT Classification Title of Standard Description

Standard DR01: ICT Disaster Recovery Planning The Disaster Recovery Plan must progress through the following steps after establishing DR Policy and Standards: Prerequisites: i. Resources to assume direct responsibility of ICT Disaster Recovery Management ii. Business Impact Analysis; iii. Site Reviews; iv. Integration with Crisis Management and Business Continuity plans; Requisites: v. Recovery Strategies; vi. Detailed Recovery Plan; vii. Training, Testing and Maintenance. To ensure that the Detailed Recovery Plan is built on sound foundations which establish its integrity, longevity, and effectiveness. Integrity - preventable disasters are identified and mitigated. Longevity; training, test, and maintenance programmes arrest atrophy. Effectiveness; integration with Crisis Management and Business Continuity plans, business recovery demands, and Recovery Strategies. Besides recovering business applications (for instance, at a Disaster Recovery Site) the plan must also address Restoration of ICT operations to “normal operations”. AS/NZS 7799.2:2000 Information Security Management AS8018.2-2004 ICT Service Management, clause 5.2 Service Continuity and Availability Industry experience IT&T-01: IT&T Management Framework Policy, “line management is responsible for all IT&T costs and for realizing the planned benefits” Accountability Plan development - completion of each of the seven above steps with all Prerequisites completed before the Requisites are commenced. Maintenance - annually scheduled Training, Test and Maintenance programs - annually scheduled Site and Business Impact Reviews. WoVG To be completed by Department as part of this review Department/Agency – annual reporting, using Office of the CIO template



Related Principles Minimum requirement

Applicability Compliance date Reporting requirements Guidelines Toolkits Administration and

Guideline GL01.1 will include project descriptions for DRP development, which will assist when establishing a DR development project. Standard version: 1.0 Status: Final Release date: 01/09/05 Next review date: 01/09/06 Owner: Office of the Chief Information Officer Issuing authority: Office of the Chief Information Officer

1 Document Information
Table 1—Document version information Title Status Approval date Approver Author Short description Keywords File name Location ICT DR Framework ICT Standard DR01 - Disaster Recovery Planning - KJF - v1.0-CIO.doc J:\Office of the CIO\WoVG ICT Strategy Policies Standards\Approved Artifacts\Disaster Recovery\Standards\ICT Standard DR01 - Disaster Recovery Planning - KJF - v1.0-CIO.doc 6/12/2006 4:55:00 PM 1.0 18 August 2005

ICT Disaster Recovery Planning Final

ICT Policy Committee Kevin Fitzgerald

This copy printed Version and date Version history 25/10/04



Shared By:
user002 user002