RPO vs RTO
Recovery Point Objective = How old is the recovery point - ie backup every 24 hours.
Recovery Time Objective = How long will it take to recover the system / data.
RPO & RTO = How long it will take to get the system back up and how much data entry will need to be duplicated to account for what was not backed up.
Software Escrow is software-protection mechanism. If the software vendor goes under - you can get the source code to the software so that your information system doesn't go under with the vendor.
Diverse Routing - using multiple service providers - be careful that the providers themselves don't share a single point of failure
Last Mile Protection - redundant connection to a single service provider
BCP - Business Continuity Plan
1. Scope and Plan Initiation
2. Business Impact Assessment (vulnerability assessment, downtime estimation - RTO/RPOs, resource requirements, criticality prioritization, documenting the strategy)
3. Business Continuity Development
4. Plan Approval and Implementation
Processes can be broken down into core (revenue generating, see the mission statement), discretionary (non essential), and supporting
DRP - Disaster Recovery Plan
reduce the complexity of the recovery
minimize the length and impact of the disaster's effects
develop an effective recovery team
Backups
GFS - Grandfather - Father - Son - hierarchical in design - for example 7 tapes for daily (son) are rotated, every sunday the son is promoted to a father (weekly), on the last day of the month, the father is promoted to a grand-father (monthly)
Electronic Vaulting - periodic bulk transfer of records - think full/differential/incremental backups - only they are sent to someone else to store - usually geographically isolated from you
Remote Journaling - change by change log - requires a full backup and then a complete journal since the backup was created
Sites
Reciprocal - aka mutual aid agreement - partner with another organization - not usually feasible
Redundant - hot site with same equipment as opposed to similar equipment
Hot - similar equipment on and ready to go - only thing missing is data
Warm - some equipment is ready (critical processes) but most are not
Cold - facility missing equipment and data
MTO - maximum tolerable outage - maximum time services can be provided at site
I found out the hard way just what not having a disaster recovery and business continuity can do. Thinking ahead is always the smart thing to do! Thankfully I found a great service to aid me in the process.
ReplyDelete