Professional Documents
Culture Documents
L-5 Module - 2 Prepare Desister Recovery and Contingency Plan
L-5 Module - 2 Prepare Desister Recovery and Contingency Plan
L-5 Module - 2 Prepare Desister Recovery and Contingency Plan
SERVICING MANAGEMENT
Level V
LEARNING GUIDE # 2
Unit of Competence: Prepare Disaster Recovery and Contingency Plan
Module Title : Preparing Disaster Recovery and
Contingency Plan
TTLM Code : ICT ITM5 02 1115
1. Introduction
What is Disaster?
A disaster is a serious disruption, occurring over a relatively short time, of the functioning of a
community or a society involving widespread human, material, economic or environmental loss and
impacts, which exceeds the ability of the affected community or society to cope using its own resources.
A disaster can be caused by man or nature and results in <<Organization Name>>’s IT department not
being able to perform all or some of their regular roles and responsibilities for a period of time.
Organizations prepare for everything from natural disasters to cyber-attacks with disaster recovery plans
that detail a process to resume mission-critical functions quickly and without major losses in revenues or
business operations.
In contemporary academia, disasters are seen as the consequence of inappropriately managed risk. These
risks are the product of a combination of both hazards and vulnerability. Hazards that strike in areas with low
vulnerability will never become disasters, as in the case of uninhabited regions
In the IT space, disaster recovery focuses on the IT systems that help support critical business functions. The
term “business continuity” is often associated with disaster recovery, but the two terms aren’t completely
interchangeable. Disaster recovery is a part of business continuity, which focuses more on keeping all
aspects of a business running despite the disaster. Because IT systems these days are so critical to the success
of the business, disaster recovery is a main pillar in the business continuity process.
Network Infrastructure
Servers Infrastructure
Telephony System
Data Storage and Backup Systems
Data Output Devices
End-user Computers
Organizational Software Systems
Database Systems
IT Documentation
A network disaster recovery plan is a set of procedures designed to prepare an organization to respond to an
interruption of network services during a natural or manmade catastrophe.
Voice, data, internet access and other network services often share the same network resources. A network
disaster recovery (DR) plan ensures that all resources and services that rely on the network are back up and
running in the event of an interruption within certain a certain specified time frame.
Such a plan usually includes procedures for recovering an organization's local area networks (LANs), wide
area networks (WANs) and wireless networks. It may cover network applications and services, servers,
computers and other devices, along with the data at issue.
Network services are critical to ensuring uninterrupted internal and external communication and data sharing
within an organization. A network infrastructure can be disrupted by any number of disasters, including fire,
flood, earthquake, hurricane, carrier issues, hardware or software malfunction or failure, human error, and
cyber security incidents and attacks.
Any interruption of network services can affect an organization's ability to access, collect or use data and
communicate with staff, partners and customers. Interruptions put business continuity (BC) and data at risk
and can result in huge customer service and public relations problems. A contingency plan for dealing with
any sort of network interruption is vital to an organization's survival.
Use business continuity standards. There are nearly two dozen BC/DR standards and they are a useful
place to start when creating a contingency plan.
Determine recovery objectives. Before starting on a plan, the organization must determine its recovery
time objective (RTO) and recovery point objective (RPO) for each key service and data type. RTO is the
time an organization has to make a function or service available following an interruption. RPO
determines the acceptable age of files that an organization can recover from its backup storage to
successfully resume operations after a network outage. RPO will vary for each type of data.
Stick to the basics. A network DR plan should reflect the complexity of the network itself and should
include only the information needed to respond to and recover from specific network-related incidents.
Test and update regularly. Once complete, a network DR plan should be tested at least twice a year and
more often if the network configuration changes. It should be reviewed regularly to ensure it reflects
changes to the network, staff, potential threats, as well as the organization's business objectives.
Stay flexible. No one approach to creating a network disaster recovery plan will work for every
organization. Check out different types of plan templates and consider whether specialized network DR
software or services might be useful.
IT Recovery Strategies
Recovery strategies should be developed for Information technology (IT) systems, applications and data.
This includes networks, servers, desktops, laptops, wireless devices, data and connectivity. Priorities for
IT recovery should be consistent with the priorities for recovery of business functions and processes that
were developed during the business impact analysis. IT resources required to support time-sensitive business
functions and processes should also be identified. The recovery time for an IT resource should match the
recovery time objective for the business function or process that depends on the IT resource.
