Disaster Recovery Assessment Disaster Recovery Assessment Introduction Hopefully, this Disaster Recovery Assessment (DRA) will lead to your Disaster Recovery Plan (DRP). No matter what name, the primary objective is to enable an organization to survive a disaster and to reestablish normal business operations in the shortest time possible. In order to survive, the organization must assure that critical operations can resume normal processing within a reasonable time frame. In 2005, after Hurricane Katrina devastated major areas and some cities in Louisiana, Mississippi, Arkansas, Alabama and Florida, Pickett & Adams in Mobile, AL reported that, with the help and guidance derived from his APPEX membership* plus the implementation of a Disaster Recovery Assessment from Advanced Automation, his office was back in business with power, phones, automation and even air conditioning in a matter of hours. Three other agencies close by were either still unable to conduct business, or working in 90 degree heat at tables in a parking lot. One agent reported being able to get 4 workstations partially functioning due to a less-than-adequate generator. Katrina proved, once again, a plan made the difference. There are two audio interviews that are well worth listening to as you consider the assessment process. Have your team listen and learn. Portland Insurance, Portland, OR, and L.G. Trask, Ontario, Canada *APPEX – Marsh Berry’s Agency Peak Performance EXchange Disaster Recovery Assessment © 2005 Advanced Automation Page # 2 Disaster Recovery Assessment Objectives The goals of your Disaster Recovery Plan should be to: 1. 2. 3. 4. Identify weaknesses and implement a disaster prevention program Minimize the duration of a serious disruption to business operations Facilitate effective co-ordination of recovery tasks Reduce the complexity of the recovery effort FEMA reports that a disaster is any unplanned event that affects business. 1. Fire 2. Earthquake 3. Flood 4. Hurricane 5. Snow storm 6. Civil disobedience Contingency plans should be developed for every critical process or function. You should first review all alternatives and identify the best plan or alternative process for your situation. These plans will vary with each system, process, and intended purpose. The following generic outline will help you visualize what your Disaster Recovery Plan should include. Disaster Recovery Assessment © 2005 Advanced Automation Page # 3 Disaster Recovery Assessment The Process The complete process may take approximately four months to complete, assuming weekly one hour team meetings to take the process step by step. Individual assignments would be completed and presented at the Team meetings. A general staff meeting will be held to explain the Disaster Recovery process and each person’s role in it. If there are sections that are assigned to individuals, they would be distributed here. The purpose of the assessment is to flush out different areas that need to be addressed, identify some key issues, make some global decisions, and assign a person or persons to develop compile the information and develop a plan. The DRA Outline forms the basis of Team Discussions to address each area in general. Individual assignments are made in the DRP Checklist and reports back to the team would be made in a timely manner. Your documents for each area will be included after the appropriate tab in your final Disaster Recover Plan. This information should be copied and kept off site in some format. For convenience, we have developed a word document that you may find useful in compiling the information. Projected Time DRA - Assessment – (general overview) 3 weeks DRA - Checklist – (assignments) 1 week Disaster Recovery Plan – Your Final Plan Start Date Complete Date 3 months Scheduled Updates _____________2006 _____________2007 _____________2008 Disaster Recovery Assessment © 2005 Advanced Automation Page # 4 Disaster Recovery Assessment AREA GENERAL COMMENTS 1. Current Platform or Technology Develop a detailed description of our current technology Develop a detailed description our automation system Any other software Where are copies of software stored? offsite?? Where are detailed instructions on how to install the software? Disaster Recovery Assessment © 2005 Advanced Automation Page # 5 Disaster Recovery Assessment AREA GENERAL COMMENTS Network Operating System Develop a detailed description of our current system Who will be responsible, and