Disaster Recovery Plan

POLICIES & PROCEDURES

VS-ISMS-T-DR
Version 1.0

Month dd, yyyy

 DDocument
Overview
Title Disaster Recovery Plan Version 1.0
Project Policies & Procedures Status Draft/Final/Approved
Client Type Internal
Doc # VS-ISMS-T-DR Doc Date Month dd, yyyy
Author Last Save Month dd, yyyy
Document Private
Classificatio
n
Description

Revision History
Ver # Rev Date Author Distr Date Brief Description

Distribution List

Approved By

Name Role Version

<Soni Rahman> <CEO> <1.0 (Initial base line)>
Policies & Procedures

TABLE OF CONTENTS

1. Introduction............................................................................................................................................ 3
1.1 Objectives................................................................................................................................... 3
1.2 Scope......................................................................................................................................... 3
1.3 Site Name................................................................................................................................... 3
1.4 Incident Management Team....................................................................................................... 3
1.5 Physical Security Perimeter........................................................................................................ 3

2. Resource Identification......................................................................................................................... 3
2.1 Infrastructure Setup Preview...................................................................................................... 3
2.2 Software Applications................................................................................................................. 3
2.3 Hardware Equipment.................................................................................................................. 3
2.3.1 <Department Name>.................................................................................................................. 3
2.4 Documents/ Information............................................................................................................. 3

3. Disaster Avoidance and Recovery....................................................................................................... 3

3.1 Overview.................................................................................................................................... 3
3.2 Precautionary Measures:............................................................................................................ 3
3.2.1 Backups:..................................................................................................................................... 3
3.2.2 Restore:...................................................................................................................................... 3
3.2.3 Offsite Placement:...................................................................................................................... 3
3.3 Disaster Recovery Process........................................................................................................ 3
3.3.1 Responsibility Matrix................................................................................................................... 3

Disaster Recovery Plan v 1.2 Page iii of iii

VS-ISMS-T-DR – (Internal) Draft/Final/Approved Month dd, yyyy

Policies & Procedures

1. INTRODUCTION
1.1 OBJECTIVES
The objectives of Disaster Recovery plan is to:

 Limit the magnitude of the loss

 To minimise interruption and severity of the disaster.
 Define alternatives for continuing critical services.
 Establish in advance a method for the recovery of IT operations.
 Minimise decision making during the crisis.
 Rebuild the data processing facility, if needed/necessary.

1.2 SCOPE
Scope of this document is to identify critical:

 Software/Applications
 Hardware equipment
 Documents
 Critical Machines
 Data/information

And to minimize the risk of any damage or disaster that may occur by taking necessary steps
and assign responsibilities to the individuals for carrying out these steps.

1.3 SITE NAME

<Site Address>

1.4 INCIDENT MANAGEMENT TEAM

Incident Management Teams is established to look into all incidents happening organization
wide and is responsible for investigating the cause of incident and analyzing the resolution for
all sorts of information security incidents. The incident management team constitutes of CEO,
Administration Manager, Information Security Management Representative, Finance Manager
and Network Administrator. Incident management team is responsible for assigning the
responsibilities for disaster recovery and to manage and monitor the recovery process.

Disaster Recovery Plan v 1.2 Page 4 of 10

VS-ISMS-T-DR – (Internal) Draft/Final/Approved Month dd, yyyy

Policies & Procedures

1.5 PHYSICAL SECURITY PERIMETER

At <Company Name> Systems, the physical security is deeply observed in the facility, With all
security parameters for restricting the physical access, tailgating is also restricted and
monitored.

<Company Name> System’s facilities are prone to natural hazards causing the disaster, this
include Fire, Flood and Earthquake. As per the location of processing facilities, Earthquake and
Flood can not be avoided and also has less probability of occurrence but fire has the most
probability of occurrence among these hazards so special measures are taken to avoid this risk
or to minimize its damage to the least scale in case if it happens. Physical security measures
are taken to avoid the risk of terrorist attack; following are some of the important measures
taken for physical security:

 RFID restricted access to facilities.

 Security guards.
 Lockable doors and keys.
 Installation of security Camera
 Installation of Smoke Detectors
 Installation of Intrusion Detection System
 Installation of Fire extinguishers,
 Periodic surveys of the facilities and security arrangements to find the weaknesses and to
avoid the disaster.

Above mentioned measures are monitored on quarterly basis and updated as needed.

This is the responsibility of all staff to:

 Keep areas clean and free of obstructions and fire hazards.

Infrastructure Department members are responsible to:

 Look for, and eliminate overloaded electrical circuits to avoid the possible threats of fire.

Disaster Recovery Plan v 1.2 Page 5 of 10

VS-ISMS-T-DR – (Internal) Draft/Final/Approved Month dd, yyyy

Policies & Procedures

Above all, the users are properly educated and trained on <Company Name> Systems
information security policies and procedures, the relevant problems and threats, the impact of
these threats and weaknesses.

