Finsys ERP Software Solutions - ProfileLearn More About Finsys ERP, CRM and E-Commerce Accounting Software SolutionsFinsys Software Solutions - Imagine Business without the day to day stress...
Finsys ERP Software

Disaster Recovery : "Data ?"

Disaster recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster.

When Finsys gives you all information at your fingertips. It is also imperative for you to take care of Finsys Data security.

But I do remember a case, where the computer server was "Formatted" by Computer AMC person, and the data backup taken by the client was in the same hard disk.  ((( a big blunder .. since after that formating, that so called backup was also lost... almost permanendly ))) This is a true story from Sector25, Faridabad.

Another bad story is a case of Fire at a client of ours.

And one more is about a Theft at a Sector-59 Factory of a client , where the thief took away Fax machines, photocopier, computers, and other costly office equipment. And sadly the data backup was only inside those computers.  

So, You must know that Finsys Team is there to help you, but Data is something Privy to your company and you and only you can protect is diligently and properly.

 Finsys Team's Suggested Thoughts about the “Backup systems”     ===> at the bottom of this page

Introduction

Classification of Disasters ( for a "Business" entity )

Disaster can be classified in two broad categories. Viz, 1) Natural disasters—Preventing a natural disaster is very difficult, but it is possible to take precautions to avoid losses. These disasters include flood, fire, earthquake, hurricane, etc 2) Man made disasters—These disasters are major reasons for failure. Human error and intervention may be intentional or unintentional which can cause massive failures such as loss of communication and utility. These disasters include accidents, walkouts, sabotage, burglary, virus, intrusion, etc.

General steps to follow while creating BCP/DRP

  1. Identify the scope and boundaries of business continuity plan. First step enables us to define scope of BCP. It provides an idea for limitations and boundaries of plan. It also includes audit and risk analysis reports for institution’s assets.
  2. Conduct a business impact analysis (BIA). Business impact analysis is the study and assessment of effects to the organization in the event of the loss or degradation of business/mission functions resulting from a destructive event. Such loss may be financial, or less tangible but nevertheless essential (e.g. human resources, shareholder liaison)
  3. Sell the concept of BCP to upper management and obtain organizational and financial commitment. Convincing senior management to approve BCP/DRP is key task. It is very important for security professionals to get approval for plan from upper management to bring it to effect.
  4. Each department will need to understand its role in plan and support to maintain it. In case of disaster, each department has to be prepared for the action. To recover and to protect the critical functions, each department has to understand the plan and follow it accordingly. It is also important for each department to help in the creation and maintenance of its portion of the plan.
  5. The BCP project team must implement the plan. After approval from upper management plan should be maintained and implemented. Implementation team should follow the guidelines procedures in plan.
  6. NIST tool set can be used for doing BCP. National Institute of Standards and Technologies has published tools which can help in creating BCP.

With the increasing importance of information technology for the continuation of business critical functions, combined with a transition to an around-the-clock economy, the importance of protecting an organization's data and IT infrastructure in the event of a disruptive situation has become an increasing and more visible business priority in recent years.

It is estimated that most large companies spend between 2% and 4% of their IT budget on disaster recovery planning, with the aim of avoiding larger losses in the event that the business cannot continue to function due to loss of IT infrastructure and data. Of companies that had a major loss of business data, 43% never reopen, 51% close within two years, and only 6% will survive long-term. This results in a majority of failed businesses.

Control measures in recovery plan

Control measures are steps or mechanisms that can reduce or eliminate computer security threats. Different types of measures can be included in BCP/DRP. Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking) and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity. This article focuses on disaster recovery planning as related to IT infrastructure. Types of measures:

  1. Preventive measures - These controls are aimed at preventing an event from occurring.
  2. Detective measures - These controls are aimed at detecting or discovering unwanted events.
  3. Corrective measures - These controls are aimed at correcting or restoring the system after disaster or event.

These controls should be always documented and tested regularly.

Strategies

Prior to selecting a disaster recovery strategy, a disaster recovery planner should refer to their organization's business continuity plan which should indicate the key metrics of recovery point objective (RPO) and recovery time objective (RTO) for various business processes (such as the process to run payroll, generate an order, etc). The metrics specified for the business processes must then be mapped to the underlying IT systems and infrastructure that support those processes.

