Category: Disaster Recovery Plan

Disaster Recovery Plan: Risk Assessment and Criticality of Asset Application

To manage risks that occur unexpectedly, it is important to develop and design a Disaster Recovery Plan that will offer directions on how to alleviate the effect of the losses associated with disaster occurrence (Wallace, 2017). The disaster recovery plan has considered the susceptibility of resources to natural disasters and damages as a result of activities related to human beings. The following is a Disaster Recovery Plan:

Assets Inventory

The business has a significant number of assets that are susceptible to risk of loss in situations that are uncertain. Some of these assets are worked within the buildings of the business while there are others whose setup is without the organization’s buildings. Each asset has its separate chance of occurrence of a disaster based on the setting and the state of the operatives that are involved. For a long time now, some of these assets have encountered risks incidence and has resulted in a perceptible negative effect on the business.

The assets possessed by the business and that are susceptible to the risk of loss in situations of emergency consist of structures, fittings, motor vehicles and writing implements useful in several departmental offices, plant, and equipment, databank, raw material, finished goods as well as the money used in the business trades whether being liquid cash or cash at bank.

These assets are treated in a different way and are worked from diverse arenas at dissimilar times too. Each asset has the quality of workload is involved in and this regulates the level of loss that can be occasioned by failure of these assets. Some assets function dependently despite the fact others are used unconventionally. As a result, the risks involved with all assets vary to that involved by others and as a result, every asset must be evaluated on basis of the possible risks that are linked to its operations.

Risk Assessment

Due to do various assets owned by the business, there is a particular level of risk linked to each of these assets (Aven, 2016). These risks can be due to a natural event or human activities. Primarily, the business’s buildings and structures are susceptible to natural disasters such as floods because of flat landscape where the business premises are situated. These floods can sweep away some assets and destroy other materials that are not supposed to come in contact with water and from time to time they can sweep away the business staff causing their unexpected deaths. Constructions are also susceptible to risk of fire and can also be destroyed by thieves as they attempt to earn entry inside the business premises. Structures can also be destroyed if terrorists attack the organization’s premises.

Assets such as writing implements are susceptible to burglary or misplacement in some occasions. Other assets such as plants and machinery are very susceptible to risks. A natural disaster such as a flood can cause technical complications in this machinery that result to high cost in refurbishing them or attaining fresh ones. Assets such as cash are susceptible to compromise situations where enormous sums of money are utilized in indistinguishable and undefined means. Cash is also susceptible to being misplaced when being taken to the bank due to highjack circumstances. The cash at bank is at risk of delay in its retrieval if the host bank is declared insolvent. The business can also encounter delayed access to their bank accounts when there are burglary cases in respective banks. Plant and machinery are also linked to the risk of death of their operatives. They may also be physically applied or operated by power. Sometimes they cause intense damage to their machinists when they tend to perform unusually.

Motor vehicles are connected to a number of risks and this is because most of their operations are found outside the organization’s buildings. In most cases, the risks that are related to motor vehicles are accidents though in some instances they can be hijacked or stolen.

When accidents occur, the vehicle can be partly or absolutely be damaged. Accidents can therefore result to death of the staff that could be operating the affected motor vehicle which is a loss to the business together with the family of the victim. A motor vehicle can also be involved in an accident while is inside the business such as fire occurrences. Motor vehicles can also be hijacked when they are being driven at night and occasionally destroyed by these persons with bad intents. At times in the line of duty, a motor vehicle can be stolen when is parked in parking zone even though this is an unusual happening. Motor vehicle can still be interfered with while it is still in business premises in cases of terrorist attack on the organization’s buildings.

The database can be under risk of attack by malware which might change with the accounts of the business. This type of hackers can encode both the data in motion and the data in usage, therefore, preventing manipulation of data.

Criticality of Asset Application

Each asset has its value for its being in the business (Aggarwal, 2018). Each asset play a role in the attainment of the business objectives and aims in their respective manner whether they are executed alone or their presentation is combined with others. Premises and buildings is the home of the business. For machinery to be worked on-premises and building are elementary essential; this is where the offices and the stores of the business are situated. The other asset is safeguarded when the assets have their particular rooms where they get locked inside after work. Buildings boost the guard security by not allowing direct access when they are locked inside the building.

Plant and machinery is a fundamental tool in the manufacturing process. Without them, the business could not automatically be regarded as conducting any business because there will no products sold in the market from the business This means that the business is in existence as a result of plant and machinery in charge for the manufacturing of the products that the business deals with.

Fixtures and fittings are extremely essential as they are used in the safe storage of files and documents retained by the business. Stationeries enable the office and accounting work in the business for suitable track of the performance of the business. Devoid of them, there could be difficulty in the assessment of the organization’s performance as well as inappropriate record keeping in the business.

The motor vehicle is a largely significant asset in the activities of the organizational employees. The motor vehicle is also in charge of obtaining raw material from their locality as well as supplying the finished products to the marketplace. This means that minus motor vehicle, raw materials collection could encounter problems such as high costs involved to hire private means to convey the raw materials to the business premises or late delivery of the raw material. Without motor vehicles, the finished products could encounter postponements before actual transportation to the market place.

Lack of cash by the organization makes it unable to finance any of its activity. Furthermore, it cannot pay the salaries and wages of their staffs. The organization, therefore, might not be able to obtain other assets as well to pay the maintenance cost of each asset. Acquirement of raw materials is reliant on cash and the conveyance of the finished products is cash reliant. Cash is also very beneficial in the marketing undertakings for the finished product.

The database enables the management of data and exchange of data amid staff as well as the business, traders and clients.

Disaster Recovery Objectives

Disaster recovery plan is usually concerned on how disaster influences can be alleviated in case of incidence (Gupta, 2016). Diverse assets are susceptible to various risks therefore the aims will differ from one asset to another.

The disaster recovery plan on buildings is to evade the cost associated with setting up fresh buildings. If a suitable plan on how to manage risks related to buildings is not established, the loss can be too huge to a degree that a business is made to close down. The disaster recovery plan on structures will also aid in discovering when an impending risk is ready to strike. It enables the business to manage the risk in advance before it damages the assets contained in the buildings. This plan is also intensive on the safety procedures that ought to be put in buildings that can offer easy escape in disaster circumstances. This will help to protect people’s lives that otherwise could have been locked in the buildings.

Plant and machinery must be well apprehended in the disaster recovery plan so as to evade the circumstances where the business is not producing during their interruption. This will help to lessen the loss of profits throughout such a time when the business is not producing. This will help to lessen the cost involved with the procurement of new equipment in case of absolute destruction or the cost of repair in case of incomplete damage.

Seizing motor vehicle in the disaster recovery plan aids the organization to execute safety procedures that could minimize the likelihood of loss of life or the goods in transportation. The recovery plan will also aid in the determination of the time a risk of loss is most expected to happen and consequently issues more careful to pinpoint. The aim of a disaster recovery plan on risks connected to cash will enable current concerns of the business. It outlines what ought to be done to prevent financial predicament and the procedure to implement when the business experiences a financial crisis.

Fixtures, fittings and stationery are contained within the recovery plan for the reason of preventing the misperception of record-keeping and the treatment procedures to be implemented in cases of risks. The database ought to be much protected to avoid leaking of the organization’s data concerning its tactics to execute as well as the personal data of the staffs.

Tools and Techniques to be Used in Disaster Recovery

Several tools will be employed to be able to deal with numerous risks when disaster strikes. There must be fire extinguishers fitted inside every single branch of operation. Workers must be trained on how, when and where to utilize the fire extinguishers. The business must also build open spaces where public can run through to save their lives in circumstances of fire and their efforts to put it off are fruitless. The business must ensure that it has contact with external fire extinguishers that can respond and manage the fire if it is away from the internal management force. The business must provide their employees with hats so as to lessen the effects of minor injuries that can happen when one is assigning their duties.

The business must set up safety belts and airbags in their motor vehicles so as to enable the safety of people’s lives. It must as well set up speed governors so as to limit the maximum speed which the vehicles can be driven at. These will enable the drivers to drive the vehicles more conscientiously and professionally compared to when the vehicles are being driven at high speeds. The business must also set up an office where these drivers can contact at any time of a day when they encounter any problem in the process of operation.

Plant and machinery must be fitted with digital sensors that signal when a flaw is noticed. This will aid to alleviate the risk that strikes progressively. The business must also fit CCTVs in places where the equipment is operated from so as to support the security offered by the security personnel.

The business must develop a habit of keeping their cash with bank accounts to lessen the risk of loss through pilferage and to enhance effectual management of cash. This spontaneously lessens occurrences of adulteration as there are scarce persons who will be in charge of endorsements of finance matters in the business.

Stake-holders Buy-in

One must acknowledge the consent from the stockholders of the business to the services that will be provided by the data recovery team (Mojtahedi, 2017). One should elaborate to them the standards embraced in highlighting the criticality of the request of each asset. In addition, the shareholders should be involved in the valuation of risks and in drawing aims on their feeling on the likelihood and the effect of disaster. In case they suggest an adjustment, one must do it or explain to them how the adjustment might affect the whole disaster recovery plan. Their opinions should be appreciated even if they are not professionals in the disaster recovery arena.

Business partners in the field of disaster recovery must be consulted to estimate the efficiency of the disaster recovery plan. Their opinions from their past encounter will be very essential as it will enable the disaster recovery team to determine the ideas and concepts that they can copy from their associates for a more auspicious recovery plan. After their opinions on this disaster recovery plan one can define how different mechanisms treat each and each possible risk that can take place in future. After these important discussions with investors and the disaster recovery colleagues, one should decide on the executive backings from the business that the plan needs for the application of the disaster recovery plan design project.

Documentation and Communication of the Disaster Recovery Plan

Various assets are involved with diverse risk, risk management, and dissimilar aims to capture the asset in the disaster recovery plan. From the records, it must be able to tell the list of assets that the business owns. Constructions are connected to the risk of fire, torrents, and terrorism attacks. The management measures of these risks contain fitting of fire extinguishers in buildings. Another measure that can assist in lessening the risk of loss fixing is an all-day open fire exit. The engagement of security guards will also assist the organization to be in a position to identify terrorism threats in advance and to limit them where possible.

On the motor vehicle, the accounts will plainly state that the main probable risks are accidents and burglary cases. To protect the lives of drivers, the business must fix safety belts, air bags as well as speed governors. These have been viewed as the greatest effective safety approach to be implemented. The aims of disaster recovery plan on motor vehicles are to avoid loss of life, destruction of goods being transported and to lessen delays as a result of vehicles mechanical problems.

After the valuation of plant and machinery, likely risks were water destruction and they can occasionally kill the persons operating them. Another potential loss that was pinpointed was loss of equipment when they are stolen. For safety procedures, there must be fitting of CCTVs where they are located to boost the protection provided by the security personnel. These CCTVs will also assist in backing trace proceedings if the loss was as a result of concession.

From the risk valuation, cash was involved with concession together with theft susceptibility. As a protective procedure, the business is guided to store their cash with banks. To facilitate effectual handing of this cash, the business must assign monetary errands to specific employees to be in charge and accountable on how cash has been handled in the business.

Database has been deliberated to be very susceptible to access by hackers particularly due to enhanced and fast emerging advancements. It is therefore a need for the organization to implement multiple layers to deny access to the information in the database by unauthorized persons.

Test the Disaster Recovery Plan

Try to strike the potential risk intentionally and see if the management measure designed will be able to settle risk and bring everything back to order. Take for instance motor vehicle, try to drive it past the set speed in the speed governor and see if it will actually limit the vehicle to run beyond that speed. You can try to see the speed at which the air bags installed respond by trying to drive the vehicle through obstacles that resemble an accident collision.

With fire, try to introduce fire and try to put it out by the installed fire extinguishers. You can also subject the staff into random assumptions of fire strikes and see how simple they can access and use the fire extinguishers. You can also try to determine the time that an external fire extinguisher can take before they reach to your organization’s premises in cases of occurrence of fire.

You can also try to identify any IT specialist and subject him to try to hack you database and see if the multilayer access control measures can actually deny access to the database by the hackers. You can also request to know their views on the safety measures that have been employed to protect the organization’s data.

Emergency Response Procedures

After the evaluation of the validity of the disaster recovery plan from its test, the disaster recovery team should be able to identify possible emergencies. These scenarios should be given their allocations by amending the initial disaster recovery plan. They should be treated just like any other potential risk by deciding which tools and techniques will be used to manage the risk of loss that is associated by these future emergency uncertainties.

