Disaster Recovery Plan: TTF Company IT System and Risk Mitigation
VerifiedAdded on 2022/08/28
|12
|2252
|17
Report
AI Summary
This report presents a comprehensive Disaster Recovery Plan (DRP) for TTF Company, a peg manufacturer that recently upgraded its IT systems. The plan begins with an introduction to TTF's infrastructure, including its three physical locations and reliance on an ERP system and network. A detailed risk assessment identifies potential threats such as natural disasters, communication network disruptions, power failures, terrorism, and data security breaches. The DRP outlines a policy statement, objectives, and plan overview, including updating and documentation procedures. It establishes an emergency response protocol, including escalation procedures, the formation of a Disaster Recovery Team (DRT), and notification processes. The plan addresses media relations, insurance policies, and financial/legal considerations. The DRP also includes a risk assessment matrix, detailing the likelihood and impact of identified risks. Furthermore, it specifies the activation of the plan, assembly points, and key responsibilities of the ERP and DRT teams, along with the emergency notification contact information and alternative recovery facilities. The report emphasizes the importance of communication, staff backup, and regular updates to ensure the effectiveness of the DRP.
Running head: DISASTER RECOVERY PLAN FOR TTF COMPANY
DISASTER RECOVERY PLAN
FOR
TTF COMPANY
Name of the Student
Name of the University
Author Note:
DISASTER RECOVERY PLAN
FOR
TTF COMPANY
Name of the Student
Name of the University
Author Note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1DISASTER RECOVERY PLAN FOR TTF COMPANY
Table of Contents
Introduction:....................................................................................................................................2
Background of the company:...........................................................................................................2
Disaster Recovery Plan:...................................................................................................................3
Policy statement-.........................................................................................................................3
Objective-....................................................................................................................................3
1. Plan Overview-.....................................................................................................................4
1.1.1 Plan Updating-...........................................................................................................4
1.1.2 Plan Documentation-.................................................................................................4
1.1.3 Risk Assessment:.......................................................................................................4
2. Emergency Response-..........................................................................................................7
2.1. Escalation and Plan solicitation-...................................................................................7
2.2 Disaster Recovery Team-..............................................................................................8
2.3 Notification, escalation and disaster recovery plan activation-.....................................9
3. Media-.................................................................................................................................10
4. Insurance-...........................................................................................................................10
5. Financial and legal Issues-..................................................................................................11
Table of Contents
Introduction:....................................................................................................................................2
Background of the company:...........................................................................................................2
Disaster Recovery Plan:...................................................................................................................3
Policy statement-.........................................................................................................................3
Objective-....................................................................................................................................3
1. Plan Overview-.....................................................................................................................4
1.1.1 Plan Updating-...........................................................................................................4
1.1.2 Plan Documentation-.................................................................................................4
1.1.3 Risk Assessment:.......................................................................................................4
2. Emergency Response-..........................................................................................................7
2.1. Escalation and Plan solicitation-...................................................................................7
2.2 Disaster Recovery Team-..............................................................................................8
2.3 Notification, escalation and disaster recovery plan activation-.....................................9
3. Media-.................................................................................................................................10
4. Insurance-...........................................................................................................................10
5. Financial and legal Issues-..................................................................................................11
2DISASTER RECOVERY PLAN FOR TTF COMPANY
Introduction:
Considering the rapid growth of technology it is noticed that organizations are
incorporating IT services into their business infrastructure. And due to these adoptions the
companies are facing several problems while performing their operational activities. In this paper
the operational activities and the infrastructure of TTF Company will be discussed as the
nominated company has implemented their IT system.
Followed by these identifications this paper has aimed to analyze the risk present in the
nominated organizational infrastructure as well as will be help to create a disaster recovery plan
that will help to mitigate the impact of the disaster with thee purpose to enhance the operational
services of the organization. In order to support the discussion this paper will consist a detailed
analysis of the organizational background, risk assessment which will consist a detailed analysis
on the present threats and followed by this a disaster recovery plan will be formed.
