Certified Disaster Recovery Engineer (CDRE)

Assess the two distinct processes: business risk assessment and the business impact analysis, to evaluate the BC program against business issues and justify project activities.

Examine chapter two to establish the business rationale for risk management and the first functional requirement, outlining how disruptions could impede critical systems and the ensuing consequences.

Explore the BCP planning model as the project moves from phase one to phase two, detailing the functional requirements for the project.

Evaluate the business impact assessment and risk for each system to map potential disruptions and impact over time. Align BIA with risk appetite to guide response.

Analyze quantitative and qualitative impacts and losses from major interruptions through a comprehensive BIA, highlighting resource needs and facilitation skills needed to prioritize mission-critical systems for an effective BCP.

Clarify BIA terminology and align MTD, RTO, RPO, and RSL to ensure all participants share a common understanding of time-based recovery parameters.

Maximum tolerable downtime (MTD) is the longest time a business unit can be unavailable before survival is threatened, with zero tolerance scenarios and seasonality shaping the recovery time objective.

Explore the recovery time objective, the window to restore a failed system, and how RTOs, MTDs, and dependencies shape downtime, troubleshooting, and rapid restart strategies.

Explore recovery time objectives with a visual of how different recoveries expand from the center, showing faster times for simple restorations and longer delays for regional outages.

Define recovery point objective and its role in limiting data loss, measure data loss in time to restore, align RPO with business rules, bia findings, and a strong bcp team.

Understand how the business functions and how each system interacts to support the business value proposition. Involve the right personnel to establish a baseline for the business impact analysis.

Lead a senior management-led kickoff meeting to introduce the BIA process within business continuity planning, outlining objectives, methodology, content, deliverables, timetable, and interview scheduling for data gathering.

Explore how the BIA unfolds in organizations of varying size, gathering data via surveys, questionnaires, and interviews to identify critical activities, dependencies, resource requirements, and impacts.

Determine MTD and RPO for a business system, set staffing levels and recovery priorities, evaluate best-case and worst-case scenarios, validate with owners, and secure approval; the steering committee resolves discrepancies.

Apply the BIA process to determine disaster mode staffing using worst-case scenarios, balancing recovery staff levels with business decisions and impacted units during offsite operations.

Prepare for the BIA interviews by updating the organizational chart, designing tailored questionnaires, and coordinating data collection to ensure accurate, complete input across business units, with follow-ups as needed.

Conduct interviews with a trained, two-to-three person team using advanced preparation, clear objectives, and worst-case focus within 45 to 60 minutes to capture system duty cycles, assets, services, and dependencies.

Craft interview questions to reveal the mission, service objectives, and unit dependencies. Analyze input to assess disruption impacts on performance, revenue, and customer loyalty, including regulatory considerations.

Analyze notes on the data collection process to identify single points of failure and evaluate manual alternatives and user impact for continuity and compliance.

Identify losses using data collection by quantifying them in quantities, percentages, or monetary terms. Explore the significance of data collection for disaster recovery decisions and financial impact.

Data collection quantifies the financial impact of outages, including sales losses, penalties, and hidden costs, and their effects on revenue and asset value.

Compare order-of-magnitude values using thresholds: insignificant up to $10,000, minimal up to $50,000, moderate beyond $50,000, significant up to $100,000, and cash critical above $500,000 to $1 million.

Examine how intangible, soft-dollar losses impact operations and competitive position, including brand image, goodwill, customer loss, and market share, even when direct monetary terms are hard to quantify.

Identify qualitative metrics like efficiency, satisfaction, and control, and relational quantitative metrics such as dependencies and difficulties, in data collection and emphasize careful filtering and review.

Identify dependencies and understand how missing or blocked resources—such as people, funding, internal and external services, service providers, suppliers, distributors, and capital assets—could prevent critical services during the BIA evaluation.

Identify dependencies by mapping staff assets and support services that underpin every business process, then incorporate these parameters into recovery planning to ensure system resilience during interruptions.

Identify external supplier dependencies for transportation, communications, and utilities, and plan supply options, legacy systems, and guaranteed prices within bcp and drp with purchasing.

Finalize data gathering and analysis to produce a business impact assessment prioritizing critical functions by recovery time and mtds. Distribute the vetted report to management for consensus and feedback.