how much time will be required, for reloading our network operating system Describe our backup server, contacts, etc. Off site? On-line? Frequency? Contact person Numbers Do we have a ‘live’ copy of our system at another location? Disaster Recovery Assessment © 2005 Advanced Automation Page # 6 Disaster Recovery Assessment AREA GENERAL COMMENTS Workstations Detailed configurations and list of serial numbers Describe telephone system and emergency options Who is our Phone Company contact? Name Number Emergency number Where are our backup phones? Who is our Call Center Contact? Name Number Emergency number What is our procedure for Forwarding calls from emergency number? Message during disaster Disaster Recovery Assessment © 2005 Advanced Automation Page # 7 Disaster Recovery Assessment AREA GENERAL COMMENTS Information on T1/DSL/Cable modem Internet connection Supplies Where will we keep a stockpile of supplies – offsite What is included? Checks Paper Pens Paper clips Staplers Etc Etc Disaster Recovery Assessment © 2005 Advanced Automation Page # 8 Disaster Recovery Assessment AREA GENERAL COMMENTS 2. Purchased / Rented Equipment Miscellaneous equipment that would need to be replaced Fax machines Copy machines Scanners Other Office equipment Offsite Office Space needed Square feet In town Out 0f town Do we have a Real Estate Agent ready to get temporary space immediately in event of disaster? Who Agency Phone Emergency Phone Disaster Recovery Assessment © 2005 Advanced Automation Page # 9 Disaster Recovery Assessment AREA GENERAL COMMENTS 3. Data Recovery Backup Procedures Contacts Backup Hardware/Storage Contacts Internet Backup Snap Servers ASP Tape RAID Disaster Recovery Assessment © 2005 Advanced Automation Page # 10 Disaster Recovery Assessment AREA GENERAL COMMENTS 4. Key Contact Information List key personnel that have responsibility for our system or workflow. Have an current list of all personnel, home phone, cell phone, out of area emergency contact, special needs Full time Part-time Emergency Numbers Police Fire Red Cross City/Town leaders Have an current list of all carrier key personnel, office & home phone Have an current list of all vendors key personnel, office & home phone Disaster Recovery Assessment © 2005 Advanced Automation Page # 11 Disaster Recovery Assessment AREA GENERAL COMMENTS 5. Objectives of the Contingency Plan Risks of Failure Describe potential risks and how they would impact our business. Desired Outcomes What are our desired outcomes in terms of output and level of service? How long do we intend to operate under the contingency mode? Potential Impact What is the anticipated impact on our business? Descriptions of potential impact in terms of financial, market share, and good will costs. Disaster Recovery Assessment © 2005 Advanced Automation Page # 12 Disaster Recovery Assessment AREA GENERAL COMMENTS 6. Resource Requirements Time Estimates Describe the estimated time required to implement the plan. Cost Estimates What is our budget for the cost of space, equipment, supplies, services, staff overtime etc. Source of Funding Where will the money come from? Disaster Recovery Assessment © 2005 Advanced Automation Page # 13 Disaster Recovery Assessment 7. Insurance Business Related Insurance Carrier Number Effective Limits kept Proof of Claim What are the requirements when filing a claim, including: Serial numbers Video tape of office other Disaster Recovery Assessment © 2005 Advanced Automation Page # 14 Disaster Recovery Assessment AREA GENERAL COMMENTS 8. Implementing the Plan Implementation Criteria Describe the basic criteria for implementing the plan. What will be the situation that prompts the decision. Trigger Events Describe the specific failure that will trigger implementation of the plan. Describe the various scenarios that could lead to a trigger event including: Fire Earthquake/Flood Hurricane/Tornado Power Failure Civil Disturbance Responsibilities Who is responsible for making implementation decisions? If you have a clearly documented trigger event this could be whoever is on duty at the time the event happens. Duration What is the estimated length of time that contingency operations will cover? Disaster Recovery Assessment © 2005 Advanced Automation Page # 15 Disaster Recovery Assessment AREA GENERAL COMMENTS 9. Operation and Management Management Structure To the degree necessary, describe the management structure that will be used to ensure smooth operations