Disaster Recovery Plan v 1.2 Page 6 of 10

VS-ISMS-T-DR – (Internal) Draft/Final/Approved Month dd, yyyy

Policies & Procedures

2. RESOURCE IDENTIFICATION
2.1 SOFTWARE APPLICATIONS
Following is a list of software applications necessary for business operations.

Software Type Software Version

Operating System <Windows> <2000>

Groupware Lotus Notes/ Lotus Domino

Servers MS Project Server

Client Server VSS

SQL

Proxy Microsoft ISA Server

Application Software

Desktop Publishing Adobe Photoshop

Coral Draw

Customised Slips

Antivirus

Device Drivers Servers

Desktop
Laptops

Disaster Recovery Plan v 1.2 Page 7 of 10

VS-ISMS-T-DR – (Internal) Draft/Final/Approved Month dd, yyyy

Policies & Procedures

2.2 HARDWARE EQUIPMENT

2.2.1 <DEPARTMENT NAME>

Following is a list of critical infrastructure machines:

Type / Purpose Hardware Details

Network Infrastructure < <name>Firewall/route/switch/hub>
Backup Drives < Machine Type: Name>
IDSL <DSL Modem>, <link capacity> DSL Link with <service
provider’s name>
CD Writer <type>
Identification Device <RFIDs>
Cables
Server <server name e.g. sky>
<Server Role/ Purpose e.g. Domain Controller/ VSS>
Workstation <Workstation Count for the whole Department>

2.3 DOCUMENTS/ INFORMATION

Following is a list of critical desktop machines:

Department Document Type/ Folder Name

<PE&A> <ISMS Policies and Procedures>
<Infrastructure> <Backup and Restore Procedures>
<BPO> <Operational Manuals>

Disaster Recovery Plan v 1.2 Page 8 of 10

VS-ISMS-T-DR – (Internal) Draft/Final/Approved Month dd, yyyy

Policies & Procedures

3. DISASTER AVOIDANCE AND RECOVERY

3.1 OVERVIEW
Risk of disaster causing damage to business activities or company repute can be minimized by
doing the following:

 Properly documenting, planning and implementing backup and restore procedures.

 Maintaining daily backup and keep it offsite.
 Restoring backup randomly to make sure that backup has been taken properly.
 Planning the business continuity.
 Planning to handle disaster.

3.2 PRECAUTIONARY MEASURES:

3.2.1 BACKUPS:

Data is the most critical component of IT Operations and it should be protected from any site
loss. Our current practice is to take back up in both tape cartridges and removable hard drives.

In consultation with all departments, the infrastructure department has developed a backup
plan; this plan is updated time to time as on need basis.

3.2.2 RESTORE:

Backup is restored on need basis or once in a month to check the data integrity and efficiency
of restoration procedure and it should be logged properly. For details refer to the Procedure
Definition Backup and Recovery.

3.2.3 OFFSITE PLACEMENT:

The backup media and one original copy of all software used for business operations should be
kept at offsite location.

3.3 DISASTER RECOVERY PROCESS

Disaster recovery and contingency measures are given in the table below:

Disaster Recovery Plan v 1.2 Page 9 of 10

VS-ISMS-T-DR – (Internal) Draft/Final/Approved Month dd, yyyy

Policies & Procedures

Event Contingency Measure

Site Loss
Objective: To return to the 100% of business operations and move
back from the contingency site to normal operations.

Purpose of this exercise is to

1. Create a temporary network (if not permanent!) on the operation
site, so that at least mailing system, BPO servers and SVN keep
operating and flow of emails should not suffer.
2. To restore a temporary network (if not permanent) so that Key
managers and important users that are working on different
important projects should not suffer.

Task to rebuild IT infrastructure:

Purpose of this part is to set guidelines in order to prepare a network
infrastructure
1. Inform Incident Management Team (IMT), refer to the Key Roles
and ISG for the contacts of IMT
2. Acquire the required server machines and other hardware
equipment (for SVN, Mail server and DC).
3. Install & configure the necessary softwares with standard
configuration (as mentioned later in this documentation).
4. Arrange the equipment to restore network.
5. Restore the latest backup, modify the configurations accordingly
6. Prepare workstations with standard installation and then add to
the domain.

Time Estimate: <Give time required and the details of tasks if the time
span is more than 8 working hours for example time for cabling,
networking, server installation, workstation preparations, etc.>

Server related
(A) Failure of the Primary Domain Controller
problems
There are two parts of disaster recovery for the <Write the primary
domain controller server name > First part describes the hardware
specifications required to perform installations and second part
describes the software installations itself.

