Request for Proposal

Business Recovery Planning Software Evaluation



General Functions

General Inquiries About Your Company and Business History

    1. Can the vendor provide at least ten (10) references with contact names and phone numbers?
    2. How many installations / organizations have this software?
    3. What is the length of time you have been in business?
    4. Are there any users groups for your product?
    5. How many employees do you employ?
    6. How many programmers support the product?
    7. What are the future directions of your product?
    8. Does the vendor staff include Certified Business Recovery Planning consultants?
    9. Is Business Recovery Planning software the Vendor/s principal line of business?
    10. Is the first year of maintenance services included with software?
    11. What is the cost?
    12. What is the maintenance cost?
    13. Is there a trail (evaluation) period before you have to purchase the product?
    14. What are the return policies on the product?
    15. Does the vendor provide toll-free technical support within the USA?
    16. Is toll-free technical support available 24 hours a day, 7 days a week to all users?
    17. Is free training included with software?
    18. Is free "hands-on" training available during evaluation stages?
    19. Does the vendor provide training for unlimited personnel at no charge?
    20. Are product updates and enhancements free under active maintenance?
    21. Is the product PC based and menu driven?
    22. Provides a systematic method for developing an effective plan?
    23. Uses a popular word processing package for customization of text files? (e.g. Word, WordPerfect)
    24. Provides database management capabilities for information best presented in a list format, (i.e. equipment inventories, personnel lists, vendor lists, etc.)
    25. Can be used for developing an organization wide disaster recovery plan or a plan for only the data processing function?
    26. Is designed to facilitate maintenance?
    27. Provides a comprehensive operations manual?
    28. Includes backup and restoration procedures?
    29. Can be used on a LAN system.
    30. Facilitates recovery from multiple levels of disaster?
    31. Contains emergency management module?
    32. Is there a single-user version of the product that can operate on either a stand alone PC or on a file server?
    33. In the multi-user LAN version, can multiple people access the same data table/file simultaneously?
    34. Does the LAN version operate in a number of LAN environments? (i.e. Novell, NT, UNIX)

 

 

 

 

Disaster Recovery Plan Development

Inquiries About the Product Functions for Recovery Plan Development and Use

  1. Provides a time and events schedule (i.e. Project Management System) that describes the various activities necessary to complete the planning process, allowing input of responsible party, start date, targeted completio n date, and applicable section of the Plan?
  2. Provides a data collection questionnaire to assist in identifying critical functions and activities at the department level?
  3. Provides methods to determine critical functions and prioritize operations?
  4. Describes various backup and recovery strategies for:
    1. Main computer systems
    2. Voice communications
    3. Data communications
    4. Departmental systems
    5. Other critical equipment
  5. Includes contractual considerations for backup/alternate site arrangements?
  6. Can be used with any backup and recover strategy?
  7. Provides sample team designations based on the type of organization and scope of the Plan?
  8. Contains data gathering forms that tie to the detailed exhibits within the Plan?
  9. Describes typical assumptions used during disaster recovery plan development?
  10. Includes descriptions of the various insurance coverage that should be considered by your organization including:
    1. Extra expense coverage
    2. Business interruption costs
    3. Valuable paper and records coverage
    4. Errors and omissions coverage
    5. Fidelity coverage
    6. Medical transportation coverage
    7. Electronic funds transfer systems coverage
  11. Includes insurance analysis techniques to reduce premiums?
  12. Provides records retention guidelines for corporate, financial, information systems and other records?
  13. Describes salvage procedures for various types of records, including magnetic media, paper, microfilm, etc?
  14. Is the hypertext help with the system? (i.e. can the user "jump" from one help topic to another.)
  15. Is there context sensitive help with the system? (i.e., when the user hits the Help key, does the system bring up help that is pertinent to the section or feature that was being used?)
  16. Is there a "search" shortcut option under the Help menu bar so you can go directly to the help you need?
  17. Is there an on-line "How To" Guide on building a recovery plan? If yes, can this recovery planning guide be printed by each user?
  18. Does the system offer flexibility in plan design? (i.e., even if system is based on a specific methodology does it allow for variation and flexibility instead of rigid adherence to the plan’s methodology?)
  19. Provides a comprehensive disaster prevention checklist designed to address key security and control issues to assist in preventing disasters?
    1. Physical prevention
    2. Procedural prevention
  20. Includes procedures and forms for performing a risk assessment (business impact analysis), considering the various natural, human and technical threats and their impact on various department within the organization?
  21. Can unit plans be rolled-up into a master plan in an orderly structure? (i.e., there’s a fire in the building and you need to relocate affected areas… can you get summation of equipment, chairs, desks, PCs, phones, etc., for the affected areas only?)< /LI>
  22. Can unit plans be individually printed during a test or disruption? (i.e., there’s a telecommuncations event that disrupts your customer service department in various states..can only your customer service DRP be printing, regardless of locations?)
  23. Will all subordinate plans be included in a single plan execution? (i.e., the building is inaccessible; you execute the ""building plan" and get all "subordinate" plans, instead of being forced to execute each plan individually.)