Evaluating and Updating the Disaster Recovery Plan

Every data recovery technique should be effective and should be cost-effective. A technique that will require more cost than the risk impact should be dropped. A technique that only requires small amounts of money should not be advocated as the plan might not have the capabilities to settle and manage risk within the allocated time.

The defective measures from the test of the plan should be eliminated and the adoption of new disaster recovery plan and implementation of new solution of risk management should be advocated. The disaster recovery plan should be in line with the developing technology to avoid using obsolete techniques that might be costly due t their failure to perform as expected. The downtime for each risk should be well estimated so as to meet the objectives of managing risk in case of future strike.

Disaster Recovery Team

The disaster recovery team will include specialists in the field who have experienced and actually managed the risk before. This team will largely depend on the staff’s feedback when they detect a threat by potential risk. The team will involve some employees going through disaster recovery process so as to avoid the increased cost of obtaining new employees.

References:

1. Wallace, M., & Webber, L. (2017). The disaster recovery handbook: A step-by-step plan to ensure business continuity and protect vital operations, facilities, and assets. Amacom.
2. Aven, T. (2016). Risk assessment and risk management: Review of recent advances on their foundation. European Journal of Operational Research, 253(1), 1-13.
3. Aggarwal, A., Chaudhary, H., Koç, Y., Kim, Y., Kumar, T., & Raman, A. (2018). U.S. Patent No. 9,923,778. Washington, DC: U.S. Patent and Trademark Office.
4. Gupta, V., Kapur, P. K., & Kumar, D. (2016, February). Exploring disaster recovery parameters in an enterprise application. In 2016 International Conference on Innovation and Challenges in Cyber Security (ICICCS-INBUSH) (pp. 294-299). IEEE.
5. Mojtahedi, M., & Oo, B. L. (2017). Critical attributes for proactive engagement of stakeholders in disaster risk management. International journal of disaster risk reduction, 21, 35-43.

Disaster Recovery Plan: Analysis of the Planning Philosophy

Explanation:

Introduction

On September 11, 2001, the terrorist attack destroyed the World Trade Center in New York, which was the most profoundly focused financial territory. This attack destroyed the twin towers, as well as demolished the financial system. Banks situated in the World Trade Center experienced an uncommon disaster. The company’s backup facilities which were excessively close to the essential facilities were disrupted as the essential facilities. Single points of disappointment in saw diverse directing resulted in flopped backup communications systems. Because of the terrorist attacks of 9/11, there is significantly increased focus on the disaster recovery plan. (Robert Bronner, 1997) According to Robert Bronner, banks were among the earliest adopters of information innovation in the business world. The general use of information innovation in the bank system constrained a new industry – the disaster recovery industry. A disaster recovery plan is an essential piece of a bank’s business continuity plan. It is a process or set of procedures that assist firms get ready for disruptive events.

The objective of the plan is to recoup and ensure business IT facilities, such as the network, document management system, and center system, in disruptive events. Those events incorporate both natural disasters such as seismic tremors and man-made disasters such as power outages. It is impossible that a bank can always keep away from disasters, so the disaster recovery plan plays a vital part after a bank suffer a disaster. A cautious plan will effetely assist the bank to limit downtime and data loss by ensuring some level of organizational stability and a system recovery after a disaster will win. The Automated Clearinghouse Association was shaped by 7 Philadelphia-based banks in the mid-1970s for the sole purpose focus on the best way to deal with bank data recovery when bank computer systems go down. This group started the disaster recovery industry in 1987 by SunGard Recovery Services.

The importance of a disaster recovery plan

The disaster recovery plan is essential to the bank because the benefits it can get from drafting of a disaster recovery plan.

The basic benefits of a disaster recovery plan incorporate (‘disaster recovery plan’):

1. Providing a sense of security
2. Minimizing risk of delays
3. Guaranteeing the reliability of standby systems
4. Providing a standard for testing the plan
5. Minimizing decision-making amid a disaster
6. Reducing potential legal liabilities
7. Lowering unnecessarily stressful work environment

Disaster recovery plan is a critical proactive way to deal with banks. Because the objective of the disaster recovery plan ensures the bank do limit loss amid the disaster, planning is vital to the disaster recovery plan. The kind of disaster recovery plan can be an assortment; however, every one of them should take after three basic measures (1) preventive measures, (2) detective measures, and (3) corrective measures. The purpose of the first measures is to keep a disaster from happening. This measure is focused on distinguishing and diminishes risks. Preventive intended to stop a disaster from happening. These measure endeavor to recognize the risks previously it happens and decrease the happen proportion. To accomplish the anticipation purpose, the measures may incorporate keeping data backed up and off-site, using surge protectors, installing generators, and leading routine inspections. Detective measures are used to discover the presence of any undesirable events among the IT infrastructure. They focus on unfound new potential threats.

These measures incorporate installing fire alarms, using up-to-date antivirus software, holding representative instructional courses, and installing server and network observing software. The system which is focused on restores a system after a disaster or otherwise undesirable occasion takes put is corrective measures. Their measures may incorporate keeping critical documents in the Disaster Recovery Plan or securing appropriate insurance policies, after a ‘lessons got the hang of’ brainstorming session. (‘Disaster recovery plan’) Banking industry positively needs the Disaster Recovery Plan. The research shows that among 170 disasters recoveries, 45 were for banks in the last 10 years. (Robert Bronner, 1997) In 2012, tropical storm Sandy highlights the bank’s requirement for disaster recovery planning. Sandy struck the East Coast of Manhattan, where is the area of Wall Street. Many banks’ headquarter situated on the East Coast, such as Citi and Bank of American, were flooded submerged. The financial markets in New York City were closed for no less than two days cause loss of millions of dollars. Disasters are startling and costly, so the planning is critical for the bank to diminish loss from disasters.

Disaster recovery is of specific importance for the banks than different businesses because of the immense request for services amid times of group disaster. The normal bank is multi-plat framed, with various locations and shifted operations and computer applications. For instance, Chase Bank has more than 19,500 ATMs and 5,600 branches across the nation. Mergers and acquisitions make the bank confronting a more confounding situation. Mergers and acquisitions have caused banks to persevere through more various types of applications. Basically, banks run 20 to 30 critical applications simultaneously. At the point when organizations merger or are obtained, a bank may run 40 to 60, twofold than some time recently, critical application at the same time. Moreover, because the bank’s worldwide extending, the bank’s operations turn out to be more decentralized that expands their compass past the back office into satellite locations. Last, banks are still depending intensely on paper.

For instance, the bank often needs the copy for its customers’ copy of ID. On the off chance that a bank suffers a disaster, what might happen to these decentralized operations and complex applications? What happens to the many paper transactions in branches that have not entered the central system? As soon as the disaster happened, regardless of its man-made or natural, despite its nearby or country, it can disrupt critical business operations significantly for a considerable length of time and sometimes months. Exhaustive planning can shorten recovery time drastically and continue banking operations continuously. (Robert Bronner, 1997)

The planning philosophy

As indicated by Geoffrey H. Wold of the Disaster Recovery Planning Process, 1997, a coordinated plan should incorporate 10 steps

1. Acquire Top Management Commitment

Top management in the bank must support and include when building up a disaster recovery plan. Management has the responsibility to supervise the plan creating the process and affirm the last disaster recovery planning is compelling inside the bank. The process of building up the plan should sufficiently incorporate time and satisfactory material resources. Resources could incorporate both financial considerations and the exertion of all personnel included. This process requires the bank to contract taught managers who have to learn about disaster recovery. In the event that the best supervisor doesn’t think about disaster recovery, the last disaster recovery plan, which has the cooperation of the best director, can be poor.

2. Establishing a planning panel

After the draft of the disaster recovery plan is finished, the bank needs to fabricate a planning board of trustees. The function of the planning board of trustees is overseeing the improvement and usage of the disaster recovery plan. The planning should consider every single functional region of the organization and impact represent them. The board members should incorporate the operations supervisor and the data processing administrator. The worker is the first thing the bank should consider when develops a disaster recovery plan. What worker most worry about? The safety of families and personal property. As long as those two areas are safe, the representative can focus on the safety of the business and its customers’ property. So when the management making the disaster recovery plans, they should incorporate essentials such as shelter, restorative insurance, pension, as well as counseling and information on the disaster recovery plan. The council should ensure the last disaster recovery plan incorporate a plan to ensure the safety of the representative’s family and property.

3. Play out a risk assessment

Risk analysis and business affect analysis are imperative parts of planning advisory group. They should contain the scope of possible disasters for natural, technical, and human threats. The council should analyze each functional zone of the organization’s potential consequence and impact associated with various disaster scenarios. Besides, the safety of critical document and vital records should be assessed, as well. For instance, fire always is considered the greatest danger to an organization, such a large number of banks purchase the fire insurance. Be that as it may, even the surge is occasionally, it still has an opportunity to happen. One reason the Sandy cost colossal loss is many banks situated on Wall Street doesn’t have purchased insurance for the surge. The disaster recovery plan should consider the ‘worst case’ situation.

4. Establish priorities for processing and operations

Critical needs are the necessary equipment and procedures used to recover the daily operations of a department, such as main facility or computer center when it suffered a disaster. The critical needs for each department within a bank should evaluate the areas include: functional operations, key personnel, information, processing systems, service, documentation, vital records, policies, and procedures. Analysis the processing and operations to decide the maximum amount need f time each department of the bank can operate without each critical system. To determining the critical needs of a department, the bank can document all the functions performed by every department.

As soon as the primary functions have been determined, the operations and processes should be ranked in the order of essential, important, and non-essential. (Robert Bronner, 1997) Location is the first critical consideration of a recovery plan. A bank’s recovery plan should include geographically independent relocations sites for every workgroup. (Robert Bronner, 1997) The consideration of the location include whether it is easy to access to other facilities, Data center professionals may work in an urban area and be more willing to travel or relocate. The recovery locations should be planned both for the data center environment and satellite locations.

5. Determine Recovery Strategies

The researched and evaluated processing alternatives are the most practical alternatives for processing. In order to make an effective recovery strategy, the bank must consider facilities, hardware, software, communications, data files, customer services, user operations, MIS, End-user systems, and other processing operations of the organization. Furthermore, the bank should consider its computer function. Hot sites, warm sites, cold sites, reciprocal agreements, tow data center, consortium arrangement, and vendor-supplied equipment are the alternatives for evaluation of the computer function. The third elements should be prepared is the written agreements for the specific recovery. The example of special considerations includes: contract duration, termination conditions, testing, costs, special security procedures, notification of system changes, hours of operation, and specific hardware and other equipment required for processing.

6. Perform Data Collection

The basic data collected for disaster recovery plan includes backup position listing, critical telephone numbers, communications inventory, distribution register, various types of inventory, master call list and vendor list, notification checklist, software and data files backup/retention schedules, temporary location specifications, and materials and documentation. That information is helpful to develop pre0formatted forms to facilitate the data gathering process. According to Robert F Bronner of the banking industry and disaster recovery plan, 1997: the inside data center is no longer enough for the bank, with the expansion of bank, the bank needs the data beyond the inside data center.

The remote of the working group of the remote locations should be part of the entire disaster recovery plan. The equipment and system in the remote locations should be accounted in the recovery plan. What is more, business recovery move advance to restoring and recreating the business process? For example, the ‘quick ship’ type of program that allows them to ship personal computers and related equipment to a designated recovery site within 48 hours of the declared disaster.

7. Organize and document a written plan

The disaster plan should be written in a standard form. The plan should include an outline of the plan’s contents. The management should review and approve the outline. Then, the procedures and the documentation should be written in the plan based on the standard format. It is helpful to create a consistent format and allows for continuing maintenance of the disaster recovery plan. The plan should be used before, during, and after a disaster. It should include methods for maintaining and updating the plan to reflect any significant internal, external or systems changes and structured using a team approach.

8. Develop testing criteria and procedures

After a disaster plan is created, it should be tested and evaluated on a regular basis. The tests will provide the organization with the assurance that all necessary steps are included in the plan. Furthermore, it helps to determine the feasibility and compatibility of backup facilities and procedures, identifying areas in the plan that need modification, providing training to the team managers and team members, demonstrating the ability of the organization to recover, and providing motivation for maintaining and updating the disaster recovery plan.