Outline a clear BIA report with an executive summary that identifies how the BIA was conducted and aligns with BCP and DRP policies, supported by the steering committee.

Vet the BIA report with the steering committee and stakeholders, and obtain management approval for continuity, recovery, and reconstitution planning, even as evolving business priorities require revisions.

Examine the BIA process, distinguish MTD, RTA, and RPO, gather data via questionnaires, workshops, and interviews, and finalize a BIA report approved by management before the next BCP cycle.

Leverage the business impact assessment to guide risk analysis, evaluating probability and impact, balancing consequences across business systems, and using prior risk assessments to tailor the analysis.

Map the threat model to vulnerabilities, assess likelihood and consequences, and identify mitigation controls to reduce risk. Document BIA recommendations and present risk mitigation strategy to justify the BCP.

Explore threats to business and infrastructure using industry data and threat and risk assessment databases. Identify threats after asset valuation, quantify risk, and rank risks by probability and severity.

Identify four main causes of unplanned downtime—operational or human errors, control or documentation, coding and design flaws and failed upgrades and changes, and hardware faults—while noting disasters are rare.

Explore risk areas in business continuity planning, from simple outages and media handling to untidy storage of sensitive information and technology, and learn how recovery, resiliency, and redundancy reduce downtime.

Define risk as a hazard or unwanted event with a probability of loss and exposure to loss. Analyze its causes and effects to assess severity and financial value.

Identify a threat and a vulnerability pair to determine a probable risk for evaluation. Recognize that without both a threat and a vulnerability, no risk exists.

Assess probable risks by balancing likelihood and impact, identify threats and vulnerabilities to critical elements, define risk as annualized loss exposure, and evaluate existing and potential mitigating controls.

Explore how exposure inventories help business continuity planners document facilities, processes, systems, and resources, and create and maintain facility-specific, well-documented, enumerated checklists to manage this information.

Develop a comprehensive business process inventory—an annotated list of key processes, flowcharts, rules, facilities, departments, personnel, equipment, information technology, and user guides—to enable rapid BIA and risk analysis.

Determine risk by applying hard values in what-if spreadsheet analysis to compute annualized loss expectancy using single loss expectancy and annual rate of occurrence for objective assessment.

Explore the statement of risk as a subjective, qualitative assessment, highlighting goodwill, reputation, and perception through scenario-based, cause-and-effect analyses within a familiar peer group.

Identify risk, analyze impact, and implement controls to mitigate risk, including process changes, protection devices, and additional procedures to reduce exposure and event impact.

Identify existing security controls to inform risk analysis. Classify them into administrative or procedural, technical or logical, and physical controls, with examples like hiring policies, firewalls, and guards.

Implement physical controls to deter threats and reduce loss in information technology environments, while acknowledging residual risk and aligning it with management's risk appetite.

Assess risk factors in business continuity planning to determine how outages may occur, their severity, expected losses, how effective controls deter threats, and prioritize risks for focused resources.

Assess risk with the BCP team's data on mitigation controls, evaluate improvements to existing controls, and justify new or upgraded controls to support infrastructure changes before plan documents.

Identify how the risk assessment report supports BCP status update and initiates development of business continuity and disaster recovery plans, recommending procedures and adapting to organizational complexity.

Identify threats to the organization, identify risks to assets, and estimate costs to implement controls, while examining threat categories and risk equations like annual loss expectancy.

As we finish chapter two, move on to chapter three to begin developing and putting the plan on paper.

After gathering data through the BIA and risk analysis, develop the BCP and DRP plan segments on paper using the essential information.

Apply the course outline to advance to the next topic and focus on plan development in this chapter.

Explore the design and development of BCP strategies, emergency response, and site recovery, including five topics, plan creation, and plan B alternatives within a holistic risk management framework.

Revisit the BCP planning model as a strategic step in the BCP and DRP process, bringing together talent to ensure all business stakeholders are represented and plans are complete.

Begin the planning process for disaster recovery. Apply strong project management skills to maintain focus during BC plan design.

Explore the many topics within the BCP design and see how each will be covered in detail throughout this chapter.

Start with a small business continuity planning project to master fundamentals, validate your methodology, and build credibility, while researching BCP case studies to refine scope and objectives before expanding.