Information technology systems require hardware, software, data and connectivity. Without one component
of the “system,” the system may not run. Therefore, recovery strategies should be developed to anticipate
the loss of one or more of the following system components:
Computer room environment (secure computer room with climate control, conditioned and
backup power supply, etc.)
Hardware (networks, servers, desktop and laptop computers, wireless devices and
peripherals)
Connectivity to a service provider (fiber, cable, wireless, etc.)
3. Security environment
3.1. Computer Network Security Basics
What is network security?
While computer systems today have some of the best security systems ever, they are more
vulnerable than ever before.
This vulnerability stems from the world-wide access to computer systems via the Internet.
Network security is preventing attackers from achieving objectives through unauthorized access or
unauthorized use of computers and networks.
Basic Security Measures
The basic security measures for computer systems fall into the following categories:
1. External security 7. Standard System attacks
2. Operational security 8. Viruses/worms and antivirus tools
3. Surveillance 9. Firewalls
4. Passwords/authentication 10. Encryption and Decryption Techniques
5. Auditing 11. Digital Signature
6. Access rights 12. Security Policy
External Security
Protection from environmental damage such as floods, earthquakes, and heat.
Physical security such as locking rooms, locking down computers, keyboards, and other devices.
Electrical protection from power surges.
Noise protection from placing computers away from devices that generate electromagnetic
interference.
Cryptography
Is the science and art of transforming messages to make them secure and immune to attacks
The original message, before being transformed, is called plaintext. After the message is
transformed, it is called cipher text.
An encryption algorithm transforms the plaintext into cipher text; a decryption algorithm
transforms the cipher text back into plaintext.
The sender uses an encryption algorithm, and the receiver uses a decryption algorithm.
A key is a number (or a set of numbers) that the cipher, as an algorithm, operates on.
To encrypt a message, we need an encryption algorithm, an encryption key, and the plaintext.
These create the cipher text.
Cryptography terminologies
Plaintext: The original message, before being transformed in cipher text.
Encryption: the process of converting an original message into a form that cannot be understood
by unauthorized individuals. To encrypt a message, we need an encryption algorithm, an
encryption key, and the plaintext.
Cipher text or cryptogram-After the message is transformed into encrypted text.
An encryption algorithm transforms the plaintext into cipher text.
A decryption algorithm transforms the cipher text back into plaintext. The sender uses an
encryption algorithm, and the receiver uses a decryption algorithm.
Cipher: It is used to refer to different categories of algorithms in cryptography.
A key or crypto variable: the information used in conjunction with the algorithm to create the
cipher text from the plaintext. it can be a series of bits used in a mathematical algorithm or the
knowledge of how to manipulate the plaintext
Key space: the entire range of values that can possibly be used to construct an individual key
Cryptosystems: The combination of algorithm, key and key management functions used to
perform cryptographic operations.
Steganography: The process of hiding messages, usually within graphic images
Asymmetric-Key Cryptography
In asymmetric or public-key cryptography, there are two keys: a private key and a public key. The
private key is kept by the receiver. The public key is announced to the public.
In public-key encryption/decryption, the public key that is used for encryption is different from the
private key that is used for decryption. The public key is available to the public; the private key is
available only to an individual.
Solution
The cipher is probably monoalphabetic because both occurrences of L’s are encrypted as O’s.
Example 2
The following shows a plaintext and its corresponding ciphertext. Is the cipher monoalphabetic?
Example: Encrypt the message “HELLO MY DEAR,” using the key shown in Figure above
Solution
We first remove the spaces in the message. We then divide the text into blocks of four characters. We add a
bogus character Z at the end of the third block. The result is HELL OMYD EARZ. We create a three-block
cipher text ELHLMDOYAZER.
Data Encryption Standard (DES)
One example of a complex block cipher is the Data Encryption Standard (DES). DES was designed
by IBM and adopted by the U.S. government as the standard encryption method for nonmilitary and
no classified use.
The algorithm encrypts a 64-bit plaintext block using a 64-bit key
Software Constantly Frequently A few times a day A few times a week Rarely
Use this form to identify the software that is most frequently used. Frequency may or may not indicate the
software is critical. For example, many users may use a word processor every day but this may not be critical
to the organization. Further analysis is required.