Background of the company:
Followed by a thorough investigation on the operational activities of TTF Company it is
noticed that this is a peg manufacturer company which is very popular for their best quality
services. However, recently the company has upgraded their IT systems with the purpose to
improve their organizational operations. TTF Company has three physical locations. However,
primarily the head office of the organization performs the essential task of the organization.
Along with this the organization has incorporated the ERP system in order to improve their
operations.
Despite the fact that the organization have tried to improve their operational activities
however, it is also very important to enhance the operations of data storing as the organization do
not have any consistent database where they can store their data.
Introduction:
Considering the rapid growth of technology it is noticed that organizations are
incorporating IT services into their business infrastructure. And due to these adoptions the
companies are facing several problems while performing their operational activities. In this paper
the operational activities and the infrastructure of TTF Company will be discussed as the
nominated company has implemented their IT system.
Followed by these identifications this paper has aimed to analyze the risk present in the
nominated organizational infrastructure as well as will be help to create a disaster recovery plan
that will help to mitigate the impact of the disaster with thee purpose to enhance the operational
services of the organization. In order to support the discussion this paper will consist a detailed
analysis of the organizational background, risk assessment which will consist a detailed analysis
on the present threats and followed by this a disaster recovery plan will be formed.
Background of the company:
Followed by a thorough investigation on the operational activities of TTF Company it is
noticed that this is a peg manufacturer company which is very popular for their best quality
services. However, recently the company has upgraded their IT systems with the purpose to
improve their organizational operations. TTF Company has three physical locations. However,
primarily the head office of the organization performs the essential task of the organization.
Along with this the organization has incorporated the ERP system in order to improve their
operations.
Despite the fact that the organization have tried to improve their operational activities
however, it is also very important to enhance the operations of data storing as the organization do
not have any consistent database where they can store their data.
3DISASTER RECOVERY PLAN FOR TTF COMPANY
Disaster Recovery Plan:
Policy statement-
TTF Company shall prepare an effective IT disaster recovery plan.
A risk assessment will be conducted on TTF Company in order to define the necessities
for the disaster recovery plan.
The disaster recovery plan of TTF Company mush consists of a detailed elaboration of
the company infrastructure.
All of staff present in the organization must be conscious of the developed disaster
recovery plan.
The developed disaster recovery plan requires to be up to date with accordance to the
change of organizational circumstances.
Objective-
The primary aim of this disaster recovery plan is to analyze the infrastructure of the
organization and from the investigation a document will be developed which will consists of a
detailed elaboration of the threats present in the organization and it will consist of effective
recovery strategies as well. Followed by these identification the disaster recovery plan consists of
the following objectives-
It is very essential to make sure that all of the staffs present in the organization
understands their responsibilities and the implementation process as well.
This will help the organization to quickly response to the disaster identified in the
organization.
1. Plan Overview-
1.1.1 Plan Updating-
Disaster Recovery Plan:
Policy statement-
TTF Company shall prepare an effective IT disaster recovery plan.
A risk assessment will be conducted on TTF Company in order to define the necessities
for the disaster recovery plan.
The disaster recovery plan of TTF Company mush consists of a detailed elaboration of
the company infrastructure.
All of staff present in the organization must be conscious of the developed disaster
recovery plan.
The developed disaster recovery plan requires to be up to date with accordance to the
change of organizational circumstances.
Objective-
The primary aim of this disaster recovery plan is to analyze the infrastructure of the
organization and from the investigation a document will be developed which will consists of a
detailed elaboration of the threats present in the organization and it will consist of effective
recovery strategies as well. Followed by these identification the disaster recovery plan consists of
the following objectives-
It is very essential to make sure that all of the staffs present in the organization
understands their responsibilities and the implementation process as well.
This will help the organization to quickly response to the disaster identified in the
organization.
1. Plan Overview-
1.1.1 Plan Updating-
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4DISASTER RECOVERY PLAN FOR TTF COMPANY
It is very essential to update the disaster recovery plan however, while modifying the disaster
recovery structure it is very important to test and verify the updated plan in order to effectively
use the plan into the organizational infrastructure.