Scope and validate the boundaries, limitations, and assumptions at the outset of a BCP or DRP project, using the steering committee to vet assumptions and establish a clear go-forward position.

organize the bcp and drp teams with clear roles and responsibilities, guided by a seasoned leader, and provide skills training through human resources to build confidence and readiness.

Design robust business continuity procedures by planning crystal-clear emergency and public safety protocols, establishing safety marshals, and documenting evacuation guides to ensure rapid, coordinated responses.

Develop rigorous escalation, notification, and planning processes to ensure clear rules of engagement. Establish backup teams, call trees, and a safe backup site to reestablish the business after a disaster.

Outline an emergency response framework and operation procedures to enable rapid actions under pressure, with complete, clear documentation so strangers can cope with these procedures effectively.

Detect incidents and immediately mobilize the established command center to coordinate containment, escalation, salvage, and recovery team actions through the emergency operation center (EOC) and an alternate recovery site.

Develop emergency response procedures, establish incident recognition and escalation criteria, ensure people safety, containment strategies, and rapid damage assessment to guide incident management and media response.

Identify and map emergency response resources, establish preexisting relationships, and learn access protocols so BCP and DRP leadership can gain rapid support at primary and alternate sites.

Examine end user and business unit recovery plans, catalog hundreds of logistical details with a comprehensive checklist to document a complex business continuity and disaster recovery plan.

Design a public relations plan that delivers timely messages during disruption while maintaining calm, controlling information flow, and informing stakeholders about service resumption and data safety.

Plan and execute site recovery and resumption at the alternate production facility with pre-planning, rapid readiness, data transfer, logistics, and certification to resume production.

Coordinate the restoration of primary site with certification and authorization, then return from alternate site in stages, using least critical processes first and synchronizing each system as it is repatriated.

Coordinate return to the primary site by resuming least critical functions first, then schedule return of critical operations, while guiding restoration teams to manage deliveries, mail, communications, and facilities.

Review a typical bcp design, including bia, risk assessment, and a high-level recovery strategy, then transition to disaster recovery planning and its technical aspects.

Map the various recovery alternatives according to the priorities in the critical systems list for effective disaster response planning.

Develop disaster recovery plans detailing IT recovery strategies and actions to restore critical services within the recovery time objective, with clear roles, budgets, and records management.

Develop and implement an efficient disaster recovery plan that provides alternatives to restore critical services when the recovery time objective cannot be achieved, prioritizing operations and off-site data.

Develop the disaster recovery plan by integrating BCP, DRP, and IT recovery findings; address offsite backups, tape vaulting, generator fuel, and staffing for NOC and call center.

Coordinate ITC critical support teams for disaster recovery, led by team leads, align LAN, WAN, hardware, data, and application recovery with business unit experts, and coordinate production center logistics.

Emphasize meticulous capture of minutiae and robust record management for publication in a large bcp/drp engagement, where thousands of line items demand thorough documentation.

Answer the end-of-chapter questions for homework, then proceed to chapter four for an in-depth look at it recovery strategies.

Examine and craft various recovery strategies discussed during the development of the business continuity plan and the disaster recovery plans.

Define and document diverse recovery strategies and establish review processes for business unit personnel to execute critical business systems at the recovery location.

Explore IT recovery strategies and disaster recovery site options, outlining strategy choices for business continuity and disaster recovery planners, and noting interdependencies among options.

Explore the design and development phase of the BCP planning model by refining BCP and DRP strategies and revisiting the plans developed in the previous chapter.

Develop VCP strategies from the BIA and risk analysis and implement recovery activities when needed. Align BCP strategies to protect delivery of products and services and prioritize each business system.

Identify priority business processes using BIA outputs such as MTDs, RTOs, and RPOs to guide BCP strategies that keep critical activities running, consolidate solutions, and reveal cost-effective improvements.

Explore preventative controls in business continuity planning, physical security, employee protection, security screening, and IT security. Learn to evaluate, reinforce, and test administrative, technical, logical, and physical controls prevent disruptions.

Strengthen resiliency in business systems during BIA and risk analysis by adding graceful fall over, alternate pathing options, duplicate service facilities, and redundant power and internet circuits to withstand outages.

Learn high availability concepts to prevent downtime: eliminate single points of failure, ensure reliable crossover, and detect failures, using server and database clusters, load balancing, and rapid failover.