Once the RTO and RPO metrics have been mapped to IT infrastructure, the DR planner can determine the most suitable recovery strategy for each system. An important note here however is that the business ultimately sets the IT budget and therefore the RTO and RPO metrics need to fit with the available budget. While most business unit heads would like zero data loss and zero time loss, the cost associated with that level of protection may make the desired high availability solutions impractical.

The following is a list of the most common strategies for data protection.

  • Backups made to tape and sent off-site at regular intervals (preferably daily)
  • Backups made to disk on-site and automatically copied to off-site disk, or made directly to off-site disk
  • Replication of data to an off-site location, which overcomes the need to restore the data (only the systems then need to be restored or synced). This generally makes use of storage area network (SAN) technology
  • High availability systems which keep both the data and system replicated off-site, enabling continuous access to systems and data

In many cases, an organization may elect to use an outsourced disaster recovery provider to provide a stand-by site and systems rather than using their own remote facilities.

In addition to preparing for the need to recover systems, organizations must also implement precautionary measures with an objective of preventing a disaster in the first place. These may include some of the following:

  • Local mirrors of systems and/or data and use of disk protection technology such as RAID
  • Surge protectors — to minimize the effect of power surges on delicate electronic equipment
  • Uninterruptible power supply (UPS) and/or backup generator to keep systems going in the event of a power failure
  • Fire preventions — alarms, fire extinguishers
  • Anti-virus software and other security measures

See the following links for further information

You may refer to the following References

  • ISO/IEC 27001:2005 (formerly BS 7799-2:2002) Information Security Management System
  • ISO/IEC 27002:2005 (remunerated ISO17999:2005) Information Security Management - Code of Practice
  • ISO/IEC 22399:2007 Guideline for incident preparedness and operational continuity management
  • ISO/IEC 24762:2008 Guidelines for information and communications technology disaster recovery services
  • IWA 5:2006 Emergency Preparedness—British Standards Institution --
  • BS 25999-1:2006 Business Continuity Management Part 1: Code of practice
  • BS 25999-2:2007 Business Continuity Management Part 2: Specification
  • BS 25777:2008 Information and communications technology continuity management - Code of practice—Others --
  • "A Guide to Business Continuity Planning" by James C. Barnes
  • "Business Continuity Planning", A Step-by-Step Guide with Planning Forms on CDROM by Kenneth L Fulmer
  • "Disaster Survival Planning: A Practical Guide for Businesses" by Judy Bell
  • ICE Data Management (In Case of Emergency) made simple - by MyriadOptima.com
  • Harney, J.(2004). Business continuity and disaster recovery: Back up or shut down.
  • AIIM E-Doc Magazine, 18(4), 42-48.
  • Dimattia, S. (November 15, 2001).Planning for Continuity. Library Journal,32-34.

Finsys Team's Suggested Thoughts about the “Backup systems”  

Recommended systems  
Option 1

Make a CD and send it to the other location daily , by normal intra company Dak

                      
This other location can be your other factory , or your Head office , or even  MD's Residence.
Further, you may make a DVD instead of a CD.  
Also remember the CD must be stored / sent is a blister packing sheet ( polythene with small bubble like 
air sacks, called "blisters" .  This protects the CD from the outside pressure/ scratches etc
Option 2

Send to some e-mail box in 

USA

 server daily					

 

  Gmail, Google, Yahoo

Option 3

Use  FTP, and upload to your server ( webspace ) daily 

 Indiatimes, Yahoo

Option 4

Tape drive.

with offsite shipment

 

 

Option 5

Auto backup, and upload via FTP / on internet ( pay for this, and get it )

 

 

Just as a disaster is an event that makes the continuation of normal functions impossible, a disaster recovery plan consists of the precautions taken so that the effects of a disaster will be minimized, and the organization will be able to either maintain or quickly resume mission-critical functions.

Typically, disaster recovery planning involves an analysis of business processes and continuity needs; it may also include a significant focus on disaster prevention.

The Disaster Recovery Planning Template (DRP) can be used for any sized enterprise.  

The template and supporting material have been updated to be Sarbanes-Oxley compliant.  The complete package includes:

  • Disaster Recovery Plan Template
  • Business and IT Impact Analysis Questionnaire
  • Work Plan

click this icon to access the propreitory information by Janco Associates, Inc, USA. You may order for templates online from their site.