Understanding and Mitigating IT Risk with Disaster Recovery Case. This presentation was given to the Association of Financial Professionals Canada - Calgary on December 11th, 2013 by Jonathan Nituch of Fortress Technology Planners
13. Disaster Recovery Plan (DRP)
A disaster recovery plan (DRP)
is a documented process or set
of procedures to recover and
protect a business IT
infrastructure in the event of a
disaster.
Source http://en.wikipedia.org/wiki/Disaster_recovery_plan http://en.wikipedia.org/wiki/File:East_Village_Calgary_Flood_2013.jpg
14. Steps to Create a DRP
1. Identify IT Capabilities/Services
2. Identify Business Impacts of
Disasters
3. Determine:
– Budget
– Recovery Point Objective (RPO)
– Recovery Time Objective (RTO)
4. Choose Solutions
15. Identify IT Capabilities/Services
Major Service
Detailed Services
Email
• Desktop client
• Webmail
• Mobile devices
File System
• Local access
• Remote access
Printing
• Local access
• Remote access
Production Applications
• Applications involved with delivering your
product or service
Supporting Applications
•
•
•
•
Supporting IT Services
• Backups
• Antivirus
• Security
Accounting
Finance
Human Resources
Payroll
16. Identify Business Impacts of Disasters
Facility
Normal
Equipment
Inaccessible
Equipment
Damaged
Facility
Inaccessible
Facility
Damaged
18. Determine Recovery Point
Objective (RPO)
It is the maximum tolerable period in
which data might be lost from an IT
service due to a major incident.
RPO
DISASTER
Source http://en.wikipedia.org/wiki/Recovery_point_objective
19. Determine Recovery Time
Objective (RTO)
The recovery time objective is the time
within which a business process must
be restored, after a disaster has
occurred.
SERVICE RESTORED
DISASTER
RTO
Source http://en.wikipedia.org/wiki/Disaster_recovery_plan
21. Summary
• There are five roots of IT risk:
1.
2.
3.
4.
5.
Rate of Change
Immaturity of IT
Communication
Economically Tied
Integration
• Creating a Disaster Recovery Plan
1. Identify IT Capabilities/Services
2. Identify Business Impacts of Disasters
3. Determine Budget/Recovery Point Objective
(RPO)/Recovery Time Objective (RTO)
4. Choose Solutions