9. Test the Plan

After testing criteria have been completed, the bank should test the disaster recovery plan. A good bank’s recovery plan doesn’t mean it works well in the reality. The test will provide additional information about the continuing steps, reasonable adjustments to the original plan. Each functional department of the bank should be tested. The bank’s size and rate of organizational change decide the frequency of testing. Usually, small banks have a low frequency of testing; they may do testing once per year. Larger banks have high frequency; they perform exercises two or three times a year or stretch an annual test over several days. There are four main types of tests: checklist test, simulation test, parallel tests, and full interruption tests. The actual disaster is a true test to the bank. It is similar to simulation tests but more authentic than the simulation tests. Banks should document recovery efforts, evaluate results, and refine plans accordingly carefully.

10. Approve the plan.

The last step of making disaster recovery plan is approving the plan. After the written and tested, the plan should be approved by top management. The top management has responsibility for establishing policies and comprehensive contingency planning. Also, the management should review and approve the contingency plan annually and writes a review paper for the plan. If the information comes from a service bureau, management should evaluate the adequacy of contingency plans for its service bureau and ensure that its contingency plan is compatible with its service bureau’s plan.

Conclusion

With the expansion of the financial industry, banks become more sophisticated technology users; the disaster recovery plan will play a more important role in the banking sector. The bank’s disaster recovery plan can help the bank to mine the loss due to an unexpected disaster and recover the bank back to use as soon as possible, but it acquired the bank to plan a disaster recovery plan system effectively before the disaster happens. An effective disaster plan is made under the strict requirement in operating in planning, assessment, writing, and testing process. Nobody can estimate when the disaster will come, the disaster recovery plan is both a prevention method and insurance to decreasing the potential exposures and recover the organization for the bank.

Reference

1. Bronner, Robert F. (2013). ‘Banking Industry and Disaster Recovery Planning. Wikimedia Foundation.
2. Wold, Geoffrey H. (2013). ‘Disaster Recovery Planning Process Part 1 of 3.’ Oxford Press. London.
3. Disaster Recovery Plan. (2017) ‘ Wikipedia. Wikimedia Foundation, December 2017

The Importance and Essence of Disaster Recover Plan: Analytical Essay

The importance of a Disaster Recovery Plan is the capacity and ability to respond to an incident or an event instantly and efficiently. This is an achievable task only if an organization has an efficient team, planned procedures and disaster recovery supplies which is in short a Disaster Recovery Plan.

Whatever was discovered earlier about the strategies for the prevention of disasters applies evenly to the planning of disaster recovery. It is a function of a senior management to do planning which cannot be accomplished without the support of top level management. Identification of a need for such a recovery plan must be presented to the department at a very early stage, regardless of the team who stimulates this requirement.

A written memo or an authorization statement makes it easy for the management to proceed with the disaster planning process among the employees. The actual mandate shall spell out the main goals and objectives of the plan so that the expectations of the top management are met.

The main objective of such a plan is recouped and ensures a business IT facilities, such as document management system, network, quality management systems, center systems etc. in the disruptive events. These events incorporate both the man-made disasters such as power outage and natural disaster such as seismic tremor. It is highly impossible for an organization to always stay away from disasters, so the disaster recovery plan plays a very important role if an organization is suffering a disaster. With a careful and highly sought out plan can effectively assist the organization to limit the downtime and loss of data while also ensuring a level of organizational stability and a system recovery after the occurrence of a disaster.

The importance of a disaster recovery plan:

The disaster recovery plan is very essential to every organization because it benefits an organization to recover from the disaster at a faster pace and in a standardized timeline.

Following are the benefits of a disaster recovery plan (‘disaster recovery plan’):

• Minimizing the risk of delays
• Providing a sense of security
• Providing a standard for testing the plan
• Lowering unnecessarily stressful work environment
• Minimizing decision-making amid a disaster
• Guaranteeing the reliability of standby systems
• Reducing potential legal liabilities

Disaster recovery plan is a critical proactive way to deal with organizations. Since the goal of the fiasco recuperation plan guarantees the association do constrain misfortune in the midst of the catastrophe, arranging is crucial to the debacle recuperation plan. The sort of catastrophe recuperation plan can be a variety; be that as it may, all of them should take after three fundamental measures (1) preventive measures, (2) criminologist measures, and (3) remedial measures. The motivation behind the main measures is to shield a catastrophe from occurring. This measure is centered around recognizing and reduces dangers. Preventive planned to prevent a debacle from occurring. These measure attempt to perceive the dangers already it occurs and decline the happen extent. To achieve the expectation reason, the measures may fuse keeping information supported up and off-site, utilizing flood defenders, introducing generators and driving routine investigations. Analyst measures are utilized to find the nearness of any bothersome occasions among the IT framework. They center around the unfound new potential dangers.

These measures consolidate introducing fire alerts, utilizing something like date antivirus programming, holding agent instructional courses, and introducing server and system watching programming. The framework which is centered around reestablishes a framework after a fiasco or generally bothersome event takes put is remedial measures. Their measures may fuse keeping basic reports in the Disaster Recovery Plan or verifying suitable protection strategies, after an ‘exercises got the hang of’ meeting to generate new ideas. (‘Fiasco recuperation plan’) IT industry decidedly needs the Disaster Recovery Plan. The examination demonstrates that among 170 calamities recuperations, 45 were for IT divisions over the most recent 10 years, Robert Bronner, 1997. In 2012, tropical storm Sandy highlights the organization’s requirement for disaster recovery planning. Sandy struck the East Coast of Manhattan, where is the area of Wall Street. Many companies’ headquarter situated on the East Coast, such as Citi and Bank of American, were flooded submerged. The financial markets in New York City were closed for no less than two days cause loss of millions of dollars. Disasters are startling and costly, so the planning is critical for them to diminish loss from disasters.

The Disaster Recovery Plan

The Disaster Recovery Plan should be prepared by the Disaster Recovery Committee, which ought to incorporate agents from every single basic division or regions of the office’s capacities. The panel ought to incorporate no less than one agent from the board, processing, chance administration, records the board, security, and building support. The genuine size and arrangement of the council will rely upon the size, area, and structure of the individual division or office.

The board of trustees needs to set up a course of events to build up a sensible due date for finishing the composed arrangement. This course of events may appear as a Program Evaluation and Review Technique (PERT) chart or a decision.

The planning philosophy

As indicated by Geoffrey H. World of the Disaster Recovery Planning Process, 1997, a coordinated plan should incorporate following steps:

1. Acquire Top Management Commitment

Top administration in the association must help and incorporate when developing a calamity recuperation plan. The board has the obligation to direct the arrangement making the procedure and certify the last fiasco recuperation arranging is convincing inside the association. The way toward working up the arrangement should adequately consolidate time and tasteful material assets. Assets could fuse both monetary contemplations and the effort of all staff included. This procedure requires the organization to contract showed administrators who need to find out about debacle recuperation. If the best manager doesn’t consider catastrophe recuperation, the last calamity recuperation plan, which has the participation of as well as can be expected, be poor.

2. Proficiency

Records Management is only one of numerous assets accessible to the association. The way to having a thorough debacle counteractive action and recuperation plan is to draw from these assets/plans.

One of the essential assets we have recognized, from records, the executives point of view as well as across the country among expansive organizations, is the chance to migrate reinforcement data and frameworks that are fundamental to our Organization’s prosperity, survival and notoriety. Since we are a four grounds framework, every grounds can be an indispensable asset for each of alternate grounds as a removed off-site stockpiling area (90 to 128 miles apart) for backup of information systems. In the event of a wide-spread disaster such as an F-3 to F-5 tornado or earthquake, our system of widespread campuses could serve as off-site backup facilities with very little cost to the system.

3. Establishing a planning panel

After the draft of the disaster recovery plan is finished, the association needs to create an arranging leading group of trustees. The capacity of the arranging leading group of trustees is administering the improvement and utilization of the debacle recuperation plan. The arranging ought to consider each and every practical area of the association and effect speak to them. The board individuals should join the tasks chief and the information handling manager. The laborer is the main thing the organization ought to think about when builds up a catastrophe recuperation plan. What specialist most stress over? The wellbeing of families and individual property. For whatever length of time that those two regions are protected, the agent can concentrate on the security of the business and its clients’ property. So when the administration making the fiasco recuperation designs, they should fuse fundamentals, for example, cover, therapeutic protection, benefits, just as advising and data on the catastrophe recuperation plan. The chamber ought to guarantee the last fiasco recuperation plan join an arrangement to guarantee the wellbeing of the delegate’s family and property.

4. Team Task Organization

The arrangement must illuminate the titles and elements of each colleague associated with the calamity recuperation process. The people who will create the group or groups ought to be recognized by title or position and name. In a little office or division with just a bunch of workers, the whole staff may turn into the Disaster Recovery Team with one individual assigned to lead the recuperation exertion. The individual named Recovery Director or Coordinator must be given the vital expert to pronounce a debacle, and to act rapidly and successfully amid the rescue task.

5. Organize and document a written plan

The disaster plan should be written in a standard form. The arrangement must illuminate the titles and elements of each colleague associated with the calamity recuperation process. The people who will create the group or groups ought to be recognized by title or position and name. In a little office or division with just a bunch of workers, the whole staff may turn into the Disaster Recovery Team with one individual assigned to lead the recuperation exertion. The individual named Recovery Director or Coordinator must be given the vital expert to pronounce a debacle, and to act rapidly and successfully amid the rescue task.

6. Information Distribution Procedures

The plan must incorporate explicit strategies for reaching colleagues and substitutes, sellers, bolster organizations, providers, experts and each one of those with whom uncommon calamity contracts and understandings are essentially.

7. Determine Recovery Strategies

The looked into and assessed preparing options are the most functional options for handling. So as to make a successful recuperation procedure, the organization must think about offices, equipment, programming, interchanges, information records, client administrations, client tasks, MIS, End-client frameworks, and other handling activities of the association. Besides, the organization ought to consider its PC work. Hot sites, warm sites, cold sites, reciprocal agreements, tow data center, consortium arrangement, and vendor-supplied equipment are the alternatives for evaluation of the computer function. The third components ought to be readied is the composed understandings for the particular recuperation. The case of unique contemplations incorporates contract span, end conditions, testing, costs, exceptional security methodology, notice of framework changes, long stretches of activity, and explicit equipment and other hardware required for preparing.

9. Specific Disaster Reactions

The plan must provide for both major and minor disasters, also, must address individual and network-wide catastrophic events, for example, tornados and general flooding. Your arrangement ought to likewise characterize as far as business interference what establishes a debacle; in this manner, approving the actuation of the catastrophe recuperation plan.

10. Do out a risk assessment

Risk analysis and business affect analysis are imperative parts of planning advisory group. They ought to contain the extent of conceivable catastrophes for common, specialized, and human dangers. The chamber should investigation each useful zone of the association’s potential result and effect related with different debacle situations. Moreover, the security of basic archive and crucial records ought to be surveyed, too. For example, fire dependably is viewed as the most serious risk to an association, such an extensive number of organizations buy the flame protection. Nevertheless, even the flood is once in a while, despite everything it has a chance to occur.

11. Training of Employees

The recovery plan must provide for initial and ongoing employee training. Skills are needed in the reconstruction what’s more, rescue periods of the recuperation procedure. Your underlying preparing can be practiced through expert classes, extraordinary in-house instructive projects, the insightful utilization of specialists and merchants, and individual examination custom fitted to the necessities of your area of expertise. An insignificant measure of preparing is important to help proficient restorers/recuperation temporary workers and others having little learning of your data, dimension of significance, or general tasks.

12. Develop testing criteria and procedures

After a disaster plan is created, it ought to be tried and assessed all the time. The tests will give the association the confirmation that every single vital advance are incorporated into the arrangement. Moreover, it decides the attainability and similarity of reinforcement offices and systems, distinguishing regions in the arrangement that need adjustment, giving preparing to the group administrators and colleagues, exhibiting the capacity of the association to recuperate, and giving inspiration to keeping up and refreshing the fiasco recuperation plan.

