TFF Disaster Recovery Plan 1. Scope, Objectives and Boundaries The objective of the DRP is to help develop, test and document a recovery strategy in the event of a disaster. By creating this DRP we can reduce the stress at the time of the disaster, assess a detailed review of the IT environment, comply with company legislation, provide minimum agreed service levels, reduce the risk from disaster events to an acceptable level and plan for the recovery of IT services. For the most effective outcome of the DRP the following is imperative: ●Staff understand their designated roles and responsibilities. ●The DRP is regularly tested and exercised. ●The DRP is regularly reviewed and updated. ●The strategies within the plan are adhered to in the event of a disaster. Without a DRP, threats such as natural disasters, viruses, data corruption, malicious and accidental data deletion, power failure and hard disk failure can cause catastrophic damage to the company’s assets, reputation and future success. The scope of this recovery plan will be limited to the business continuity and recovery regarding the company’s ICT systems and resources. Due to the inability to explore and predict every potential disaster and every outcome, the following disaster plan focuses on the business continuity and recovery of resources under the direct control of the company’s ICT department. The objective of this document (media) is to provide a plan (instruction) out a method (instruction?) of dealing with potential disasters that could severely hinder or cripple business continuity.
2. Definitions DRP - (Disaster Recovery Plan) This Document MTO - (Maximum tolerable outage) The longest period of time that your organisation can be without its IT resources before it begins to cripple the company’s finances or reputation. RTO - (Recovery Time Objective) The ideal recovery time for an incident. This varies depending greatly on how much the business continuity is affected. RPO - (Recovery Point Objective) How much data the company can afford to lose since their last backup. Minor Event A mild outage/resource that is only a mild hindrance on business continuity but will still require appropriate incident addressing. The impact is contained to minor damage and is expected to be resolved in less than 24 hours. Minor Events are resolved through regular incident management processes, this event will not require the execution of the Disaster Recovery Plan. In the R.A.G. system this is identified as Green, as seen on the risk matrix. Major Event An outage more severe than a Minor Event but is expected to be resolved in 72 hours. The damage caused from a major event may require repair or replacement of equipment and resources. In the R.A.G. system this is identified as Amber, as seen on the risk matrix.