Disaster Recovery Plan
No Data Loss
A disaster recovery plan in IT should ensure that all data is backed up (U.S. Department of Homeland Security, 2021). This would include all data on hardware and software applications. An IT audit should check to ensure that an organization has a valid data backup plan. The data backup plan could be implemented and managed by an organization or outsourced to a third party (IBM, 2020). Reimaging or replicating hardware is part of ensuring that reinstallation can be done when a disaster occurs. An offsite data backup plan can be used by an organization where IT staff are responsible for reviewing the backup from time to time. This would ensure that no data is lost in the event of a disaster. In addition, the hard drives used for offsite data backup should be connected to the central data centre in the organization and data restoration should also be done.
In a worst-case scenario where the offices are destroyed, the offsite data backup could be used as an office where essential employees can continue operating from. This means that the offsite would not only be a data recovery site but also contain emergency offices. Offsite data backup protects an organization’s data from both manmade and natural disasters. For example, if malicious persons gained physical access to the central data centre and destroyed hard disks, the offsite data centre would still serve the organization. Therefore, the offsite data backup should only be known to employees and management who maintain it to ensure it remains safe.
The other option of a data backup plan is where an organization employs the services of a cloud service organization. The service providers become responsible for data availability, confidentiality, and integrity (IBM, 2020). Therefore, in the event of a disaster, the data on the cloud service could be used to restore the database(s) of the client organization. An IT audit could check the cloud subscription and the services outlined in the service level agreement. This would ensure that the organization’s data is never lost and can be recovered during a disaster to ensure business continuity (IBM, 2020).
Immediate Access to Organizational Data
A good backup plan ensures that organizational data is frequently backed up and is accessible anytime the organization requires it (IBM, 2020). An automatic backup allows the organization to choose the frequency at which data backup is done. For example, the frequency could be set at two-minute intervals or up to ten minutes, depending on the needs of the organization. An organization that deals with voluminous cash transactions, such as banks or busy stores, would prefer a data backup plan with short intervals. This would ensure that no data is lost during a disaster. Also, data recovery during a disaster would ensure that data is immediately available, including the most recent transactions. Do you need help with your assignment ? Contact us.
Data security should ensure that data is always available (Prasetyo et al., 2019). For example, ensuring that the IT infrastructure is safe would avoid attacks such as denial of service attacks (DOS). The DOS attacks would make network resources unavailable, including data. Therefore, there should be a security plan to avoid network attacks. A network failover plan should be in place to ensure that data is accessible even during a disaster. For example, if a disaster destroys the cable network, an alternative wireless network should be available for use. In a worst-case scenario, an ad hoc network should be made immediately to ensure that data is accessible and business operations are not adversely affected. Service level agreements must include immediate access to data during a disaster if it outsources data centre services. The IT audit should evaluate the available data backup and availability policies against the already implemented measures. Such an audit should aim to ensure that the measures implemented work and that data would be available immediately during a disaster. In some cases, a disaster simulation would be performed to determine how fast data can be restored and made available for business operations. This would ensure that the organization is ready to handle disasters. If the simulation results are not satisfactory, more disaster recovery measures are incorporated until the requirements are met.
Critical Systems Operational Within 48 Hours
The critical IT infrastructure must be restored quickly during a disaster to ensure business operations resume. This would include the organization’s network system, software applications, workstations such as PCs, and servers. Restoration of the IT infrastructure should be done by a disaster recovery team (Southern Oregon University, 2017). A disaster recovery plan guides the disaster recovery team. The plan outlines the responsibilities of each team member and the steps to be followed. For example, the shareholders should first be notified of the disaster before recovery commences. This would include notifying senior management and the disaster recovery team responsible for disaster recovery. For each disaster, reporting and notification should be done, and a briefing of the recovery team would be next, establishing the cause and extent of the impact and where to start mitigating the disaster. For example, if the disaster is catalyzed by electrical power, the first mitigation would include turning off the main sources of power.
Disaster recovery would include restoring all critical parts of the IT infrastructure in an organization (Southern Oregon University, 2017). For example, restoring data servers and network connectivity would allow customers to continue placing orders from a store. Workstations would then allow employees to serve customers. The disaster recovery team members would be divided into smaller groups that would handle the recovery of different parts of the IT infrastructure. However, more members with higher technical skills would be assigned to data servers and networks. The impact of the disaster on the IT infrastructure would determine the required recovery time. For example, if only the cable network is affected and not the wireless network, restoring network connectivity would be faster than when both cable and wireless networks are affected. This is because a new network must be implemented when both networks are affected. An IT audit should check whether all these measures are in place to ensure that the IT infrastructure can be restored within the required time during a disaster. Also, all the tools required for disaster recovery should always be available.
