A plan for disaster recovery- Synoptek LLC
Introduction
Disaster Recovery, in the case of IT, can be regarded as a security plan that is often created with a BCP or Business Continuity Plan. A set of procedures are developed and incorporated in the plan so that an organization can be protected from negative events, including natural disasters and cyberattacks or any other device failure. It is vital to restore the affected applications, data, or hardware quickly so that a business can resume its operations. In this paper, a similar plan shall be created and presented to the executive members of Synoptek. It is an IT service provider. Companies operating in the IT industry are prone to cyberattacks, and therefore after inquiring about the needs of the DR plan, a detailed description shall be outlined. Afterward, the expected or possible outcomes of implementing the plan shall be highlighted as well. The purpose is to judge the effectiveness of the procedures in a real environment.
Introducing the company
Synoptek LLC is a US-based IT service Management Company. It was founded in 1984, and the present Vice President of the firm is John Frazier. The subsidiaries of the organization are Dynamics Resoources Inc, Indusa Technical Corp., and Pay Per Cloud Inc (Synoptek, 2020). The organization has taken digital transformation seriously, and therefore it provides planning services and delivers IT strategies to other, more prominent organizations operating in the United States. The IT roadmap created by Synoptek is based on the individual goals of the client organization. The range of services that Synoptek offers includes an assessment of the existing IT environment, technology recommendations and roadmap, infrastructure design, and gap analysis. Hence, the company actively uses emerging technologies to guide and improve the condition and business operations of other firms. The approach is IT-driven, and services are delivered after creating a solid timeline and a detailed budget. It serves 1178 clients across 44 states in the USA. Apart from the USA, the company also operates in 28 other countries, and the current employee strength is 736 employees. The organization is also composed of collaborative, creative, and strategic problem solvers. Don't use plagiarised sources.Get your custom essay just from $11/page
Identifying the need of the DR plan
The organization operates within a data-driven environment, and it is vital to have a recovery plan because the business is highly susceptible to threats. Without a proper plan, catastrophic events might occur (Stanton, 2005). Threats to the computer and network systems are common in today’s age. Attacks from cybercriminals and human errors can create havoc. Preventive measures should be taken immediately so that systems can resume its operations back quickly. One of the common threats in today’s world is Ransomware. Additionally, downtime is a major issue. It means companies lose their revenue, and the organization might have to bear substantial monetary costs. Downtime has become a significant threat because the business might lose its reputation along with customers. Therefore, a DR plan would help the organization outline the vital parameters. For instance, a secondary site would be effective in helping resolve the issue of downtime. An organization’s backbone is its data, and Synoptek must consider making data one of its highest priorities. Data loss can be a catastrophic event, and there is a necessity to secure and handle data for the IT management service provider. Additionally, human error can be one of the major causes behind creating a DR plan. A major catastrophe is not always related to cyberattacks or natural disaster. The organization provides a range of services across 28 nations, and the chances of human error can definitely increase as it operates on such a large scale.
The plan can mitigate the risk of human error or at least attempt to reduce the issues so that human error can be prevented from occurring (Mohamed, 2014). It is vital to reduce the worst and taking things under control. The DR plan would help to minimize the impact of the above-mentioned issues, such as human error, downtime, threats, and data security. The organization uses IT infrastructure so that services and processes can be delivered quickly. For instance, it uses VOIP or Voice Over Internet Protocol to communicate, and employees can exchange information with each other. The servers used in the organization mainly stores a huge amount of information, and employees constantly use laptops, desktops, along with other wireless devices to manage information and deliver services. An IT DRP would be created, and resources and guidelines of NIST would be followed. Special publications of NIST outline the need for training, planning, and creating awareness among employees (Brown et al., 2008). The need of the hour is to backup data as consistently as possible and redefining the business. The organization also requires a cost-effective plan because implementing a DR plan in this data-driven and constantly changing environment might be costly.
