SOP Disaster Recovery

Disaster Recovery

SOP Number IT/015/R.1

SOP Title Disaster Recovery

NAME

TITLE

DATE

Author

Sandeep R. Yadav

System Admin

18-07-2024

Reviewer

Ashutosh Awasthi

Senior Manager

18-07-2024

Authoriser

Mahaveer Devannavar

General Manager

18-07-2024

Effective Date:

18-07-2024

Review Date:

18-07-2024

1. PURPOSE

The purpose of this Disaster Recovery Policy is to provide a structured framework for ensuring the continuity and recovery of essential IT services at Somaiya Vidyavihar in the event of a disaster. This policy aims to minimize downtime, prevent data loss, and mitigate the overall impact of service disruptions

2. INTRODUCTION

A Disaster Recovery (DR) site is configured to safeguard organizational operations during crises. It protects the intellectual property of the organization and ensures that data can be restored in cases of data corruption, deletion, cyber-attacks, hardware failures, or human errors

3. SCOPE

This policy applies to all IT systems, applications, data, and personnel involved in the operations and management of IT services at Somaiya Vidyavihar. It encompasses academic, administrative, and research activities that depend on IT infrastructure, ensuring protection across all critical functions of the institution

4. OBJECTIVES

4.1 Ensure the safety and security of personnel and data

4.2 Minimize disruption to academic and administrative activities

4.3 Restore critical IT services and operations promptly

4.4 Establish and maintain clear communication channels during and after a disaster

4.5 Comply with all relevant legal, regulatory, and audit requirements

5. RESPONSIBILITIES

5.1. Role of System Administrator:

The System Administrator is responsible for ensuring that all critical servers are replicated to DR sites and performing regular DR drills. In the event of a recovery problem, they must escalate the issue to the Senior Manager and Head of Department, conduct a root cause analysis, and ensure corrective actions are taken

6. SPECIFIC PROCEDURE

Disaster recovery plan

6.1. Backup and Data Protection:

Backup integrity will be verified every six months through restoration testing using the Veeam Backup and Replication tool. Any discrepancies or issues found during these tests will be documented and rectified

6.2. Recovery Procedures:

6.2.1 Activation: The Disaster Recovery Team (DRT) activates the DR plan upon detection of a disaster

6.2.2 Assessment: The extent of the damage is assessed, and affected systems are identified

6.2.3 Notification: Relevant stakeholders are informed about the disaster and the DR plan activation

6.2.4 Recovery: Recovery procedures are initiated, including restoring data from backups, switching to the Near DR site, and restarting critical applications

6.2.5 Testing: Regular DR drills ensure the recovery procedures' effectiveness

6.3. Communication Plan:

6.3.1 Establish clear communication channels with stakeholders, including faculty, staff, students, and external partners

6.3.2 Use multiple communication methods (email, SMS, website updates) to disseminate information

6.4 Disaster recovery team:

The Disaster Recovery Team (DRT) is responsible for implementing and managing the DR process. The team includes,

6.4.1 GM IT

6.4.2 Senior Manager

6.4.3 Network Administrator

6.4.4 System Administrator

6.4.5 Database Administrator

6.4.6 Application Support Staff

6.4.7 Team Lead

6.5 Risk assessment and management:

A risk assessment will be conducted after every DR drill to identify potential threats and vulnerabilities. Mitigation strategies will be developed to address these risks and reduce the likelihood of disasters impacting critical IT services.

6.6 Testing and maintenance:

6.6.1 Conduct DR drills every six month and simulations to test the effectiveness of the DR plan

6.6.2 Review and update the DR plan annually or after any significant changes to the IT infrastructure

6.7. Compliance and audit:

6.7.1 Ensure the DR plan complies with all relevant legal, regulatory, and audit requirements

6.7.2 Maintain documentation of all DR activities in a common spreadsheet, including risk assessments, test results, and plan updates etc

6.8. Review and improvement:

6.8.1 Lessons learned from drills and actual disaster incidents will be analyzed and integrated into the DR plan for continuous improvement.

7. DEFINITIONS

7.1.1 Disaster: Any event that significantly disrupts IT services, including but not limited to natural disasters, cyber-attacks, hardware failures, and human errors

7.1.2 Disaster Recovery (DR): The process of restoring IT systems and operations after a disaster

7.1.3 Near DR Site: A secondary location within the same campus that houses backup IT infrastructure and data to facilitate quick recovery

7.1.4 Replication: Replication is syncing the latest data from primary location to secondary location

7.1.5 Recovery Time Objective (RTO): It is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity

8. CONCLUSION

Somaiya Vidyavihar is committed to maintaining a robust Disaster Recovery Policy to safeguard its IT infrastructure and ensure the continuity of its operations. This policy will be reviewed and updated regularly to address emerging threats and technological advancements

9. FORMS/TEMPLATES TO BE USED

A standard templates is used to record incidence by Department of Information Technology

10. CHANGE HISTORY

SOP No.

Effective

Significant Changes

Previous

Date

SOP no.

IT/015/R.1

18-07-2024

First version

N.A.