1.1.2 Plan Documentation-
The documents of the disaster recovery plan will be stored in CD or any hard drive which will be
stored in a secure place. The associates of the recovery team as well as the staffs of the
organization will be distributed a copy of this DRP. However, the original document of DRP will
be stored in secure place.
1.1.3 Risk Assessment:
After considering the above identified problems it can be seen that there is a huge need for a
risk assessment, otherwise it will be very difficult to identify the threats present in the
organizational scenario. In order to develop a disaster recovery plan it is very essential to identify
the problems, a risk assessment will be prepared where we will identify the risk and the impact
of those risk will be evaluated.
IT SERIVICES AND DATA SECURITY RISK ASSESMENT
Sl.
No.
RISK RISK
DESCRIPTION
IMPACT LIKELIHOOD RISK IMPACT AND
MITIGATION
1. Natura
l
disaste
r
Due to the
occurrence of
natural disaster
such as flood and
storm the physical
location of the
organization may
High Low
Due to the occurrence of
flood or storm the
physical property of the
organization may get
damaged which will
majorly impact the
operational effectiveness
It is very essential to update the disaster recovery plan however, while modifying the disaster
recovery structure it is very important to test and verify the updated plan in order to effectively
use the plan into the organizational infrastructure.
1.1.2 Plan Documentation-
The documents of the disaster recovery plan will be stored in CD or any hard drive which will be
stored in a secure place. The associates of the recovery team as well as the staffs of the
organization will be distributed a copy of this DRP. However, the original document of DRP will
be stored in secure place.
1.1.3 Risk Assessment:
After considering the above identified problems it can be seen that there is a huge need for a
risk assessment, otherwise it will be very difficult to identify the threats present in the
organizational scenario. In order to develop a disaster recovery plan it is very essential to identify
the problems, a risk assessment will be prepared where we will identify the risk and the impact
of those risk will be evaluated.
IT SERIVICES AND DATA SECURITY RISK ASSESMENT
Sl.
No.
RISK RISK
DESCRIPTION
IMPACT LIKELIHOOD RISK IMPACT AND
MITIGATION
1. Natura
l
disaste
r
Due to the
occurrence of
natural disaster
such as flood and
storm the physical
location of the
organization may
High Low
Due to the occurrence of
flood or storm the
physical property of the
organization may get
damaged which will
majorly impact the
operational effectiveness
5DISASTER RECOVERY PLAN FOR TTF COMPANY
face huge threat. of the organization.
2.
Loss of
commu
nicatio
n
networ
k
Since the
operations of the
organization is
entirely based in
network server
thus, threats like
DDoS attack or
ransomware attack
may significantly
disrupt the
operation of the
organization.
High Low
Due to the occurrence of
the identified threats it is
noticed that DDoS and
Ransomeware attack may
block the communication
network of the
organization with the
purpose to steal the
organizational data or to
disrupt the operations of
the organization.
Adoption of effective
firewall protection will
help to improve the
current scenario of the
organization.
3.
Power
Failure
Into the
organizational
infrastructure of
TTF it is noticed
that in case of any
power failure the
operations of TTF
may get
significantly
disrupted.
Medium low
Due to the occurrence of
these types of threats it is
noticed that the in case of
any power failure the
systems of organization
can be turned off, for
which the operations of
TTF may get disrupted.
Implementation of electric
generator will
significantly help to give
backup in case of there is
any power disruption.
4.
Terrori
sm Act
Into the
organizational
infrastructure of
the organization a
significant threat
of terrorism is
present due to
which the
organization will
face several
disruption like loss
of assets, data loss
as well as the
disruption of the
organizational
procedure.
High low
Due to the occurrence of
these types of threats the
operational activities of
TTF the will get disrupted
as the terrorist may target
to steal the data of the
organization. Adoption of
effective security and
surveillance policy will
help the organization to
improve the current
scenario.
face huge threat. of the organization.
2.
Loss of
commu
nicatio
n
networ
k
Since the
operations of the
organization is
entirely based in
network server
thus, threats like
DDoS attack or
ransomware attack
may significantly
disrupt the
operation of the
organization.
