The Drotos Engineering cloud migration project is proceeding. Your applications require a 99.9% uptime. You are now working on the disaster recovery and business continuity plan to ensure that occurs.
Senior wants to be assured Drotos Engineering is prepared to handle any disaster or business interruptions. Therefore, you decide to prepare a summary of your plan and a sample procedure from your disaster recovery and business continuity (DR/BC) plan to review together.
Part 1
Write a 3-page summary in Microsoft® Word of your DR/BC plan that includes:
- An overview of your patch management strategy to ensure your systems and applications are up-to-date
- An overview of your backup strategy to ensure applications and all company data is available, including:
- A schedule or plan for full and incremental backups
- The planned use of automated tools
- The types of disasters and potential causes of business interruption covered by your plan
Part 2
Select an event covered by your DR/BC plan.
Write a high-level DR/BC plan process that would be included in your DR/BC playbook for this event.
- Use the DR/BC Playbook Procedure Template to document your processes.
- Each process should be no longer than one page. Outline the DR approach on one page and the BC approach on the second.
Refer to the Sample DR/BC Playbook Procedure as needed.
Drotos Engineering Cloud Migration Project Overview
Scenario
You are the sole IT employee for Drotos Engineering, a 20-person, privately owned engineering consulting company. The company has a single location. It is growing and is expecting to hire 8 to 10 employees in the next year and use additional engineering consultants on an as-needed basis. The company owner, Drotos Sr. (referred to as Senior) is planning to allow employees to work remotely rather than expand office space.
Senior wants you to review the company’s IT network, hardware, and software capabilities and determine what is needed to meet the following organization goals:
• Employees can access files and software locally and remotely.
• Employee and workload growth is supported by IT systems.
o The software applications and storage are scalable as employee numbers increase.
o Employee growth does not negatively affect response time of software applications.
• Maximize IT operational efficiency (IT isn’t getting one of the new hires).
• Systems and client information are secure.
• Business can continue even if the office or network is compromised.
• Network design and processes are documented to enable maintenance and troubleshooting, even in the IT manager’s absence.
Current Network and Software Description
Network Design
The company currently has a private non-cloud IT network.
The application is housed on a single server, with no redundancy and limited network attached storage. The system is behind dual firewalls and does not have remote access or backup functionality.
Software Considerations
The company employees use enterprise-wide versions of Microsoft® Office® applications and desktop versions of engineering specialty applications. Many of the specialty licenses are about to expire and the Microsoft® Office® package is several versions old.
Drotos Engineering DR/BC Playbook Procedure Template
Event
[Enter the name and description of the event.]
For example: Hacking: A specific application has been hacked.
Disaster Recovery
Responsibilities
[Identify who is involved in diagnosing and resolving the issues.]
Name Title/Role Emergency Number Email Responsibilities
Initial Plan of Action
[Describe what needs to be done to stop the damage, prevent further damage, and provide a current workaround or work process for employees to follow.]
For example: If the event is that an application has been hacked, the initial plan of action could be:
• Implement manual downtime protocol.
• Shut down all internet access.
• Shut down internal and external email.
Troubleshooting and Resolution
[Identify the troubleshooting steps along with referencing or naming potential procedures.]
For example: Using the example above, define the technical approach to bringing the application back online.
• Segment the applications.
• Scrub the application while off the internet, and refer to the antivirus/malware policy.
• Check the open firewall ports, and refer to the firewall configuration documentation.
• Ensure secure user access.
Business Continuity
Define your approach to ensure the business teams within the organization have a plan to conduct business while the disaster recovery process is in progress.
Responsibilities
[Identify who is involved in managing the business effects of the event while disaster recovery is in progress.]
Name Title/Role Emergency Number Email Responsibilities
Initial Plan of Action
[Describe what needs to be done to enable business to continue.]
For example, if the event is that an application has been hacked, the initial plan of action could be:
• Use manual downtime protocol.
• Access internet and email via smartphones or alternate business locations.
• Determine and execute internal and external communications regarding service limitations.
Troubleshooting and Resolution
[Identify the troubleshooting and resolution steps the internal business partners execute to support the technical resolution to the problem and the interim emergency protocols.]
For example:
Test access to the application (local and remote and with different devices)
• User test
• Administrator test
