Disaster Recovery

Quinn Gaalswyk, CISA

Senior Information Systems Auditor

University of Minnesota

Disaster Recovery Intro.

• Why is a disaster recovery plan important?• What should a disaster recovery plan cover?• What progress has the University been making with

disaster recovery planning?• How should disaster recovery plans be tested?

Importance of a DR Plan

• What is a DR Plan?• Why do you think a DR

Plan is important?

Business Continuity vs. DR Plans

Situations a DR Plan Must Address

Required DR Plan Situation Types:• The equipment and/or data is not available (e.g.,

the system crashed).• The data center is not available (e.g., the building

burnt down).• Staff can not get to the data center (e.g. a bird flu

epidemic):

DR Plan Recovery Components • Identify key staff and reports

– Staff to direct and perform the recovery process, and test results.

– Reports that confirm success of recovery• Process for testing the success of the recovery• Equipment requirement lists and where equipment

is to be maintained• Recovery Time Objective (RTO)• Minimum Operational Requirements (MOR)

Backups:

Overview of Backup Requirements

• Confirm schedule of backup – Recovery Point Objective (RPO)

• Confirm backups are secure– Physical Security to backups– Logical Access to backups

• Monitoring of backups to confirm completeness

Disaster Recovery vs. Cost

Current DR Plan Statuses?

DR Plan Progress at UMN • OIA’s Disaster Recovery team headed by Lois Stark

spearheading effort• Have completed several DR Plans• Provides templates for units that include key DR plan

components• OIA - UDMS provides a centralized backup solution for

many units Utilize SAN and physical tape backups – Utilize SAN, disk storage, virtual and physical tape backups

Quick Comparison of Completed DR Plans

PTS – EGMS Plan

Testing of DR Plans at the UMN