DISASTER RECOVERY
All organisations are vulnerable to disruptions of many kinds: from human error to utilities failure to natural disasters to terrorist attacks. Even though it is impossible to eliminate risks completely, they can be minimized to a level acceptable to the organisation. One of the strategies of managing such risks is to have a contingency plan, in case of a disruption. It is essential for organisations to have a comprehensive contingency plan, which can be invoked during such a disruptive event. Such a contingency plan should be updated regularly and tested frequently for readiness and efficacy. Disaster recovery planning is composed of the processes, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organisation after a natural or human-induced disaster.
We conduct reviews to examine the capability and accuracy of DR plans and recovery strategies. If you are in the process of building one, we can help you draft a sound strategy and compile comprehensive plans that cover infrastructure, applications, data, people, processes, procedures and policies. We conduct tests to validate plans and prepare the staff to efficiently respond in case of a disaster.
Virtualisation technologies have simplified the technology aspect of disaster recovery and also drastically reduced the costs for robust DR implementations. We explore and recommend latest technologies for cost-efficient and agile disaster recovery strategies.
Disaster Recovery Services
- Business Impact Analysis
- Drafting a DR/BCP Strategy
- Draft Disaster Recovery Plan
- Review / Update DR Plans
- DR Training and Workshops
- Failover and Fail-back Testing
- Implement DR Technology
- Health-check of DRP/BCP
HOW WE CONDUCT AN ASSESSMENT
Survey & Data Gathering
Consultants will examine all the components in the IT infrastructure and acquire data by:
* Physical survey of data centres
* Interviews with IT staff
* Inspection of systems, configuration data, etc.
Documentation
All the details collected will be collated and documented. Work products in this phase include:
– Documentation of servers, networks, applications, services, etc.
– Topology and connectivity diagrams
– Server and equipment lists.
Assessment
Adequacy of controls will be tested against:
* Controls based on standards (PCI-DSS / ISO27001)
* Test nearly controls in various security domains
* Technology assessment: using VA tools
Reports
Summary and detailed reports will be compiled that will show the present state of security in the organisation.
Recommendations
Based on the assessment and business requirements, recommendations will be made, which:
– Highlight areas which require immediate action
– Configuration changes or upgrades to systems
– Implementation of controls hitherto not implemented
Presentation
The assessment will culminate in:
* Presentation of findings
* Discussion of recommendations
* Workshop with tech and admin teams
Infographics
Sample Deliverables
Assessment Report
Summary and detailed reports on the state of security pointing out adequacy of controls implemented.
Gap Analysis Report
Gap analysis against established standards such as ISO27001, PCI etc.
System Documentation
Asset inventory: servers, storage, backup, network equipment, cloud assets.
Diagrams & Infographics
Network connectivity and topology diagrams, traffic flow diagrams, etc.