After testing criteria have been completed, the association should test the fiasco recuperation plan. A decent association’s recuperation plan doesn’t mean it functions admirably in the truth. The test will give extra data about the proceeding with steps, sensible acclimation to the first arrangement. Each practical branch of the organization ought to be tried. The organization’s size and rate of authoritative change choose the recurrence of testing. Normally, little organizations have a low recurrence of testing; they may do testing once every year. Bigger banks have high recurrence; they perform practices a few times each year or stretch a yearly test more than a few days. There are four principle kinds of tests: agenda test, reenactment test, parallel tests, and full interference tests. The genuine fiasco is a genuine test to the organization. It is like reenactment tests, however more genuine than the reproduction tests. Associations should archive recuperation endeavors, assess results, and refine designs in like manner cautiously.

13. Approve the plan.

The last step of making disaster recovery plan is approving the plan. After the composed and tried, the arrangement ought to be affirmed by best administration. The best administration has a duty regarding setting up strategies and far-reaching possibility arranging. Additionally, the administration should survey and affirm the emergency course of action every year and composes an audit paper for the arrangement. On the off chance that the data originates from an administration agency, the executives ought to assess the sufficiency of emergency courses of action for its administration department and guarantee that its alternate course of action is perfect with its administration authority’s arrangement.

14. Priorities for the Restoration of Essential Functions

Your disaster recovery plan must not only spell out which functions are vital but likewise the request they are reestablished. This is particularly basic in the indispensable, complex figuring capacities where records of sales, finance, and records payable have fluctuating needs consistently.

Requirements and Goals of Disaster Recovery Plan: Analytical Essay

Abstract

There are so many influences for organizations now a day so that companies and organizations are neglecting disaster recovery plans and it is not a wiser decision and also it is not safe for any company to implement such a decision in such a competitive world where for every company and organization’s security is the main key chain to maintain. In this global world, crime rates are increasing gradually, and security attacks are increasing day by day so the organization should alert and on top of it natural calamities are uncontrivable. No one can control it. Specifically, for small businesses, it is very hard to find enough key standard resources to participate actively in the unwanted situation so it is very difficult for them to maintain a disaster recovery plan for long term but still in any situation they should not ignore it in any bad situation.

Brief History:

Disaster Recovery (DR) has picked up visibility as of late because of a few unwanted situations that caused financial investment the board organization and business to consider arranging and innovation important, for example, Hurricane Sandy, prominent digital assaults, and general human blunders. What you may not know, in any case, is that catastrophe recuperation has been a piece of the business scene for very nearly forty years. Disaster recovery previously turned into an issue during the 1970s as associations moved their organizations to PC based tasks. Before the development to centralized server PC frameworks, business depended fundamentally on paper-based activities and was not worried about innovation foundation outage and usage. With the beginning of the PC period, having an unmistakable arrangement on account of an innovation disappointment turned into a need.

As more business tasks was facilitated on a centralized computer mainframe, organizations turned out to be increasingly reliant on these mainframes to keep their organizations running easily. Workers developed worried that if centralized server mainframe were down for a few days, there would be an emotional negative impact as they would be not able to access records and applications used to lead the everyday business. Out of this need, joined with the ascent of web subordinate business applications, for example, email and number of prevalent CRM mainframes, enthusiasm for disaster recovery developed and expanded. Organizations of all sizes started to depend all the more vigorously on their IT framework just as solid availability to data on every minute of daily basis.

Goals of the Disaster recovery plan:

Disaster Recovery arranging is the way to make the documentation and that contains the process of your business will take to recoup from an unwanted situation. A number of organizations set aside the opportunity to make a disaster recovery plan. Your business doesn’t continue as before; organizations develop, change and realign. A powerful disaster recovery plan must be formally audited and refreshed to ensure it mirrors the present condition of the business and meets the objectives of the organization. In addition to the fact that it should be investigated, yet it must be tried to guarantee it would be strong and feasible and easy to implementable.

To build up a disaster recovery plan, you should initially establish objectives and goals the requirements will meet. Here are six objectives and targets to you can use to ensure your disaster recovery plan will be effective.

1. Decrease overall risk: The fundamental objective of any disaster recovery plan is to decrease the general hazard to the organization. Take a gander at the arrangement and make the inquiry ‘Is there anything missing that would keep the business from restarting quickly?’ In case of a calamity or natural disaster, your biggest problem is time. The arrangement must be compact but then thorough. Search for gaps that can endanger the fruitful execution of your debacle recuperation plan and deferral recovering the organization to a completely practical state.
2. Feasible and repetitive test plan: A number of designs are created, but few are ever need to be updated. Audit the arrangement consistently to guarantee new parts of the business are secured. Test the arrangement no less than at regular intervals. Pick a Saturday and imagine that you need to bring back the workplace tasks in under 24 hours. You don’t need to physically do it, yet lounging around a table offsite with no entrance to the standard assets of the workplace can reveal a ton of insight into your disaster recovery plan’s insufficiencies.
3. End user’s concerns: When created and implemented, you should display your disaster recovery plan to the end-users or potentially governing body. Record all criticism and ensure it is tended to in the modified arrangement. On the off chance that they are increasingly worried after you present your disaster recovery plan, you have to return to every single thing before you present it once more.
4. Updated daily operation: The basic inquiry you should ask while auditing your disaster recovery plan is, ‘Can your disaster recovery plan reestablish the everyday tasks in a sensible time?’ Your clients will comprehend and be thoughtful in the event that you ever experience an unwanted situation, yet they won’t sit tight perpetually for you to recover your feet on the ground. Activities must be reestablished rapidly before clients begin leaving for the challenge.
5. Relate with agenda and rules: On the off chance that your business is in a directed industry, for example, human services, sustenance handling, training, and others, ensure your disaster recovery plan contemplates all administration guidelines. Because you are working out of a brief office does not exclude your business from following guidelines.
6. Quick Response: A disaster recovery plan must be composed and created with the objective of reacting quickly to any disaster. As referenced, time is your greatest foe after strikes, so ensure a duplicate of the unwanted situations plan is put away off-site, regardless of whether electronically or in printed copy structure, and that it tends to be gotten to 24 hours every day, seven days.

Make a crisis contact list with different telephone numbers for every administrator. Keep it promptly open regardless of the season of day or night.

Requirements of Disaster Recovery:

• Hot Backup site: Hot backups regularly utilize synchronous replication to keep any information misfortune because of a Disaster.
• Warm backup site: Backup servers having the application disappointment are accessible, yet are just kept in a ‘warm’ state where it might take minutes to bring them on the web.
• Cold backup site: It contains to be hard to help business congruity with cold reinforcement locales, yet they are an exceptionally minimal effort alternative for applications that don’t require solid insurance or accessibility ensures.

Compare of Traditional DR and DR as a (Cloud) Service

Major Drawbacks with the disaster recovery Plan:

Redistributing Disaster recovery does not generally ensure lower costs. Three components must be considered to decide if re-appropriating DR is proper for your condition:

1. Prerequisites – You should initially comprehend the particular DR necessities from a business point of view. In the case of insourcing or redistributing, pushing ahead without a strong meaning of business needs will probably bring about overspending, disappointment, or both.
2. Alternatives – Make a reasonable evaluation of all accessible re-appropriating choices, including their genuine abilities and where they fit best. All disaster recovery incidents aren’t equivalent and ideal, and there is a number of arrangements intended to address shifting needs.
3. Existing abilities and condition – Understand existing ranges of abilities – or deficiency in that department – just as framework, offices and other hierarchical elements that may assume a significant job in tilting the scales either toward or far from re-appropriating.

Cloud disaster recovery is starting a great deal of recently for information storage executives. The cloud can offer a few administrations that might be utilized to help DR. In the first place, fundamental server and capacity framework administrations, for example, those accessible through Amazon EC2, might be utilized as an expansion of existing server farm assets, however, focused to address disaster recovery needs. Additionally, information can be duplicated to distributed storage, and when required, cloud servers can be enacted

Major reasons for disaster:

Have you at any point on spared over a word archive or had your PC crash before you could spare an imperative record? It happens to potentially anyone. Indeed, even the most mindful can overlook a stage in a vital procedure causing information misfortune or the wrong information to being entered. While normal, these errors can frequently be the hardest to avoid and address. Having a debacle recuperation plan that makes a progression of gradual online information reinforcements lets you effectively reestablish your records to a mistake-free state. Having repetitive firewalls, hostile to infection, and against spyware, programming can guarantee that security breaks are ensured in the event that one was coincidentally incapacitated or a port left open. Intermittently the most essential approach to human unwanted activities is in procedure enhancements and quality confirmation exercises. A disaster recovery plan that joins checking and twofold checking is frequently the best cure, along with online reinforcements is ideal.

Disaster Recovery Plan:

At the point when an occurrence happens, the Emergency Response Team (ERT) must be enacted. The ERT will at that point choose the degree to which the disaster recovery plan must be important.

All representatives must be issued a Quick Reference card containing ERT contact subtleties to be utilized in case of a debacle. Obligations of the ERT are to:

• Respond quickly to a potential debacle and call crisis administrations;
• Assess the degree of the debacle and its effect on the business, server farm, and so forth.;
• Decide which components of the debacle recuperation plan ought to be actuated;
• Establish and oversee disaster recovery group to keep up fundamental administrations and come back to the typical task;
• Ensure workers are told and assign duties and exercises as required.

The group will be reached and amassed by the ERT. The group’s duties include:

• Establish offices for a crisis dimension of administration inside 2.0 business hours;
• Restore key administrations inside 4.0 business hours of the occurrence;
• Recover to the same old thing inside 8.0 to 24.0 hours after the occurrence;
• Coordinate exercises with debacle recuperation group, people on call, and so on.
• Report to the crisis reaction group.

This arrangement and technique has been built up to guarantee that in case of a disaster or emergency, the workforce will have a reasonable comprehension of who ought to be reached. Methods have been routed to guarantee that correspondences can be immediately settled while enacting disaster recovery. The disaster recovery plan will depend essentially on key individuals from the executives and staff who will give the specialized and the board aptitudes important to accomplish a smooth innovation and business recovery. Providers of basic merchandise and enterprises will proceed to help recover of business tasks as the organization comes back to ordinary working mode.

The Emergency Response Team (ERT) is in charge of actuating the DRP for catastrophes recognized in this arrangement, just as in case of whatever other event that influences the organization’s capacity to perform typically. One of the undertakings amid the beginning times of the crisis is to advise the Disaster Recovery Team (DRT) that a crisis has happened. The warning will ask DRT individuals to collect at the site of the issue and will include adequate data to have this demand viably imparted. The Business Recovery Team (BRT) will comprise of senior agents from the HR and principal business department(s). The BRT Leader will be a senior individual from the organization’s administration group and will be in charge of taking by and large charge of the procedure and guaranteeing that the organization comes back to typical working tasks as ahead of schedule as could be expected under the circumstances.

Conclusion:

DR and BC PLAN is a basic hazards in the executive’s program with the goal of securing associations from potential problematic exercises. The DR and BC PLAN gives the system for settling on fitting danger relief choices and recuperation of business frameworks. The executives, as a beginning, ought to genuinely consider the suggestions given by the Business Continuity Plan (BCP) specialist as a major aspect of the endeavors to refresh the arrangement and make it completely executable. The foundation of DR and BC arrangement report would likewise help significantly in imparting the board desires, preparation, and mindfulness for representatives. The DR and BC plan ought to be a dynamic record that is always exposed to a booked recurrence of tests and activities.

References:

1. Steve, M H. & Hawkins, D. (2013). “Disaster recovery Planning: A Strategy for Data Security”, Information Management & Computer Security, Vol. 8 Issue: 5, pp 222-230.
2. Sarmiento, J. & Jerath, C. (2016). Disaster Recovery Management and Business Education: The Case of Small and Medium Enterprises. Journal of Information Security & Networking World.
3. Alabdulwahab, M. (2016). Disaster Recovery Planning and Business Continuity. International Journal of Scientific and Engineering Research, Volume 7, Issue 3, March-2016.s
4. Pathrose, J. (2016). Ensuring Reliable Communication in Disaster Recovery Operations with Reliable Techniques. Journal of Mobile Information Systems, Volume 31, 2016.
5. Travis S. L. (2009). Key Stages of Disaster Recovery planning for Time-Critical Business Information Technology Systems
6. Wang, K. & Zhonghai, Y. (2005). “ A Mathematical Approach to the Disaster Recovery Planning”, Semantic Knowledge and Grid. SKG ‘2005. Pp. 32-46, 2005

Disaster Recovery Plan: Case Study of Bank of America

Introduction:

Overview of the disaster recovery plan:

A business needs to deal with many vital operations through which it can provide the services to its clients or customers. Higher the number of customers; higher is the pressure for the business to provide quality services in time. For example, a banking organization needs to provide financial services to its customers and need to manage all its business operations without interruption. However; problem occurs when the business operations are interrupted due to some disasters or the business assets can get damaged heavily causing interruption in the services to the customers (Cortes & Strahan, 2017). Disasters can be hugely devastating for organizations and can come in the form of natural ones or those made by human beings. Although the possibilities of manmade disasters can be reduced by implementing security measures in the network, however; protection against natural disasters such as cyclones, floods and fire breaks can be hugely difficult. This is because natural disasters are uncertain and the consequences can be heavier than that of manmade disasters (Monllor & Murphy, 2017).

