Solved

Need an IT Continuity/Diaster Recovery plan

Posted on 2006-07-19
4
279 Views
Last Modified: 2010-03-19
Our auditors are requiring that we have a continuity/diaster recovery plan.  I know it makes sense but I've never writen one and the ones online are expensive.  If anyone has one they are willing to donate or even sell that is specifically tailored for IT, let me know.  We are the Society for the Prevention of Cruelty to Animals so our budget is small.

Thanks,

J.R.
0
Comment
Question by:jrsitman
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
Dbergert earned 500 total points
ID: 17139007
I don't think that you can just "buy" a plan, as many specifics are unique to your business and level of risk, systems, processes, etc.

Here are some sample plans to follow:  http://www.drj.com/new2dr/samples.htm

Gennerally the process would work as follows:
Atucally I'll just refer you here as it does a good job:  http://www.disasterrecoveryworld.com/

Basically you will need managments buy off and support for this as this is generally not a small task  , this will also require continous updating, annual testing, etc. and mostly requires many man hours and documentaion.

I also suspect that if you "buy" a DR plan and the auditors reivew it.. they will ask you to rewrite it and ask how it applies or worse yet write you up on things in the Plan that "aren't true"
Best bet is to respond to the auditors with a plan that is reasonable that shows how you will implement and develop a BCP plan.

some more info here:  http://en.wikipedia.org/wiki/Business_continuity_planning

Good Luck

0
 

Author Comment

by:jrsitman
ID: 17139119
Sorry, I didn't mean to imply that I would buy one and turn it in.  I just need a starting point.  I'll checkout the links you sent.

Thanks
0
 
LVL 5

Expert Comment

by:Dbergert
ID: 17139318
Thats good, let me know if you have any other questions

Also here is another good guide:  http://csrc.nist.gov/publications/nistpubs/800-34/sp800-34.pdf
0
 
LVL 44

Expert Comment

by:scrathcyboy
ID: 17142512
A disaster recovery plan is just a statement of intent, for federal regulations, it is NOT something etched in stone on the front wall of your office building.  It is just a PLAN.  And as such, it is just a guideline that says that your company is aware of this regulatory need, and here is the PLAN we would generally follow.

So I disagree, you can get any plan you want, change the wording to fit your company, submit it to the auditors, and that satifies the regulatory requirement.  That is all there is to it.  Weve done lots of them.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Article by: IanTh
Hi Guys After a whole weekend getting wake on lan over the internet working, I thought I would share the experience. Your firewall has to have a port forward for port 9 udp to your local broadcast x.x.x.255 but if that doesnt work, do it to a …
Let’s list some of the technologies that enable smooth teleworking. 
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now