A detailed DR Plan 1200
In the case of Synoptex, an IT Disaster Recovery Plan would be effective because the enterprise networks must be secured if the business is willing to continue its operations across domestic and international boundaries. In most instances, it is impossible to stop the occurrence of a disaster (Suguna & Suhasini, 2014). Therefore, an effective and applicable recovery plan can ensure security from unpredictable events. It is expected that the presented plan would protect the employees and enterprises’ data. The methods have been discussed and analyzed below –
- Threat Analysis– The first step would be identifying the existing and probable threats to the network systems of the organization. Threats can either be a malicious attack or a ransomware. The process would help in preparing for the disaster. Notably, a cyberattack must take precedence because the digital age is witnessing potential disruptors and intrusions.
- Business Impact Analysis- Alternatively, referred to as BIA, it is a significant component, and therefore it has been included in the proposed plan (Wiboonrat, 2008). Each type of information related to employees, customers, vendors, clients, and so on must be scanned through BIA. It would help the organization identify any legal, financial, contractual, or regulatory effects associated with cyberattacks. The organization can use BIA templates developed by NIST.
- Detailed information about the IT DR personnel- Technology and a great DR strategy goes hand in hand. Here, the term “personnel” mainly refers to the people and processes of the organization. The contact information of key personnel must be recorded, and they should be encouraged to participate in the IT DRP as they are the backbone or pillars of the firm (Noakes-Fry & Diamond, 2001). The management needs to reflect and redefine the role of employees at the time of disaster recovery. The key personnel must feel informed and empowered. It would be effective to use a DR manual. The manual must be accessible to all. Again, certain people must take the initiative and act quickly as soon as a disaster strikes. Information regarding stakeholders and other critical members should be kept as a record. Lastly, while speaking up after an incident, it is vital to see facts and figures because the management would be representing the firm in front of the media and victims of the disaster, such as employees or customers.
- Ensuring frequent updates- After establishing a DR plan, the organization might not be at an “all set” position. Changes or modifications within the internal system can be a need. For example, software updates must be done from time-to-time and included in the DR plan. An efficient plan implies that technology, people, and processes are in accurate places. Again, the rapid technological changes, along with widespread innovation, must be encouraged in the firm. Innovative solutions often lead to the development of affordable, effective, and accessible options. The purpose of ensuring system updates is to maintain the system resilience along with up-time.
- Prioritization- The goal of prioritizing is to ensure that the critical components are being considered while implementing DR. Everything within the firm is not a priority. For instance, the digital assets and employee information are the elements to be prioritized. The organization must consider RPOs and RTOs. In order to stay in the business, certain critical systems must be kept online and must be maintained in a working state so that the business can be protected. The RTO refers to Recovery Time Objective, and it is the targeted time within which businesses must be restored. Similarly, RPO or Recovery Point Objective refers to the tolerable point until when the business can manage the effects of disruption (Smith & Wenger, 2007). It is a disaster to relegate the entire responsibility to the IT department of the firm with less funding. Moreover, an understaffed department can be disastrous for the organization. Hence, best practices means prioritizing the critical components and including it in the recovery plan.
- DR assessment- Another vital component of the plan is the DR assessment because creating a plan is not always sufficient. Regular testing or assessment is necessary. The assessment would allow the management to understand the impact of the plan. Again, the organization would be prepared for the upcoming events. Assessment should include conducting interviews with employees and thoroughly examining the documents along with current business processes. Assessment can be done by conducting five steps. These are gap analysis, current state, future state, gap identification, and lastly, recommendations (com, 2020). A detailed overview has been outlined-
- Gap analysis– Both technical and non-technical aspects of the business should be analyzed.
- Current state- Current state of IT infrastructure should be compared with industry standards.
- Future state- Identifying the probable future state of the business and recovering data within the RTOs.
- Gap identification- Now, the present and future states of the business should be analyzed, and the gap can be identified.
- Recommendations- After considering the gaps, actionable DR and BCP recommendations can be given.