under the contingency plan. Decision Makers. Who will be making the decisions to implement, change, and eventually discontinue the contingent operations? Support Personnel. What support personnel will be used to implement and operate processes under the plan? Assigned Roles and Responsibilities Details on who will do what under the plan. Describe the teams that will be used to respond to emergencies or breakdowns Disaster Recovery Assessment © 2005 Advanced Automation Page # 16 Disaster Recovery Assessment AREA GENERAL COMMENTS 10. Criteria for Returning to Normal Describe how we will determine that it is time to discontinue the contingency mode and return to the normal operation mode. Criteria. Describe the conditions or events that would lead to returning to normal operating mode. This should include certification that the system or process is functioning normally. Procedures. Describe the detailed procedures required to return to normal operating mode. Points of Contact/Notifications. List key personnel that have responsibility for returning the system or process to its normal operating mode. Decision-Makers. Who will be making the decisions to discontinue the contingent operations and begin the recovery process? Operational Personnel. List the key operational resource personnel that will be needed to return to normal operations. Business Partners. List any business partner relationships (internal and external). Disaster Recovery Assessment © 2005 Advanced Automation Page # 17 Disaster Recovery Assessment AREA GENERAL COMMENTS 11. Training and Testing Requirements Describe the training and testing requirements that are required to prepare for implementing the contingency plan. Training may include desktop exercises and rehearsals to ensure smooth implementation of the plan. Testing is used to validate the plans capabilities. Recovery Team Training What training is required for the team that will bring processes back on line? Testing Requirements and Procedures Describe the plans and requirements for testing the contingency plan. Testing is required to validate the plan and ensure its completeness. Include test scripts and other detailed testing procedures. Training and Testing Schedules Document the timeline for training and testing that will ensure readiness of both staff and the plan. Disaster Recovery Assessment © 2005 Advanced Automation Page # 18 Disaster Recovery Assessment AREA GENERAL COMMENTS 12. Avoiding a Disaster What are our plans in case of emergency to 1. save lives 2. save disruption to the agency What is our Short term evacuation plan? (for fire, tornado, earthquake, etc) What is our Long term evacuation plan? (for hurricane, flood, etc) When are evacuation plans practiced? Who are Emergency Responders in each area? What are their responsibilities in an emergency? Who has EMT training? Where are first aid kits fire extinguishers emergency lights etc. Disaster Recovery Assessment © 2005 Advanced Automation Page # 19 Disaster Recovery Assessment Business Resumption Plan Checklist Task 1. Current Platform or Technology Automation System Other Software Re-loading Software Network Operating System Backup Server Workstations Telephone System T1/DSL/Cable Modem Assigned To Expected Completion Date Notes Call Center 2. Equipment Purchase/Rental Fax Machine Copy Machine Office Equipment Office Space 3. Data Recovery Backup Procedures Backup Hardware/Storage o Internet Backup o Snap Servers o ASP o Tape o RAID 4. Key Contact Information 5. Objectives Of Plan Risks of Failure Desired Outcomes Potential Impact 6. Resource Requirements Time Estimates Cost Estimates Source of Funding Disaster Recovery Assessment © 2005 Advanced Automation Page # 20 Disaster Recovery Assessment 7. Insurance Current Policies Proof of Claim Serial Numbers Video Tape of Office 8. Implementing The Plan Implementation Criteria Trigger Events o Fire o Earthquake o Power Failure o Bomb Threat o Civil Disturbance o Flood Responsibilities Duration 9. Operation and Management Management Structure o Decision Makers o Support Personnel Assigned Roles 10. Criteria For Returning To Normal Criteria Procedures Points of Contact o Decision Makers o Operational Personnel o Business Partners 11. Training and Testing Requirements Recovery Team Testing requirements and procedures Training and testing schedules 12. Avoiding a Disaster Evacuation Plans Emergency people Disaster Recovery Assessment © 2005 Advanced Automation Page # 21