Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
The information in this template was developed by the Queens Security Community of
Practice: Disaster Recovery Focus Group to assist others on campus to more easily create
their own plans for IT Disaster Recovery.
Document Control
Authorities
Author
Role
[Name]
Approved by
Approval Form
Signed and Dated
on:
Distribution list
Name
Organization/Role
Revision History
Date
Versio
n
2011-12-07341310314
Author
Page 2 of 37
Notes
36111
613-533-6111
This includes calls for ambulance, police and fire.
2011-12-07341310314
Page 3 of 37
Table of Contents
Table of Contents.............................................................................................4
SAFETY FIRST...................................................................................................5
1.0 Introduction...............................................................................................6
1.1 What Constitutes a Disaster?.................................................................6
1.2 What to do First in a Disaster?............................................................6
2.0 Communication Strategy...........................................................................7
2.1 Contact Lists...........................................................................................7
Staff Contact Information Template..............................................................8
Vendor Contact Information Template..........................................................9
3.0 Business Impact / IT Risk Assessment.....................................................10
Type of Disaster Table Template.................................................................10
Business Impact Analysis Template............................................................12
3.1 Detailed System Information................................................................12
Systems Inventory Table Template.............................................................14
Critical Systems Ranking Template.............................................................15
Criticality definition Examples.................................................................15
Security Information Table Template...........................................................16
Backup Strategy Table Template.................................................................17
Ideal Backup Strategy Table Template........................................................17
Documentation Information Table Template...............................................18
3.2 Disaster Recovery Strategy..................................................................18
Disaster Recover Strategy Table Template..............................................19
Disaster Recovery Test Schedule Template.............................................20
List of Tables Examples...............................................................................21
Table 1 - Example Disaster Recovery Plan Flow chart Example..................21
Table 2- Example Decision Points for Disaster Recovery Process...............22
Appendix A Example Disaster Definitions...................................................23
Summary of Threat Analysis.......................................................................23
Appendix B Example Type of Disaster Table................................................24
Appendix C Example Systems Inventory Table...........................................27
Appendix D Example Security Information Table.........................................29
Appendix E Example Backup Strategy Table...............................................31
Appendix F Example Documentation Information Table..............................32
Example Check list for Disaster Recovery Bin Storage...............................32
Appendix G Example Recovery Strategy Table............................................33
2011-12-07341310314
Page 4 of 37
SAFETY FIRST
Always PROTECT life and limb before proceeding with any of the emergency
procedures outlined in this handbook.
risk.
2011-12-07341310314
Page 5 of 37
1.0 Introduction
[Define the purpose of an IT disaster recovery plan for your specific department.]
2011-12-07341310314
Page 6 of 37
2011-12-07341310314
Page 7 of 37
2011-12-07341310314
Page 8 of 37
Work
Phone
Numbe
r
Cell Phone
Number
Email
Addres
s
Other
Informati
on
613-53336111
N/A
First
point of
contact
911
911
N/A
36075
613-5336075
N/A
Roles
Responsibilities
Main emergency
contact
Contact when
Queens ERC
unavailable
Emergency Contacts
36111
Emergency Report
Center
Kingston Police
Physical Plant
Services
"Your Departmental"
DR Leads
"Your Departmental"
Secondary IT DR
Team
Main "Your
Departmental" Area
Leads
2011-12-07341310314
Page 9 of 37
Contact for
infrastructure
problems
Primary
Staff
Contact
Alternate
Staff
Contact
Phone
Number
Dell
Customer
Care
Dell
Service
Parts
Sales
Dell
Technical
Support
Senior
Sales
2011-12-07341310314
Vendor
Vendor
Vendor
Vendor
Email Address
vendor@vendor
.com
Web Address
www.vendor.c
om
UserId
Password
Info
See
maintenance
coverage in
Inventory tab
of DR
detailed
system
information
spreadsheet
for
hardware.
Full
replacement
could be
between 10 15 working
days.
