Premium Essay

Business Continuity/Disaster Recovery Plan for Local Government Agency

In:

Submitted By CCRider
Words 1796
Pages 8
CASE STUDY-BUSINESS CONTINUITY/DISASTER RECOVERY PLAN FOR LOCAL GOVERNMENT AGENCY

1. Disaster Recovery for City Hall Server #3

a. RTO/RPO for Hardware/Software:
The Recovery Time Objective (RTO) is the determined length of time from when a disruption occurs in which a department’s functionalities, systems, applications, etc. must recover. The RTOs for the City Clerk, HR, and Finance Departments are as follows:

RTO: Recovery Time Objective
APPLICATIONS CITY CLERK HR FINANCE
Millennium – Internal Payroll Processing 1 Day 4 Hours 1 Day
Access to External Ameripay Payroll Service 1 Day 4 Hours 1 Day
Collector’s Office System (Access) 1 Month 1 Month 1 Month
Building Department System (Access) 1 Month 1 Month 1 Month
Water Department System (Access) 1 Month 1 Month 1 Month
PeopleSoft (HR System) N/A 4 Hours N/A

The Recovery Point Objective (RPO) is the amount of acceptable data loss determined by an organization during a disruption of systems. The RPOs for the City Clerk, HR, and Finance Departments are as follows:

RPO: Recovery Point Objective
APPLICATIONS CITY CLERK HR FINANCE
Millennium – Internal Payroll Processing 0 0 0
Access to External Ameripay Payroll Service 0 0 0
Collector’s Office System (Access) 1 Week 1 Week 1 Week
Building Department System (Access) 1 Week 1 Week 1 Week
Water Department System (Access) 1 Week 1 Week 1 Week
PeopleSoft (HR System) N/A 0 N/A

Because the applications within each of the departments itemized above have differing RTOs and RPOs, the Disaster Recovery Technology Strategy will be dictated by those applications requiring the lowest RPOs (zero (0)): Millennium-Internal Payroll Processing, Access to External Ameripay Payroll Service, and PeopleSoft (HR System).

b. Disaster Recovery Technology Strategy:
Option #1 – A Hot Site for Continuous Availability utilizing an internal strategy which

Similar Documents

Premium Essay

Eurotown Disaster

...REPORT ON EUROTOWN DISASTER Introduction On the 14 Oct 11 the Municipalities Emergency Preparedness Group was in meeting. At 1000 hrs it was reported that there was a major electrical failure affected the greater part of Eurotown. No initial assumptions were made but the respective service agencies were contacted. At 1200 hrs the situation deteriorated with a serious fires starting in a factory units in Bromley Hill. A Major Incident was declared at 1205 hrs and the ‘Eurotown Emergency Plan’ was activated in accordance with the Civil Contingencies Act 2004. The following actions were undertaken: * Traffic Management plan implemented. * Emergency media plan implemented (and throughout all stages of the incident). * Multi-agency action plan implemented (mutual aid response). * Communication and co-ordination with ‘Tactical Coordination Group. * Impact of power outages on critical infrastructure. * Vulnerable groups such as schools and care homes were contacted. At 1330 hrs the fire had spread to adjacent properties which housed an LPG storage tank and 10 tonnes of chlorine. The risk of explosion and the release of a toxic plume were considered severe and priority was given to evacuating residential and business properties within 500 metres of the site around the LPG storage facility and evacuation of the personnel calculated to be effected by the plume. It was agreed that evacuation of both these groups should be co-ordinated and given equal priority...

