Case Studies
Disaster Recovery Assessment
Global Real Estate and Asset Management Company.
The CIO of this company required an evaluation of their current Disaster Recovery plan.The plan was scored using a checklist, and actionable steps for a three-year strategy were implemented.
Disaster Recovery Strategy
Commercial Property Manager.
The stakeholder group wanted assurance that proper DR plans were in place, so multiple plans were built in tandem.
Disaster Recovery Plan and Program
Large Professional Services Firm.
After a blackout caused a forced shut-down, customers wanted proof that the firm could provide critical services during the worst moments.
Disaster Recovery Assessment
Utility Company.
The Ontario Energy Board requested that this company prepare for consolidation, and this utility needed to clarify its risks and threats. Workshops were conducted to analyze their situation and comprehensive plans were put in place.
Templates
Disaster Recovery Checklist
Assess whether your current Disaster Recovery Plan is effective, up-to-date, and ready to go!
A series of questions, following the disaster recovery life cycle. A record of comments regarding your “current state and a way to generate a “score”. If completed a second time for desired, target state, it will help highlight performance gaps.
Examples
Recovery Priorities (Tiers)
Assign criticality and achievable recovery targets for major IT services and systems, according to business continuity tolerance.
All systems are assigned a tier (include applications & technology components). Interdependencies are clearly identified between applications, between components and between applications and components. For simplicity, a Recovery Point Objective and Recovery Time Objective are assigned to each tier. Tier definitions are consistent with existing business risk – impact definitions. Tiers reflect actual ability to recover (i.e. dependent on the underlying recovery technologies).
Business Impact Definitions
Business definitions of risk-impact for determining system priorities.
Disruptions to critical business functions are defined by major category. The impact of losing a system can be mapped to the relevant category in order to assign an appropriate RPO, RTO and tier.
Incidents & Threats
Starting list of historic incidents, as well as, conceivable threats affecting IT primary and secondary sites.
List of historical incidents (when, what, impact, outage duration, actions taken, cost of recovery). Examples of conceivable threats (use historical events as a guideline for frequency).
Impacts on assets, expected outage and costs to recover (may reference business impact definitions). Linked back to technology components (as applicable).
References
Maturity Model
A guide to benchmark “current” vs. “future” state.
A reference of disaster recovery life cycle characteristics and accomplishments in five levels, ranging from virtually non-existent to highly-sophisticated.
DR Plan – Table of Contents
A simple index of Disaster Recovery Plan contents.
The table of contents shows key sections of the disaster recovery plan and descriptions.