Plan and implement a clustered server strategy by empowering the technical team to decide how clustering failover is created, and prepare for a checkpoint restart to mitigate business interruptions.

Explore information technology recovery strategies through clustered database server design, achieving high availability with active-active configurations and a heartbeat between duplicate processes, and contrast active-standby setups requiring restart after failure.

Explore recovery strategies for application clusters and grids that provide multiple server instances for load balancing and high availability. Learn how a single server failure causes little to no impact.

Explore internet clustering for load balancing and failover using external facilities and border gateway protocol techniques to rapidly move external IPs to the failover path and support multiple pathing.

Identify redundancy and resiliency options suited to budget and high availability needs. Review configurations to derive value from the business impact assessment and risk analysis.

Explore replication as a resiliency strategy by duplicating the data repository across SAN, NAS, and other storage networks, and examine block-level versus file-level storage, SDS, and SDN.

Explore virtualization-driven rapid backup and recovery, including disk-based restores and shadow networks, to minimize downtime and meet extended RPO.

Assess available recovery strategies with the business continuity, planning, and disaster recovery planning teams to review options for disruption, technical feasibility, risk appetite, and cost to implement and maintain.

Evaluate alternate processing recovery options to achieve resiliency, guiding BCP and DRP teams through a selection process amid varied budgets and circumstances, aided by virtualization and cloud computing.

Evaluate internal, commercial, or private disaster recovery sites, weighing costs, power, cooling, security, and accessibility. Select options that support testing, readiness, and control of facilities.

Explore cloud-based disaster recovery strategies, weighing CapEx and OpEx costs, private data center maintenance, and staffing needs against cloud provider services and organizational input.

Evaluate vendor sponsored sites as disaster recovery options, weighing costs for data center space, power, and internet, plus security, privacy, transparency, compliance, and disaster declaration protocols.

Explore the good neighbor option for disaster recovery sites by forming a reciprocal backup with a noncompetitive partner, formalized through an MOU, and address security, growth, cost, and legal considerations.

Explore hot site disaster recovery strategies, detailing readiness, a 24-48 hour RTO, required hardware, software, and services, data redundancy, vendor options, and cost and security considerations.

Compare warm site options to hot sites: partial equipment and no data on site, backups untestable for restore, limited accessibility, RTO over seven days, with cost savings and security concerns.

Compare hot and cold site options for disaster recovery, highlighting cold site as a low-cost reserve, capable of storage or training use while rebuilding a hot site.

Explore high availability in disaster recovery, ensuring real-time access to alternate resources, 99.9% uptime targets, and a service level agreement, including Fips 199 confidentiality, integrity, and availability considerations.

Chapter five introduces resiliency, focusing on redundancy and alternate pathing to eliminate single points of failure.

Explore IT resiliency by eliminating single points of failure and detailing the disaster recovery engineer's role in executing the business continuity plan and disaster recovery plan options and processes.

Explore chapter five's focus on IT resiliency and examine options to eliminate single points of failure.

Explore the chapter's topics on resiliency by decomposing its components, reviewing basics, and examining applications, including telecommunications and internet connectivity issues.

Explore another iteration of the BCP planning model as we advance to a higher level of resiliency within the design and development phase, the third phase.

Explore areas of IT resiliency, from data center power and cooling to redundant servers, SANs, and NAS, and assess risks to reduce recovery time and outages.

Explore the BCP planning phases and IT resiliency strategies to strengthen computer processing against disaster events. Learn how to tailor cost-effective recovery solutions to fit each organization’s needs.

Assess data center resiliency through dual electrical grids, power conditioning, redundant generators, and UPS, ensuring continuous power to A-side and B-side racks while monitoring power inputs.

Assess data center resiliency by ensuring total power redundancy, multiple grids, motor generators with fuel contracts, and UPS protection to maintain clean power through outages and switchover.

Explore data center resiliency through HVAC design, redundant cooling, and rigorous maintenance to prevent overheating. Learn to optimize airflow, avoid blockages, and apply containment strategies with UPS and generator power.

Examine data center cooling options that boost efficiency by separating hot and cold aisles and using plenums to return warm exhaust to air handlers.

Assess hot aisle containment and cold aisle containment to separate hot and cold air, improving cooling efficiency in data centers.

Assess datacentre cooling strategies with redundancy and n plus one designs, ensuring cooling power protection through air conditioning and air handling units, and explore long-term efficiency options.

