LOS ANGELES COUNTY
DEPARTMENT OF MENTAL HEALTH
  Policy 550.03 Information Technology Contingency Plan
 
  Procedures - Disaster Recovery Plan
  1. The Disaster Recovery Plan must enable the restoration of lost data in the event of fire, vandalism, systems failure, or other disaster. It identifies the data that will be recovered in the event of a disaster and/or emergency and prioritizes the order in which recovery of systems and information will be conducted. It provides directions on how far in the past to recover data and the time period during which information must be recovered and specifies critical events or time periods during which specific types of information or systems may be needed.
     
  2. In creating this plan, include all of the following:
     
    1. Assign and provide access rights to an authorized person(s) for the retrieval, loading, and testing of data backups.
       
    2. Ensure retrieval of the latest copy of the facilities' backed-up data from the secure location in the event of data loss. If the necessary data set(s) have not been archived, efforts will be made through formal channels (e.g., retransmission from original sources) to collect the data.
       
  3. Create the Disaster Recovery Plan spreadsheet:
     
    1. From the Application and Data Criticality Analysis spreadsheet, copy the Official System Name, System Owner, and Director's Priority Level columns into a new spreadsheet.
       
    2. Add columns for Record and Data Sets to be Recovered, Recovery Point Objective, Recovery Time Objective, and Critical Timeframe to create the Los Angeles County Department of Mental Health Disaster Recovery Plan spreadsheet, shown below:

      DISASTER RECOVERY PLAN
      Date:
       
      Official
      System Name      		 System Manager/ Owner Director’s Priority Level Records & Data Sets to be Recovered RPO i RTO ii Critical iii Timeframe Responsible Person
                     
                     
                     
      1. RPO, Recovery Point Objective, the period of time prior to an outage to which data are to be restored
      2. RTO, Recovery Time Objective, the amount of time allowed for the recovery of the record or data source
      3. Critical Timeframe, the time that is critical to have the records and/or data restored
         
    3. Complete the spreadsheet by filling in all of the data.
       
      1. In the Record and Data Sets to be Recovered column, list the record and data sets to be recovered in the event of a loss for each system. A system may have one or more record and/or data sets. For example, a pharmacy system may have a formulary record set, a patient master record set, prescription refill data records, new prescription records, etc. It is important for disaster recovery purposes to identify for each system all electronic record and data sets that the Department intends to recover in the event of information loss.
         
      2. In the next three columns, the Recovery Point Objective identifies the period of time before the outage to which data is to be restored; the Recovery Time Objective identifies the period of time to allow for recovery of the data; and the Critical Timeframe identifies the time by which it is critical to have the data recovered.
         
  4. The system manager/owner for each system listed in the Disaster Recovery Plan spreadsheet above must be responsible for the recovery of record and data sets from the Point Objective forward. The recovery must occur within the Time Objective and will, whenever possible, meet the Critical Timeframe.
     
  5. In implementing this plan, include both of the following tasks:
     
    1. Load the retrieved data in the order of pre-determined criticality (especially with regard to the availability attribute) to appropriate components (in accordance with applicable access control policies), and test to ensure that the data restoration was successful.
       
    2. Test the Disaster Recovery Plan as set forth in Procedures - Testing and Revision of Information Technology Contingency Plan.