Software Requirements:
1. <Give the Software list to be installed on server here>

Disaster Recovery Plan v 1.2 Page 10 of 10

VS-ISMS-T-DR – (Internal) Draft/Final/Approved Month dd, yyyy

Policies & Procedures

Event Contingency Measure

Existing Configuration:
1. Host name: <>
2. IP Addresses: <>
3. Operating System: <>
4. Windows service pack: <>

Rebuilding of Active Directory Server:

Following are the steps required to recover Active Directory Server.
1. <Write the steps to rebuild>

Time Estimate: <Give time required>

(B) Mail Server Recovery

Inform Incident Management Team (IMT)

Objective: To restore messaging facility for the users

Software Requirements:
1. <Give the Software list to be installed on server here>

Existing Configuration of Mail Server :

1. Host name: <>
2. IP Addresses: <>
3. Operating System: <>
4. Windows service pack: <>
5. Mail Server: <>
6. Administrator User Id: <>
7. Recipient policy: <>@<Company Name>india.com to create the
default mail address.
8. Email naming convention: Firstname.Lastname@<Company
Name>india.com
9. Organization Name: <>

Disaster Recovery Plan v 1.2 Page 11 of 10

VS-ISMS-T-DR – (Internal) Draft/Final/Approved Month dd, yyyy

Policies & Procedures

Event Contingency Measure

Recovery Steps of Mail Server:

1) <Write the steps to install the server and its relevant software>

Backup/Restore Method:

For details please refer to Procedure Definition Backup and Recovery.

Time Estimate: <Give time required>

(C) Visual Source Safe

Inform Incident Management Team (IMT)

Objective: To restore SVN facility for users

Software Requirements:
1) <Give the Software list to be installed on server>

Existing Configuration:
1) Host name: <>
2) IP Addresses: <>
3) Operating System: <>
4) Windows service pack: <>

Recovery Steps of Mail Server:

1) <Write the steps to install the server and its relevant software>

Time Estimate: <Give time required>

Component
Following components crash can lead to unavailability of respective
Problems device for long and can have major disaster to business.
1) Disk Crash
2) Power Supply failure
3) Motherboard failure

Following are the details on how to avoid disaster from such incidents.

Disaster Recovery Plan v 1.2 Page 12 of 10

VS-ISMS-T-DR – (Internal) Draft/Final/Approved Month dd, yyyy

Policies & Procedures

Event Contingency Measure

Disk crash:
Tasks:
1) Inform IMT
2) Restore entire System on backup server Or
3) Prepare a machine for the same and recover all data from
backup server on this machine.
4) Instantly place order for the faulty part.

For details of restoration from backup refer to Procedure Definition

Backup and recovery.
Time Estimate: <Give time required>

Power supply failure:

Tasks:
1) Inform IMT
2) Arrange a power supply of the same voltage and capacity or
3) Change the hard disk to a new machine of the same capacity
4) Instantly place order for the faulty part if current power supply is
not repairable.

Time Estimate: <Give time required>

Motherboard failure
Tasks:
1) Inform IMT
2) Arrange a motherboard of the same brand and model from the
office.
3) If motherboard is not available in office, shift the hard disk to a
new machine of the same capacity
4) Instantly place order for the faulty part.

Time Estimate: <Give time required>

Power Failure
Objective: To restore uninterrupted power supply for the business
facilities.

Disaster Recovery Plan v 1.2 Page 13 of 10

VS-ISMS-T-DR – (Internal) Draft/Final/Approved Month dd, yyyy

Policies & Procedures

Event Contingency Measure

Power Supply is unavailable:

Tasks:
1) Inform IMT
2) In case if main power supply is not available and the generator is
also not functioning, arrange <Write generator Capacity> on
rental/ permanent basis.

Time Estimate: <Give time required>

Electricity Wiring is completely damaged:

Tasks:
1) Inform IMT
2) Arrange the power cables.
3) Install the cables of critical business areas like server room, BPO
operations areas and infrastructure room on urgent basis.
4) Connect the power supply.

Time Estimate: <Give time required>

Communication
Objective: To restore uninterrupted communication link for business
Channel Operations.

Tasks:
1) Inform IMT
2) In case of the communication link is damaged and it is not
possible to recover it within <give number of hours after which to
execute this activity>, purchase the wireless communication link
of <give the bandwidth requirement of link> from <write the name
of service provider> and make services available within
maximum of <provide number of maximum hours within which
the service can be made available>

Time Estimate: <Give total time required>

3.3.1 RESPONSIBILITY MATRIX

3.3.1.1 <Department Name>

Disaster Recovery Plan v 1.2 Page 14 of 10

VS-ISMS-T-DR – (Internal) Draft/Final/Approved Month dd, yyyy

Policies & Procedures

Following People are responsible for keeping the important documents safe during the disaster.

Name Responsibility
<Name 1> <Network Development>

Disaster Recovery Plan v 1.2 Page 15 of 10

VS-ISMS-T-DR – (Internal) Draft/Final/Approved Month dd, yyyy