The Disaster Recovery Plan (DRP) is a planned procedure that helps the organization to be prepared for a disaster, and it also helps the organization to mitigate the damage caused by the disaster. The best DRP will take into account all the risks, and it will also ensure business continuity. The DRP will include the plan for natural disasters and cyber-attacks. Purpose The primary purpose of the Disaster Recovery Plan is to restore the functionality of the Health Network, Inc after the disaster. This DRP helps the organization to sustain the business operations even during the disaster and successfully recovers the system from the disaster.
The scope of this DRP is for all the hardware, software, data, and connectivity devices used in the Health Network, Inc. Disaster Declaration The Business Continuity Plan is executed before the DRP. That is, usually, the DRP is exercised only 48 hours before the disaster as there are chances that the disaster might change direction or become weaker.
During the DRP execution, several communications are established. They are as follows Recall – all the people who are responsible for activating the DRP plan are identified and notified through a phone tree. Users – all the users who use the service provided by the organization must be notified about the unavailability of service due to the disaster. Customers – the customers must be notified about the disruption that is going to affect the service, and they would appreciate it. A communication plan should also be included. That is, the organization should include e-mail, instant messaging, cell-phones, and walkie-talkies to communicate.
This Emergency response is for a sudden disaster like fire and earthquake without warning. This response includes steps like recall and notifying the personnel, Damage assessment, plan activities, and implementation of the procedures. The first and foremost activity of a DRP is to ensure the safety of the people.
After the activation of DRP and evaluating the damages, the recovery procedure begins. The recovery concentrates more on restoring the critical IT capability and repair damage. The restoration happens either in an alternate location or in the original location.
The recovery step usually includes steps to buildup the business from scratch that include the installation of OS and all application. The procedure has defined steps to recover the data as well. Capturing the image of the server hosting it can be helpful to restore the server after the crash. The time of restoring the server from the image is quicker than reinstalling everything. These steps should be clearly and easily mentioned in the plan so that even a junior technician can implement the plan in case of an emergency.
The backup plan for Health Network, Inc is based on the BCP discussed previously. That is, since the office in Arlington is the primary location for business units, such as Finance, Legal, and Customer Support, and is prone to winter storms, the following backup plans can be adapted.
- Storing the financial and customer data regularly in an offsite location and recovering them after the disaster.
- The data can also be backed up in cloud storage and can be accessed by the office in another location.
Testing of DRP Testing the DRP ensures the Health Network, Inc, that the plan will be executed as expected. There are three methods to test the DRP, and they are as follows Desktop exercise- all the DRP personnel, will participate in a meeting in a conference room and discuss the steps involved in the plan. Simulation – the plan is imitated in a controlled manner and checked. Even a portion of the plan can be tested in this simulation environment. Full-blown DRP Test – a mock drill will be conducted as if the disaster as occurred, and the plan is tested in real-time. The actual requirements for a proper DRP can be determined through this method of testing.
Maintenance and Update
The readiness of the DRP can be checked by reviewing it regularly and updating the plan. The Change management plan should be included in the DRP to ensure the proper functionality of the system before the change is implemented. All the changes need to be documented, as this can help the organization to review the changes in the future.