Disaster Recovery Planning
A formal IT business risk and impact assessment enables informed decisions to be made on the scale, scope and cost of developing best fit business continuity and disaster recovery solutions. MorganDoyle provides business continuity / disaster recovery planning services covering the whole life-cycle from risk assessment, through planning, design, implementation and support. MorganDoyle's services are independent, cost effective and based on a sound appreciation of business and technical issues.
MorganDoyle focuses on the services that are critical to your business and have expertise in both the public and private sectors having developed specific tools, techniques and templates for each, as can be seen in MorganDoyle's white paper and case study.
Research shows that most companies that suffer IT disasters go out of business within 2 years. The consequences for local government can be equally serious. A formal Disaster Recovery / Business Continuity strategy is the only antidote. Organisation, people and processes are just as important as data backup and redundant servers for protecting your operations. As a starting point MorganDoyle analyses IT and telecoms based services offered externally to customers and internally within your organisation. This service-oriented view underpins MorganDoyle's entire DR/BC work programme described below.
| Before writing your DR plan and implementing concrete solutions, it is essential to assess risks and impact and consider prioritisation of service restoration, i.e. determine recovery time objective (RTO) for service components and recovery point objective (RPO) for your data. Here we described our approach to assessment and prioritisation. | |||
| Service Requirements | We consider requirements for customers and internal users in terms of: transaction volumes, patterns and values; dependencies on ICT systems; staff numbers and locations; skeleton staff requirements; impacts; alternatives; maximum downtime; criticality; etc. | ||
| Technical Requirements | Covering: data and voice networks; servers; applications; PCs; users; externally supplied services & premises, e.g. operating systems, functionality, vendors, licencing, backup procedures, rebuild procedures, specifications, staff responsibilities and contact details, etc. | ||
| Service Inventory | All this information is loaded into our service inventory database, capturing relationships and dependencies between services and supporting infrastructure. This tool is central to the analysis, planning, implementation and operation of disaster recovery / business continuity, and is provided to you licence free when we have completed the study. | ||
| Risk Assessment & Impact Analysis | Identification and evaluation of specific threats to locations / departments, determination of the tolerance of services for downtime and thus definition of the restoration priority for services, systems and hardware. | ||
| Options & Recommendations | MorganDoyle offers independent, practical advice, suggests cost effective options reflecting potential loss and provides an action plan. MorganDoyle evaluates virtualisation, SAN, ship-to-site, remotely hosted servers, DR suites, site mirroring, mutual disaster recovery provision, etc. | ||
| The solution will include probably resilience aspects to mitigate against smaller scale incidents as well as some arrangement to ensure your operations and services continue in the face of a large scale disaster. The DR plan itself should be an integrated part of the solution. The first three sections below describe key sections of the DR plan; the final two MorganDoyle's services supporting implementation of the DR arrangement. | |||
| Organisation | The disaster recovery structure including: Business Continuity Management Team; recovery teams; key contacts, points of notification and liaison; relationship with other plans and planners (e.g. departmental DRBC plans, building DRBC plans); etc. | ||
| Processes & Procedures | These include emergency declaration guidelines, response steps, initial evaluation, damage assessment, crisis management, public notification, disaster recovery supplier call out, staff relocation, systems & network recovery, emergency premises activation and service restoration. | ||
| ICT disaster recovery systems documentation | For example, systems & network overview documentation, rebuild documentation for all systems, backup/restore procedures, contacts for external support/suppliers, etc. | ||
| Statement of Requirements & supplier evaluation | If the arrangement requires a (part-) solution from a disaster recovery supplier, e.g. for hot/cold emergency use facilities, ship-to-site servers, remote hosting, user facilities, DR suites, hand back after restoration, payment plans, etc. | ||
| Implementation Project Management | Implementation of the solution is often a complex project in itself and may divert internal resources away from business-as-usual activities. MorganDoyle will project manage the activity. | ||
| Finally the DR solution will only be effective if it has been rehearsed and tested, and updated in the light of experience. Our services include: | |||
| Training & Dissemination | ...of the plan to executive, team members and departmental officers. | ||
| Test Scenarios | Development & execution of test scenarios. Full scale testing can be very disruptive, time consuming and expensive, so lesser, component testing, and scenario walk-throughs are a good compromise for the more frequent tasks in a defined testing cycle. | ||
| Maintenance | ...of the service inventory, processes & procedures and annual exercising of the Disaster Recovery Plan. | ||