Form 2: Reviewing data used or created by the system
System Name: ____________________________
Q.2 what types of data activity do you carry out with each system and where does the source data originate?
Show as a percentage of total time.
System Name:
Update Create Create Create own Create own
corporate own data shared temporary longer-term
data files files documents documents documents
From source
documents
From other data
files
From irrecoverable
sources such as
telephone calls
Developed at the
workstation such as
report writing
Other – specify
Update corporate Create own data files Create shared Create own Create own
data files documents temporary longer term
documents documents
10%
source
(eg software
program—not critical
documents
because source
documents are
From
stored on server—
data files
Note how most of the data files for the email system are developed and created at the workstation. The loss
of these files has a high impact on the individual but not on the business as a whole.
The following tables describe the significance of the loss of source files in relation to the purpose for which
they are used.
Update corporate data files Important data used by many and may be critical.
Create own data files May be critical data but restricted impact and short life
Create shared documents May be critical data but restricted impact
Create own temporary documents Unlikely to be critical
Create own longer term documents May be critical data but restricted impact, may be required again
Details
Complete this form for each system. It helps identify what equipment is needed to run each
system.
Form 4: Analyzing Critical Areas
System Name: _____________________________________________
For each software application used, what would be the impact on the organisation if you could not access the
data for more than one day, between 1 and 8 hours, and less than 1 hour?
Q.4d Estimate the maximum amount of time you could operate without access to the system? Why?
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
Q.4f Are there any applications or data that you believe must be continuously available? Why?
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
Complete this form to identify the impact of system failure in a number of different areas. The answers ’very
costly’, ’serious’ and ’little or no effect’ quantify the size of the financial loss and thus the magnitude of the
impact on the business.
The form should be completed for different time periods to show what the impact of system failure would be
in minutes and hours for time-sensitive critical systems and hours and days for others.
The following table describes the critical areas in Form 4.
Area Issue
Impact on cash flow Businesses must be able to pay their debts and to obtain income. Is the system
critical to the cash flow?
Impact on profitability If sales are lost or expenses incurred then it begins to bite into the ’bottom line’.
Impact on customer or Customers may put up with delayed shipment of goods once but next time they
supplier relations may go elsewhere.
Impact on legal Are there contracts or statutory obligations that may incur penalties if missed?
requirements
Impact on staff or If systems are regularly down or inaccurate, staff may be harassed by customers
morale or have to undertake extra work to sort out problems.
Note that all these areas can eventually have an impact on profit so the user should identify the
primary area of impact.
Ranking of critical systems
Having identified one or more critical systems, these need to be ranked in order of importance and impact
on the organization. It is unlikely that you will have the time to implement DRP procedures for all systems
so you should initially concentrate on the most important.
A clothing retail organization, Urban Wear, intends to develop a website to manage orders and payments for
its products. It will display a picture of each product, its price and availability. Customers will be able to
order and pay for the goods online. The organization believes that this will extend its sales to other countries
and allow 24-hour selling.
What factors would need to be considered in determining whether this new system will be critical to the
business and what the impact might be if it fails?
Write at least 4 questions you need to consider.
Questions include:
What volume of sales is the new system expected to generate, especially compared to traditional
sales?
o (The higher the percentage of overall sales it generates, the more critical the system
will be.)
How will the new system impact traditional sales?
o Will customers prefer to use the website rather than visit a store?
o How will this affect the profitability of the stores?
o If it reduces their profitability, what will happen to the stores?
What are the implications of 24-hour access?
o Will deliveries be made 24 hours a day?
o Can the organization’s current distribution resources cope with overseas orders?
o Does the organization have the skills to maintain a 24-hour website? What extra
ongoing support will be required?
Are the goods of a type that may attract hackers or terrorists to the site in an attempt to attack it?
What sensitive information, such as customer credit card details, may be on the site?
Activity 2 – analyzing critical areas
You have been given the following form for the Urban Wear e-commerce site. Most of the data will
be input online via the Internet.
