Disaster Recovery Plan is to ensure thecontinuation of vital business processes in theevent that a disaster occurs. This plan will providean effective solution that can be used to recover allvital business processes within the required timeframe using vital records that are stored off-site.This Plan will provide procedures to handleemergency situations. These plans can be utilizedindividually but are designed to support oneanother. The first plan is the Crisis ManagementPlan. This plan allows the ability to handle high-level coordination activities surrounding any crisissituation. We will also discuss the development,maintenance and testing of the Disaster RecoveryPlan. Disasters can occur in varying degrees. So,this Plan has considered this issue andincorporates management procedures as well astechnical procedures to insure provable recoverycapability. The next key issue to be stronglyconsidered within the strategy for disasterrecovery is a recovery strategy for alternateprocessing. This plan identifies discusses the Hot-Site and the alternatives if the primary location isnot available to provide Disaster Recoveryservices for the various system environments. Thefinal issue to be addressed within the DisasterRecovery Strategy is to insure that everyreasonable measure has been taken to identify andmitigate potential risks that exist within theprocessing environment.Selecting the DR TeamThe team that trains to recover the organization.Planning to plan is the successful beginning to aproper disaster recovery. proper identification ofteam members and providing those team membersa chance to develop working relationships, theresources to communicate, and the properinfrastructure and support of management Teammember, responsibilities and authorities need to beclearly defined. Team members must be notifiedof their duties, attend meetings and remain up-to-date regarding company policies. With all theseelements brought together it is time to plan andtest the disaster recovery for the business.Bringing in key employees from other functionalareas is required if you expect the riskmanagement process to be successful. Consideremployees from the following groups:? Information system security? IT and operations management? System and network administration? Internal audit? Physical security? Business process and information owners? Human resources? Legal? Physical safetyAssessing risks and impacts: A risk assessment is the process of identifying andprioritizing risks to the business. The results ofthis assessment are then used to prioritize risks toestablish a most-to- least-critical importanceranking. The assessment is crucial. Without anassessment, it is impossible to design goodsecurity policies and procedures that will defendyour company’s critical assets. Risk assessmentrequires individuals to take charge of the risk-management process. These can be either seniormanagement or lower-level employees. If seniormanagement is driving the process, it’s consideredtop-down security, which is the preferred method.Management knows the goals and objectives ofthe company and their responsibilities.Management can also set the tone and direction ofthe security program and can define what is mostcritical.Bottom-up security refers to a process by whichlower-ranking individuals or groups of individualsattempt to implement better security-managementpractices without the active support of seniormanagement. Bottom-up security places theseindividuals in a situation that’s unlikely to besuccessful. Without support from seniormanagement, employees typically don’t see riskmanagement and good security practices as beingthat important. Even if these individuals cansuccessfully determine risks and suggest goodcontrols, they’ll have a hard time procuring theneeded funds for implementation.Prioritizing system and functions for recovery:1. Identify all assets and functions in theorganization.2. Prioritize disaster recovery efforts basedon assets and functions.3. Differentiate between tier 1, tier 2, andtier 3 recovery targets to prioritize systemsthat must be recovered in the event of adisaster.4. Determine dependencies betweendifferent data, functions, and assets.5. Distinguish between an inconvenientsituation and a true disaster using disasterdeclaration threshold criteria.Prioritization of critical functions and processesrequires the DR team to evaluate the requirementsof the organization. These requirements are metthrough the successful completion of criticalfunctions and processes. Internal and externalfactors contribute to establishing the critical natureof processes and functions, including the timeframe that an organization can continue to operatewithout them operating normally. At some point,referred to as a disaster threshold, the loss ofcritical functions and processes creates a situationthat impairs the organization’s ability to meetthese requirements. This inability to conductbusiness under normal operating conditions is thetime to declare a disaster. The loss of criticalfunctions or processes may have secondaryfunctions and processes that, under normalconditions, are less critical to the operation of theorganization. However, during a disaster, thesesecondary items may exacerbate an already badsituation.The restoration of the critical business