Disaster risk management is essential to ensure continuity of operations in the event of a catastrophe. Disaster risk management consists of preventing planning and contingency planning.
Preventing Disasters
Preventing disasters is the first step in managing disaster risk. The frequencies of disaster causes :-
Natural disasters 30%
Deliberate actions 45%
Human error 25%
Many disasters resulting from sabotage and errors can be prevented by good security policy and planning. Careful consideration should be given to natural-disaster risks associated with prospective building sites. Concentration of computer equipment and data should be located in parts of buildings least exposed to storms, earthquakes, floods and fire, as well as deliberate acts of sabotage.
Contingency Planning
A disaster recovery plan, must be implemented at the highest levels in the company. It should be approved by a committee of the board of directors as part of the general computer security plan.
The design of the plan should include three major components which are:-
□ Assess the company’s critical needs
- All mission-critical resources should be identified.
- Include hardware, software, power and maintenance requirements.
□ List priorities for recovery
- The priority list might indicate certain mission-critical activities and services are to be re-established within minutes or hours after the disaster.
□ Recovery strategies and procedures
- The plan should include a complete set of recovery strategies and procedure, so that when disaster strikes, the company immediately knows what to do, who should do it, how to do it and how long it should take.
A complete set of recovery strategies should take into account the following :-
> Emergency Response Center
- When disaster strikes, all authority for data processing and computer operations is transferred to the emergency response team, headed by the emergency operations director. These individuals direct the execution of the recovery plan from the emergency operations center, a predesignated site.
> Escalation Procedures
- The escalation procedures state the conditions under which a disaster should be declared, who should declare it, and who that person should notify when executing the declaration.
> Alternate Processing Arrangements
- The most important part of a disaster recovery plan is the specification of a backup site to be used if the primary computing site is destroyed or unusable.
- There are three types of backup sites are possible which are cold site, hot side and flying-start site.
> The Personnel Relocation Plan
- Contingency plans need to be made for the possibility of having to suddenly relocate employees to a backup site.
> The Personnel Replacement Plan
- The possibility of losing employees to the disaster must be considered. The highly skilled employees can be difficult and the replacement employees may require extensive training.
> The Salvage Plan
- For example, a buildings that losses its roof in a hurricane will be exposed to rain. Losses in such a situation might be minimized if salvage efforts get under way immediately.
> The Plan for Testing and Maintaining System
- Companies’ computing needs often change rapidly. For this reason, any disaster recovery plan should be tested every 6 months. Outdated or untested plans might not work in a crisis.
No comments:
Post a Comment