This document provides an overview of the Ministry of International Trade and Industry's (MITI) experience implementing a Disaster Recovery Plan (DRP). It begins with definitions of key terms like business continuity management, disaster recovery planning, and disasters. It then discusses MITI's objectives for the DRP, which were to improve availability, processes, maturity, reputation and gain advantages. The document outlines MITI's DRP strategy and roadmap, which included phases for analysis, risk assessment, recovery strategies, plan development and testing. It discusses challenges faced and key success factors. Lessons learned included the importance of planning, readiness, awareness, communication and teamwork.

2. MINISTRY OF INTERNATIONAL TRADE AND INDUSTRY
DISASTER RECOVERY PLAN IMPLEMENTATION EXPERIENCE:
A GOVERNMENT AGENCY’S PERSPECTIVE
INTHRANI. S

3. Contents
• BCM/DRP
 Fundamentals
• BCM/DRP in MITI
 Introduction to MITI
 Quick Assessment
 Scope
 Objectives
 Strategy
 The Journey/Roadmap
 Challenges
 Key Success Factors
 Lessons Learned
• Q & A

4. What Is a Disaster ?
Any natural or man-made event that disrupts the business in
such a significant way that a considerable and coordinated
effort is required to recover and resume business.
• Geological: earthquakes, volcanic
eruption, tsunamis and landslides
• Meteorological: hurricanes, tornados,
wind storms, hail, ice storms, snow
storms, rainstorms, and lightning
• Others: avalanches, fires, floods,
meteors and meteorites, and solar
storms
• Health: widespread illnesses and
pandemics
• Labour: strikes, walkouts, and slow-downs that
disrupt services and supplies
• Social-political: war, terrorism, sabotage,
vandalism, civil unrest, protests,
demonstrations, cyber attacks, hacking, denial
of services (DOS).
• Others: fires, haze, stampedes, material spills
• Utilities: power failures, communications
outages, water supply shortages, fuel
shortages, etc

5. What is BCM?
• Holistic management process for identifying potential
impacts from threats and for developing response plans
• Provides a framework for building resilience and the
capability for an effective response
• Safeguards the interests of an organization's key
stakeholders, reputation, brand and value creating
activities
• 1 plan 4 all
Not only RECOVERING CRITICAL FUNCTIONS from DISASTER
but also ensuring that they CONTINUE FUNCTIONING
IMMEDIATELY in the event of a disaster - BCMI

6. What is DRP?
A Disaster Recovery Plan is a documented
process or set of procedures to recover
and protect business-related IT
infrastructure in the event of a disaster. It
is associated with IT assets.
BUSINESS
CONTINUITY
DISASTER
RECOVERY

7. BCP and DRP
 BCP
Activities required to
ensure the continuity
of critical business
processes in an
organisation
Alternative personnel,
equipment, and
facilities
Often includes non-IT
aspects of business
 DRP
Assessment,
salvation, repair, and
eventual restoration of
damaged facilities and
systems
Often focuses on IT
Assets

8. What is MTD?, RTO? & RPO?
• Maximum Tolerable Downtime (MTD)
– Maximum time that a business process can be
inoperative/unavailable before significant damage
• Recovery Time Objective (RTO)
– Period of time from disaster onset to
resumption of critical business function
• Recovery Point Objective (RPO)
– The point in time before a disaster up to which system
and data must be recovered

9. About MITI
• Vision
To make Malaysia the preferred investment destination and
among the most globally competitive trading nations by 2020.
• Mission
To promote and strategise Malaysia's global competitiveness in
international trade by producing high value added goods and
services.
To spur the development of industrial activities towards
enhancing Malaysia's economic growth for achieving a
developed nation status by 2020
• Objective of ICT Division
To make Information Communication Technology (ICT) as the
strategic enabler to achieve MITI’s Vision and Mission

10. Quick Assessment
1. Are you concerned that your normal business operations may be interrupted by a
natural or human-caused disaster? (Y / N / Unsure)
2. Have you determined what parts of your business need to be operational as soon as
possible following a disaster, and planned how to resume those operations? (Y / N /
Unsure)
3. Do you and your employees have an emergency response plan in place to help assure
your safety and to take care of yourselves until help can arrive?
(Y / N / Unsure)
4. Could you communicate with your employees if a disaster happens during working
hours or after working hours? (Y / N / Unsure)
5. Are you able to access the vital records/information for your business operations in an
event of disaster? (Y / N / Unsure)
6. Do you have plans to stay open for business and continue with your services, even if
you cannot stay in or reach your place of business? (Y / N / Unsure)

11. Scope
Trade Facilitation Information System
SERVICE PROVODER
AGENCY-2
DATABASE-1
SYSTEM-1 SYSTEM-2
AGENCY-1
MITI
EXTERNAL USERS
MITI PORTAL
SINGLE SIGN ON
DATABASE-2
SYSTEM-3
INTERNAL USERS
WEB

12. To:
• Minimize effects of a disaster – downtime and
data loss
• Improve service availability and reliability
• Improve processes / procedures
• Improve maturity & resilience
• Improve organisational image and reputation
• Enhance customer trust
• Gain marketplace advantage
MITI’s DRP Objectives