Words: 3308 - Pages: 14

Premium Essay

Disaster Management

...[pic] Records Management Disaster Planning Guideline June 2007 Version 1.1 Table of Contents Acknowledgments 5 Foreword 5 Introduction 6 Background 6 Scope of this guideline 6 Related Documents 6 Reference to the Adequate Records Management Standard 7 Variation to this guideline 7 Records and Disasters 7 Disasters affecting records 8 Disasters affecting Australian organisations 8 Counter disaster management for records 9 Disaster review of your agency 10 Risk Assessment 10 Establish the context 11 Identify the risks 11 Critical needs determination 13 Analyse the risks 14 Assess the risks 15 Treat the risks 15 Monitor and review 16 Planning 16 Project Planning 17 Project team responsibilities 18 Content of the plan 18 How to prepare the response and recovery plan 19 Components of the response and recovery plan 20 Lists and supplies 22 Insurance and emergency funding arrangements 23 On-site equipment 23 Implementing the plan 24 Maintaining the plan 24 Distribution issues 25 Plan maintenance responsibilities 25 Training and testing 25 Post disaster analysis 27 Vital Records Protection 28 Identifying vital records 29 Protecting vital records 31 Preventative measures 31 Recovery and restoration 33 Critical data...

Words: 16993 - Pages: 68

Premium Essay

Business Continuity Plan

...RUNNING HEAD: BUSINESS CONTINUITY PLAN Mercy Hospital Business Continuity Plan Susan Drago Jacksonville, Florida Western Governors University 1 RUNNING HEAD: BUSINESS CONTINUITY PLAN 2 Mercy Hospital Business Continuity Plan The number one priority for hospitals is to provide continuous, superior care to patients, regardless of circumstance. This principle results in the need to invest time and resources in preparing for disruptive events. Hospitals are required to invest in preparedness measures by external agencies, such as The Joint Commission and other accreditation bodies. This requires hospitals to have an emergency preparedness program. Six critical areas that a hospital plan must address include: Communication; Resources and Assets; Safety and Security; Staff Responsibilities; Utilities Management and Patient Clinical and support activities (JCAHO, 2012). Government regulations such as the Health Information Portability and Accountability Act (HIPAA) also require hospitals to protect all medical information, including electronic medical records (EMR), which requires a robust information security program. Business continuity refers to an integrated set of plans, procedures and resources that may be used to maintain and recover essential functions impacted from any event causing an interruption of healthcare delivery services. The key elements of a hospital business continuity plan are:  Governance-Define and align with executive priorities...

Words: 3492 - Pages: 14

Free Essay

It Audit

...Pranay Bhardwaj Disaster Recovery Planning Introduction Hurricane Sandy is regarded as one of the most devastating natural disasters to strike the city of New York. People have different recollections of that time period, with some who recall the catastrophic damage done to their home, while others remember the 4 hours of wait just to fill up their cars with gas. For financial institutions, such as Citi bank, it was a time for the management team to pat themselves on the back and breathe a sigh of relief for being able to secure important data centers and keep bank operations running. All this was a result of successful implementation of Citi’s “Disaster Recovery Plan”. What is a Disaster Recovery Plan? Just like the disaster discussed above, every week, month, and year, companies are exposed to risks of potential disasters that can affect the continuation of vital business processes. When critical processes and applications are lost, the company can incur damages ranging anywhere from $5,000- $5,000,000 per minute, depending on the size and function of the company. Some companies never recover from the excessive damage they incur during the time of the disaster, and may be forced out of business. To avoid such a situation, companies, particularly banking institutions, are heavily encouraged to have a disaster recovery plan in place. A disaster recovery plan is a powerful tool that allows companies to shield itself from any calamity that occurs, be it natural...

Words: 2454 - Pages: 10

Premium Essay

Writing Essay Fema

...Introduction and Unit Overview FEMA Mission and Purpose Response Authorities History Principles of Emergency Management Recent Changes to Emergency Planning Requirements Why an Integrated Emergency Management System? Emergency Management Concepts and Terms Partners in the Coordination Network Activity: Partners in the Coordination Network Emergency Management in Local Government Activity: Where Is Emergency Management in My Community? Unit 3: Incident Management Actions Introduction and Unit Overview Introduction to the Spectrum of Incident Management Actions Prevention Preparedness Response Activity: Response Operations Recovery Mitigation Unit 4: Roles of Key Participants Introduction and Unit Overview The Role of the Local Emergency Program Manager State Emergency Management Role How the Private Sector and Voluntary Organizations Assist Emergency Managers Federal Emergency Management Role The National Response Framework Activity: Emergency Management Partners Emergency Management Functional Groups Case Study: Emergency Management Coordination Unit 5: The Plan as a Program Centerpiece Introduction and Unit Overview What Is an EOP and What Does It Do? Activity: Where Do I Fit Into the EOP? Case Study: An EOP in Action Importance of the Hazard Analysis to the Planning Process What Is In a Hazard...

