Disaster Recovery
The Bett Group DR team helps organizations in planning for business continuity in the event a major disaster affects the entity’s facilities or the public infrastructure upon which it depends.
National Institute for Standards and Technology (NIST) Special Publication 800-34 entitled Contingency Planning for Information Technology Systems forms the basis of our approach. This document describes a seven-step contingency planning process to develop and maintain a viable disaster recovery program:
- Develop the contingency planning policy statement. A formal policy provides the authority and guidance necessary to develop an effective contingency plan.
- Conduct the business impact analysis (BIA). The BIA helps identify and prioritize information systems and components critical to supporting the organization’s mission/business processes.
- Identify preventive controls. Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life cycle costs.
- Create contingency strategies. Thorough recovery strategies ensure that the system may be recovered quickly and effectively following a disruption.
- Develop an information system contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system unique to the system’s security impact level and recovery requirements.
- Ensure plan testing, training, and exercises. Testing validates recovery capabilities, whereas training prepares recovery personnel for plan activation and exercising the plan identifies planning gaps; combined, the activities improve plan effectiveness and overall organization preparedness.
- Ensure plan maintenance. The plan should be a living document that is updated regularly to remain current with system enhancements and organizational changes.