Raised flooring in data centers can serve as an air handling duct for efficient cooling, housing chilled water, refrigeration pipes, and cabling, but it risks clutter and restricted access.

Enhance IT resiliency by applying an ISO-based standard seismic isolation platform to protect racks and computing equipment from seismic events.

Explore data center cabling management decisions, comparing overhead versus underfloor setups to prevent spaghetti junction, reduce scope creep, and improve maintenance through professional, Bixi-certified installation.

Assess IT resiliency by prioritizing modular, professionally installed cabling; prefer overhead cable trays and avoid underfloor powering that impedes airflow, aiming for a tidy, efficient installation.

Overhead power bus connections organize cabling in a preemptive move, shifting distribution upward. Bus ducts, over-rack bus ways, and cabinet PDUs improve efficiency.

Design redundant paths to the internet with disparate providers and use load balancers for failover, while separating building entry points and cable rights-of-way to mitigate failures affecting external IP addresses.

Compare standard tape backup and restore with disk-based replication and failover options, highlighting cost, speed, and suitability for high priority systems.

Compare backup and restore options, noting tape's slow logistics and how replicated disk backups are faster and up to date, enabling failover with pre-replicated file shares to disaster recovery servers.

Protect data with tape backups as a disaster recovery method by storing offsite copies and using a transmittal document and serial-number tracking for secure, auditable transfers via bonded courier.

Assess tape vaulting risks in tape backups, including physical security, off-site storage hours, environmental controls for Mylar media, bonded transport hazards, and fire and intrusion considerations.

Assess disk backups and electronic vaulting against cloud options, noting that compression, deduplication, and replication affect cost and efficiency. Evaluate network bandwidth and restore capabilities for small branch offices.

A do-it-yourself disk backup approach lowers upfront costs but increases disk utilization without compression and deduplication. It also risks cpu bottlenecks, glitches, and failures in business continuity and disaster recovery.

Assess a backup appliance to offload deduplication processing and reduce CPU load. Balance higher per-terabyte costs with scalable capacity and include a third-party recovery site in your business continuity plan.

Adopt data archiving to cut backup costs by 60% and backup times by 80% by moving unused data out of backups, while establishing corporate retention policies and quotas.

Explore system replication for critical systems to enable high availability, using host replication and byte-level replication that sends only changed bytes while avoiding application conflicts.

Explore SAN replication to simplify replicating multiple systems, with SANs hosting file shares (CIFS, NFS) and LUNs (iSCSI, Fibre Channel), replicated from primary to disaster recovery SANs in same family.

Evaluate virtual server replication options when you lack a SAN or have dissimilar storage at your disaster recovery site to replicate VMs to private DR sites or clouds.

Develop and optimize application redundancy by evaluating replication for failover and load balancing, exploring grid and geographical clustering, and leveraging cloud burst capabilities for scalable disaster recovery.

Evaluate voice and networking strategies for disaster recovery, planning site selection, redundant connections, and VoIP or cloud-based voice solutions to ensure reliable communications during outages.

Transition from chapter five to six and begin the implementation phase, the fourth phase of the BCP planning model.

Validate that the BCP and DRP plans are complete and ready to serve the organization during a disruption. Review the course outline for the implementation phase.

Move to chapter six and enter the implementation phase, focusing on how to implement the BCP planning model.

Examine the implementation phase of the seven-phase BCP planning model, verifying that the plan is complete, accurate, and reasonable after completing design and development.

Approve strategies and plans, resource recovery components, and establish team knowledge transfer and awareness. Explore how to execute the plan and address human issues that influence success.

Make the BCP implementation plan visible, ensure it reflects functional requirements, submit the final draft to the steering committee, and secure management sign-off before the budget ramps up for implementation.

Define and assign BCP implementation tasks, secure funding, procure facilities and services, and document recovery processes while aligning teams, contracts, and security to ensure a resilient disaster recovery program.

Senior management provides organizational commitment, adequate resourcing, and removes obstacles to BCP implementation, while steering committee members facilitate cross-unit collaboration and planning teams manage emergency response and IT infrastructure recovery.

Determine cost estimates for disaster recovery and business continuity by identifying line items, coordinating cross-department input, navigating tendering rules, and assessing capital, licensing, and annual operational costs.