Words: 35531 - Pages: 143

Premium Essay

Terrorism and Disaster Preparedness

...occur at any given time, it is imperative for public support agencies to be as ready as possible to effectively respond. This includes first responders—firefighters, paramedics, and police—as well as structural entities such as city, state, and Federal governments. To bring the efforts of these first responders and government entities together, health care organizations will ultimately bear the heaviest burden as sick and injured citizens arrive at their doors. This paper will explore disaster preparedness from a health care organization’s perspective, looking at the extensive preparation required to adequately deal with an event of serious magnitude. The Importance of Planning Ahead In today’s highly complex world, with the threat of terrorist attacks and natural disasters impacting virtually every major population center, there are myriad scenarios that must be considered and planned for in advance of an actual event. To not do so would render communities woefully unprepared and thus potentially increase the number of casualties through ineffective treatment or no treatment at all. Disasters, both man-made and natural, are characterized through four stages: mitigation, preparedness, response and recovery (National Governors' Association, 1979). While prevention would be the desired mode for disasters, mitigation is sometimes the best case scenario. Since mitigation can only dampen the impact of disasters, preparedness is the key stage, because it ultimately determines...

Words: 1705 - Pages: 7

Premium Essay

Case

...Takoma Park, MD 20912 301-270-5554 The purpose of this effort is to develop an Emergency and Risk Management Case Studies Textbook designed to provide a resource for practitioners and students in the crisis, disaster, and risk management disciplines that displays various best practices, lessons learned, and success stories, through in-depth case studies. The result of this effort will be the authorship of a college-level crisis, disaster, and risk management textbook containing numerous real-world case studies of disaster preparedness, mitigation, response, and recovery actions. The textbook will be developed in electronic format to support upper division undergraduate college and graduate-level emergency management classes within an emergency management major or certificate program to students who may someday enter an emergency management related profession. The planned book will include the following ten chapters: Chapter 1. Introduction to Crisis, Disaster, and Risk Management Concepts Chapter 2. Preparedness Chapter 3. Mitigation Chapter 4. Response Chapter 5. Recovery Chapter 6. Communications Chapter 7. Statutory Authority Chapter 8. Business Continuity Planning Chapter 9: International Disaster Management Chapter 10: Future Trends and Issues Text chapters will support a minimum of ten three-hour blocks of instruction, unless otherwise agreed upon by the contractor and FEMA. Information derived from...

Words: 6981 - Pages: 28

Premium Essay

My Dream Job

...the capacity as Vice President of a major petroleum company, state or local government in charge of emergency management and preparedness. The job description for this position is detailed as follows: Job Title: Vice President for Emergency Preparedness Management Duties: The incumbent will serve as principle head of the entire corporation’s national and international emergency preparedness and management. Responsible for risk and safety operation of the Corporation’s Emergency Management Operation. Manage the efforts of preparation of contingency plans, hazards, and other operations that endanger the lives and properties of employees and community that they are in. Reporting; primarily to the Board of Directors and CEO of the corporation. The responsibility includes: Planning and ensuring safe and secured infrastructure, disaster and safety development, planning and coordinating of all emergency management activities: Oversees development, maintenance, and implementation of emergency management plans and procedures in accordance with national and international standards. Maintains familiarity with the full range of the corporation’s goals, mission and its various programs and administrative operations sufficient to advise and assist its regional and international managers on ensuring performance essential to the functions of their operating environment or region. Reviews and validates continuity plans for compliance with Federal...

Words: 1464 - Pages: 6

Premium Essay

Emergency Planning and Business Continuity Management and How It May Be Integrated with Security Risk Management.