Developed at the
workstation such as
report writing
Other—specify
1. A disaster recovery plan is an action plan that charts the procedure for recovering:
A. every business function
B. information systems
C. critical business functions
D. computer hardware
2. What is the purpose of using the critical systems/data assessment form analyzing critical areas:
A. It defines how long critical business systems could cope with a disaster
B. It defines what software is needed by each critical system
C. It ranks the critical systems in terms of importance
D. It provides details of business process and procedures
3. To determine which critical system is the most important you must consider the impact on:
A. staff morale
B. customer satisfaction
C. cash flow
D. the information system
5. When considering critical systems and data it is important to collect information about how the
system uses:
A. Software and data
B. Hardware and network
C. Facilities
D. A, b and c
E. A and b only
F. A only
G. None of the above
Having identified the organization’s critical systems, it is important to consider possible threats to the
system. A risk analysis will help determine these.
Risk analysis steps
Risk analysis is an analytical process undertaken to evaluate system assets and examine their susceptibility to
threats. Through this process we evaluate the possible commercial losses that may result from the loss of
these assets.
External threats
External threats can include:
Theft of data and loss of confidential information especially customer
details* transmitted over the Internet or wide area network connection.
breakdowns of Internet or wide area network connection or failure of
critical systems hardware
Fire or earthquake which renders the system inaccessible.
Flooding which renders the system inaccessible. Water from sprinklers or
sewer lines can cause flooding of offices.
Hackers corrupt or steal data*. A discontented customer or ex-employee may
decide to post customers’ credit card details to the Internet.
Power problems make the system inaccessible. Power spikes or outages can
disrupt critical systems.
‘Buggy’ software from a package vendor may cause errors in data or delays.
The more serious external threats are likely to have an impact on the hardware and networks on which the
system run.
Threat Category
Incorrect information such as wrong prices so customers pay too little* Internal
There are two main strategies for dealing with risk (apart from ignoring it in the hope it will go away):
prevent or recover. Both options have the objective of minimizing the impact of the risk event.
Prevention
With prevention you attempt to decrease the probability (maybe even to 0) of the event occurring or causing
damage. Many events can never be totally eliminated but their impact may be minimized.
For example, an extensive sprinkler system will ensure that any outbreak of fire does minimal damage. It is
almost impossible to totally prevent a fire from occurring in the first place but this is still considered a
preventative action. This type of activity may also be termed risk minimization.
Recovery
Recovery procedures are put in place to ensure that the system can be quickly restored after the event occurs.
For example, the use of a hot-site (one that has a computer system already set up and ready to use) allows for
speedy recovery after a fire has gutted the building. This process may also be termed a contingency. In fact
DRP is sometimes referred to as contingency planning.
Recovery and prevention options
The recovery or prevention option chosen will vary depending upon the threat being analysed. Some of the
more common options are listed in the following table.
As you can see, there are many options available to prevent risk from occurring. Some of these are based on
policies or standards and may involve no additional cost. However, some options, such as a hot site, can be
very expensive.
When deciding which options to adopt, you need to weigh the possible cost of the risk event against the cost
of the recovery or prevention option (single incident cost). A simple formula can be used to calculate how
much money to allocate to a recovery or prevention measure for the known value of an asset.
Loss= Single Incident Cost X Rate of Threat Occurrence
The loss of critical systems can cost major organizations, such as banks, large sums of money. They are
therefore willing to invest in backup sites to keep their systems running in the event of a major disaster. Their
numerous branches and offices provide locations in which they can site the backup equipment.
While a typical small business can still suffer a relatively large loss in the case of critical system failure, it
will probably not choose to create a backup site because of the high cost.
Contingency planning is developing responses in advance for various situations that might impact business.
Although negative events probably come to mind first, a good contingency plan should also address positive
events that might disrupt operations - such as a very large order.
Contingency planning is a systematic approach to identifying what can go wrong in a situation. Rather than
hoping that everything will turn out OK or that "fate will be on your side", a planner should try to identify
contingency events and be prepared with plans, strategies and approaches for avoiding, coping or even
exploiting them
The Importance of Contingency Planning
Every business has the possibility of a situation that adversely impacts operations. If the response to the
situation is poor, it might have a dramatic impact on the future of the business, such as loss of customers,
loss of data, or even the loss of the business.
