For disaster recovery in computer science and in particular in the field of information security, we mean the set of technological and logistical / organizational measures aimed at restoring systems, data and infrastructures necessary for the provision of business services for companies, associations or bodies, in the face of serious emergencies that undermine its regular activity.
The Disaster Recovery Plan (DRP) is the document that specifies these measures. It is part of the wider Business Continuity Plan (BCP).
In order for an organization to respond efficiently to an emergency situation, they must be analyzed:
- Possible levels of disaster
- Criticality of systems / applications.
For a correct application of the plan, the systems must be classified according to the following definitions:
The related functions can not be performed without being replaced by instruments (means) of identical characteristics. Critical applications can not be replaced with manual methods. Tolerance in case of interruption is very low, so the cost of an interruption is very high.
The related functions can be performed manually, but only for a short period of time. There is a greater tolerance to the interruption than that foreseen for critical systems, consequently the cost of an interruption is lower, also because these functions can be reactivated within a short time (generally within five days).
These functions can be done manually, at a tolerable cost, over a long period of time. Although these functions can be performed manually, their performance is still difficult and requires the use of more people than normally expected under normal conditions.
The related functions may be interrupted for a long period of time, with a modest, or no, cost to the company, and a limited (or null) effort to restart is required when the system is restored.
The application procedures, system software and files that have been classified and documented as critical must be restored first. Applications, software and files classified as critical have a very low tolerance to interruptions. The criticality of applications, system software and data must be evaluated according to the period of the year in which the disaster can occur. Software can mean: operating systems, applications, HD configurations, domain policies, etc. File can mean: databases, documents, sources and setups, backup copies, etc.
An emergency plan must provide for the restoration of all company functions and not just the central ICT service. For the definition of the DRP, the most appropriate restoration strategies must be evaluated on: alternative sites, back-up methods, replacement of equipment and roles and responsibilities of the teams. The prolonged unavailability of the processing service resulting in particular disaster situation, and therefore primary services, makes it necessary to use an alternative site restoration strategy.