- Notification System- The key personnel should be notified and awareness can be created among them regarding a probable downtime. It implies that the people must be aware of the issue on time. The organization can consider the usage of formal systems for fulfilling the notification purposes. The formal systems mainly include alerts, SMS, or email. This, in turn, would notify managers and the key personnel of the DR team regarding the downtime.
- Disaster Response Team- The critical or disaster response team can be created, and they can be assigned a formal designation within the firm. The team must be capable of bringing systems online, and they must ensure that RTOs are getting fulfilled. Depending on the size of the business, a moderate to the large-sized team can be prepared. A need-based team can be prepared, as well. The expert advice would be effective, and backups can be assigned to the members as well.
- Keeping a recovery manual- The large firm consists of different types of employees, and even after complete preparation, they are bound to get panicked. A recovery manual can prove useful to them. In this manual, different stakeholders have already outlined their goals and objectives (Sun et al., 2018). Therefore, based on the organizational needs, the employees can act and try to meet the goals of the stakeholders.
- Scheduling tests regularly- The purpose of the scheduling is to ensure that technological changes or changes in the staffs of the response team are meeting the objectives of the disaster manual. An interval and time schedule would ensure that all the necessities are in place. The components should be tested thoroughly so that downtime can be avoided at all costs.
- Alternate materials- In case of sudden disruption, replacement materials such as hardware or software that can be used swiftly should be in place. While preparing the items, the replacement materials can be gathered, and complete documentation is vital as well. The materials must be present at the fingertips, and new solutions and technologies should be monitored every time. There is a need to allocate the right resources, and the organization should consider getting expert tips from a consultant so that potential gaps within the system can be identified.
Expected results
The implementation of the plan would be beneficial for the organization. It would be a meaningful investment. Even after considering the technological changes and infrastructure requirements of the business, the investment can bear good outcomes. Notably, if a cloud service provider can be considered, it can be stated that the plan would successfully meet the objectives of the firm. The corporate network of the organization can be secured. Further, operations can be quickly resumed, and the business would ensure its continuity for the long-term. Moreover, it can be anticipated that the innovative solutions can be used for enhancing the operations of the firm. Scalability would increase, and in case of a malicious attack, an alternative site would prove sufficient for resolving the issues at the firm. The organization deals with a massive base of clients all across the globe. Therefore, the need to retain them is a necessity. The clients receive leadership and IT management services; therefore, 24/7 business continuity should be a major priority. In the proposed plan, it has been stated that certain components such as the digital assets of the plan must be prioritized and therefore, the plan would be effective only after prioritizing clients. Businesses are never perfect; however, disaster prevention should not become an option. Often companies develop the plan and act when it’s too late. Therefore, regular testing or assessments, threat analysis along with BIA can ensure that systems are in appropriate place.
Similarly, the other benefits include improved productivity levels of employees and cost savings. The deserving employees must receive deserving job duties and responsibilities. While implementing the DR plan, the organization should ensure that team members possess an expertise, and they are trained enough to act immediately at the time of disaster. It would be necessary to choose qualified members and then create an incident response team. An undertrained and understaffed department is likely to aggravate issues. Lastly, the DR strategy is a cost-saving strategy. Nevertheless, implementing the strategy might be costly; however, in the long-term, it is likely to bear effective results. The plan would save millions of dollars as it can reduce the occurrences of downtime. Similarly, the organization, with the help of systematic threat analysis, would ensure that systems are functioning actively. Optimum use of the plan would inevitably lead to more significant benefits and a comprehensive outcome.
Conclusion
The paper incorporated an efficient DR plan for Synoptek LLC, and while preparing the plan, technological changes within an ever-growing IT environment has been considered. At first, a brief description of disaster recovery has been outlined. Following that, the company has been introduced. The real-time need of the organization that operates in the IT industry has been identified and elaborated. Since the organization operates within an ever-changing environment, it was vital to consider the need for the plan. It is clear that NIST guidelines can be followed effectively to sustain the plan. Based on the RTOs and RPOs, it is wise to act. The disaster manual would resolve conflict among employees and downtime or human error can be avoided.
References