Examine the two pieces of criteria that classify that a disaster has occurred: the organization is unable to contain or control the impact of an incident, or the level of damage or destruction from an incident is so severe that the organization cannot quickly recover from it.
Emphasize it rests on the DRPT’s shoulders to determine if an event is an incident or a disaster. Whatever is decided provides direction as to which plan will be activated should it occur.
Construct the eight-step sequence of creating a disaster recovery process:
Organize the DR team: The initial assignments to the DR team, including the team lead, will most likely be performed by the CPMT; however, additional personnel may need to be assigned to the team as the specifics of the DR policy and plan are developed, and as individual roles and responsibilities are defined and assigned.
Develop the DR planning policy statement: A formal department or agency policy provides the authority and guidance necessary to develop an effective contingency plan.
Review the BIA: The BIA was prepared to help identify and prioritize critical information and its host systems. A review of what was discovered is an important step in the process.
Identify preventive controls: Measures taken to reduce the effects of business and system disruptions can increase information availability and reduce contingency life cycle costs.
Create DR strategies: Thorough recovery strategies ensure that the system can be recovered quickly and effectively following a disruption.
Develop the DR plan document: The plan should contain detailed guidance and procedures for restoring a damaged system.
Ensure DR plan testing, training, and exercises: Testing the plan identifies planning gaps, whereas training prepares recovery personnel for plan activation; both activities improve plan effectiveness and over allagency preparedness.
Ensure DR plan maintenance: The plan should be a living document that is updated regularly to remain current with system enhancements.