However; both these forms of disasters can impact hugely on the flow of business operations in the organizations. Therefore; strategies are required to be made for both and those should be effective for the business as well. This strategies or planning for protection against disasters is known as disaster recovery plan (Wallace & Webber, 2017). A business continuity plan needs to be prepared by analyzing the resources that would be required to make it effective one. In this regard; it is highly important to identify the resources that can get impacted the most by the consequences of disasters. Therefore; planning should be made to protect those assets from getting damaged. The resources that are required for a disaster recovery plan include the stakeholders of the company who can play vital role and the technological requirements (Saheb Jamnia, Torabi & Mansouri, 2015). Moreover; the stakeholders who would be involved in the plan should be made aware of their roles and responsibilities in the process of execution of the plan.

Overview of this report:

This report will develop a disaster recovery plan for a banking organization known as Bank of America. Due to the fact that the banking organizations perform extremely critical business operations and a large section of public in a country is dependent on the banking organizations for financial services; therefore; it is required to be ensured that the business assets of these organizations are not damaged due to disasters (Nitescu, 2016). Even protection of the digital information and infrastructures is equally important so that these organizations are able to provide uninterrupted services to their customers. This report will thus analyze the assets of the Bank of America that are required to be protected from natural disasters and the process of recovering the assets after the effects of natural disasters. The resources that will be required will be highlighted along with making the stakeholders aware of their roles and responsibilities in disaster recovery planning.

Discussions:

Background of the company:

The company in discussion is the Bank of America which is the second-largest banking organization of the United States of America. The headquarters of the Bank of America is based in New York. This is also the ninth-largest banking organization in the world. The services of the bank include opening of savings and current account of the customers, providing financial solutions, providing credits and loans and investing in various projects (‘Bank of America – Banking, Credit Cards, Home Loans and Auto Loans’, 2019). Bank of America deals with millions of customer both in The United States and as well as in other countries. Therefore; it requires uninterrupted services to meet with the financial demands of the customers. The business assets of the bank are extremely critical and important and these are required to be protected from getting damaged or lost. Similarly, data of the bank are also highly confidential as those contain the data of the financial information of the customers and the clients and vital information of the business. Therefore, it will be important to identify the assets which are required to be protected from the impact of natural or manmade disasters.

Assets which are required to be protected:

A banking organization has some critical assets. These assets are of two types- physical and non-physical. Some of these are:

Physical assets

• Server
• Computers
• Equipment of financial services
• Vaults
• Cash

Non-physical assets:

• Data of the customers
• Data of loan and mortgages
• Balance sheet
• Financial reports
• Investment reports
• Website of the bank
• Online banking system

Therefore; both these assets are required to be protected and also kept at a safe distance from the impact of the disasters. There are other assets of the bank; however; the above-mentioned assets are most critical and requires to be protected from the impact of natural and manmade disasters. After this, the focus will be given on identifying the risks from the disasters and their impacts on the business operations of the bank.

Risk analysis:

After identifying the important assets of the Bank of America; next focus will be on conducting a risk analysis. Risk analysis is going to be extremely important in order to identify the risks and further evaluating them to provide required mitigating solutions (Birkmann et al., 2016). This is thus a vital part of the disaster recovery plan for the Bank of America.

• Risks
• Result
• Type
• Probability
• Impact

Break down or damage of the server

This can result in deletion of the database of the bank which contains vital business information. Damage of the server can delete vital data of customers and other clients.

• Natural
• High
• High

Disclosure, alteration and deletion of data from the database

This can occur when the hackers are able to access the database of the bank. This can result in access of confidential information of the customers and the business which in turn can result in privacy issues. This can also result in legal issues for the bank

• Manmade
• High
• Medium

Damage of the assets such as computers, printers and others

This can occur due to impact of natural disaster which can result in huge financial losses for the bank. The systems may contain vital information of the business and if this is lost; then the bank can find it extremely difficult to get it revived.

• Natural
• Medium
• Medium

Damage of physical data and cashes

This can occur due to either fire or floods and can result in huge damage for the bank. If the cashes of the public are damaged, then the bank can get into huge financial losses

• Natural
• High
• High

Spoofing or denial of service attack in the online banking system of the bank

This can result in huge financial losses for the customers. Hackers can spoof the bank as authorized users and steal the credentials of the users to steal the money from their account. Denial of service attack can prevent the customers to conduct financial transactions in an uninterrupted way.

• Manmade
• Medium
• High

Injection in the database of the bank and scanning of the vulnerabilities

In this risks; hackers can conduct SQL injection process and find the vulnerabilities in the database (Batista et al., 2019). They can change or modify the tables and columns and even the data of the customers; thus creating huge problems of database management of the bank

• Manmade
• Medium
• High

Ransomware attack

In this process; hackers can send the ransomware in the systems of the bank and can take possession of the data stored in those systems until some amounts are not disbursed to them (Kharraz et al., 2015). This can result in both financial losses as well as interruption in the customer service.

• Manmade
• Low
• High

Thus, in this process; the probable risks of the disasters have been identified and in the next process; focus will be given on mitigation of these risks through suitable process as a part of the disaster recovery plan.

Plan for mitigation of these risks:

• Break down or damage of the server: As identified in the risk analysis; this issue can occur due to natural disasters such as cyclones. In order to mitigate the risk, the first focus of the Bank of America should be given on finding a suitable offsite storage in which the server can be replicated and even if the server in the main centre is damaged; then also the data can be revived and the business operations can continue. Therefore; an emergency operation centre should be developed in which a replication of the server of the bank can be kept and the data that are stored in the server should be replicated in that server (Cook, 2015). The emergency operation centre should be developed in a location which is far away from the main centre.
• Disclosure, alteration and deletion of data from the database: The best preventive measure of the impact of this risk is to create proper backup of the data. For this, an offsite storage should be identified and the data of the business should be kept as backup (Testardi, Cometto & Kulangare, 2016). Physical devices such as pen drives and external hard discs can be used to store small amount of data which are required to be revived immediately after the occurrence of the disaster. The emergency operation centre can act as the suitable offsite data storage for the bank.
• Damage of the assets such as computers, printers and others: This issue can be also mitigated with the help of developing an emergency operation centre.
• Damage of physical data and cashes: Cashes should be kept in a safe vault which should be damage proof. Physical data should be kept as duplicate copies and the duplicate copies should be kept in offsite storage.
• Spoofing or denial of service attack in the online banking system of the bank: To prevent this; the authentication and authorization system in the online banking should be enhanced with process such as two step authentication in which customers can login in their account with passwords and one time passwords.
• Injection in the database of the bank and scanning of the vulnerabilities: To mitigate these risks; the security of the network of the bank should be enhanced and principle of lest privilege should be used.
• Ransomware attack: For mitigating this risk, systems should be implemented with suitable anti malware software and antivirus along with creating proper backup of data (Scaife et al., 2016).

After identifying the mitigation process of the risks, next focus of the disaster recovery plan will be given on identifying the resources which will be important for implementing this plan with success.

Resources required for the plan:

Technical resources: Emergency operation centre, offsite storage, firewall implementation, encryption of data, update of software, update of hardware

Non-technical resources: Teams to execute the plan, finances, stakeholders of the company, suppliers of the resources, training of the employees

Roles and responsibilities of the stakeholders:

After identifying the resources required for executing the disaster recovery plan; next focus will be given on making the stakeholders aware of their respective role and responsibilities in the plan.

• Stakeholders
• Responsibilities
• Board of Directors

To provide consent of the plan and to ensure proper support for the execution

• Operational Manager

To monitor the project and to ensure supply of the resources

• Finance Managers

To manage the budget of the plan and to ensure cash flow in uninterrupted during the execution of the project

• Investors

To supply the finances required for proper execution of the project

• Suppliers

To ensure proper supply of the resources and to maintain communication with the operational manager

• Network administrator

To find the vulnerabilities in the network of the bank and to conduct the required risk mitigation process

• Database administrator

To find out the vulnerabilities in the database and to implement the process of data backup and the security processes for the database

• Trainer

To provide the required training to the employees on the aspect of security practices and the process of recovery of data

• Project teams

To execute the plans with perfection and to communicate with the project manager

• Project manager

The most important stakeholder for this plan and needs to supervise the projects along with maintaining communication with the project teams and higher authorities of the bank

Thus, the stakeholders involved in this plan should be aware of the steps that will be involved to execute their roles with perfection. The plan will be provided to them in a document basis and the contact information of important stakeholders associated with this plan is given below:

Name of the stakeholder

Contact number

Allan Richard, CEO 7318239782

James Smith, Project manager 7660321798

Stevens McDermott, Operational manager 9238794231

Nichols Smith, Network Administrator 7335614783

Sarah Davis, Database Administrator 9239874234

Tim Hales, Alice Johnson, Joint trainers 9239424789, 7335692543

These contact number should be used at the time of any emergencies and any requirements which are required to be cleared.

Policies to be followed:

Team members and other stakeholders are required to follow these policies in order to make this project a successful one and to enhance the process of communication. The policies are as following:

• Stakeholders except the Board of Directors are required to participate in every meeting in which they are asked to attain.
• The team members should report all the problems that they find in the execution phase to their project managers
• Without prior notice; none of the team members are allowed to take a leave or leave the project at any point of time
• There can be changes in the plan in the execution phase according to the need of the proper security measures and those changes should be disclosed to all the participants
• Transparency in the aspect of information flow should be maintained between all the participants of this project.
• The information that will be shared in the meetings and during the execution of the project should not be disclosed to any third parties without the consent of the project manager.
• All the ethics of this project should be followed and those who would violate the policies will be subjected to strict actions which can be legal as well.

Conclusions and recommendations:

Conclusions:

This study thus highlighted a disaster recovery plan for the Bank of America. The plan has been made after identifying the critical assets of the business which are required to be protected from the impact of disasters and the risks that can arrive from the disasters which can have huge impact on the business continuity of the bank. The technical and non-technical resources required for the project have been highlighted. Role and responsibilities of the stakeholders involved in this project have been highlighted as well. Lastly, focus has been given on providing some policies of the project which are required to be followed by the participants of the plan.

Recommendations:

For the successful implementation of the disaster recovery plan for the Bank of America, communication between the participants will be extremely important. Along with this, focus in the future should be given on conducting risks audits and testing of the plan on a scheduled basis. This will help in identifying the vulnerabilities which can be unexpected and cannot be identified in the current situation. A scheduled update of the plan should be conducted to make it up to date with the security measures that would be required to mitigate the impact of the disasters in the future. The Board of Directors of the company should actively participate in the plans in the future to help the stakeholders aware of the importance of executing of these plans.

