Disaster Recovery Planning

Page 1 Standard No: TBD Status: Final v1.0 Date of Effect: 01/09/05 Revision date: 01/09/06 ICT STANDARD DR01 ICT Disaster Recovery Planning Introduction The standard has been prepared in the standards template and following compliance date addition will be forwarded to the ICT Policy Committee for endorsement. Why is Disaster Recovery Planning important? By following the DRP process a DRP development team will establish the foundations necessary to ensure that: i. Site Reviews become part of the annual cycle of DR activities; ii. ICT Recovery Plans are coordinated and aligned to Crisis Management and Business Continuity Management plans; iii. Business recovery demands are identified in layers of Maximum Acceptable Outage (MAO) times; iv. Recovery Strategies to service the MAO time layers are developed and implemented; v. Detailed Recovery Plans will utilize the strategies and schedule recovery of the business services they support in line with the business recovery requirements; vi. The teams, tasks, deadlines, and sequences of recovery can then be the subject of training, testing and maintenance; vii. These processes can then be the subjects of an improvement cycle that will ensure that the DRP remains effective. The benefits to the Department/Agency include: • The recovery strategies and plans are driven by business requirements and the plan is kept current and effective through training, testing and maintenance ICT Classification Standard Title of Standard DR01: ICT Disaster Recovery Planning Description The Disaster Recovery Plan must progress through the following steps after establishing DR Policy and Standards: Prerequisites: i. Resources to assume direct responsibility of ICT Disaster Recovery Management ii. Business Impact Analysis; iii. Site Reviews; iv. Integration with Crisis Management and Business Continuity plans; Requisites: v. Recovery Strategies; vi. Detailed Recovery Plan; vii. Training, Testing and Maintenance. Rationale To ensure that the Detailed Recovery Plan is built on sound foundations which establish its integrity, longevity, and effectiveness. Integrity -preventable disasters are identified and mitigated. Longevity; training, test, and maintenance programmes arrest atrophy. Effectiveness; integration with Crisis Management and Business Continuity plans, business recovery demands, and Recovery Strategies. Besides recovering business applications (for instance, at a Disaster Recovery Site) the plan must also address Restoration of ICT operations to “normal operations”. Derivation AS/NZS 7799.2:2000 Information Security Management AS8018.2-2004 ICT Service Management, clause 5.2 Service Continuity and Availability Industry experience IT&T-01: IT&T Management Framework Policy, “line management is responsible for all IT&T costs and for realizing the planned benefits” Related Principles Accountability Minimum requirement Plan development -completion of each of the seven above steps with all Prerequisites completed before the Requisites are commenced. Maintenance -annually scheduled Training, Test and Maintenance programs -annually scheduled Site and Business Impact Reviews. Applicability WoVG Compliance date To be completed by Department as part of this review Reporting requirements Department/Agency – annual reporting, using Office of the CIO template Guidelines and Toolkits Guideline GL01.1 will include project descriptions for DRP development, which will assist when establishing a DR development project. Administration Standard version: 1.0 Status: Final Release date: 01/09/05 Next review date: 01/09/06 Owner: Office of the Chief Information Officer Issuing authority: Office of the Chief Information Officer 1 Document Information Table 1—Document version information Title ICT Disaster Recovery Planning Status Final Approval date Approver ICT Policy Committee Author Kevin Fitzgerald Short description Keywords ICT DR Framework File name ICT Standard DR01 -Disaster Recovery Planning -KJF -v1.0-CIO.doc Location J:\Office of the CIO\WoVG ICT Strategy Policies Standards\Approved Artifacts\Disaster Recovery\Standards\ICT Standard DR01 -Disaster Recovery Planning -KJF -v1.0-CIO.doc This copy printed 6/12/2006 4:55:00 PM Version and date 1.0 18th August 2005 Version history 25/10/04 1.0 Approved 􀁇