A good contingency plan should include any event that might disrupt operations. Here are some specific
areas to include in the plan:
Natural disasters, such as hurricanes, fires, and earthquakes
Crises, such as threatening employees or customers, on-the-job injuries, and worksite accidents
LO3:- Test
Choose the correct answer from the given alternatives
1. What are the two main strategies when dealing with risk:
A. deterioration and prevention
B. hindrance and deterioration
C. prevention and recovery
D. prospect and possibility
2. Which of the following is a recovery option:
A. Testing
B. Encryption
C. Backup
D. access rights
3. ACME is considering a recovery option for its accounting and sales database. There is 120GB
of critical information stored on the hard disk drive. The estimated single incident cost of losing
all the information is about $400,000. Use a simple formula to calculate which of the following
recovery options is cost effective, considering the probability of losing the data is 1 in 100.
A. A mirrored site costing $450,000.
B. A tape backup system costing $15,000.
C. A tape backup system costing $7,580.
D. A tape backup system costing $3,980.
4. The outcome of a risk analysis exercise is a disaster prevention and recovery strategy report.
When considering cost benefits it is import to describe:
A. Tangible benefits.
B. Intangible benefits.
C. Tangible and intangible benefits.
D. None of the above.
5. When implementing the prevention and recovery options it is necessary to review the
organization’s policies and procedure. If changes are made to policies, procedures should be
updated to reflect these. It is important to then:
A. Test the procedure.
B. Test the procedures and document the results.
C. Implement the procedures as soon as possible.
D. Do not change company policies.
46 | P a g e
LO 4: Develop Disaster Recovery Plan to Support Strategy
4.1. Identifying resources required disaster recovery
As organizations rely more on technology and electronic data for their daily operations, the amount of data
and information technology infrastructure lost to disasters appears to be increasing. Organizations are
estimated to lose revenue and incur expenses every year due to disasters, unpreparedness, and lost
productivity. Measures must be taken to protect your organization from disasters.
One way your organization can prepare and protect itself from disasters is to create and implement a
disaster recovery plan (DRP). Organizations should create a disaster recovery plan that can address any
type of disaster. The plan should be easy to follow and understand, and be customized to meet the unique
needs of the organization. Typical elements in a disaster recovery plan include the following:
1. Create a disaster recovery team. The team will be responsible for developing, implementing, and
maintaining the DRP. A DRP should identify the team members, define each member’s responsibilities,
and provide their contact information. The DRP should also identify who should be contacted in the event
of a disaster or emergency. All employees should be informed of and understand the DRP and their
responsibility if a disaster occurs.
2. Identify and assess disaster risks. Your disaster recovery team should identify and assess the risks to
your organization. This step should include items related to natural disasters, man-made emergencies, and
technology related incidents. This will assist the team in identifying the recovery strategies and resources
required to recover from disasters within a predetermined and acceptable timeframe.
3. Determine critical applications, documents, and resources. The organization must evaluate its
business processes to determine which are critical to the operations of the organization. The plan should
focus on short-term survivability, such as generating cash flows and revenues, rather than on a long term
solution of restoring the organization’s full functioning capacity. However, the organization must recognize
that there are some processes that should not be delayed if possible. One example of a critical process is the
processing of payroll.
4. Specify backup and off-site storage procedures. These procedures should identify what to back up, by
whom, how to perform the backup, location of backup and how frequently backups should occur. All
critical applications, equipment, and documents should be backed up. Documents that you should consider
backing up are the latest financial statements, tax returns, a current list of employees and their contact
information, inventory records, customer and vendor listings. Critical supplies required for daily
operations, such as checks and purchase orders, as well as a copy of the DRP, should be stored at an off-
site location.
5. Test and maintain the DRP. Disaster recovery planning is a continual process as risks of disasters and
emergencies are always changing. It is recommended that the organization routinely test the DRP to
evaluate the procedures documented in the plan for effectiveness and appropriateness. The recovery team
should regularly update the DRP to accommodate for changes in business processes, technology, and
evolving disaster risks.
47 | P a g e
4.2. Implementing a disaster prevention and recovery strategy
Once the DPR strategy has been formally accepted by the business and approved by senior management,
it’s time to implement it. Required actions include:
changing procedures, eg virus checkers to run each time a computer is switched on
purchasing equipment to provide fault tolerance and standby
implementing additional controls to identify errors
improving backup procedures
increasing security over data and user access
Developing the disaster recovery plan.
These can be categorized as:
building or implementing in-built system contingencies
48 | P a g e
System restore Monitors and records system changes. Enables roll back to a previous point in
time
File protection Protects Windows files from being corrupted by rogue software installs
Firewall Prevents malicious attacks by worms and other viruses from the network or
Internet
Controls such as passwords and access permissions may be referred to as logical controls.