References:

1. Bank of America – Banking, Credit Cards, Home Loans and Auto Loans. (2019). Retrieved from https://www.bankofamerica.com/
2. Batista, L. O., de Silva, G. A., Araújo, V. S., Araújo, V. J. S., Rezende, T. S., Guimarães, A. J., & Souza, P. V. D. C. (2019). Fuzzy neural networks to create an expert system for detecting attacks by SQL Injection. arXiv preprint arXiv:1901.02868. https://arxiv.org/pdf/1901.02868
3. Birkmann, J., Wenzel, F., Greiving, S., Garschagen, M., Vallée, D., Nowak, W., … & Fiedrich, F. (2016). Extreme Events, Critical Infrastructures, Human Vulnerability and Strategic Planning: Emerging Research Issues. Journal of Extreme Events, 3(04), 1650017. https://www.worldscientific.com/doi/pdfplus/10.1142/S2345737616500172
4. Cook, J. (2015). Six-stage business continuity and disaster recovery planning cycle. SAM Advanced Management Journal, 80(3), 23-35. https://go.galegroup.com/ps/i.do?p=AONE&sw=w&u=googlescholar&v=2.1&it=r&id=GALE%7CA432064503&sid=googleScholar&asid=bf2f85e1
5. Cortés, K. R., & Strahan, P. E. (2017). Tracing out capital flows: How financially integrated banks respond to natural disasters. Journal of Financial Economics, 125(1), 182-199. https://www.aeaweb.org/conference/2016/retrieve.php?pdfid=121
6. Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., & Kirda, E. (2015, July). Cutting the gordian knot: A look under the hood of ransomware attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 3-24). Springer, Cham. http://193.55.114.4/docs/dimva15_ransomware.pdf
7. Monllor, J., & Murphy, P. J. (2017). Natural disasters, entrepreneurship, and creation after destruction: A conceptual approach. International Journal of Entrepreneurial Behavior & Research, 23(4), 618-637. https://www.researchgate.net/profile/Patrick_Murphy4/publication/315343244_Natural_disasters_entrepreneurship_and_creation_after_destruction/links/59f724fda6fdcc075ec62f97/Natural-disasters-entrepreneurship-and-creation-after-destruction.pdf
8. Nițescu, D. C. (2016). New pillars of the banking business model or a new model of doing banking?. Theoretical & Applied Economics, 23(4). http://store.ectap.ro/articole/1229.pdf
9. Saheb Jamnia, N., Torabi, S. A., & Mansouri, S. A. (2015). Integrated business continuity and disaster recovery planning: Towards organizational resilience. European Journal of Operational Research, 242(1), 261-273. https://bura.brunel.ac.uk/bitstream/2438/11835/1/Fulltext.pdf
10. Scaife, N., Carter, H., Traynor, P., & Butler, K. R. (2016, June). Cryptolock (and drop it): stopping ransomware attacks on user data. In 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS) (pp. 303-312). IEEE. https://regmedia.co.uk/2016/10/27/scaife-icdcs16.pdf
11. Wallace, M., & Webber, L. (2017). The disaster recovery handbook: A step-by-step plan to ensure business continuity and protect vital operations, facilities, and assets. Amacom. http://catalogelepdf.com/the-disaster-recovery-handbook-a-step-by-step-plan-to-ensure-business-continuity-and-protect-vital-michael-wallace-larry-webber-the-oldest-ebook-arhive-online.pdf

Intel’s Experience in the Fight Against Specter and Meltdown

Intel Corporation is an American multinational corporation and technology company founded by Robert Noyce and Gordon Moore on July 18,1968. It is the world’s second largest and second highest valued semiconductor chip manufacturer. Intel invented the x86 series of microprocessors, the processors found in most personal computers even today.

Intel supplies processors for computer system manufacturers such as Apple, Lenovo, HP, and Dell. Intel also manufactures motherboard chipsets, network interface controllers and integrated circuits, flash memory, graphics chips, embedded processors and many other devices related to communications and computing.

Intel ranked No. 46 in the 2018 Fortune 500 list of the largest United States corporations by total revenue. Intel is incorporated in Delaware.

Intel in 2018

In January of 2018, the world saw to two huge CPU vulnerabilities. The vulnerabilities are named as spectre and meltdown. They are predominantly caused due to the chips manufactured by intel. They adversely affected the customers’ privacy. These can allow an attacker to read sensitive information from a computer’s memory including stuff like passwords, photos, messages, among others. It had an impact on every organization and individual purchasing a computer in 2018. A series of events that happened during 2018 regarding the issue:

• On January 1, Tech blog Python Sweetness, found an ’embargoed security bug’ in intel processors. According to him, Microsoft, Amazon, and Google and other Tech giants could be affected by the cybersecurity risk.
• On January 3, A website was launched by researchers from Google and academic institutions to look into vulnerabilities caused by processors: Meltdown, related to Intel processors, and Spectre, related to Intel and competitors. Intel admitted that there are security flaws.
• On January 3, three class-action lawsuits were filed against Intel for ‘deceptive practices, breach of implied warranty, negligence”. Intel said it will have 90% of affected chips fixed by next week. But, failed to do that.
• On January 5, Intel’s stock was down by more than 5% according to CNBC and Quartz.
• On February 16, Intel faced 32 lawsuits from shareholders and customers for security risks in its chips.
• On February 22, Intel did not inform U.S. cybersecurity officials about Meltdown and Spectre until they were leaked to the public. Media outlets described the effort as Intel ‘intentionally hiding’ the flaws, or keeping security agencies in the dark.

All of the variants of vulnerability involved a malicious program getting access to data that it shouldn’t have the right to see, and do so by exploiting two important techniques used for boosting the speed of computer chips, called speculative execution and caching. Speculative execution involves a chip trying to predict the future in order to work faster. If the chip knows that a program involves many logical branches, it will start working for all of those branches before the program even decides between them. Caching is a technique used to increase the speed of memory access. It takes a long time for the CPU to get data from RAM, which is on a separate chip, so there’s a special small amount of memory storage called CPU cache on the CPU chip itself.

Protected memory is the foundational concept underlying computer security. No processor on a computer should be able to access data unless it has permission to do so. This allows the program to keep its data private from some of its users, and allows the operating system to stop one program from seeing data belonging to another. In order to access data, a process needs to undergo a privilege check, which determines whether or not it’s allowed to see that data. But a privilege check can take a long time. This is the key to the vulnerability — while the CPU is waiting to find out if the process is allowed to access that data, due to speculative execution, it starts working with that data even before it receives permission for doing so.

Meltdown

Meltdown cracks the fundamental separation between user applications and the operating system. This attack allows a program to access the memory, and also the secrets, of other programs and even the operating system. The security vulnerability was called Meltdown because the vulnerability basically melts security boundaries which are normally incorporated by the hardware.

Meltdown misuses a condition inherent in the design of many modern CPUs. This occurs between memory access and privilege checking when CPU processes the instruction that we provide. This vulnerability allows a process to get past the normal checks that prevents the process from accessing data belonging to the operating system and other running processes. The vulnerability allows an unauthorized process to read data from any address that is in the current process’s memory space.

Meltdown effectively makes it possible for a process to read any physical, or other processes’ mapped memory irrespective of whether it should be able to do so. Meltdown doesn’t require too much knowledge of how the program works, but it only works with specific kinds of Intel chips. This is a pretty severe problem

The vulnerability is possible on any operating system in which data is mapped into virtual memory for processes which includes many present-day operating systems. Meltdown could possibly impact a wider range of computers than presently identified, as there is little to no variation in the microprocessor families used by these computers. A Meltdown attack cannot be detected when it is carried out.

Meltdown attacks, according to the original authors of the Meltdown paper, are conducted in three steps: 1) the content of an attacker-chosen memory location, which is not accessible to the attacker, is loaded into a register; 2) an instruction accesses a cache line based on the secret content of the register; 3) the attacker uses Flush and Reload mechanism to find the accessed cache line and hence the secret stored at the chosen memory location.

Spectre

Spectre cracks the separation between different applications. It allows an attacker to make error-free programs reveal their secrets that would not be leaked otherwise. The safety checks in this case dur to spectre actually increase the attack surface and may make applications more susceptible to Spectre. This vulnerability generally affects modern microprocessors that indulge in branch prediction. Branch prediction is a digital circuit that tries to guess which way a branch will go before it is known for sure. On most processors, the speculative execution resulting from a branch misprediction may have side effects that will leak private data to attackers.

Spectre is specifically dangerous because of is its ability to cause physical damage to the computer. For this reason, Spectre causes a core problem much more problematic than an average virus or malware. Spectre is an attack method which allows a hacker to ‘read over the shoulder’ of a program it does not have access to. Using code, the hacker gets to know the encryption key allowing full access to the program. An encryption key safeguards information and makes sure that only authorized individuals have access. But, spectre cracks it.

Doing so allows Spectre to read the program entirely and gain access to the kernel, the most protected part of a computer’s operating system. Once the attacker gets to know the encryption key for kernel, the attacker can access any data ranging from browsing history to personal conversations

However, there are limited uses for this attack. Generally, individual personal computers don’t get affected by this attack. Spectre primarily attacks multi-tenant systems, also known as cloud systems. This means vendors like Google, Amazon Web Services and Microsoft physically vulnerable.

Spectre attacks are conducted in three steps: 1) the setup phase, in which the processor is mis trained to make an erroneous speculative prediction; 2) the processor speculatively performs instructions from the attacker into a microarchitectural covert channel in the computer; 3) the sensitive data is recovered. This is possible with timing access to memory addresses in the CPU cache.

Intel’s Response to Spectre and Meltdown

Intel’s initial responses to spectre and meltdown were not satisfying and the customers were not really happy with it. However, Intel later issued am official statement online properly addressing the issue.

Intel’s first response to the initial Meltdown and Spectre was a blog post that said performance impacts caused by the vulnerabilities are are workload-dependent and that they should not be significant to the average computer user instead of talking about possible server problems that may be caused due to the vulnerability.

A day later, Intel issued a second response. The company admitted that performance impact caused by the vulnerabilities may initially be higher on some workloads. Intel assured updates for 90 percent of processor products to deal with the security problems. These updates are BIOS firmware updates, which were not sold by Intel and required personal computer makers like dell to properly manage and inform customers that they exist. The problem was not solved yet.

Intel CEO Brian Krzanich in a few daysaddressed the issue by repeating Intel’s promise of security updates and admitted that some workloads may experience a larger impact than others due to the vulnerabilities.

Intel issued its third statement later making it clear that performance impacts shouldn’t be much for average computer users.

Intel kept repeating that the average computer users should not worry about it instead of actually giving a legitimate solution for the problem faced by millions of its customers.

Intel’s last statement included benchmarks to support its findings, but they’re limited to the latest eighth-generation Intel processors. Intel did not mention the impact to older devices, but the company finally acknowledged that there are cases where the impact may be significant which itself is a huge step on the intel’s side.

Intel’s Official Statement in Response to Meltdown and Spectre

Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.

Recent reports that these exploits are caused by a ‘bug’ or a ‘flaw’ and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.

Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.

Intel is committed to the industry best practice of responsible disclosure of potential security issues, which is why Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available. However, Intel is making this statement today because of the current inaccurate media reports.

Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.

Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers.

How Intel Combatted the Issue

Establishing the Intel Product Assurance and Security (IPAS) Group

Intel Product assurance and Security Group was formed as a result of public disclosure of Spectre and Meltdown. However, Intel Product assurance and Security Group scope is much broader in order to prevent further customer security issues. It is designed to act as Intel’s security ‘mission control’. Intel Product assurance and Security Group is a product assurance and security effort that spans all of Intel developing policy and best practices, and driving critical decision control.

Completing the Microcode Updates

The security vulnerabilities Spectre and Meltdown presented a challenge for intel. When vulnerabilities require updates to microcode, the code that controls transistors on the chip, Intel issued a microcode update (MCU). The microcode update was extremely helpful and many customers were able to actively deal with spectre and meltdown because of it.

Engineering New Protection into Hardware

Intel in order to advance security at the silicon level to help customers protect against side channel exploits introduced new protection mechanism. Intel started introducing this with 8th Generation Intel® Core™ U-series processor (Whiskey Lake) in August, followed by 9th Gen Intel Core desktop processor (Coffee Lake) in October. And, next-generation Intel® Xeon® Scalable processor (Cascade Lake) is the first x86 processor released to market that has hardware-based protections for Spectre V2.

Automating the Microcode Update Process

Intel believed that a better consolidated update process for security as well as functional issues would be helpful. So, it transitioned to a quarterly release model aligned with others in the ecosystem wherever possible. One major issue faced by Intel was the microcode update distribution process. The first important initiative of IPAS was to improve the delivery of Microcode updates so as to make it easy for customers. In June 2018, Intel made its MCUs OS-loadable, making the update for Spectre V2 possible via Windows Update. Intel is working on enabling delivery of MCUs through this automated process.

Increasing Research Internally and Externally

Intel actively increased its red team exercises – connecting deep offensive security research with deep product knowledge to find and deal with possible vulnerabilities before products ship. Its security researchers and engineers share their insights with the broader community by publicly releasing its findings and presenting to peers at industry events. In return, it is learning from the broader community from its bug bounty program and engaging academia through sponsored research and its ‘researcher in residence’ program.