 

 

Sample Business Recovery Plan

Inquiries About Sample Recovery Plan Functionality

  1. Provides for multiple levels of disasters?
  2. Contains disaster assessment forms and procedures to assist the management team in assessing the extent of the disaster and determining alternative actions?
  3. Includes emergency/evacuation procedure for medical emergencies, fire, tornadoes, thunderstorms, gas leaks, power failures, water leakage, etc?
  4. Contains detailed procedure for the accounting and operation areas?
  5. Contains high priority tasks, temporary operating procedures, facilities requirements, equipment and supplies, manual records and forms and reconstruction procedures for each team?
  6. Contains disaster tracking forms once a disaster strikes?
  7. Provides detailed procedure for contingency processing at an alternate site (i.e., location hot-site, mobile facility, etc.)?
  8. Includes detailed procedures for establishing voice and data communications with the alternated processing site?
  9. Describes detailed procedures for facility reconstruction and restoration?
  10. Includes the following areas:
    1. Department procedures
    2. Team responsibilities and procedures
    3. Distribution procedure
    4. High priority tasks
    5. Manual processing techniques
    6. Emergency accounting procedures
    7. Functional area procedures
    8. Notification procedures
    9. Disaster policies
    10. Temporary operating procedures
    11. Risk assessment procedures
    12. Procedures for establishing a command and control center
  11. Addresses the following equipment considerations:
    1. Main computer system
    2. Microcomputer
    3. Data Communications
    4. Voice communications
    5. Other critical equipment
  12. Addresses the following facility considerations:
    1. Main building
    2. Remote facilities
    3. Off-site facility
    4. Backup facilty
  13. Provides sample testing schedules and procedures, including types of tests, test participants, team test responsibilities and test forms?
  14. Includes exhibits or reports to supplement the main body of the Plan?
  15. Allows for user defined capabilities? (i.e., user defined sections of the plan or user defined exhibits.)
  16. Includes maintenance procedures for keeping the Plan current?
  17. Uses a clear, concise writing style?
  18. Uses a standard format?
  19. Has a place for recording the names of company personnel who will play a role in recovery situation, as well as a list of the phone numbers for all personnel who must be notified in the event of a disaster?

    20.  

  20. Has a location for recording information about all vendors who will provide products or services during a disaster and the names and telephone numbers of vendor contacts?
  21. Has sections detailing the locations and types of vital records stored off-site and the procedures for accessing them during recovery?
  22. Has inventory systems hardware and other equipment should be maintained in the plan, both for insurance purposes and for use as a checklist in plan testing?
  23. Provide a description of network operations and communications lines, and equipment and service recovery requirements?
  24. Provide for application systems descriptions and should list the hardware necessary for operations and for meeting user hardware requirements?
  25. Provide sections for information regarding organization’s lawyers, insurance policies, and lines of credit?

 

 

