Educause Security Discussion mailing list archives
Re: DR/BC Planning
From: Kimberly Heimbrock <heimbrockk () NKU EDU>
Date: Mon, 10 May 2010 10:47:24 -0400
We are in-progress in development of a full DR plan, including policies, templates, etc. We are heavily dependent upon the use of Sharepoint as our secure document repository. It is formatted to follow the plan 'outline' and can be secured down to the document level. Our major categories include: * Overview and Policy * Planning procedures and emergency documentation (emergency contacts, BIA, RTO, RPO, Risk Assessment, Emergency Response teams defined, etc) * Recovery procedures and Emergency response team plans (each recovery team has a section - secured to select members for read, update, etc)) * Off-site recovery sites, infrastructure testing sites * Testing & Maintenance * Vendor Contacts * Templates (see below) * Misc, appendixes, etc Our plan includes self-developed templates: * Technical/infrastructure (Servers, network, cabling, backups, telecom, etc.) * Employee/staff emergency template (each manager to complete the template for team members, which then rolls into a master emergency contact document) * Services/Support (for use in help desk, office support, etc. to resume services for user support during and after disruptions) * Application recovery (application recovery for web, server, 3rd party software, assumptions, dependencies, test plans) Getting the content from all IT areas involved has proven difficult, but we plan on handing a hard copy to each recovery team lead (and our CIO) to show where the major gaps still remain - especially if they were to actually need to work from it in the event of a major disruption. Updates will be done about twice annually; plan to work DR into our Change Management procedures, and hopefully test annually (likely 'tabletop' due to budgets). We have made good progress, but have a ways to go still. If you would like copies of any of this or would like to discuss in more detail, contact me at heimbrockk () nku edu. Kim From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Sarazen, Daniel Sent: Sunday, May 09, 2010 10:21 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] DR/BC Planning Hi All, To what degree do you conduct disaster recovery and business resumption planning? Do you test your plans? If so, how (I.E.: table top testing, call trees, fail over testing?) Are you using software or templates to write your plans? And finally, how do you ensure departments have completed and tested their plans? How do you ensure they are kept up to date. Any BRP policies/procedures you can share would be helpful. Thanks :: Daniel Sarazen, CISSP, CISA :: Senior Information Technology Auditor :: University Internal Audit :: University of Massachusetts President's Office :: 774-455-7558 :: 781-724-3377 Cell :: 774-455-7550 Fax :: Dsarazen () umassp edu University of Massachusetts : 333 South St. : Suite 450 : Shrewsbury, MA 01545 : www.massachusetts.edu <http://www.massachusetts.edu/>
Current thread:
- DR/BC Planning Sarazen, Daniel (May 09)
- <Possible follow-ups>
- Re: DR/BC Planning Kimberly Heimbrock (May 10)
- Re: DR/BC Planning Joe St Sauver (May 10)