computers ind. En~n 8 Vo1.15, Nos 1-4, pp.195-203, 1988

Printed in Great Britain. All rights reserved

0360-8352/88 $3.00+0.00 Copyright c 1988 Pergamou Press plc

DEVELOPING A DISASTER RECOVERY PLAN

(DRP) USING A DATA BASE PACKAGE

Sharon Cunningham

Peer Services Incorporated 13465 Midway Road Dallas, Texas 75244-5164

This paper stresses the procedures and techniques necessary to develop a Disaster Recovery Plan for a Data Base package (R:base 5000) on a microcomputer. It deals first with what a Disaster Recovery Plan (DRP) is and why one is needed. A Disaster Recovery Plan requires a significant commitment of resources on the part of senior management. This paper addresses the scope of the DRP, setting priori- ties, and responsibilities and objectives. Other specific DRP topics include: risk analysis; plan; vital records retention; and emergency • response procedures. The R:base 5000 product is briefly discussed, and how to implement the DRP on it. Finally, a short discussion on how to demonstrate the DRP's effectiveness to management is included. A lack of disasters is not a reasonable test of accom- plishment; but what is? The effectiveness of the DRP within the organization is based upon how manage- ment perceives you and the DRP's accomplishments.

WHAT IS A DISASTER RECOVERY PLAN

A Disaster Recovery Plan is a business plan that provides the logistics for an organized assessment of damages to the computer facility and equipment, as well as the means for timely executive decisions regarding restoration of the facility. The DRP is designed to enable a company to resume services as quickly as possible

following a disaster. A DRP also provides the logistics required to resume processing when a computer facility is avail- able for use.

WHY A DISASTER RECOVERY PLAN IS NEEDED

Three pertinent facts about disaster recovery plans can be pulled from the current literature on the subject.

o Six separate surveys conducted in the late 1970's found that it is common for large data processing shops to not have a disaster recov- ery plan.

o The average time peri- ods in which essential company functions will continue following a data center failure are:

- Financial Industry -- 2.0 Days

- All Industry Average -- 4.8 Days

o In only 10.5 days after a disaster, 99~ of data processing companies will be reduced to approximately i0~ of normal operational business activities.[l]

The chances of a disaster happening are remote. But, if one does occur, the time-frame for recovery is too short to do any plan- ning. Therefore, every organization must look at what the consequences of loss of their EDP resources could be, and consider

195

196 Proceedings of the 10th Annual Conference on Computers & Industrial Engineerin E

their exposure of the busi- ness in that area. There are three areas of exposure that must be reviewed: legal responsibility, financial loss, and busi- ness service interruption.

a. Legal Responsibility: Management has a legal responsibility to protect its employees, its corporate resour- ces, and its vital documents. The interpretation of the Foreign Corrupt Prac- tices Act has been that officers of a company are personally responsible of there have not been adequate preparations to meet these legal require- ments.

b. Because of the efficiency, accuracy, speed, and control of data processing methods, organizations are becoming more and more dependent on their Information Services in normal business operations. The regular, daily operations of large numbers of companies are now completely dependent upon the information flowing from the EDP area. Manufacturing systems, sales and reservations systems, inventory systems and financial systems, among many others, can no longer revert to manual operations on short notice. An organiza- tion's life-blood information can rapidly dry up if the EDP systems break down. This can cause great financial loss to a company, and could even destroy its business if proper disaster planning has not been done.

c. Business Service Interruption: The problems of business service interruption do not only include the financial loss, discussed above. It also can be deleter- ious to the future

relationships with clients. It can affect the public image of the organiza- tion for a consider- able time. If an organization's business service is abruptly interrupted, for reasons not readily perceived by customers, the long- term effect could be devastating, and far more costly than modest preparations for disaster recovery. [2]

DISASTER RECOVERY PLAN

The scope of a DRP outlines the responsibilities of a company during a situation in which a "disaster" has occurred affecting the corporation's ability to perform data processing services. A disaster may take the form of: loss of data, loss of equipment or the loss of a facility.

The DRP encompasses the contingency processing assumptions in terms of minimum processing to be maintained and minimum hardware/software configu- rations. It also attempts to address the following:

o Conditions or situa- tions that qualify as a reason to go to contingency processing,

o Responsibility for making contingency decisions and guide- lines as to when they should be made,

o Notification of employees, vendors, customers, backup site, etc.

o Steps to be followed in moving processing to and in processing at the backup site,

o Files, input work, special forms, etc., to be taken to the backup site and transportation methods to be used.

A very critical part of the scope of any DRP is the premise on which it is based. There are two major

Cunningham : Developing a disaster recovery plan 197

assumptions in the premise: what level of service the DRP is designed to provide; and what factors must be in place for the DRP to be implemented. The scope and the underlying premise must be agreed to by the senior management of the company prior to further progress on the DRP.