High Low
Due to the occurrence of
the identified threats it is
noticed that DDoS and
Ransomeware attack may
block the communication
network of the
organization with the
purpose to steal the
organizational data or to
disrupt the operations of
the organization.
Adoption of effective
firewall protection will
help to improve the
current scenario of the
organization.
3.
Power
Failure
Into the
organizational
infrastructure of
TTF it is noticed
that in case of any
power failure the
operations of TTF
may get
significantly
disrupted.
Medium low
Due to the occurrence of
these types of threats it is
noticed that the in case of
any power failure the
systems of organization
can be turned off, for
which the operations of
TTF may get disrupted.
Implementation of electric
generator will
significantly help to give
backup in case of there is
any power disruption.
4.
Terrori
sm Act
Into the
organizational
infrastructure of
the organization a
significant threat
of terrorism is
present due to
which the
organization will
face several
disruption like loss
of assets, data loss
as well as the
disruption of the
organizational
procedure.
High low
Due to the occurrence of
these types of threats the
operational activities of
TTF the will get disrupted
as the terrorist may target
to steal the data of the
organization. Adoption of
effective security and
surveillance policy will
help the organization to
improve the current
scenario.
6DISASTER RECOVERY PLAN FOR TTF COMPANY
5.
Data
securit
y
threat
Along with the
above aspects it is
noticed that since,
the TTF do not
have any
structured
database thus,
organizational data
may significantly
influenced by
several data
security threats
like fishing and
DDoS.
High High
Due to the occurrence of
these types of threat the
organization may lose
their operational data
which are very much
confidential. Hence, it is
very essential to mitigate
these threats with effective
mitigation approaches
such as implementation of
GDPR will help to reduce
these type threats.
Risk assessment matrix-
High Impact Medium
Impact
Low Impact
Impact
Likelihood
Negligible Low Medium High
High
1, 2 5
Medium
3
low
4
Rare
5.
Data
securit
y
threat
Along with the
above aspects it is
noticed that since,
the TTF do not
have any
structured
database thus,
organizational data
may significantly
influenced by
several data
security threats
like fishing and
DDoS.
High High
Due to the occurrence of
these types of threat the
organization may lose
their operational data
which are very much
confidential. Hence, it is
very essential to mitigate
these threats with effective
mitigation approaches
such as implementation of
GDPR will help to reduce
these type threats.
Risk assessment matrix-
High Impact Medium
Impact
Low Impact
Impact
Likelihood
Negligible Low Medium High
High
1, 2 5
Medium
3
low
4
Rare
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7DISASTER RECOVERY PLAN FOR TTF COMPANY
2. Emergency Response-
This section have been developed with the purpose to guide the organization about the quick
response activities in case of any disaster takes place.
2.1. Escalation and Plan solicitation-
In this section the plan activation, assembly process as well as the emergency response plan
will be discussed.
2.1.1 Plan Activating Event-
In order to activate the disaster recovery problem it is primarily required to inform
the headquarters. However, the headquarters will be informed to activate the DRP
only if the below mentioned cases takes place-
Incident of power loss.
Occurrence of natural disaster like flood and storm.
Loss of network communication.
Occurrence of terrorist attack.
Presence of data threats.
2.1.2 Assembly Point-
In case if the staffs needs to be displaced it is very essential to be gather at the below
mentioned positions:-
Primary- Far away from the company buildings.
Alternative- Any nearest places around the company buildings.
2.1.3 Activation of emergency response plan-
When the incident happens it is very essential to activate the emergency response plan by
the ERP team. Thus, in order to active the ERP team DRP must be activated and the staffs
2. Emergency Response-
This section have been developed with the purpose to guide the organization about the quick
response activities in case of any disaster takes place.
2.1. Escalation and Plan solicitation-
In this section the plan activation, assembly process as well as the emergency response plan
will be discussed.
2.1.1 Plan Activating Event-
In order to activate the disaster recovery problem it is primarily required to inform
the headquarters. However, the headquarters will be informed to activate the DRP
only if the below mentioned cases takes place-
Incident of power loss.
