1

Chapter 8

Disaster Recovery
Planning
 Introduction
2

 Disaster is anything that prevents access

to key processes and activities.
 Disasters usually cannot be prevented or
evaded.

Types of Disasters
 Natural or environmental disasters

 Technical or mechanical hazards

 Human Activities or Threads

 Cont’d………
3

Natural or Environment Disasters

 Fire, flood, earthquake, hurricane,
lighting storm or air crash.
 The location and the local environment

needs to be assessed to determine the

exact external threats.
Technical or Mechanical Disasters
 Computer problems, instrumental
failures, industrial disasters,
equipments problems, etc
 Viruses, worms, power outages,
 Cont’d……….
4

Human Activities or Threads

 Accidental and Intentional activities.

 Unintentional threats may come from

employees who accidentally delete or

update information.

 Malicious attacks may originate from

hackers, paid professionals, disgruntled
employees or organized crime gangs.
 Over dependence on one key person is
also a threat to system.
 Cont’d…………
5

 The impact of a disaster can be absorbed

& firms can recover with careful disaster
recovery plan (DRP).
 DRP is a comprehensive statement of all
actions to be taken before, during, and
after any type of disaster.

 All DRP possess four common features:

 Identify critical applications
 Create a disaster recovery team
 Provide site backup
 Specify backup and off-site storage
 Cont’d………….
6

Identify Critical Applications

 Recovery efforts must concentrate on
restoring the critical applications to the
short-term survival of firms.
Create a Disaster Recovery Team
 Recovering from disaster depends on
timely corrective action.
 Delays in performing essential tasks
extends the recovery period and
diminishes the prospects of successful
recovery.
 To avoid serious omissions or duplications
 Cont’d…………
7

Provide Site Backup

 Site backup provides a duplicate data

processing facilities following a disaster.

 The most common options;
 Mutual aid pact;
 Empty shell or cold site;
 Recovery operations center or hot site;
and
 Internally provided backup.
 Mutual aid pact is an agreement
between two or more firms to aid each
 Cont’d……….
8

 Empty shell or cold site is an

arrangement wherein the firm uses a
building that will serve as a data center.
 In the event of disaster, the shell is

available and ready to receive whatever

hardware the temporary user needs to
run essential systems.
 Recovery operations center (ROC) or
hot site is a fully equipped backup data
center that many companies share.
 ROC service providers offer a range of

technical services to clients, who pay

 Cont’d………….
9

 Internally Provided Backup – large

companies with multiple data processing
centers often prefer self-reliance that
creating internal excess capacity
provides.
 This permits firms to develop
standardized hardware and software
configurations, which ensure functional
compatibility among their data
processing centers and minimize
cutover problems in the event of a
disaster.
 Cont’d………..
10

Backup and Off-Site Storage Procedures

 All data files, applications, documentation,

and supplies needed to perform critical

functions should be automatically backed up
and stored at a secure off-site location.
 Data processing personnel should routinely

perform backup and storage procedures;

 Operating System Backup
 Application Backup
 Backup Data Files
 Backup Documentation
 Backup Supplies and Source Documents
 Cont’d………….
11

Audit Objective
 Verify that management’s DRP is
adequate and feasible for dealing with
catastrophes.
Audit Procedures
 Site Backup - evaluate the adequacy of

the backup site arrangement.

 Critical Application List - review the

list of critical applications to ensure

that it is complete.
 Software Backup - verify that copies of
 Cont’d………..
12

 Data Backup - verify that critical data

files are backed up in accordance with
DRP.
 Backup Supplies, Documents, &
Documentation
 The system documentation, supplies,
and source documents needed to
process critical transactions should be
backed up and stored off-site.
 Disaster Recovery Team - verify that
members of the team are current
13

Questions?

Thank you!