MANAGEMENT RESPONSIBILITIES

Stewardship is a senior management responsibility which cannot be delegated. Contingency (disaster recovery) planning is essential to the survival of the business and as such is tantamount to stewardship. Therefore, the ultimate responsibi- lity for contingency planning resides with senior management. Senior management alone is capable of superimposing the requi- site business acumen, which in the final analysis, will determine the commitment of corporate resources.[3] By the developing and imple- mentation of a DRP, the management of a company accepts the responsibility for protection of the employees and assets of the company.

A DRP does not provide a business-as-usual environ- ment. Thus, in the event of a disaster, management must see that there are plans for:

o The protection of people

o The maintenance of company cash flow and records

o The protection of facilities, equipment, and supplies.[2]

MANAGEMENT OBJECTIVES

Management's objectives for a Disaster Recovery Plan are to have sufficient procedures and planning in place for responding to an emergency in order to minimize the effect on the organization. The informa- tion that comprises the DRP is collected as a document, then loaded into the R:Base 5000 product. The plan

must be thoroughly under- stood by the staff that is responsible for implement- ing it. Any, any changes to the environment must be made a part of the disaster plan. The DRP must be routinely tested, to verify it still meets the needs that it was designed for.

PRIORITIES FOR A DRP

There are six major priorities to create a DRP that are common no matter what the organization is like. These include:

o Conducting a Risk Analysis

Developing Emergency Response Procedures

Developing a Vitals Records Program

Developing Backup Operations Procedures

Developing Recovery Action Procedures

o Developing Test Plans

These items are discussed later in this paper.

DEVELOPING A DRP

To develop the DRP this paper is based on, all necessary information was gathered into a DRP manual. Then, this was transferred to R:Base 5000. Both documents are kept current and each has its advant- ages. The advantages of the PC based system include:

o Ease of access to the information if facility is severely damaged

o Ease of update to the information

o Reporting capabilities.

The DRP manual outline is included as an appendix. It is an example of what a DRP needs to include. The majority of the sections will be present in most disaster plans.

CAIEI5:l/4-N

198 Proceedings of the 10th Annual Conference on Computers & Industrial Engineering

RISK ANALYSIS

Risk analysis is the process of matching poten- tial losses to the possible disastrous events that could happen to an organi- zation. Once the cause and effects relationships are established, prices are associated with them. Some safeguards are legally required of management (loss of life, fire, vital records) regardless of the cost. Risk analysis pro- vides information on which Applications or Operations are most critical to recover after a disaster. This allows for people emergency, backup and recovery procedures to be built for the DRP.

VITAL RECORDS RETENTION [4]

Every company has vital records--that information necessary to insure the survival of the business. This is usually a small (less than 2~) of the company's total informa- tion. The information that is determined to be criti- cal needs to be protected against all potential disaster. Steps to esta- blishing a vital record program include:

o Analysis and classifi- cation of all informa- tion into functional categories

o Determination of the role of each function after a disaster

o Determination of the minimum information necessary for vital function to perform after a disaster

o Identification of the "vital" records from the above analysis.

The types of data included in the Vital Records Program might include:

o System documentation.

o Program documentation.

o Operating procedures documentation.

o Program source decks or tapes.

o Program object decks or tapes.

o Job control language cards or tapes, for production programs.

° Data table card decks or tapes.

o Operating system tapes or disk packs.

o Data master files.

o Data transaction files.

o Data report files.

o Forms masters.

o Supply of key preprint- ed forms.

o Master of company manuals.

o Description of the hardware, including all peripherals and all options.

o Documentation of duties of key personnel.

o List of all employees and phone numbers.

o Financial documentation

o Administrative documen- tation.

o Corporate documentation

o Copy of Disaster Recov- ery Manual.

o Copy of PC software documentation.

o Copy of floppy dis- kettes containing DRP plan and software.

EMERGENCY RESPONSE PROCEDURES [2]

Emergency response proce- dures are the detailed plans of how an organiza- tion will respond to the various disasters they might be subject to. The disasters include natural disasters, man-made disasters and political disasters. On a more discrete level, disasters can be grouped by:

o Damage to individual terminals

Cunningham : Developing a disaster recovery plan 199

= Localized damage to an information processing area

o Damage to the central computer processing facility

o Substantial damage to the company

o Regional damage to a broad area.

However, the disasters are classified, the approach is the same. First, develop a high-level disaster recov- ery scenario for each disaster type. Then, develop a model disaster scenario. It can either be a combination of all scena- rios, or the scenario from the "most likely" disaster. From this, specific plans must be developed. An example high-level specific plan must be developed. An example high-level disaster recovery scenario is included in the appendix.

BACKUP OPERATIONS PROCEDURES

The procedures for creating and securing backup copies of information need to be developed. These include:

o Responsibility

o Frequency

o Storage location

o Currency

o Transportation to and from.