Occurrence of natural disaster like flood and storm.
Loss of network communication.
Occurrence of terrorist attack.
Presence of data threats.
2.1.2 Assembly Point-
In case if the staffs needs to be displaced it is very essential to be gather at the below
mentioned positions:-
Primary- Far away from the company buildings.
Alternative- Any nearest places around the company buildings.
2.1.3 Activation of emergency response plan-
When the incident happens it is very essential to activate the emergency response plan by
the ERP team. Thus, in order to active the ERP team DRP must be activated and the staffs
8DISASTER RECOVERY PLAN FOR TTF COMPANY
present in the ERP team needs to quickly response according to their assigned
responsibilities. The key responsibilities of the ERP team are listed in the below section-
As soon as the disaster is going to be found out it is essential to call the emergency
team.
Identify the characteristics of the threat and determine the impact of the threat on the
infrastructure of TTF Company.
Followed by the above identification the appropriate disaster recovery plan will be
activated.
Activation of an effective disaster recovery team with the purpose to manage the
disaster and turn to normal activity.
Make sure the all of the staffs are aware of the incident that has taken place and
assign roles the staffs if required.
2.2 Disaster Recovery Team-
The disaster recovery team will be formed by the ERP team. The key responsibilities of
this team will be following-
Forming effective the emergency services as soon as possible, it will be very effective
if the team become ready with the 2 effective business hours.
Restoration of the key services should be done within 4 effective working hour.
Recovery process should be finished between 8 hours to 24 hours.
Effective co-ordination is required with the ERP team.
Report the hourly activities to the ERP team for verification.
2.3 Notification, escalation and disaster recovery plan activation-
present in the ERP team needs to quickly response according to their assigned
responsibilities. The key responsibilities of the ERP team are listed in the below section-
As soon as the disaster is going to be found out it is essential to call the emergency
team.
Identify the characteristics of the threat and determine the impact of the threat on the
infrastructure of TTF Company.
Followed by the above identification the appropriate disaster recovery plan will be
activated.
Activation of an effective disaster recovery team with the purpose to manage the
disaster and turn to normal activity.
Make sure the all of the staffs are aware of the incident that has taken place and
assign roles the staffs if required.
2.2 Disaster Recovery Team-
The disaster recovery team will be formed by the ERP team. The key responsibilities of
this team will be following-
Forming effective the emergency services as soon as possible, it will be very effective
if the team become ready with the 2 effective business hours.
Restoration of the key services should be done within 4 effective working hour.
Recovery process should be finished between 8 hours to 24 hours.
Effective co-ordination is required with the ERP team.
Report the hourly activities to the ERP team for verification.
2.3 Notification, escalation and disaster recovery plan activation-
9DISASTER RECOVERY PLAN FOR TTF COMPANY
In this section the required contacts is mentioned along with the guidance of who should
be contacted when. The disaster recovery plan is entirely depended on the team members and
staffs of the organization. Followed by this considerations the below section should be
followed for further proceedings.
2.3.1 Emergency Notification-
In case of any incident gets detected the below team should be contacted-
Emergency Response Plan Team (ERP Team)
If they are not available the organization should contact-
Disaster Response Team.
2.3.2 Disaster Recovery process for management-
The management will have the hard copies of the DRP documents and in case any
disaster takes place the members of management should protect the hard copies.
2.3.3 Communication with the staffs-
In case any incident takes place all of the required staffs will be contacted by the ERP
team. Thus, the company must requires to have the contact detail of the staffs.
2.3.4 Backup staff-
The backup team members will perform their activities notified by the ERP team.
2.3.5 Updates-
In order to get the update of every moment the DRP team, ERP team as well as the
backup team needs to be connected via hotline.
2.3.6 Alternate recovery facilities-
In this section the required contacts is mentioned along with the guidance of who should
be contacted when. The disaster recovery plan is entirely depended on the team members and
staffs of the organization. Followed by this considerations the below section should be
followed for further proceedings.
2.3.1 Emergency Notification-
In case of any incident gets detected the below team should be contacted-
Emergency Response Plan Team (ERP Team)
If they are not available the organization should contact-
Disaster Response Team.
