Data Recovery Plan: Formal Risk Assessment and Testing - Essay Sample

Introduction

A formal risk assessment will be undertaken by the ICT department to evaluate the special requirements for every single recovery event.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

The plan covers all essential and critical aspects of the organization's IT infrastructure, systems, and networks included and business functions being kept as a hefty consideration.

The plan will be tested at different times and in simulated cases to evaluate its effectiveness in the case of a real emergency.

The data recovery plan acknowledges every employee of the organization as necessary in their own respect while restoring the system and activities once again.

The plan will be reviewed quite often to ensure that it addresses changing requirements that often come with computer systems.

The plan must ensure that activities of the organization at the main office and in all the other external stores are restored within 48 hours after the emergency.

Objectives

The fundamental aim of the plan is to draft a well-structured approach where the system of the organization can be brought back to business if there is an emergency that interrupts it and halts business operations. Other objectives are as follows:

• To make sure that employees understand their duties in the recovery plan.
• To ensure that all aspects of the previous data that are meaningful to the organization are not lost at all.
• To make contingency arrangements which are cost-effectively known in the case of an emergency.
• To reconnect the vendors, customers, and every other external user of the information system on board as they were before after a recovery activity.
• To adhere to the set policies of information security, accounting rules, and other rules that relate to the handling of data in an organizational setting.

Indicators of the Need for a Disaster Recovery Plan

• The following key issues will necessitate the activation of the recovery plan.'
• Total hindrance of communication in the main office and across several other external stores.
• Loss of power for a long time that affects the operation of the current system.
• Flooding of the premises in the main office which spoils the operations of the current system.
• Loss of the main office or any other external store through fire or any other process.

Disaster Recovery Process

Communication

The disaster recovery process will first start by informing the management about the emergency. A disaster recovery team which will always be functional will contact the management and inform the necessity of executing the disaster recovery plan. The management will then allow the disaster recovery team to handle the process and offer them the necessary details for business continuity plans which they would need. Next, the managers would inform employees of the immediate plans and request for them to work alongside the recovery team to have the system restored.

Financial Assessment

Besides, as a comprehensive organization that has such a massive number of requests daily, the team will be required to hand in an initial report of the financial affairs of the company within the time where the disaster recovery is made. The report should entail:

• Financial documents that are missing.
• Approximated loss of revenues.
• Incomplete transactions.

Overview of the Previous Activities

The disaster recovery team shall have the mandate to overview the previous activities of the system. The overview will be essential since it will help in recording data that has not been stored in the backup system (Wallace & Webber, 2017). The overview will include the locations that were lastly active before the emergency, the applications, and the curtailed activities that would have led to the loss of data. The overview of the previous events will be done alongside a checklist of the activities that happen daily. The essence will be to ensure that there is no specific piece of data that is lost in the encounter as it would halt business operations, losses of data

Detailed Asset Inventory

Once an emergency has been witnessed, the disaster management team will conduct a detailed asset inventory against the records. For instance, they will take the records of all the phones, laptops, and desktop computers as per previous records. Other assets, such as the current number of customers being served, the numbers of employees will also be taken into consideration (Young, 2016). A simple list which details all the assets of the organization where the employees, customers, suppliers, and all their details are readily available will aid in the complete restoration of the system.

Accessing the Backup Data

One of the activities that ease the functionality of the disaster recovery plan is the existence of the backup plan. The data stored in the organization as per this recovery plan shall be backed up after every hour. Therefore, every activity that had taken place an hour before the emergency will be safely stored in the backup plan. The backup plan, which is stored on cloud, be running alongside the main servers but on a different name and setting. The essence of the data running on the cloud is that backing up the system can be made on any location (Al-shammari & Alwan, 2018). The disaster recovery team will, however, make all recovery processes at the main office or at the stores where emergencies are reported.

Vendor Communication

After a process of recovery has been set in place, the most important part of a disaster recovery plan is communication with vendors. Communicating with vendors is an intricate process, as some have to send their representatives to work alongside the recovery team of the organization (Young, 2016). After securing the backup data, the recovery team will communicate with the providers of the organization's primary services, which among them are Microsoft for the server responses, cloud hosting services, the wireless network providers and the system manufacturers. Each of the vendors is imperative, and therefore, the disaster recovery team will have to have their contact details and inform them about the need to recover aspects that could have been lost during the emergency. Working alongside the vendors with their inventories will be an affirmation of the backups and will also provide the logistics of testing external resources, which are imperative in every one of the business functions once the system has been restored. After every vendor has restored operations on their side in line with the backup plan, the system will be ready to run.

Prepare Business Recovery Activities

After communicating and liaising with all the vendors, the team will prepare a set of business recovery activities. Business recovery activities will involve all the activities that the organization will need to undertake from where the system had failed. The necessity of preparing business activities is that the recovery team aids in the practical part of the system. Loss of data during an emergency is an apparent risk, and the interpretation of how the lost data would be retained and handled is an activity that can only be handled by the technical team. All activities that were not recorded in the system before the emergency will be reversed. For instance, transactions that had been made by customers will be refunded, and they will have to conduct the process again. Also, business transactions that had not been completed by the organization will be reverted. The essence as to why the recovery team recommends these steps is to ensure that there is not loss of finances or details in a manner that would be avoided or which would risk either the business or customers. A claims form will be subsequently drafted where customers and the organization can make claims and responses from the ordeal.

Service Restoration

The disaster recovery plan will be complete when the final restoration of services is done. Restoration of services will involve having the system in running mode again fully functionally. The team will observe all the critical aspects of the data and conduct a test to ascertain that everything is working well. They will then inform the management that the service is running. The original rights, inclusive of access rights, data controls will also be restored to ensure that the restored system does not offer room for data being infringed on. Full restoration of services and handing over will need to be completed within 48 hours after the emergency was encountered.

References

Al-shammari, M. M., & Alwan, A. A. (2018, April). Disaster Recovery and Business Continuity for Database Services in Multi-Cloud. In 2018 1st International Conference on Computer Applications & Information Security (ICCAIS) (pp. 1-8). IEEE. doi:10.1109/cais.2018.8442005

Wallace, M., & Webber, L. (2017). The disaster recovery handbook: A step-by-step plan to ensure business continuity and protect vital operations, facilities, and assets. Amacom. ISBN-13: 978-0814437841

Young, S. (2016). Disaster recovery and business continuity of SCADA. In Handbook of SCADA/Control Systems Security (pp. 114-157). CRC Press. ISBN-13: 978-1466502260