Bellevue Hospital Disaster Recovery Plan Need

The importance of having a disaster recovery plan in organizations cannot be overstated. Regardless of industry, when disaster takes place, it brings the day to day operations of an organization to a halt. A weak hurricane can cause devastation throughout a state by creating storm surges which will overflow river banks and sewage systems. These impacts can affect the delicate infrastructure that hospitals rely on to keep lights on, keep patients alive and data available to users. Therefore it is important for organizations to curtail the risk of permanent data loss and ensure business continuity in the face of disaster. A disaster recovery plan is important as it provides the tool sets and describes the procedures that allow organizations to recover from unplanned disaster, service outset and restore to normal function. Bellevue hospital is one of the organizations that experienced a hurricane because it was located in low lying area.

Background of the Issue

The problem is that the Bellevue hospital is located in a low-lying area. The effect of Hurricane was severe because of its location. The issue led to the flooding of the hospital premises and the collapse of the electrical system within the premises. Nurses and other medical professional struggled to save the patient from the menace that had been caused by the storms and floods from Hurricane (Gotanda, Fogel, Husk, Levine, Peterson, Baumlin, & Habboushe, 2015). The rescue operation that lasted for almost two days made the hospital administrators seek assistance from the government and other wishers. Therefore, the evacuation was done faster because of the level of preparedness of the hospital.

The level of readiness by the hospital administrators enhanced the operation which entailed an elaborate disaster plan. Flood mitigations and risk assessment are some of the significant issues that the paper examines. (Uppal, Evans, Chitkara, Patrawalla, Mooney, Addrizzo-Harris & Tsay, 2013). Disaster assessment and mitigations like improving and replacing the internal emergency system of the hospital as well as enhancing communication to facilitate alerts and warning system. Therefore, paper analyses the effects of the hurricane on the Bellevue hospital as well as the possible remedies to the hospital situation.

Needs of the Situation

The disaster assessment should be done to analyze the situation at Bellevue hospital and its environment. The evaluation analyses the magnitude of the disaster after which measures and mitigation should follow. Therefore, the reduction on the Bellevue hospital was the construction of the perimeter boundary and the improvement of other infrastructure, including technology to prevent future occurrence of Hurricane. A policy was formed by the environmental assessment to guide the environment facilities around the hospital; the construction of the wall should not pose any harm to the ecosystems and the surrounding community (Murakami, Siktel, Lucido, Winchester, & Harbord, 2015). The environmental assessment around the hospital improved and maintained the lives of the community because it was meant to prevent any form of malevolent effect on the environment and the surrounding community.

FEMA fund was released to enhance repair and renovation of other facilities. The fund was also to ensure that mitigations and measure are put in place to protect the future occurrence of Hurricane in the region (Gotanda et al, 2015). Also, the fund was to enhance and raise the hospital roof thus to make it at a higher level to withstand the effect of storms and floods. During the repair and innovation, the FEMA also suggested the integrations of walls, to be designed to withstand the future flooding. The funds raised by FEMA to the hospital should ensure no future disasters are experienced within the hospital because it was to manage to address any future flooding and storms (Licciardi, Bodic, Taub, Homel & Jacob, 2016). Therefore, as the policies and framework are developed to rebuild and defend Hurricane from future floods and storms, it is significant to consider the effect of climate change which sometimes is unpredictable.

Solutions

The hospital should analyze the best solutions that can be used to enhance long term future operation. Therefore, the solution that the hospital should consider is improving the internal emergency departments above the floods or instead raising a building where emergency sections will be located alongside the generators and types of equipment and facilities. Also, the replacement of the emergency generator should be considered to enhance security alerts and warnings (Uppal et al., 2013). The installation of the water pumps to the hospital elevators and the construction of the waterproofing walls will enhance protection against the flooding.

The reposition of the internal system of the hospital will ensure that the flooding does not disrupt the regular operation of the hospital. For instance, during the hurricane storm, most of the internal systems of the hospital affected, which in turn caused a significant impact on the general hospital operation (CMS.Gov, 2019). According to the FEMA (2019), all public hospital in New York should adopt the elevation of the internal system to avoid future instances of flooding. Therefore, the implementation of the policy will enhance the operation of the hospital.

Another mitigation proposed by the government department to protect the hospital from future flooding is the construction and improvement of the north and south vehicular docks to withstand heavy loads caused by future floods (Licciardi et al, 2016). Also, the construction of the new flood pumping station at the hospital premises should be considered to pump and convey sanitary as well waste remains during the flooding and events. The flood pumping station will also enable the hospital to access to clean water frequently during the flood and other effects associated with the hurricanes Therefore, the proposed mitigation enhances the safety of the patient at hospital as well as the surrounding community of the hospital.

Another solution is enhancing the communication system that can send a security warning to other departments. During storms and floods at the Bellevue hospital, power disruption and other utilities hampered communication within the entire hospital. Communication failure within different department led to a severe problem as well as losses (McGinty, Burke, Resnick, Smith, Barnet, & Rutkow, 2016). The improvement of a communication system within the premises will enhance proper communication channel in the hospital. The system will be designed to accommodate and address the further problem caused communication as it will provide effective alerts and warning during the emergency. Thus leading to the faster and effective response of all departments.

Different agencies, as well as staffs at the hospital, have embarked on intensive testing of all the protocols through the planning process to improve effective communication. The central hospital communication can access and prioritize the supplies and other resources during emergence (Murakami et. al, 2015). The federal policy states that all New York should enhance the transmission, especially security communication, which entails security alarms and warnings.

The Bellevue hospital has adopted the elevation of the internal emergency systems. The initiative was arrived at after the proposal by the FEMA agency during the disbursement of the funds. Therefore, the repair and rebuilding of the hospital were done according to the recommendations made by the Public and other agencies (Licciardi et al, 2016). Thus, the implementation of the elevation of the internal emergency system within the hospital was achieved because of funds from the FEMA agency. The reposition of the internal systems like boilers, generators, chillers, among others, has been sufficient to the hospital and its staffs. Raising the internal emergency system above the flooding level is significant progress to the hospital for the development. The installation of the internal structures will also protect the hospital storms and flooding because some structure will pump and convey wastewater away during the future flooding (McGinty et.al, 2016). Therefore, elevation improves the quality services and reduces worries as well as generated fear during flooding and another disaster.

The solution is beneficial because it averts and prevents fear among the staffs. It works well because most of the internal emergency systems have been raised beyond the flood level. The replacement of the emergency generator will enhance the security warning s ad alerts to the staffs and community around the hospital (McGinty et al, 2017). Therefore, during the occurrence of flooding, the hospital can continue with its regular operation because there will be no breakdown of the electricity system as well as other essential systems.

The idea is functional because the generator and other machines like plumbing cannot be destructed by water. The hospital will experience smooth operation in the future because of the improved and modified structures to withstand the effect of flooding. Additionally, the boilers can control the water system and direction during floorings. Adoption of the solution will also cause a multiplier effect on the community around the hospital as they will be protected from the flooding effects (New York State Department of Health, 2019) Therefore, the implementation of the solution improves the Bellevue services, including continuous operation during the disaster. Finally, the purpose of the mitigation is to modify the hospital infrastructures to withstand the future flooding and any other problems associated with a hurricane as well as making the hospital disaster preparedness.

Measurement Metrics

Finally, the success of disaster recovery plan will be measured using recovery time objective and recovery point objective. Recovery time objective is the maximum acceptable length of time between the disaster and the resumption of normal operation and services. In the case of Bellevue hospital, the expected amount of time will be two weeks. Recovery point objective will measure the extent to which the hospital was able to save its major buildings and equipment within the specified period of two weeks. This will help in determining the effectiveness of the disaster recovery plan.

Analytical Essay on Effectiveness of Hospital Disaster Preparedness

General Field of Research:

Mass casualty incidents (MCI) caused by both natural and man-made factors are on an increasing pattern. Therefore, emergency preparedness is required by any health system to minimize the loss of life and maximize patient recovery by ensuring its functionality. Nepal is a high-risk country in terms of a number of hazards and disasters. However, hospitals of Nepal are not well-prepared for disaster as a seismic vulnerability assessment of 19 major hospitals showed that 80% of hospitals will be out of function in major earthquakes. From the experience learned from the Nepal earthquake in 2015, disaster and emergency health preparedness remains one of the priority issues of the Nepal Government. The importance and rationale for the presence of a disaster plan of hospital is crucial for well-prepared safe hospital initiatives. However, hospital plans are often not tested to evaluate its effectiveness for disaster preparedness and response. There, this study aim to assess the effectiveness of hospital disaster preparedness and response plan of hub hospitals of Nepal.

Research Question/Hypothesis

• To what extent hospital disaster preparedness and response plan of hub hospitals are effective for mass casualty management?

Objectives and Aim

General Objective

• To compare and analyze the effectiveness of hospital disaster preparedness and response plan for mass casualty management in hub hospitals of Nepal.

Specific Aims

• To review and revise the existing template for hospital disaster preparedness and response plan in consultation with MoHP and other related stakeholders;
• To assess the baseline situation of hub hospitals for mass casualty incidents prior to the formulation of a hospital disaster and preparedness plan;
• To assess the endline situation of hub hospitals for mass casualty incidents after the formulation of hospital disaster and preparedness plan and;
• To compare and analyse the effectiveness of hospital disaster preparedness and response plan for mass casualty management.

Research Methodology

Population

The study population will be the hub hospitals of Nepal.

Sample Size and Sample Selection Procedure

There are 25 hub hospitals in Nepal identified by the Ministry of Health and Population (MoHP) and the World Health Organization (WHO) after the Nepal Earthquake 2015. The Census method will be adopted and thus all 25 hub hospitals will be included in the study.

• Study Type

The study design will be an experimental study.

• Tools and Variables

The technique and tools for the study include:

• Technique
• Tools
• Workshop
• HDPRP template
• Observation
• Mock drill’s checklist

The HDPRP template of MoHP and mock drill checklist of WHO will be adopted for the study. Some modifications on study tools will be done as per the first consultative workshop with MoHP.

Sources of Data and Data Collection Procedure

The primary source of data will be collected. The data will be collected by the researcher herself with the help of an observation checklist. The detailed procedure of the study is illustrated by the following flow chart:

• Consultative Workshop
• One-day workshop with MoHP officials and concerned stakeholders to review and revise study tools based on federal context of Nepal
• Unannounced mock drill in each hub hospital (Baseline)
• Observation of mock drill and analysis of score through observation checklist for each hub-hospital
• Formulation or revision of HDPRP for each hub-hospitals
• Two-day workshop for orientation and formulation of hospital disaster preparedness and response plan
• (Note: Out of 25 hub hospitals, 10 already have HDPRP; however, they are formulated many years ago and neither is tested periodically nor is revised based on new federal context of Nepal)
• Tabletop exercise and orientation to hospital staff
• Tabletop exercise and orientation to other hospital staff regarding HDPRP on a quarterly basis for one year
• Unannounced mock drill in each hub hospital (End line)
• Observation of mock drill and analysis of score through observation checklist for each hub-hospital
• Comparison of score to analyse the effectiveness of HDPRP (paired t-test)

Data Analysis

The collected data will be entered in excel and analysed using Statistical Package for Social Sciences (SPSS) 16.0 version. Descriptive analysis will be done by using a frequency distribution table and pie chart. A paired t-test will be done to test the statistical significance at 95% confidence interval (CI).

Ethics Issues

Ethical clearance will be taken from Nepal Health Research Council (NHRC). Informed consent will be taken from the Medical Superintendent of each hub hospital prior to the study and the purpose of the research will be made clear to them. Their right to refuse to take part in the study or to withdraw from the study at any point during or after data collection will be respected. Privacy and confidentiality of the information will be maintained and the information collected will be strictly used for the purpose of the study only.

Operational Definition

• Hub-hospital: Hub-hospitals are more than (or equal to) 50 bedded governmental hospitals which are responsible for overall coordination and communication with MoHP, satellite hospitals network, external partners and other concerned humanitarian agencies during any emergency or crisis situation.
• Satellite hospital: Satellite hospital are more than (or equal to) 15 bedded government or private hospitals that falls under the respective hub-hospitals catchments.

Study limitations

The study will involve only 25 hub hospitals of Nepal and thus can be generalized for the Nepalese context but might not be generalized globally. Likewise, although the mock drill will be conducted unannounced, there might be still a chance of a Hawthorne effect in the study.