Secure management approval and funding by presenting a tightly scoped BCP/DRP plan that reflects current constraints and includes CapEx, OpEx, risks, costs, and timelines vetted by the steering committee.

Coordinate vendor acquisitions, installation, and configuration of hardware, software, and network solutions to build a disaster-ready recovery environment with information technology teams, and validate tests.

Document mission critical data into a living disaster recovery portfolio. Maintain BCP and DRP plans with change management; capture who, what, when, where; document core services and recovery alternatives.

Navigate implementing operational changes by aligning planning, change control, and the change management database with executive leadership to streamline processes, protect data backups, archiving, and cross-training.

Coordinate procurement of facilities and services from the BCP/DRP plan, securing contracts for recovery site facilities, server, storage, network services, apps, and cloud outsourcing with security and project management oversight.

Prioritize awareness and training to address attitudes, behaviors, and competencies in disaster recovery teams. Foster teamwork, cooperation, and a collegial culture while managing travel constraints and personal commitments.

Differentiate awareness from training and tailor both to the appropriate audiences to build capability. Assess whether awareness exists and whether participants possess the skills and knowledge to deliver competent service.

Learn to design an awareness and training program within a business continuity planning framework, detailing the components of BCP and DRP for effective disaster recovery.

Awareness explains why business continuity matters and identifies bcp and erp project roles and responsibilities. It outlines resources, guidance, critical success factors, and engagement rules to help teams participate.

Develop a comprehensive training plan for the BCP and DRP project, leveraging internal and external resources, cross-training, and recorded practice to build a confident, capable team.

Train and exercise the business continuity and disaster recovery plans and their alternatives to prepare for chapter seven topics.

Test and exercise the BCP and DRP plans to demonstrate that they work as intended under audit scrutiny, validating the teams' ability to meet business continuity goals.

Revisit the course outline chapter seven to validate that the BCP and DRP will work, and perform rigorous testing and exercising to ensure the business can rely on the plan.

Explore chapter seven agenda detailing six topics that guide testing and exercising this disaster recovery plan, ensuring strong assurance, sponsor alignment, and audits to prevent fatal shortcuts.

Align the organization with the BCP planning model as it moves into full production status. Conduct tests and exercises to reveal deficiencies and fine-tune the plan to address gaps.

Practice testing and exercises stress test the BCP, BIA, risk analysis, and recovery plans to uncover gaps, validate procedures, and build team confidence, reducing decision-making under pressure and outage losses.

Focus on testing and drills with small, planned exercises, clear timing and participants to avoid disruption. A well-crafted plan defines success criteria, scope, and audit-ready evaluation.

Explore how testing types progress from checklist to full failover, highlighting confidence, interruptions, and roles through role-playing walkthroughs, simulations, parallel tests, and recovery-site exercises.

Select testing participants with clear roles, appoint an independent facilitator, and use scribes, disaster recovery team members, business process owners, and internal auditors to monitor, report, and drive remedial retests.

Coordinate testing participants to keep the disaster recovery exercise on track; senior management and the steering committee ensure commitment while business continuity and disaster recovery coordinators and observers provide feedback.

Review the test experience in the testing postmortem, capture recommendations to improve BCP and DRP processes, and assess test effectiveness. Archive lessons as experiences for future modifications and team training.

Review post-mortem lessons within one to two weeks, produce a report with observations and recommendations, assign a responsible party and target dates, and ensure plan is ready for prime time.

Move on to chapter eight to focus on the maintenance and testing of a changing plan and the execution phase, including actions when the plan is called into action.

Maintain the actual business continuity and disaster recovery plan through ongoing maintenance and execute recovery options when a disaster occurs.

Maintain and execute a living business continuity management system, embedding the BCP and DRP in daily operations to stay current, usable, and ensure survivability during disasters.

Explore the maintenance and updating phase of the BCP planning model, detailing regular maintenance tasks, updates as the operational environment changes, and the issues required to execute the plans.

Revisit the BCP planning model to identify the final two phases, and explore creating a maintenance program that keeps BCM planning components in sync with the business.

Regularly maintain the business continuity plan through policy reviews, annual cycles, and updates from tests and organizational changes, guided by a formal change management process.

Establish a maintenance policy and procedures aligned to organizational standards to manage changes to BCM plans through change control, and embed BCM activities into the business continuity management system.