for order
status
information
for spare
parts and
components
Page 10 of 37
2011-12-07341310314
Page 11 of 37
Type of
Disaster
Impact
Huma
n
Syste
m
Hum
an
Impa
ct
(Subt
otal)
Proper
ty
Impact
Busine
ss
Impact
H+
S/2
2011-12-07341310314
Page 12 of 37
Probabil
ity
Tot
al
Curren
t
Contro
ls
Probabil
ity w/
Controls
Infrastructure
Building
specific
failures
Non IT
equipment,
system
failures
Power
Disruption
Communica
tion Loss
Heating/coo
ling, power
failures
Oil,
petroleum
disruption
Food and/or
water
contaminati
on
Regulatory,
legal
changes
2011-12-07341310314
Page 13 of 37
Server Name
2011-12-07341310314
Page 14 of 37
2011-12-07341310314
Page 15 of 37
Infra
struc
ture
Type
IP
Add
res
s
Ser
ver
Na
me
Ser
ver
De
scri
pti
on
Lo
ca
ti
on
Man
ufac
ture
r
M
o
d
el
Se
rvi
ce
Ta
g
Mai
nte
nan
ce
Exp
irati
on
Physical Servers
Build
ing
nam
e
Servers Hosted
in VM
Building
name
Building
name
2011-12-07341310314
Page 16 of 37
Mai
nte
nan
ce
Cov
era
ge
(Ser
vice
Lev
el
Agre
eme
nt)
Su
pp
or
t
P
ho
ne
N
u
m
be
r
#
of
#
o
f
C
P
U
s
C
P
U
M
o
d
el
C
P
U
S
p
e
e
d
In
te
rn
al
Dr
iv
R es
A
H
B
A
Pow
er
Req
uire
men
ts
SA
Ns
Co
nn
ect
ion
C
a
r
d
s
Ba
se
Op
er
ati
ng
Sy
st
e
m
Sof
tw
are
Inv
ent
ory
Cri
tic
ali
ty
Dep
end
enc
y
(Faci
litie
s,
Peo
ple,
Serv
ices,
Func
tion
s)
Ke
y
Pe
rs
on
ne
l
(Ro
le,
Per
so
n)
T
y
p
e
S
er
vi
c
e
Building
name VMware
Server
Storage,
Networking and
Power
2011-12-07341310314
Page 17 of 37
RPO Recovery Point Objective extent of data loss that can be tolerated by your
critical business systems
RTO Recovery Time Objective time available to recover disrupted systems and
resources.
Updated:
Server/Functio
n
Most Critical
Server
Rank
RPO
Least Critical
1
2
3
4
=
=
=
=
Critical
24 hours
Essential 72 hours
Necessary 7 days
Desirable more than 7 days
2011-12-07341310314
Page 18 of 37
Image
Data
Hardware
Replacement
RTO
RTO
RTO
2011-12-07341310314
Page 19 of 37
Updated:
Security Information
Critical
System/Application/F
unction
Physical Security
Building Name
Server name
Server name
Building Name
Building Name
2011-12-07341310314
Page 20 of 37
Backup Systems
Data Security
(Logical
Access)
Data
Encrypti
on
Business Impact
Analysis
Document
Location
Updated:
Backup
Strategy
Server/
Function
Current
Strateg
y
Space
(VMDK
Size)
SubCli
ent 1
Storage
Policy
SubCli
ent 2
Storag
e
Policy
Sched
ule
Name
SubCli
ent 2
Stora
ge
Polic
y
Sched
ule
Name
Rebuild Data
Server/Function
2011-12-07341310314
RPO
24
hrs
24
hrs
Hardware
replace
RTO
RTO
24 hrs
24 hrs
48 hrs
48 hrs
Page 21 of 37
Document Name
Document
Type
Person
Responsible
Date
Changed
Additional
Information
2011-12-07341310314
Page 22 of 37
Recovery Strategy
Server/Function
2011-12-07341310314
Rebuild ( VM
Image )
Rebuild ( Data
Only )
Page 23 of 37
Server name
2011-12-07341310314
Page 24 of 37
Source: the Queens Security Community of Practice: Disaster Recovery Focus Group for the
Queens advancement Disaster Recovery Plan.
2011-12-07341310314
Page 25 of 37
Source: the Queens Security Community of Practice: Disaster Recovery Focus Group for the
Queens advancement Disaster Recovery Plan.
2011-12-07341310314
Page 26 of 37
Objective:
It is important to identify the riskiest potential threats to the system, and ensure that these
threats are properly accounted for in the creation of the DRP procedures specific to this system.
Procedure:
For each identified threat, an assessment of the impact and probability of it occurring was made
by assigning a numerical value from High Impact (5) to No Impact (0) and High Probability (5) to
Zero Probability (0).
From these assessments, a Total Risk Score was compiled for each potential threat, which allows
for the ranking of the probability and impact of the various potential threats identified. Threats
with the highest Total Risk Scores should be given primary attention and resources.
In addition, existing controls/preventative measures have been identified which may reduce the
probability of a potential threat occurring, lowering the Total Risk Score accordingly.
Note:
It should also be noted that the city of Kingstons Emergency Plan considers the following risks to
be the most prevalent and we should use as a guide when outlining our threats:
The City of Kingston has completed the Hazard Identification Risk Assessment (HIRA) developed
by Emergency Management Ontario. The potential community hazards within the City of
Kingston are listed below.
Human Health Emergencies
Critical Infrastructure/Power Failures
Rail Transportation Accident or other Hazardous Materials Incident
Severe Weather Conditions
Major Structural / Wild land Fires
2011-12-07341310314
Page 27 of 37
Impact
Huma
n
Syste
m
Human
Impact
(Subto
tal)
Proper
ty
Impac
t
Busine
ss
Impact
Probabil
ity
Tot
al
Current
Controls
Probabil
ity w/
Controls
14
Extinguis
her at
Door
Located
3rd Floor
H+S/2
3.5
3.5
12.
5
12.
5
12
10
2.5
8.5
4
2
1
1
2.5
1.5
0
0
2
1
2
0
6.5
2.5
1
0
Human
Espionage
/Terrorism
4
3.5
4.5
12.
5
12.
5
12
War
Explosion/
Bomb
Theft/Sab
otage/Van
dalism
Labour
Disputes/
Strike/Wor
k
Stoppage
2.5
11.
