Categories Topics
Description
Disaster Recovery Plan

Overview
Disaster Recovery Plan (DRP) is part of the overall Business Continuity Plan (BCP) and includes process to recover technology that support business processes and services. Typically each critical business application will include a detailed DRP that describes the process to fail over and restore applications, databases, and data to support the organization's BCP.

Guidelines
Each business application DRP should be documented to include a detailed step-by-step process on how application and system owners will recover services in the event of an application or facility failure. The process would typically include process to fail over applications, databases, and data from a primary facility to a backup or "DR" facility and then subsequent restoration of service back to the primary facility. Plan can include network/deployment diagrams, servers, applications, databases and tests that need to be performed to ensure availability of the business service.

Process would also include identification of application owners or roles identified to perform DRP activities to support the BCP and should be performed annually.  In some cases, some organizations perform testing quarterly to increase effectiveness of DRP processes.  DRP process can use a number of techniques to ensure availability to include hot site, cold site, etc.

Topic Category
Business Continuity Plan (BCP)
 
News Articles
Ransomware Attack Causes County to Shut Down IT Systemwww.tripwire.com2/3/2017
GitLab database goes out after spam attackwww.infoworld.com2/1/2017
48% of UK businesses fail to back up company data at least once a daywww.scmagazine.com6/8/2016
Forget hackers - storms and snafus are bigger threat, say infosec bodswww.theregister.co.uk8/21/2013
S. Korea banks to segment network, establish data backupwww.zdnet.com7/11/2013
EMC beefs up data protection portfoliowww.zdnet.com7/10/2013
Backup systems ensured continuity of military networks during stormwww.nextgov.com7/2/2012
White Papers
ENISA Annual Incident Reports 2012www.enisa.europa.eu8/20/2013
Policies
Business Continuity Policy
Standards
NIST SP 800-184 Guide for Cybersecurity Event RecoveryNIST12/22/2016