13. BCM Framework (DRP Project)
Act Plan
DoCheck
Project
Management
Risk Analysis and
Review
Testing and
Exercising
Programme
Management
Business Impact
Analysis
Recovery
Strategy
Plan
Development

14. OUR STRATEGY
DRP
BCM
ISMS
RM

15. How BCP/DRP Support Security?
protecting information from
being changed/tampered by
unauthorised parties.
refers to the AVAILABILITY of
information to authorised
parties, only when requested
protecting information from
being disclosed to
unauthorised parties.
BCM/DRP directly supports AVAILABILITY

16. DRP Roadmap: STAGE 1 (PLAN):
ESTABLISHING THE DRP
Understanding Organization
• Understand the organization’s Mission, Vision,
Objective, BCMP’s Scope & Criteria
DRP Scoping
• Define Scope Objective and Boundaries
in line with organization’s BCMP
Management Approval & Support
• Project approval, approach, timeline,
policy
Establish Project Structure
• Project Team, term of reference,
understanding, relevant training

17. Phase
2
BUSINESS IMPACT ANALYSIS
Activities :
 Workshop / Survey to collect data on Systems / Infrastructure /Functions
 Analysis on collected data
 Identification of critical systems / infrastructure / functions
 Assessing the risk impact on critical systems / infrastructure /functions
 Determine Maximum Tolerable Downtime (aligned with client charter for the
identified critical functions/system/SLA)
RISK ANALISYS AND REVIEW (Identification, Assessment, Response
Development & Control)
Activities :
 Workshop / Survey to collect data on potential risks
 Analysis on collected data
 Identification of risk factors
 Determine likelihood, impact and expose level of risks identified
 Prioritizing of risks based on exposure level
 Mitigation & Monitoring
Phase
1
DRP Roadmap: STAGE 2 (DO):
IMPLEMENT AND OPERATE THE DRP

18. Phase
3
RECOVERY STRATEGY
Activities :
 Determine Maximum Tolerable Downtime (aligned with client charter for the identified critical
functions/system/SLA)
 Determine Recovery Time Objective (RTO) & Determine Recovery Point Objective (RPO)
 Determine DR options (Hot / Warm / Cold)
 Determine the backup strategy
 Determine resources requirements
 Procurement Process
Phase
4
PLAN DEVELOPMENT
Activities :
 Recovery Team/Backup Structure, Roles & Responsibilities
 Notification (Stakeholders, Users, Customers, Authorities, etc)
 Communication (WhatsApp/Email/Portal/Agencies’ Website/Blog/Twitter/Facebook)
 Regular meetings with all parties involved
 Training / Education / Awareness(everyday operations, recovery/emergency/resumption
procedures)
 PM Activities for Systems, Infrastructure, Functions (frequency)
 Testing/Exercising & Review (frequency)
 Alternative Workspace (Hardware/Network & other facilities)
 Logistic & Supply
 Who, What, When, Where & How
DRP Roadmap: STAGE 2 (DO):
IMPLEMENT AND OPERATE THE DRP

19. DRP Roadmap: STAGE 3 (Check):
Testing & Exercising
Document
Review
• Review Readiness
• Regular review of
plans, procedure,
changes
(organisation
structure,
architecture, service
providers, users,
operations, etc)
• feedback from
document owners,
etc
• network
connection
(multiple site,
workspace)
• Hardware
• Application
• back-up
Unit/Component
Test
• Full Rehearsal with
checklist
Walkthrough
(Dry Run)
• Back-up
• Production systems shut
down
• Movement to DR site
• Restoration
• Network & Systems test
(full cycle )
•Back-up
•Movement to primary site
•Restoration
•Testing
•Business Resumption at
primary site
Full Scale
Simulation

20. DRP Roadmap: STAGE 4 (ACT):
MAINTAIN AND IMPROVE THE DRP
Assess the
outcome of the
simulation exercise
(what went
right/wrong)
Perform
appropriate
correction,
corrective and
preventive actions
Continual
Improvement
• Simulation Report
• Assess Readiness
• Analyse Issues
• Recommendations
• Correction
• Corrective
• Preventive Action
• Awareness
• Continual
Improvements

21. Challenges
• Commitment & Support from all parties involved (multi-
agencies/vendors/teams/users)
• Planning & Coordination
• Rules & Regulations (physical/logical access)
• Readiness (Test & Resumption)
• Mindset
• Education & Awareness (new staff)
• Acculturation
• Skills, Knowledge and Expertise

22. Key Success Factors
• Well defined scope, requirements
• DR Plan – Policy, Procedures, Structure, Ownership, Roles
& Responsibilities
• Project Team (Competency, Skill & Literacy)
• Simulation Test
Leadership, Coordination, Time line, Checklist (4W&1H),
Communication, Logistic, Postmortem & feedback
• Close monitoring and management
• Commitment & Support
(All levels/parties)
• Communication & awareness
• Teamwork

23. Lessons learned
• Dedicated group
• Proactive Preventions
• Buy–ins from Top management
• Planning & Readiness*
• Awareness & training
• Communication
• Teamwork