Audit Activities Needed To Ensure an Effective DRP
A disaster recovery plan should be audited to ensure that when a disaster occurs, an organization is safe (Southern Oregon University, 2017). The first step would be to audit policies that are related to disaster recovery. For instance, if the policy states that the organization should have a backup plan, the audit should check whether the organization has the plan. The audit should further verify whether the backup plan works as expected. This could even include simulating a disaster and using the backup plan to restore the organization’s database. Another area that an audit should check would be the disaster recovery team and their plan. This would enable the team of auditors to evaluate the readiness of the disaster recovery team. For example, assessing whether the team has the required skills, tools, and management. Without this, the team would fail in the disaster recovery activity. The audit would also check whether the management and employees are knowledgeable about possible disasters and what they are expected to do. Accordingly, this involves answering questions like: if a non-technical employee was the first to identify the disaster, would they know what to do regarding who to report to and what to do for mitigation?
An audit on disaster recovery would check on past disaster recovery activities to evaluate how successful the activities were (Southern Oregon University, 2017). This would enable the audit team to advise on the areas that require improvement. For example, if there were delays in disaster recovery due to fewer tools, the audit team would recommend the acquisition of more disaster recovery tools. If the backup plan was outsourced and the service provider could not provide data for database restoration within the required time, the issue would be evaluated to identify what would be necessary. The audit would also check whether the organization is ready for disasters that have been foreseen in the current future. For instance, the concerned authorities, such as NIST, provide a list of current vulnerabilities and possible solutions. If such advice is provided, an organization should immediately do what is required to avoid adverse impacts on business operations that could affect business continuity.
References
IBM. (2020). What is a disaster recovery (DR) plan?. IBM – United States. https://www.ibm.com/uk-en/services/business-continuity/disaster-recovery-plan
Prasetyo, H. N., Supriatna, N., Raharjo, A. P., & Wikusna, W. (2019). Information Technology Disaster Recovery Plan (IT-DRP) Model-Based on NIST Framework in Indonesia. IJAIT (International Journal of Applied Information Technology), 3(1), 34-45. https://www.researchgate.net/publication/348150886_Information_Technology_Disaster_Recovery_Plan_IT-DRP_Model-Based_on_NIST_Framework_in_Indonesia
Southern Oregon University. (2017). INFORMATION TECHNOLOGY DISASTER RECOVERY PLAN. https://inside.sou.edu/assets/it/docs/disaster-recovery-plan.pdf
U.S. Department of Homeland Security. (2021, February 9). IT disaster recovery plan. Plan Ahead for Disasters | Ready.gov. https://www.ready.gov/it-disaster-recovery-plan
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question 
This assignment consists of four distinct elements: an internal IT audit policy, a management plan, a project plan, and a disaster recovery plan. You must submit all four sections as separate files. Name each file as indicated in the instructions below.
Make any assumptions needed for the completion of this assignment, and base your work on the following scenario:
Disaster Recovery Plan
You are an information security manager for a large national retailer and are directly responsible for the planning and oversight of IT audits. At the request of the board of directors, the CEO has tasked you with developing a plan for conducting regular audits of the IT infrastructure. The planning and management aspects of IT audit are critical to the overall success of the audit and, consequently, the overall success of the systems implemented in the organization.
You must develop a policy for conducting IT audits and develop a project plan for conducting two-week IT audits.
In addition to the typical networking and Internetworking infrastructure of a medium-sized organization, the organization has the following characteristics:
They have a main office and 268 stores in the United States.
They use a cloud computing environment for storage and applications.
Their IT infrastructure includes Cisco workgroup and core switches, Cisco routers, Cisco firewalls and intrusion prevention systems, and servers running Microsoft Windows Server 2012.
They have over 1,000 desktops and approximately 500 organization-owned laptops at the main headquarters.
They allow employees to bring their own devices into the organization; however, they are subject to search upon entry and exit from the building.
They enable remote access to corporate information assets for employees and limited access to extranet resources for contractors and other business partners.
They enable wireless access at the main office and the stores.
They process an average of 67.2 credit card transactions per hour, every day, at each location and via their corporate website.
Section 4: Disaster Recovery Plan.
Write a 5–7 page paper in which you:
Develop a disaster recovery plan (DRP) for recovering from a major incident or disaster affecting the organization.
The organization must have no data loss.
The organization must have immediate access to organizational data in the event of a disaster.
The organization must have critical systems operational within 48 hours.
Include within the DRP the audit activities needed to ensure that the organization has an effective DRP and will be able to meet the requirements stated above.
Use at least three quality resources. Note: Wikipedia and similar websites do not qualify as quality resources.
This course requires the use of Strayer Writing Standards. For assistance and information, please refer to the Strayer Writing Standards link in the left-hand menu of your course. Check with your professor for any additional instructions.
Complete the order form and upload all of your files, including any instructions, rubrics, or other materials provided by your instructor. 
Complete the order payment after filling in the order form. We’ll receive your order and assign it to a writer.
The assigned writer will complete your paper and forward it to our Editing Team for review and approval.
Once approved by the editor, the completed paper will be uploaded to your account for you to download, review and approve.