Professional Documents
Culture Documents
September 11, 2001 and other terrorism occurrences, devastating hurricanes, such as
Katrina, Wilma, and Frances, Californian and Hawaiian earthquakes, mud-slides,
tornadoes, forest fires, and other occurrences provide life lessons for all of us.
Unfortunately, many organizations do not prepare for this type of devastating event.
Every organization needs to prepare for events that might inhibit the ability for its
employees or customers to continue operations.
As our dependence on information technology (IT) grows, so does the importance of
detailed planning to restore operations in the event of an occurrence that might reduce our
ability to use those IT assets in support of organizational business requirements. Manual
operations are an operation of the past, as we have evolved to a dependence on IT
resources. IT systems are vulnerable to a variety of disruptions. These include occurrence
threats, ranging from mild (for example, short-term power outage, disk drive failure,
software interruptions) to severe, which might result in complete equipment destruction
(for example, natural disaster, terrorist action, and so on). A lot of vulnerabilities
(technical and non-technical security weaknesses in our operation) can be minimized or
eliminated through technical, management, or operational solutions as part of the
organization's risk management effort; however, it is impossible to completely eliminate
all risks and still be able to use our critical IT assets.
• Scenario based
The best testing option, but most operationally disruptive, is the active test method. In
this method, the actual contingency plan or portions of the plan are actually executed as if
there were a real emergency. Often, the contingency site in this option is brought up in
parallel with the primary site.
The other option takes less planning, is short in duration, and provides little disruption;
however, it does not provide the same level of training or update benefits. This second
option is scenarios where the key players are quizzed on what actions to take in a certain
emergency. So, testing a contingency plan includes a training component with the benefit
of being able to update the plan if errors are found.
Summary
Proper resumption of business processes must be considered for all business-critical
resources within an organization to recover quickly and efficiently from the
consequences of a devastating event. However, the focus of this paper was on how to
maintain the stability of and recover from disruptions to the organization-critical IT
assets. IT Contingency (or IT Disaster Recovery) Plans are necessary to minimize the
impacts that unexpected losses of organizational IT services cause. IT Contingency
planning provides documented processes designed to sustain and recover IT services
following an event detrimental to normal operations. The well researched process is
designed to mitigate the risk of system or service unavailability by focusing effective and
efficient procedures for recovery from events that might impact operations.