The locations of the off- site storage for backup information should not be subject to the same disaster as the permanent location.

RECOVERy PROCEDURES

Recovery procedures are those detailed plans that will facilitate the rapid restoration of the equip- ment/facility company following a major loss from a disaster. A few key items included in these procedures are:

o Hardware requirements

o Software requirements

o Communications require- ments

o Environmental require- ments

o Agreements with vendors

o Personnel requirements.

The magnitude and detail of the recovery procedures will vary greatly, depend- ing on the size of the company and the complexity of their data processing requirements.

TEST PLANS

A disaster recovery plan must be routinely monitored and tested. The monitoring functions include:

o Periodic review of critical applications to ensure that proper applications were selected based on over- all corporate need.

o Periodic review of the off-site storage opera- tion to assure that all tape storage, supplies, and documentation are kept up-to-date.

o Review all new applica- tions to determine criticality.

The adequacy of the DRP cannot be assured without thorough training and test- ing. Critical items to keep in mind about testing include:

o Budget for testinm and trainin~

o Testing should include separate and combined tests of all phases

o All emergency response procedures need tested through simulated disasters, staged at various times under various conditions (emergency evacuation, hardware, and software protection, damage assessment)

o Test backup files by attempting to repeat a particular application with on-site hardware and all off-site soft- ware and data

200 Proceedings of the 10th Annual Conference on Computers & Industrial Engineering

o Tests should be one o application at a time initially, then com- bined o

o A combined test of all critical applications needs performed to check applications interdependencies

If a second processing site is maintained, tests should be con- ducted there, including a simulated major disaster that nearly destroys the primary site.

Each test should answer these questions:

i. Have records vital to reconstruction of operations, and only these records, been chosen for protection?

2. Can these vital rec- ords be found when needed?

3. Are these vital rec- ords in such condition that they can be used for reconstruction?J5]

R:BASE 5000

R:Base 5000 is a product of Microrim, Incorporated from Bellevue, Washington. R:Base 5000 is a relational data based management sys- tem with several features that make it easy to use:

o Menu driven

o EXPRESS option for menu-driven programming

o Procedural language for custom programming

o Comprehensive reporting

o Application compiler

o Form-driven information input

o Database modification commands

o Relational commands.

The system specification highlights are:

o 40 tables per database

400 columns per data- base

1530 characters per row

Rows per table and database limited by DOS file size

1600 characters per command line

Data types include date, time, dollar, integer, real and text.

IMPLEMENTING A DRP ON R:BASE 5000

The DRP this paper was based on was transferred to R:Base 5000 in the follow- ing configuration:

o 14 menus (one primary menu, eight secondary menus, five tertiary menus)

o 20 reports (eight major reports with various options)

o i0 tables

o 73 variables

o I0 formatted input screens

Help functions for standardized input on formatted screens.

The appendix includes detailed information on the design of the DRP. They include the following:

o Database design with field by field descrip- tion of the ten tables

A high-level flow dia- gram of the application

A detailed manu flow of the application

Five pages of detail on the individual applica- tion menus.

DEMONSTRATING THE DRP'S EFFECTIVENESS

A Disaster Recovery Plan is a dynamic system. It should accurately reflect the current status of the organization. To accom- plish this, procedures need to be developed for four

Cunningham : Developing a disaster recovery plan 201

functions concerning the plan.

o Monitoring for Currency

o Testing all Phases

o Routine Modifications

o Communication to Management

One way to keep the manage- ment aware and involved in the Disaster Recovery Program is to ask for their participation in the tests. They could fill the well of final arbiter of the success of failure of the tests. A method of demon- strating the values of the DRP to management is to periodically calculate the cost of maintaining disas- ter recovery against the costs (escalating) of potential disasters. An annual or semi-annual review with management is appropriate.

202 Proceedings of the 10th Annual Conference on Computers & Industrial Engineering

[i]

[2]

[3]

[4]

[s]

BIBLIOGRAPHY

Terrence J. Bayer, "Contingency Planning: An Opportunity for DP Management": Computer Security Handbook, Winter 1982.

FTP Technical Library "EDP Security, Planning and Implementation, Volume I."

Peter Hamilton, Computer Security (Philadelphia, Pennsyl- vania: Auerback Publishers Incorporated, 1973), p. 93.

Computer Security Manual, "Protecting Vital Records", Section IV,

Computer Security Institute, Computer Security Handbook; "Basics of Contingency Planning, Chapter IV."

Cunningham : Developing a disaster recovery plan 203

Example disaster recovery scenario for disaster that disables operation of primary data center.

o Notify management team

o Determine the extent of damage to the data center

o Establish a command center

o Assemble management team at command center

o Put disaster recovery plan into place

o Notify and assemble recovery teams

o Retrieve backup material from off-site storage

o Dispatch personnel to backup computer site

o Restore operating systems and program libraries

o Reconstruct application data

o Begin reduced processing cycle.