1. Purpose of the Plan The purpose of a disaster Recovery plan is to ensure that the company can continue to operate in the event of a disaster. The plan outlines the critical business functions and the steps that need to be taken in the event of a disaster. This will help to ensure that the company can maintain its revenue stream and continue to provide its services to its clients and to protect the company from the threats as the company does not have specific policies on anti-virus software or firewalls.2. Threats and Risks The company being impacted by internal and external threats like: Phishing: it comes by downloading malicious programs in nature while browsing the web and click on the links in the email or execute email attachments leading to virus infection on the underlying computer system. Accidental deletion or modification of data: This error made by an employee. This could include things like accidental deletion or modification of data. Lack of security authentication, Permissions or authority for accessing system networks and data: This will increase risks associated with shared files, and if one user gets compromised, it permit access to the other users in the company Inability to access software: Incorrect processing or errors, hardware failure or an inability to access software. . Denial of service: causing the online shop or server to slow down or crash entirely These threats can pose a serious risk to the company and these risks are: they can result in the loss or theft of confidential data, damage to the company's reputation stop selling eBook, interrupt processes, and ultimately lead to financial losses employee productivity loss Loss of access to the essential systems like Microsoft office, Xero and the email. Lost customers and new potential sale. Confidential information leakage Loss of integrity and corruption of databases Loss of reputation and business.3. Critical Business Functions The critical functions for the Business are: The online store: The Company's online shop is its primary source of revenue, so any disruption would have an immediate effect on the finances of the organization. The consulting services: The consulting services are what attract customers to the online store. It would have a significant impact if the consulting services were to be interrupted. E-books: Since they are the main revenue generator for the company, the e-books are also a crucial component. The business would be severely impacted if the e- books were to be disrupted Professional development workshops: The Company offers professional development workshops to help employees improve their leadership skills. These workshops are an important part of the company's business model. Payroll system: to enable the payment functions for staff, costumers Financial system: to avoid any losses or disruption to revenue and staff and customer information. Microsoft Office for Business hosted through OneDrive, it helps consultants to drives clients to the online shop. OneDrive is used to store the company's e-book files.4. Disaster Recovery Strategy The following strategies /Procedure adopted to minimize the chance of the disaster and to add strength to the company system to facing the disaster The disaster recovery based on both prevention and recovery The prevention strategies contains: Cyber security and awareness training Strong cyber security measures like firewalls Use security antivirus Cloud backup ICT support User security such as authority and permissions . Alternative power system like generator or UPS The cost of undertaking these prevention measures need to be considered and added to the budget The recovery procedures are: Backup operation procedure to make sure the essential data processing task could be completed after disruption. Procedure in place to ensure quick restoration of the ICT system if it goes down. Emergency response procedure to limit the physical and IT damages Procedure to assisting the employees for health and wellbeing after the disaster Plan for reallocation to alternative site Backup plan for alternative location for the business or some part of the business Plan for management of work for disrupted or if people can't continue5. Specific Actions in the Event of a Disaster Setup a disaster recovery team for different areas of the business Plan to notify relevant staff and the senior management Have contact list for the disaster team and for management Legal requirement to notify worker and safety department and to notify the Australian information commissioner if there is cyber attack. Damage and risk assessment after the disaster Plan to notifying the users of the distribution of service Plan to contacting the business suppliers plus hardware and software supplies if it is relevant Plan to notify insurance provider to ensure they have a contact details of the business insurances Plan to test the systems to see how they will operate in event of the disaster and what the transmission plan is to new systems if we have to add.6. Industry Standards In preparing this disaster plan we have taking in account industry standard such as: 1. Disaster recovery team assignment. The team will be in charge of developing, implementing, and maintaining the Disaster Recovery Plan. In the DIRP, the team members should be identified, their lasks defined, and their contact information provided. The DRP should specify all persons to contact in case of a disaster or emergency. 2. Disaster risk assessment. The hazards to your organization should be identified and assessed by your disaster recovery team. Natural catastrophes, man-made emergencies, and technology- related incidents should all be included in this stage. 3. Determine which applications Documents, and resources are the most important for maintaining uninterrupted workflow. The company must assess its business processes to identify which apps, documents, data and resources are crucial to the company's operations, the plan should concentrate on ensuring an uninterrupted workflow and take care of customer services, client support, creating cash flows and revenues. However, the organization must acknowledge that some processes should not be postponed if at all possible. 4. Determine processes for off-site storage and backups. Protocols that you will elaborate should contain information about data to back-up, the back-up method, the storage, and the back-up frequency. At this stage it is important to remember the 3-2-1 rule that states: create at least 3 copies of your data, choose 2 different storage media for your backups and keep 1 backup copy outside your main IT infrastructure. Cloud storages are ideal for this purpose. 5. Regular assessment and update of DRP. Disaster recovery plans must also adapt as firms change and evolve at a rapid pace. The company should test the DRP on a regular basis to ensure that the procedures oudined in the plan are functional and suitable. The DRP should be updated on a regular basis to account for changes in business processes, technology, and disaster risks. Your organization should set aside time to test or rehearse your plan to ensure that it is effective, as well as to review it to ensure that it meets business and industry standards.7. Costs and budget The company is proposing to allocate 20,000 per year for prevention measures and after reviewing the cost implementation for this plan we need to allow addition budget for training, testing, organizing extra backup, alternatives power system, allemative reallocations and for implement another parts from this plan