49 | P a g e
As mentioned earlier, many risk events are also security threats which are often identified during a
security audit or review. Similarly, review and investigation of the current procedures also form part of the
Disaster Recovery Planning process to ensure that they meet DRP requirements.
The review process follows the following stages:
1. Identify key DRP issues that should have been resolved by the existing processes and
procedures
2. Review and evaluate the operational policies to ensure that they meet the demands imposed by
the DRP
3. Design a series of tests to verify that procedures are in accordance with these policies
4. Carry out the testing and document the results
5. Evaluate the findings and make any recommendations for changes or approve the current
processes.
The procedural changes required will depend upon what is discovered and the DRP strategy adopted. Here
are a few examples:
Table 2: Examples of
procedural changes
Nightly backups to be Backup procedures and the process for getting backups offsite and subsequent
taken offsite retrieval will need to be described.
Software to be fully Testing procedures (defining what ‘fully tested’ means), documentation and
tested before going into test results to be maintained will need to be described.
production.
Virus checking Procedures to explain the danger of viruses, how to check for viruses on disks
and in e-mails and what to do if a virus is discovered will be required.
Only licensed software Procedures for checking the numbers of licenses that the organization has and
to be used. what to do if more are needed will be required. Penalties to be imposed if staff
disregards the policy.
A set of procedures for the disaster recovery plan itself will also be required.
Additional or changed hardware and/or software required
A DRP strategy usually requires new or updated hardware and software. Some of these requirements are
detailed in the following table:
Table 3: DRP requirements
Regular backups to tapes Tape backup unit with sufficient capacity. Tapes for the backup. Appropriate backup
50 | P a g e
software.
Fault tolerance systems, Requires similar hardware to that being duplicated. If a file server is to be duplicated,
duplicated systems a matching machine will be needed. May also require additional software licenses.
Think about the hardware and software that would be required by the home user to implement the disaster
prevention and recovery strategies identified earlier, under which:
work is saved every few minutes
files are regularly backed up
external backup devices such as tape, zip or CDs, are used
important files are stored away from the home, possibly in the office
UPS or surge protectors are used especially if in an area that suffers power problems.
telephone surge protectors are used with modems
virus checking software are always used and kept up to date
a repair disk is always created
serial numbers of all components are recorded in case of theft
a fire extinguisher is kept in the vicinity of the computer
only licensed software is used and all licenses are stored safely
passwords and/or encryption is used to protect confidential files
passwords are not stored in dial-up settings
anti-spyware software and firewalls are always used if connected to the Internet
security patches for software (operating systems and applications) are kept up to date.
The following hardware and software would be required:
Backup tape unit (or zip drive or CD writer), tapes (or zip cartridges or CDs),
appropriate backup software and hardware drivers
UPS and/or surge protectors for power and telephone
Virus-checking software
Fire extinguisher.
51 | P a g e
4.3. Identifying cut-over criteria
How do you know when to activate your disaster recovery plan? If an earthquake that destroyed the office
building the answer would be obvious. But what if a computer virus deleted all the data on one or all the
servers. Each possible incident needs to be analyzed to determine the impact of the disruption to the
business. The first step is to determine the extent of the impact to establish how long it will take for the
business systems to be restored. If this exceeds the maximum allowable downtime, then a disaster is
declared.
The Disaster Recovery Co-coordinator, with input from upper management, is responsible for deciding
when to activate the disaster recovery plan. If the co-coordinator is not available, responsibility flows down
the chain of command. This is why it is important for roles and responsibilities to be clearly defined in the
Disaster Recovery Plan. A contact list should be created and maintained containing details of all employees
with after-hours phone numbers. The organization’s internal directory listing, it can be modified
accordingly.
52 | P a g e
Here is one suggestion:
Introduction
Purpose
Scope
Authorities (what legal/contractual requirement the DRP complies with)
Record of change
Operations
Systems description and architecture (a general description of all the systems
Responsibilities (detailed outline of teams responsible for recovery operations)
Activation phase (initial actions to detect and assess damage)
Recovery phase (processes and procedures to complete recovery of each system with
nominated staff positions responsible for each task)
Details of the post-recovery review to be performed after the completion of the recovery from
any declared disaster.
53 | P a g e