2.3.2 Disaster Recovery process for management-
The management will have the hard copies of the DRP documents and in case any
disaster takes place the members of management should protect the hard copies.
2.3.3 Communication with the staffs-
In case any incident takes place all of the required staffs will be contacted by the ERP
team. Thus, the company must requires to have the contact detail of the staffs.
2.3.4 Backup staff-
The backup team members will perform their activities notified by the ERP team.
2.3.5 Updates-
In order to get the update of every moment the DRP team, ERP team as well as the
backup team needs to be connected via hotline.
2.3.6 Alternate recovery facilities-
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10DISASTER RECOVERY PLAN FOR TTF COMPANY
In case of any disaster takes place a team will formed which will perform their
activities by connecting the teams. As well as by monitoring the activities of the
entire DRP process. And it will alert the ERP team in case any disruption taken place.
3. Media-
The assigned employees requires to communicate with the media with the purpose to discuss
about the issue that have been identified into organizational infrastructure. This action will be
taken post disaster recovery process.
The media will be informed by following the below listed suggestion-
Escaping opposing publicity.
Seek the advantages from positive responses.
In order to communicate with the media only the formed media team will be permitted to
interact with them. The media team should try to seek maximum advantages for this and there
should be no negative publicity.
4. Insurance-
Insurance policies are one of the most essential parts of disaster recovery policies and
business continuity plan. In the below section the policies are mentioned and described:-
Policy Name Coverage
Type
Coverage
Period
Amount of
coverage
Responsible
person
Renewal date
Disaster Risk
Insurance
This will
cover the
damage
happened
due to
natural
disaster such
as flood and
storm.
5 year 31.017$ ERP Team XX/XX/XXXX
In case of any disaster takes place a team will formed which will perform their
activities by connecting the teams. As well as by monitoring the activities of the
entire DRP process. And it will alert the ERP team in case any disruption taken place.
3. Media-
The assigned employees requires to communicate with the media with the purpose to discuss
about the issue that have been identified into organizational infrastructure. This action will be
taken post disaster recovery process.
The media will be informed by following the below listed suggestion-
Escaping opposing publicity.
Seek the advantages from positive responses.
In order to communicate with the media only the formed media team will be permitted to
interact with them. The media team should try to seek maximum advantages for this and there
should be no negative publicity.
4. Insurance-
Insurance policies are one of the most essential parts of disaster recovery policies and
business continuity plan. In the below section the policies are mentioned and described:-
Policy Name Coverage
Type
Coverage
Period
Amount of
coverage
Responsible
person
Renewal date
Disaster Risk
Insurance
This will
cover the
damage
happened
due to
natural
disaster such
as flood and
storm.
5 year 31.017$ ERP Team XX/XX/XXXX
11DISASTER RECOVERY PLAN FOR TTF COMPANY
5. Financial and legal Issues-
The ERP team will conduct an assessment on the financial department with the purpose to
determine the loss of the organization due to the occurrence of the disaster. This assessment will
consist the following aspects:-
Identification of the cash loss.
Identification on the financial document loss.
Identification of other damages.
Followed by the above identification the below listed aspects requires to be addressed with
immediate actions:-
Temporary cash flow capability.
Position of cash loss.
Management of the social and financial security.
Hence, it can be stated that the above mentioned disaster recovery strategy will help to
protect the organization from external threat and it will help to immediately respond to any
disaster as well.
5. Financial and legal Issues-
The ERP team will conduct an assessment on the financial department with the purpose to
determine the loss of the organization due to the occurrence of the disaster. This assessment will
consist the following aspects:-
Identification of the cash loss.
Identification on the financial document loss.
Identification of other damages.
Followed by the above identification the below listed aspects requires to be addressed with
immediate actions:-
Temporary cash flow capability.
Position of cash loss.
Management of the social and financial security.
Hence, it can be stated that the above mentioned disaster recovery strategy will help to
protect the organization from external threat and it will help to immediately respond to any
disaster as well.
1 out of 12
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.