Week 4: Disaster recovery/business continuity plans, part 2 --- Hardware

In part 2 of this series, Shelley Bard outlines the hardware aspect of disaster recovery.

When
Probably twice a year is sufficient -- when very cold or harsh weather is imminent and when very hot or stormy conditions are on the horizon.

Why A contingency plan identifies the activities, resources and procedures needed to carry on your systems' processing

requirements during prolonged interruptions to normal operations. When outside elements affect operations, you need a mechanism that enables you to shut down, secure the equipment and grab what you need to continue operations elsewhere. It's important to remember that alternate power sources aren't for continuing operations as normal -- they allow you to transition to your hot/warm/cold backup site. Also note that if systems are switching to backup power regularly, this could indicate a problem, such as the local circuit grid not being able to carry all of your power requirements under certain conditions. You'll need to diagnose the problem then decide how to solve it.

Strategy
Your backup power source should sustain your operations long enough to shut down all equipment in a known secure state. If your building or site loses power, does your backup power source give you the necessary amount of time? Work with the building manager or local authorities to simulate a power outage. Follow your contingency plan, verifying the plan works, the appropriate people are notified and you have the wherewithal to continue operations. If you don't have the ability to continue operations with your present equipment, determine which systems are critical and your maximum acceptable downtime. You may also want to get your organization's legal counsel to review your company's business operations insurance to ensure the organization is protected.

More information
Most U.S. government organizations have comprehensive contingency plans -- using it as a template is a place to start. Web sites with good contingency plans or templates include NIST's Contingency Plan Guide SP 800-34 for IT-related issues and FEMA's U.S. Government Interagency Domestic Terrorism Concept of Operations Plan, which explains the Government's procedures in a national disaster. Several professional organizations may help too: http://www.drii.org and http://www.thebci.org.

Last week: Restore a back-up tape and recover usable data
Next week: Licensing and seat management

About the author
Shelley Bard, CISSP, is a senior security network engineer with Verizon Federal Network Systems (FNS). An infosecurity professional for 17 years, Bard has briefed and written infosecurity assessments and technical reports for the White House and Department of Defense, special interest groups, industry and academia. Please e-mail any comments to securityplanner@infosecuritymag.com.

Opinions expressed in this column are those of Shelley Bard and don't necessarily reflect those of Verizon FNS.

This was first published in January 2004

Dig deeper on Information Security Incident Response-Detection and Analysis

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close