7.12/7.13 Test disaster recovery plan (DRP)/Participate in Business Continuity (BC) planning and exercises Flashcards
Domain 7 (18 cards)
is the simplest and least disruptive of the disaster recovery exercises in
which you distribute copies of the disaster recovery plan to the members of the disaster recovery
team. It will often involve team members reviewing the disaster recovery
plan on their own and responding with any questions or feedback. This exercise will ensure the team members are familiar with their responsibilities at a high
level. The simple act of distributing the disaster recovery plan will also identify any roles that
need to be filled due to personnel role changes or departures.
read-through
members of the disaster recovery team (and sometimes key stakeholders)
gather in a large conference room and role-play a disaster scenario. It will definitely include IT staff, as well as those responsible for the communication plan. The team members
refer to the document and discuss the appropriate responses to that particular type of disaster.
Usually, the exact scenario is known only to the test moderator, who presents the details
to the team at the meeting.
The exercise ensures team members know what their responsibilities are in the event of a
disaster and how to carry out the duties assigned to them.
tabletop
will often vary in its scope and objectives from one iteration to the next. It will often include participants taking at least some physical action or at least
more deeply evaluating the impact of certain events and responses in a given scenario.
For example, users may be tasked with working remotely for a short time to verify work-fromhome
(WFH) resources are adequate to keep the business running
Walkthrough
these can involve physically activating
alternate locations, recovering partial data, and identifying bottlenecks in planned response
actions. Similar to a walkthrough, except some response measures are then tested on
non-critical functions
Simulation
involves relocating personnel to the alternate recovery site and implementing
site activation procedures. The employees relocated to the site perform their disaster recovery
responsibilities just as they would for an actual disaster. The systems they work with to test
will be backup systems running in parallel to production systems.
Parallel
similar to the parallel tests, but involves actually shutting down
operations at the primary site and shifting them to the recovery site. This is the end-to-end
test that fully exercises and evaluates the efficacy of the disaster recovery plan. Not only does this verify the plan works as designed, but will help to identify gaps or other problems in the
plan.
Full interruption
is the overarching framework for identifying
an organization’s risk of operational disruption and developing strategies to mitigate
those risks. It ensures that critical business functions can continue during and after a
disruption.
Business Continuity Management (BCM)
It involves creating a
plan that outlines how a business will continue operating during and after a significant
disruption. This plan includes strategies for maintaining operations, recovering data, and
resuming full function.
Business Continuity Planning (BCP)
focuses specifically on restoring IT infrastructure
and data after a disaster. It’s about getting the technology back up and running, which is
important for many business-critical operations.
Disaster Recovery Planning (DRP)
- Project scope and planning
- Business impact analysis
- Continuity planning
- Approval and implementation
four phases of business continuity planning
is the plan for continuing to do business until the IT infrastructure can be restored. It outlines how an organization will maintain essential functions and operations during and immediately following a disruption. It focuses on the
short-term recovery period, typically up to a few weeks, and outlines strategies for
essential functions.
continuity of operations plan (COOP)
As with any project, it begins with Defining scope, identifying stakeholders, as well as strategies
and timelines for planning and communication.
* Key Activities:
– Define the scope of the BCP project, including objectives, goals, and boundaries.
– Identify stakeholders and establish a project team.
– Develop a project plan, including timelines, resources, and communication strategies.
* Disaster Recovery Planning: This phase sets the foundation for DRP by defining the
scope and objectives of disaster recovery efforts.
Project Scope and Planning (phase 1 in BCP)
puts a finer point on requirements for the BCP and DRP, especially when quantitative
analysis is used.
* Key Activities:
– Identify critical business functions and processes.
– Assess the potential impact of disruptions on these functions.
– Determine recovery time objectives (RTO) and recovery point objectives (RPO).
Business Impact Analysis (BIA) (phase 2 in BCP)
Maximum acceptable amount of data loss measured in time.
Recovery Point Objective (RPO)
Maximum acceptable time to restore a function
after a disruption.
Recovery Time Objective (RTO)
Maximum period a service can be down without causing unacceptable damage.
Max Tolerable Downtime (MTD)
Key Activities:
– Develop recovery strategies for critical functions.
– Identify alternative work arrangements, communication methods, and resource
allocation.
– Create a COOP and DRP.
– Develop a plan for testing and training.
* Disaster Recovery Planning: This phase is where the DRP is developed in detail, outlining
specific procedures for restoring IT systems and data.
* Development, Testing, and Implementation: These activities are part of the continuity
planning phase, ensuring that the DRP is developed, tested, and implemented effectively
Continuity Planning (Phase 3 in BCP)
In this phase, the team will get plan approval from The organization’s senior leadership and
proceed with implementation.
* Key Activities:
– Obtain approval from senior management.
– Implement the BCP and DRP.
– Conduct regular testing and updates.
– Maintain documentation and communication.
– Disaster Recovery Planning: This phase involves finalizing the DRP and ensuring its
implementation.
Approval and Implementation (Phase 4 in BCP)