Evaluate internal and commercial maintenance tools, assign plan responsibilities, create distribution lists with serial-numbered copies, and govern release levels, father and grandfather, while embedding bcms processes for resilient, cybersecure operations.

Plan maintenance updates through a formal change management process. Ensure BCM plans stay current and redistributed to authorized recipients, in sync with personnel changes and PMO oversight.

Set maintenance schedules and budgets with annual testing aligned to the budgeting process, and update intervals when changes to the BCP or DRP trigger re testing and re exercising.

Identify and integrate diverse input criteria to shape ongoing plan maintenance, guided by business impact assessment and risk analysis, ensuring the bcms adapts to changing needs and external pressures.

Identify triggers for plan maintenance and revise BCM plans as growth, mergers, outsourcing, or cloud adoption reshapes priorities, assets, and business impact assessments and risk analyses.

Technology changes are a moving target, requiring upgrades to prevent obsolescence and keep BCP and DRP plans aligned with evolving risk analyses. Embrace stability to minimize changes while orchestrating upgrades.

Explore how information system security evolves to support a well crafted information security program, ISMS adoption, and ISO 27001/27002 guidelines, with certification programs shaping plan maintenance.

Apply input criteria for plan maintenance by reviewing testing deliverables and plan reviews, reflecting organizational changes such as new business rules, policy directives, and service level agreement updates.

Changes to input criteria for plan maintenance impact the deliverable, BIA, and risk analysis, triggering reviews and rework that ripple through the planning process.

Highlight direct changes to business continuity plan strategies after planning crystallization, assess their impact on the go-forward position, and use early warning systems to reassemble planners for strategy updates.

Focuses on plan maintenance for BCP and DRP documents to prevent stale details, update calling lists and team profiles, and address any incompleteness. Any change requires retesting and exercising again.

Drive maintenance planning from the testing program, since bcms require periodic retesting. Annual re-tests may produce imperfect results, with minor changes over time, making input a catalyst for maintenance.

Identify triggers for change that require maintenance and establish a comprehensive maintenance program with allocated time and resources. Steering committee oversight and management guidance keep the bcms current and effective.

Enforce plan document control with accurate documentation, clear naming, and versioning. Store copies at backup and recovery sites in secure containers; provide working copies to team leads and key business units.

Establish controlled distribution for current BCP and DRP plans, restrict access to authorized participants, track obsolete copies, and safeguard working copies at the EOC and disaster recovery site.

Secure disaster recovery plans to ensure physical protection and authorized access for BCP and DRP teams. Mobilize at the emergency operations center to keep these plans readily available during incidents.

Define a formal plan maintenance process linked to the bcms policy. Foster open communication between bcp and drp planners and the organization to keep the bcms living.

Emphasize the importance of plan maintenance by creating a plan to maintain the plan very early in the plan development.

Explore the execute phase, the last phase of the BCP planning model, and understand its role in moving the plan into action.

Explore the execution phase as a distinct, detailed section within the BCP planning phases. Understand why this execution phase deserves its own thorough treatment for effective business continuity.

Explore the major BCP planning phases from pre-incident preparation to incident response. See how complete and tested BCP and embedded DRP alternatives establish procedures, priorities, and incident response capability.

Execute the plan by rapidly prioritizing the recovery of mission critical systems, reestablishing production at the recovery site, and using leased systems as a readiness benchmark for repatriation.

Describe escalation procedures, disaster declaration criteria, and initial response actions during plan execution, including problem identification, responsibility areas, steering committee screening, and a current call tree.

Mobilize the emergency operations center and recovery teams, issue post disaster alerts, coordinate damage assessment and salvage, notify vendors and business continuity teams, and initiate the public relations program.

Coordinate an orderly sequence of events that delivers rapid information from first responders to the business continuity coordinator, triggering emergency operations center setup and damage assessment notifications to senior management.

Coordinate damage assessment and salvage to evaluate personnel welfare, infrastructure, and critical systems, enable rapid disaster declarations, support cross-unit communications, and document loss costs at the emergency operations centre.

Gather information from others' experiences and from emergency services or media about similar incidents; use internal business units' status updates and risk management output reports, plus insurance cost estimates.

Mobilize the emergency operations center, coordinate public relations, and assemble recovery teams and vendors, while issuing status updates to show the situation is under control per the disaster recovery plan.

