The Project Disaster Recovery Plan

It’s not often that you’ll put together a Disaster Recovery Plan that is project-specific. The exceptions are government projects – which sometimes require separate one-time documents for the project for which you charge dearly to put them together – and larger, very visible and mission-critical projects that may involve highly sensitive data.

However, if you find yourself up against a wall and facing a deadline to put a DRP together, maybe this template will be just what you need. As with all the others I’ve posted over the past few days, if you want a Word doc version of this template, let me know and I’ll be happy to send it out to you. And, if you have your own version that you’d like to see posted and share with the readers here on PM Tips, send it along to me and I’ll see that it gets posted.

Disaster Recovery Plan

Preliminary Planning

This part of the plan describes the purpose, scope, assumptions, responsibilities, and overall strategy relative to the plan.

Purpose

Describe the reason and objectives for having a DRP.

Scope

Describe the extent of the coverage of the plan in concise terms.

Assumptions

A DRP is based on several categories of assumptions. Most can be established only after the completion of a risk assessment that includes the following information:

• Nature of the problem
• Priorities
• Commitments to or Assumptions of Support

Responsibilities

Document the specific responsibilities as assigned by management to all activities and personnel associated with the plan.

Strategy

The selection of appropriate strategies should follow the risk assessment. Until the risk assessment is completed, it is difficult to know the critical systems that must be maintained, and the demand for resources that will be made to support those critical systems.

- Emergency Response

The strategies selected must provide a sufficient base upon which procedures can be devised which afford all personnel the immediate capability to effectively respond to emergency situations where life and property have been, or may be, threatened or harmed.

- Backup Operations

Most backup sites will not have sufficient equipment, personnel, supplies, etc., to sustain the complete operational requirements or another facility. In this case, a more detailed backup strategy must be developed.

- Post-Disaster Recovery Actions

The strategy for recovery must be linked closely with that of backup operations, as initiation of recovery actions may overlap.

- Record of Changes

Each DRP should be preceded by a change audit record that lists all changes to this document, including the change number, change date, change detail, person making the change, and the date that the document is published.

- Security of the Plan

This plan should be available to just that personnel affected by the plan.

Preparatory Actions

This part of the plan is key. Preparatory actions are critical to the emergency response, backup, and recovery from all but the most routine problems.

People

Provide names, addresses, and telephone numbers of all people, internal and external (vendors and/or contractors) who may be required in any backup or recovery scenario. Alternates should be designated.

Data

It is essential that all data on which backup and recovery are dependent be adequately recorded, stored offsite at a secure, environmentally safe facility, maintained in as current condition as is feasible, and occasionally tested to ensure validity.

Software

It is also essential that a current copy of the systems and application software programs be stored offsite at a secure, environmentally safe facility that will make that software available immediately.

Hardware

A DRP should minimize, to the greatest feasible extent, the dependence on rapid replacement of hardware.Define a list of the hardware and where replacements are available. Identify any contracts in place to ensure the availability of any hardware.

Communications

Define both the internal (LAN) and external (WAN) communications connectivity.

Supplies

Describe any special supplies that are needed.

Backup Site

Describe the location of the backup facility. When choosing a backup site, consideration should be given to accessibility, and the site should be free of whatever external problems are hampering the supported facility.

Space

Describe the physical location where the recovery operations will take place.

Power and Environmental Controls

Define the power and environmental controls that are required for the recovery.

Documentation

Describe all backup documentation that is kept in the offsite facility.

Action Plan

This part of the plan consists of the “what to” actions to be accomplished by those personnel or activities identified in section 1.4, and should only consist of concise, short instructions of the specific actions to take in response to each of the categories below:

Emergency Response

Include the immediate actions to be taken to protect life and property, and to minimize the impact of the emergency.

Backup Operations

Describe what must be done to initiate and effect backup operations.

Recovery Actions

These should be limited to describing what to do in effecting recovery from disasters, including any alternate manual scenarios until the systems have been restored at the backup site.

Post-Disaster Review

Immediately after the resumption of the IT function, IT management should assess the success and adequacy of the plan, and update the plan accordingly.

 

Approved:

 

__________________________________________

Business Sponsor

 

__________________________________________

IT Director

 

__________________________________________

Development Director

 

__________________________________________

Infrastructure Director