Database Management System

Inquiries About the Product’s Database Functions

  1. Uses "point and shoot" for data input?
  2. Provides multi-key access to database information and reports?
  3. Provides "memo" fields for certain database records allowing over 200 lines of test to be added per field?
  4. Includes user defined field names and contents within each database record?
  5. Provides on-line help screens?
  6. Allows for multiple facilities, locations, with facilities and departments within locations?
  7. Allows the user to find specific database records or browse the contents of all records?
  8. Allows the user to change the sort sequence of records within the database files?
  9. Provides a report writer that allows the user to select from a variety of reports and report sequence?
  10. Allows reports to be printed or viewed on the screen?
  11. Allows reports to be recorded in ASCII format for input into other work processing software?
  12. Can the product be populated with data resident on another system? (i.e., you want to enter employees from the HR system, and your vendors from Purchasing system; is there an import capability so you don’t have to perform data entry?)
  13. Will imported data be reflected in the product’s audit-history sub-system?
  14. Does the system prevent accidental import duplication?
  15. Can the import function handle changes and deletions as well as additions?
  16. Are "exception" reports provided to tell you about any data import errors?
  17. Can field names be easily customized to fit your terminology? (i.e., say a field name is "Alternate Phone" and you want it to read "Beeper" or "Cellular"; can the field name be easily changed?)
  18. Can the tool bar icon description be customized?
  19. Can the order of the Plan output be customized for execution? (i.e., if you’ve determined you want you call list first, your list of critical applications by priority second, tasks, and procedures third, etc., can you customize to Z order of output?)
  20. If reports can be exported to a file, can the type of file be specified? I.e., WordPerfect, MS Word, Lotus 123, MS-Excel.)
  21. If the type of file is specified, will the report be placed in the correct format? (i.e., will headers be placed in the header section of the work proceding document.)
  22. Can reports be sent directly through your e-mail system? (i.e., if you have the report on your screen, can you click a button and have it sent directly through your mail system?)
  23. Can previously created charts and diagrams be linked into your plan using OLE 2.0?
  24. Does the system have the ability to move information from one plan to another? (i.e., when employees change departments; can you easily move them into different plans?)
  25. Does the system have the ability to "selectively" replace one employee’s team assignments and management positions with another? (i.e., if employee A is laid off or promoted, can employee B be easily assigned employee A’s responsibilities?)
  26. When performing a global delete, are all relationships associated with that record also removed? (i.e., if a department is eliminated and you want to delete that plan, can you do a global delete of everything associated with that plan?)
  27. Provides for the following functions when reports are viewed on the screen:
    1. Scrolling line by line
    2. Scrolling screen by screen
    3. Panning left and right
    4. Windowing to view separate parts of a report side-by-side
  28. Allows the combining of separate database records into a consolidated file?
  29. Provides project management capabilities?
  30. Does the system interface to any Windows (3.1 or 95) or DOS-based word processor?
  31. Can you use your own text documents instead of those included with the system?
  32. Does the system come with standard reports?
  33. Can you edit standard reports? (i.e., change the contents, style, and typeface.)
  34. Are custom reporting capabilities available?
  35. Can summations of equipment, supplies, employees, etc., be performed?
  36. Can recovery plan data be sorted in any order?(i.e., alphabetically, numerically, ascending/descending, by zip code, etc.?)
  37. Can you determine the search criteria for each report?
  38. Can only portions of the plan be printed? (i.e. , allows for the generation and printing of individual plan reports.)
  39. Can reports be printed to the screen for on-line viewing before printing?
  40. Can reports be printed or exported to a file?
  41. Contains the following files/information:
    1. Facilities file
    2. Location file
    3. Department file
    4. Alternate location file
    5. Off-site storage location file
    6. Position description file
    7. Personnel file
    8. Personnel skills ratings file
    9. Team members file
    10. Data communications inventory file
    11. Main computer hardware inventory file
    12. Main computer software file
    13. Microcomputer hardware file
    14. Microcomputer software file
    15. Documentation inventory file
    16. Forms inventory file
    17. Insurance policies inventory file
    18. Office equipment inventory file
    19. Office supply inventory file
    20. Records inventory file
    21. Telecommunications inventory file
    22. Emergency procedure file
    23. Recovery procedure file
    24. Project management file

 

 

Testing

Questions About the Product’s Reocvery Testing Functions

  1. Contains testing schedules?
  2. Includes testing methods and procedures for:
    1. Structured walk-through testing
    2. Checklist testing
    3. Simulation testing
    4. Integrated testing
    5. Parallel testing
    6. Tactical testing
  3. Contains techniques for evaluation results?

 

 

 

Product Security System

Inquiries About the Product’s Security Functions

  1. Contains USER ID, password, and login capability?
  2. Encrypts passwords?
  3. Includes the capability to require users to change their passwords after a specified period of time?
  4. Allows the capability to establish security level for each user?
  5. Contains multiple levels of security?
  6. Provides the capabilty to establish security levels for each menu item?
  7. Provides a minimum length of six characters in the password field?
  8. Does the system have recovery plan level security? (i.e., Finance cannot edit MIS’s plan.)
  9. Does the system offer access security into different areas/functions of the tool? (i.e., can you lock out some users from editing or printing plans f, from performing any customization to product, from accessing administrative tools, etc.)
  10. Can security profiles for various users be easily duplicated? (i.e., user on the LAN have the same level of security, the only difference is the plan each can edit - one security profile can be created once and duplicated as necessary.)
  11. Can a user be denied access to major data editing capabilities? (i.e., Move, Replace, Global Delete?)
  12. Can an individual user change his/her password with out requiring access to security?
  13. Does the system have an audit history subsystem?
  14. Does audit history provide a before and after image of transactions performed? (i.e., does it show if this transaction was an add, a change or a deletion. If it was a change, does it show how the record looked before and after the transaction?)
  15. Does audit-history identify/track the user performing the transaction/
  16. Does audit-history stand a data and time on every transaction?
  17. Can the audit reports be printed?
  18. Can you restore data from the audit-history subsystem?
  19. Logs and reports user access and usage:
    1. Summary reports
    2. Detailed reports