5
10
2011-12-07341310314
Page 28 of 37
1
1
UPS
Fire door
(Steel),
Alarmed
(Motion)
1
1
1
Fire door
(Steel),
Alarmed
(Motion)
1.5
8.5
Change
Manage
ment,
ACL
Central
Procedur
es in
Place
Mismanag
ement/Wa
ste
Workplace
violence
Fraud
Chemical/
Biological
Incident
2.5
9.5
2.5
7.5
UPS
Controlle
d
Centrally
(ITS)
Temp
Alarm in
Room
Infrastructure
Building
specific
failures
Non IT
equipmen
t, system
failures
Power
Disruption
2
Communic
ation Loss
2
Heating/c
ooling,
power
failures
Oil,
petroleum
disruption
Food
and/or
water
contamina
tion
Regulator
y, legal
changes
2011-12-07341310314
Page 29 of 37
Hardware/
Equipmen
t Failure
User
Errors/Om
issions
Browsing/
Disclosure
Eavesdrop
ping/Inter
ception
Data
Integrity
Loss
Program
Errors/Sof
tware
Failure
Incorrect
Shutdown
12
12
Firewall,
ACL,
ClamAV,
Nessus
Change
manage
ment,
Virus
Scan
2.5
11.
5
RAID 5,
Backups
Change
Manage
ment
Firewall,
ACL,
ClamAV
2011-12-07341310314
Page 30 of 37
Infrastruct
ure
Type
IP
Address
Server Name
Server
Descripti
on
Locati
on
Manufact
urer
???,
Server
Room
Dell
Model
Service
Tag
PowerEd
ge 2950
CP93SC
1
PowerEd
ge 2950
DR0QZC
5
Maintena
nce
Expiration
Maintena
nce
Coverage
(Service
Level
Agreemen
t)
# of
Support
Phone
Number
CPU
s
Physical Servers
Building
name
Physical
Server
xxx.xx.xx
x.xx
servername.queen
su.ca
Examples
8-Feb-11
Silver, 4
Hour on
Site
1-800945-3355
Physical
Server
esxhost.queensu.c
a
2011-12-07341310314
Virtual
Center
Server for
VMware
Page 31 of 37
???,
Server
Room
Dell
8-Feb-14
Silver, 4
Hour on
Site
1-800945-3355
xxx.xx.xx
x.xx
Oracle DB
Virtual
Server
xxx.xx.xx
x.xx
Oracle DB2
Productio
n Oracle
Server
???,
Server
Room
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
Building name
Virtual
Server
backups.queensu.c
a
Main
Backup
Server
N/A
N/A
N/A
N/A
N/A
backups2.queensu.
ca
Secondar
y Backup
Server
Dell
PowerEd
ge 2850
DF0QZC
4
26/01/2014
Next Day
Business
Dell
MD3000i
2014/02/11
SANs
MD3000i
MD3000i
???,
Server
Room
2011-12-07341310314
Page 32 of 37
1-800945-3355
Security Information
Critical
System/Application/F
unction
Physical Security
Building Name
Server name
Server name
Building is locked and
has alarm after working
hours and actual server
room is also locked and
alarmed 24 hours a day.
Building Name
2011-12-07341310314
Page 33 of 37
Backup Systems
Rsync application
used to backup
files nightly to
backup server
located in???.
Rsync application
used to backup
files nightly to
backup server
located in???.
Data Security
(Logical
Access)
Data
Encryptio
n
Business Impact
Analysis
Document
Location
URL to individual
business impact
documents
Server requires
login Id and
password to
access
information,
along with IP
Authentication
Server requires
login Id and
password to
access
information,
along with IP
Authentication
Building Name
Server name
Hosted on VM Server
that is housed in??? that
is alarmed 24 x 7 and
requires entry only by
operations personnel in
Central ITS or
temporary code also
controlled by central ITS
2011-12-07341310314
Page 34 of 37
Server requires
login Id and
password to
access
information,
along with VPN
authentication
and IP
Authentication
URL to individual
business impact
documents
Backup
Strategy
Server/
Function
Network
Switch
Console
Server
Name
Server
Name
Current
Strateg
y
Space
(VMDK
Size)
Rsync
Client
VCB
Client
SubCli
ent 1
Storage
Policy
SubCli
ent 2
7 Day - 1
Cycle
7 Day - 2
Cycle
archive
log
Monthl
y Copy
2011-12-07341310314
Page 35 of 37
Storag
e
Policy
Sched
ule
Name
SubCli
ent 2
Stora
ge
Polic
y
Sched
ule
Name
Document Name
Document
Type
Disaster Recovery
Overview
Word
Infrastructure
Excel
Flowchart
00-Restore
Word
Person
Responsible
Bill Smith
Date
Changed
Additional
Information
2011/04/
20
2010/10/
25
2010/10/
25
2011-12-07341310314
Page 36 of 37
Server/Function
Console
Server Switch
Hyperlink to
Server Data
Rebuild
Server name
Virtual Server Generic
Rebuild ( Data
Only )
Hyperlink to VM
Image Server
Rebuild
2011-12-07341310314
Page 37 of 37