Integrative Disaster Recovery Consulting
Keep a cool head in an emergency with IDR consulting from SVA
IDR Consulting focuses on disaster recovery planning as part of IT service continuity management (ITSCM). SVA has decades of experience in data center infrastructure, network, IT security and cloud and container architectures. As such, its consulting services are practical and solution-oriented.
Scene of the crime: the internet
Ransomware has been one of the greatest threats facing users of IT systems for some years now. The most common method is encryption of user data (such as office, image, sound and video files) or entire databases. Victims then receive a message informing them that the encryption will be lifted once they pay a ransom. The perpetrators often set very tight deadlines and threaten to delete the encrypted data bit by bit.
Having a working IT emergency plan in place is crucial to surviving this situation.
Our individual solution for you
The solution concepts for IT service continuity management and thus IT emergency planning are based on the following standards and best practice examples:
- ISO 22301-2019: Security and Resilience – Business Continuity Management Systems
- BSI 200-4: Business Continuity Management
- GPG 2018: Good Practice Guidelines from the Business Continuity Institute
- ITIL v4: The IT Infrastructure Library
In addition to these standards, further sector-specific specifications such as MaRisk, BAIT and KRITIS are also taken into account as needed.
The key steps of IT emergency planning
1. Analysis - Recording and/or developing the requirements for the IT services
In this first step, the parameters required in the company are determined in relation to the availability of the IT services. These include the MTPD, RTO and RPO values. The parameters are determined based on the results of a business impact analysis (BIA) or using a bottom-up approach starting from the processes currently possible in IT. In addition, this first step considers which risks the IT services are exposed to (physically and logically). The results of the analysis serve as a benchmark in the steps that follow.
2. Design - Defining the required structure and dependencies of applications and infrastructure
IT emergency planning requires an overview of all the emergency-relevant IT services and the associated applications and infrastructure components – including the relationships and dependencies between the components. All the information needed for this is determined in this second step, using all the data from the available systems, such as CMDBs and asset management tools. Where the IDR Manager software is used, this data can be imported directly for extremely effective working. The overview needed is then usually available within just a few project days.
3. Implementation - Creating the recovery processes
In this project phase, the recovery processes are defined and the required technical processes developed. Based on the results of the risk assessment and the associated worst-case scenarios, multiple different processes may be needed for an application or database. If the primary data center fails, for example, a failover process needs to be implemented at the DR site, while a database is also recovered from a backup in the event that a ransomware attack is successful. Recovery processes are generally created in such a way that they can be used by an expert third party. The precise scope and level of detail depend on the starting position of the specific company and the level of training of the relevant staff. In highly virtualized infrastructures, these processes become increasingly simple.
4. Validation - Tests and change management
Once developed, the recovery processes should always be tested and validated by the staff responsible. SVA can provide support for these tests, although final responsibility lies with the application owner. Methods such as “structured paper walkthrough” can also be used to validate the emergency planning, providing a way to check dependencies and interfaces within the entire recovery process.
Any Questions?
If you would like to know more about this subject, I am happy to assist you.
Contact us
SVA Products & Services
With these services or SVA products we can extend the range of solutions for you.