processesand functions requires key personnel to establish,test, and verify that the disaster recovery issuccessful. These individuals participate in theidentification of the dependencies and interactionsbetween the critical processes and functions andassist the DR team in the analysis of the potentialimpact on business due to a disaster. Data security solution can be implemented easilyin few minutes and data recovery can be done withsimple steps. Technology recovery strategies mustbe developed to restore software, hardware,applications and data in time to meet the needs ofthe business recovery.Identify Data storage and recovery sites:Many businesses create an image backup ofcritical systems, and then do so again wheneverthey make changes to the operating system orapplications running on that system. Businesseslarge and small create and manage large volumesof electronic information or data. Some data isvital to the survival and continued operation of thebusiness.Now understand the critical steps in assessing asystem to help best address any vulnerability inthe system. It is also imperative that the personconducting the security audit document thespecific steps taken as well as any flaws found,and what corrective actions were taken. Let’s outline the steps needed for your disasterrecovery plan: While you may not formulate aplan for every threat your business couldpotentially face from day one, you could start byaddressing those with the highest level ofrisk/impact to your business as a starting point.This could happen because of a natural disaster, oras a result of technological failure or humanfactors such as sabotage or terrorism. With oursimple and cost-effective solutions you areprepared for everything from an employee whoaccidentally deletes an important file off theserver, to a flood disaster that destroys your servercompletely. I just know too many business ownerswho had to shut their doors after some disaster orother destroyed befell their company. The routeshould be clearly signposted in common areaswhere both staff and clients can observe it. Startcreating your basic business disaster recovery plantoday: When it comes to disaster recovery, thecloud is one of the most valuable tools you canhave. Talk to your local cloud IT professionalsabout your options for the cloud.Developing plans and proceduresDevelop a plan and procedures for notifyingessential personnel when a disaster occurs or isimminent. The plan must describe the methodsuses to notify personnel during business and non-business hours. Prompt notification can reduce thedisaster’s effects on the information systembecause we will have time to take mitigatingactions. The ability of a company is to recoverfrom a catastrophe and to get the company back tobusiness as usual. An integral part of a businesscontinuity plan, a disaster recovery plan details thesteps necessary to simply recover the businesssufficiently to get operations restarted. We mustaddress the following areas:• Cause of the outage or interruption,• Damage to the information system or data,• Potential for additional disruption or damage,• Physical infrastructure status,• Information system inventory and functionalstatus,• Requirements for repair or replacement, and• Estimated time to recover or restore.Procedures for special circumstancesDisaster recovery and business continuityplanning (BCP) are activities that allorganizations, regardless of their size andcomplexity, should undertake. The ability of acompany to remain profitable and viable throughemergency situations is critical. To this end, weare looking at disaster recovery.What kinds of disasters are relevant? Although wemight think that only great disasters are those fromwhich we would have to recover, it is often thesmall insidious disasters that cause the most havocand damage to an organization.The importance of any given threat to anorganization has to be determined by thoseconnected to the organization, and the long-reaching effects also have to be determined.There are many stakeholders in a disastersituation, and each is impacted in a different wayand to a different extent. Many of thesestakeholders are not people you wouldimmediately consider to be directly connected tothe company or directly affected by the disaster.Disaster recovery plans are important in order todetermine how an organization will react in theface of a disaster and how that organization willrecover its ability to do work and perform itsfunctions following the disaster situation. Testing the disaster recovery plan:Disaster recovery has become tougher due to ever-changing virtual environments. Ensure disasterrecovery plan testing runs smoothly with the helpof DR monitoring tools. We’ve written disasterplan and distributed it to our staff. We’ve includedall the points required for a decent plan:1. Develop a simple checklist and walk through itto make sure that every item is in place. 2. Do a simple group reading of your plan,making sure everyone is aware of allelements. 3. Find out what systems you can recoversuccessfully, according to your written plan.4. There are two main ways to test backup andrestore. The first one involves doing randomdata item restores such as restoring a few filesfrom selected file folders. This tests theintegrity of your backup media.