Disaster declaration procedures require timely media messaging from a designated spokesperson. Build a PR plan with internal or external support, update press releases, and schedule outreach to all audiences.

Position the PR spokesperson as a crisis management asset who crafts inclusive, audience-aware messages and selects print, audio, or internet channels while building media relationships.

Identify and adapt to a wide range of audiences and external media outlets for disaster recovery communications, including social media, to avoid surprises during incidents.

Coordinate internal and affiliated groups, including customers, vendors, stakeholders, and extranet partners, keep employees' families informed, and provide an 800 line for status reports to ease recovery team anxiety.

Coordinate proactive public relations and crisis messaging to employees and their families, key customers and suppliers, and management, while aligning with agencies through the steering committee and emergency operations center.

The ICC organization acts as an internal administrative incident command center, collecting incident information, maintaining resource status, coordinating recovery tasks, and monitoring costs for insurance-based cost recovery.

Compare the incident command center (ICC) and the emergency operations center (EOC) to govern recovery with ICC providing control, monitoring, and logistics, while the EOC orchestrates execution and rapid response.

Activate and execute the disaster recovery plan with documented procedures for identifying disasters, clear communications with all stakeholders, prepared announcement scripts, and regular status updates.

Execute the plan to recover and document lessons learned through a postmortem. Repatriate systems from the recovery site to the primary site with synchronized steps, preserving privacy and security.

Introduce the disaster recovery engineer to non-technical issues and business interruptions affecting the workforce, with a live SARS-related case study in chapter nine.

Examine pandemics as disasters that disable the workforce due to regional medical problems, using SARS history and the role of WHO and CDC in rapid response.

Review the final chapter outline on pandemics in the certified disaster recovery engineer program. The SARS outbreak reframed disaster planning and introduced postscript material for the toolkit.

Explore the key topics a disaster recovery engineer covers, from threat assessment and frequency to business impact, travel policies, pandemic planning, and resource readiness.

Define a pandemic as an epidemic spreading across continents, distinct from stable endemic disease or seasonal flu, with historical examples including smallpox, the Black Death, HIV, and SARS.

Explain that a pandemic is a world-spanning outbreak of a new virus with little immunity, often originating from animal sources such as bats, per World Health Organization materials.

Examine pandemic frequency and the annual rate of occurrence for influenza pandemics, review historical intervals, and see how WHO protocols after SARS expedite outbreak identification and control.

Examine how a pandemic drives business disruption through absenteeism of up to 40%, shifts in consumer demand, supply chain delays, and possible manufacturing shutdowns, with guidance from OSHA.

Incorporate federal, state, and local disaster plans into your workplace plan, aligning with health care mandates and sick leave policies. Enable work-from-home strategies with preplanned logistics.

Develop a disaster plan addressing employee sick leave, pay, payroll adjustments, safety, and hygiene; stockpile infection control supplies; inform staff and customers; coordinate with insurers and local agencies; mitigate infodemic.

Use comprehensive checklists to shape disaster recovery planning in information security, drawing on WHO resources and CDC guidance to tailor organizational readiness.

Develop a crisis communication plan for pandemic readiness, delivering pandemic fundamentals, alerts on office status, and partner and traveler updates to employees, families, suppliers, and customers via hotlines and websites.

Develop travel policies in human resources for mobile workers, leveraging WebEx, Adobe Connect, Netmeeting, and Zoom to reduce travel. Establish outbreak-based restrictions and plan 14-day quarantines for returning staff.

Explore physical resources and logistical issues in pandemic planning, including establishing health care clinics, infection control, stockpiling supplies, remote access, and preventive policies to sustain operations.

Identify a clean containment area and provide N95 masks to the ill employee and attendants until EMS arrives, then disinfect all touched surfaces with hospital-grade products.

Evaluate the N-95 mask as a respirator, note its availability in hardware outlets, and contrast it with gauze masks whose short usage offers less protection.

Organize a work-from-home telecommuting plan with scalable remote access, secure BYOD, and reliable home internet, using Zoom or other platforms, aligned with the business impact assessment and business continuity plan.

Review end-of-chapter nine concepts that guide disaster recovery engineers to engineer resilience, design and develop plans and subplans, and prepare for the CDRE exam with Mile2.