Significance, originality and/or anticipated impact of the work

During disasters it is essential that the hospitals should be able to continue their service functionality in a favorable working environment. However, in both developing and developed countries, hospital safety from disasters is a challenge. The World Disaster Reduction Campaign was committed to hospital safety during emergencies and therefore had recognized the importance of hospitals during a humanitarian crisis. Moreover, the Hyogo Framework of Action also necessities the importance of health care system during emergencies and demands for the effective and efficient health disaster preparedness and response. Despite this, preparation for mass casualty incidents is a daunting task because numerous issues must be considered during such kind of events.

Worldwide, Nepal is ranked in 28th position in relation to a humanitarian crisis. Nepal is exposed to numerous natural and manmade disasters due to its climatic conditions, geographical structure, environmental degradation and population growth. Globally, Nepal is ranked as 11th most vulnerable country in term of earthquakes. Despite this, the hospitals of Nepal are not well-prepared for disaster. The Nepal earthquake in 2015 took the lives of 8,896 people whereas 22,303 were severely injured. Therefore, the Nepal government is in view of incorporating disaster risk reduction and resilience strategy for health preparedness and also had necessities a well-documented hospital disaster plan for mass casualty and outbreak management.

A hospital Disaster Preparedness and Response Plan (HDPRP) is an approved set of arrangements used for emergency preparedness, response and recovery that include detailed responsibilities, managerial structure, coordination and communication mechanism, resource mobilization approach and information management strategies for effective management of MCI. Nepal, being a vulnerable country for disasters faces a higher incidence of MCI every year causing the non-functionality of hospitals. Major damage to non-structural components and a lack of a proper organizational framework within a health system in disaster response, result in serious casualties, severe functional impairment and major economic los“87ses, even when structural damage is not significant. The absence of these aspects in Nepalese hospitals calls for the immediate initiation of hospital safety programs for emergency response by the Government of Nepal.

Disaster preparedness is a dynamic process and thus just having an HDPRP is not enough as it is equally prudent to have regular mock drills/simulations and tabletop exercises so as to evaluate the effectiveness of HDPRP which is still lacking in Nepal. Hence, considering the relevance of topic and scare of such studies, this study aims to assess the effectiveness of HDPRP for mass casualty management in hub hospitals of Nepal. Further, the presence of a hospital disaster preparedness and response plan along with its periodic analysis of effectiveness through mock drill and simulations is a global humanitarian agenda yet an ignored topic. So, this study can provide a pool of data, evidence and literature that can be instrumental for national policy and planning of health emergency preparedness and disaster management in Nepal.

Applicant’s experience, participation in research projects, or preliminary results that support the feasibility of the work (if applicable);

I have about two years of working experience directly in the emergency health preparedness sector and humanitarian medicine within the Handicap International Federation Nepal. Within Handicap International, I have worked under the “Hub-hospital Preparedness Project” funded by the European Civil Protection and Humanitarian Aid Operations (ECHO) together with the consortium of the World Health Organization (WHO). The project was targeted to four hub hospitals of Nepal situated in Province 5 and Province 7. From my experience, I can say the hospitals of Nepal have limited concept for safe hospital initiatives and within the scope of the project, we do have developed HDPRP for each of hub hospitals and this plan were also tested through an unannounced mock drill that have identified some areas of improvement as well. However, failure to evaluate the effectiveness of HDPRP through the collection of baseline and end-line information creates difficulties in addressing those identified gaps which can be addressed by this study. Further, the Ministry of Health and Population (MoHP) have highly prioritized the hospital disaster preparedness sector and is willing to expand the safe hospital initiatives intervention to all provinces of Nepal due to which there is a high chance of governmental support to this study.

Recovery Vs Resilience Essay

Natural disasters have continuously perturbed the Earth’s biosphere and the various ecosystems within it. These adverse naturally occurring events include floods, cyclones, wildfires, earthquakes, landslides, volcanic eruptions, tsunamis, and droughts (Ayyam et al., 2019). Such disturbances result in profound modifications to the structure and functioning of an ecosystem that persist for long periods. Examples of these modifications are alteration of species composition, increased mortality rate of intertidal fauna, removal of vegetation cover, loss of predators allowing for an expansion of the population of certain species (Masuda et al., 2016), and loss of habitats and habitat boundaries resulting to hybrid communities (Roeder et al., 2018). The effects of natural disasters can be extensive as seen in the case of the Great East Japan earthquake that caused an ecosystem resetting (Siddle, 2017). Moreover, the frequency of these disturbances increased from 1975 to 2008 fourfold due to climate change reaching the global level. The years 2013 to 2020 showed a more alarming rate and impact of natural disasters, including the recent Australian wildfire and the eruption of Mount Taal. Both the extent and frequency are direct factors in the recovery of the affected ecosystem. Ecosystems have self-regulating abilities that allow them to naturally recover back to their near-equal state after environmental stress. However, having a higher rate of disturbance than its recovery time can hinder the system from reaching its previous state of equilibrium. For a recovery to fully occur, the rate of environmental changes should be slower than the innate processes of the ecosystem (Jamarillo, 2012). This paper discusses the recovery mechanisms that occur within an ecosystem after natural perturbation including its indicators and endpoints.

Response of Ecosystems to Natural disasters

The deviance from a balanced state due to stress refers to the response of the ecosystem to the disturbance. This response can be broken down into the effects on components, and on the processes within the ecosystem. According to Roeder et al. (2018), events such as floods cause a decrease in component diversity favoring those with morphological and behavioral adaptations. Examples are millipedes and bristletails that produce eggs resistant to flood. In their study, most of the taxonomic classes attained before the flood were non-existent afterward. Moreover, the species richness within the invertebrate communities declined. In another study by Jamarillo (2012), similar changes in the abundance of representative species were observed after an earthquake and tsunami resulting in local extinctions. A significant change in fauna such as the loss of sand dollars was also observed by Seike et al. (2017) after the tsunami. In addition, changes in endangered species distribution resulted from these disturbances (Sidle, 2017).

The processes within the ecosystem also respond to the stress they are exposed to. An example is the eruption of Mount Pinatubo wherein the plant succession was reset due to the shifting surfaces and unstable canyon walls (Marler and del Moral, 2011). Landslides, that cause the mixing of deep and surface soils, affect nutrient cycling and deplete the carbon stocks in grasslands (Sidle, 2017). These responses of an ecosystem are characterized to indicate if an ecosystem has been altered by a disturbance. They also vary across ecosystems and stresses. Other examples of response are changes in carbon metabolism, altered autotrophic species composition, changes in secondary productivity of grazers, and rate of nitrification by sediment bacteria. Moreover, these responses range in importance. An example is the loss of a keystone predator that has a vital role in structuring the ecosystem than the loss of a species of fungi that have redundant species to replace it. The response will also differ whether an ecosystem is highly resistant or not. This is due to the mechanism of an ecosystem to adapt to periodic disturbances that are absorbed within the system rather than cause change to its overall basic function. In addition, chronic disturbances such as prolonged floods that do not mimic the frequency of other natural disturbances can alter the ability of the ecosystem to absorb damage and in turn, alter its properties. A prolonged flood can cause death to riparian forests than brief intermittent flooding. Once the response is characterized to have a significant change within the system, the recovery can then be observed (Dey and Schweitzer, 2014).

Recovery of an Ecosystem

To determine whether an ecosystem has started to recover, indicators are observed. These are variables that characterize the ecosystem status and reflect the biological aspects of the ecosystem. These indicators also assess the current condition of the ecosystem as well as monitor trends over time (Palmer et al., 2016). There are various recovery indicators however most are physicochemical or biological including microorganisms. A study by Rojas et al. (2016) employed soil properties and microbial communities as indicators of the recovery of wildfire-ravaged ecosystems. Specifically, the soil organic carbon (SOC), pH, and available phosphorus (P) were the parameters used to indicate environmental change due to its linked functions to plant growth and nutrient supply. The microbial indicators e.g. soil microbial activity and structure were also used because of their rapid response to disturbance compared to other living organisms and are highly suitable for detecting environmental changes. The results showed higher values of soil pH immediately after the disturbance and the year after. A decrease was then observed in the following years. The pH change correlated to the organic matter combustion and ash production, and the pH decreased as ashes were rapidly removed by wind. The same trend was observed for SOC and available P having a high value following the fire then decreased after five years. The microbial indicators showed a higher abundance of Gram-bacteria and Pseudomonas immediately and a year after the fire due to the rapid increase of nutrients from the ash in the soil following a wildfire. This resulted in an increase in microbial activity and was in unison with the above-ground vegetation recovery of grasslands. These indicators, though sensitive to changes after the fire, are more adequate for short or medium-term recovery.

In another study by Borja et al. (2010), the long-term recovery of the estuary and coastal waters along with their indicators was observed. After the disturbance, the biological indicators, specifically mobile soft-bottom macroinvertebrates, progressively increased in richness and diversity over 15 years in the inner part of the estuary. For the coastal waters, hard-bottom macroalgae recovery took 14 years. Further indicators of recovery were the colonization of demersal fishes four years after the initial recovery of the soft-bottom macroinvertebrates. This implied more complex biological interactions developing and the near complete recovery was achieved in 10 years. Similar results were seen in the study by Masuda et al. wherein the abundance of surfperch black rockfishes, and fish assemblages stabilized years after the occurrence of a tsunami. These key species have long been important indicators of ecological recovery and have specific requirements on physical and chemical variables indicating whether they are within their preferred limits. Vegetation is also an adequate indicator because it is directly correlated with the environment state and the well-being of the organisms needing quality habitats.

The recovery processes of an ecosystem are highly dependent on its resilience. An ecosystem’s resilience refers to its ability to recover its structural and functional integrity after disturbances. Natural disturbances can decrease ecosystem resilience and can cause abrupt shifts to new states (Jones and Schmitz, 2009). A more resilient ecosystem has a greater abundance of species’ functional traits. Moreover, the more diverse the species are in an ecosystem, the higher the capacity to maintain function. However, when the resilience is exceeded, the system can shift to a new state with different functions and the probability of returning to its previous state is low (Walker et al., 2016). A complete recovery to the previous state of equilibrium is rare but ecosystems do improve in biodiversity and ecosystem after disturbance. According to Jones et al. (2018), aquatic ecosystem recovery averages 10 years while terrestrial ecosystems take about 42 years. Higher trophic levels are correlated with faster recovery than those in lower levels.

After an ecosystem’s recovery process, it then reaches an endpoint. Endpoints are values of biological or chemical variables measured to determine whether an ecosystem has restored its structure, composition, and function before significant ecological loss. The endpoint has been reached if the pre-disturbance flora and fauna are present, healthy, and productive. However, the time from recovery to the endpoint varies throughout an ecosystem and this may not completely indicate an end to the recovery. These endpoints are based on pre-impact data to serve as the basis for the recovery success. The index of biotic integrity (IBI) is one of the important endpoints of recovery that verifies if the affected area has restored its biological integrity parallel to the reference condition from the same ecoregion or areas of similar geological history, soil, and natural vegetation. The basis of this index is the species composition, presence of indicator species, trophic feeding dynamics, and the abundance of individuals. Another endpoint uses macroinvertebrates and fishes that asses the aquatic macroinvertebrate assemblages along with their structure and function. These include recovery to average individual size, recovery to former density, recovery of species richness, recovery of total biomass, and return to a relatively stable population level. Biological endpoints provide more reliable measures of ecological recovery because they integrate conditions around them including the changes in their environment which also explains the use of invertebrates and key indicator species (Simon, 2002).

Irreparable Effects of Natural Disasters

An ecosystem subjected to large-scale and frequent disturbance may not attain full recovery resulting in an abrupt shift to a state. An example is the 2011 tsunami in Japan that removed all the seagrass and the substrate in the area. This resulted in the bottom being covered in fine silt sediment and no stable vegetation grew even five years after the disturbance. The fish community adapted to these effects as shown in the increase in fish abundance and biomass wherein the seagrass-dependent species were replaced with less dependent species. Wildfires also cause irreparable impact on forests and drought can further hinder the growth of new trees. The ecosystem adapts to this replacing the moisture-dependent trees with drought-tolerant shrubland and coniferous trees regenerating in higher elevations where there is more moisture availability (Rumann et al., 2018).

Conclusion

Recovery mechanisms after natural disasters vary across different ecosystems. This includes the recovery time, indicators, and endpoints. Studying these innate recovery processes can aid in implementing effective restoration strategies. Furthermore, allowing ecosystems to repair themselves to gauge their ability to recover followed by identifying when active restoration with human intervention is implemented will be most effective in restoration efforts.