...Abstract Businesses, both large multinational and small to medium, should take the threats and risks they could face seriously. Security Risk Management (SRM), Business Continuity Management (BCM) and Emergency Planning (EP) assist in achieving this by putting in place effective risk identification and management measures. Effective management of risk can make the difference between success or failure of business operations during and after difficult events. Threats can include man made threats, such as terrorist attacks, or naturally occurring threats such as earthquakes. Effective risk identification and management is essential to any business, especially with the current uncertainty in the world’s economic climate. In order for businesses to survive, during times of increased strain on business operations, it is essential that an alignment between security and business operations can be achieved. This can be achieved by the security department not only widening the remit to cover more risks, but changing how the department works and relates to the rest of the business; including shared responsibility for things such as Corporate Governance, Information Assurance, Business Continuity, Reputation Management and Crisis Management. The problem is security departments now have more responsibilities in an increasingly complex and fast moving world. Security Risk management is no longer an activity just for companies who work in high-risk areas or with exposure to significant...

Words: 5764 - Pages: 24

Premium Essay

1350

...Order Code RL31285 CRS Report for Congress Received through the CRS Web FEMA’s Mission: Policy Directives for the Federal Emergency Management Agency Updated March 13, 2002 Keith Bea Specialist, American National Government Government and Finance Division Congressional Research Service ˜ The Library of Congress FEMA’s Mission: Policy Directives for the Federal Emergency Management Agency Summary The Federal Emergency Management Agency (FEMA) assists states and localities overwhelmed by, or at risk from, disasters. FEMA also coordinates federal emergency management activities and planning for the continuity of government should national security be threatened. Since 1979 FEMA has administered a range of authorities that enable the agency to serve as the primary source of federal technical and financial assistance for emergency management. Among the types of aid provided through FEMA programs are grants and material to help disaster victims meet pressing needs such as food and shelter, education and training programs to improve the response capabilities of nonfederal officials, and mobile communications equipment. FEMA exercises little regulatory authority, but directives that underlie the agency’s mission authorize the agency to establish standards for reconstruction of buildings after a disaster declaration is issued, for the construction of federal buildings in earthquake-prone areas, and for the operation of first responder equipment. FEMA has responded...

Words: 9516 - Pages: 39

Premium Essay

Term

...Information Security Program Guide For State Agencies April 2008 Table of Contents INTRODUCTION .......................................................................................................................................................3 A SUGGESTED IMPLEMENTATION STRATEGY .............................................................................................5 SECURITY COMPONENTS ...................................................................................................................................12 RISK MANAGEMENT ................................................................................................................................................12 POLICY MANAGEMENT ............................................................................................................................................14 ORGANIZING INFORMATION SECURITY ....................................................................................................................16 ASSET PROTECTION .................................................................................................................................................18 HUMAN RESOURCES SECURITY ...............................................................................................................................20 PHYSICAL AND ENVIRONMENTAL SECURITY ...........................................................................................................22 COMMUNICATIONS...

Words: 14063 - Pages: 57

Premium Essay

Risk Mitigation

...Risk mitigation for business resilience White paper A comprehensive, best-practices approach to business resilience and risk mitigation. September 2007 A comprehensive, best-practices approach to business resilience and risk mitigation.  Contents 2 Overview: Why traditional risk mitigation plans fail 3 Build a comprehensive strategy for risk mitigation 3 Identifying types of risk 4 Business-driven risk 4 Data-driven risk 5 Event-driven risk 5 Risk reach and range: understanding risk and its impacts 6  elating value to risk: quantifying R impact 7 Resilience frameworks: analyzing current risk environments 8 Resilience strategy: designing a blueprint for risk mitigation 9 Achieve optimum business resilience with IBM 11 Look to a market leader in business resilience 11 For more information 11 About IBM solutions for enabling IT governance and risk management Overview: Why traditional risk mitigation plans fail A successful governance and risk mitigation strategy must operate at multiple levels with broad coverage. Risk mitigation plans at many organizations fall short simply because they are not comprehensive and fail to take into account the reach and range of all the risks that they actually face. Often this occurs when organizations only focus on specific areas of risk categories, only plan for certain types of risk or don’t understand all the different areas in their organization that particular...

Words: 2961 - Pages: 12

Premium Essay

Risk Management

...process of identifying, quantifying and managing the risk an organization faces in regard to the management of office record. The objective is to maximize the positive effects of risk and to minimize the negative effects of risk. The Risk Management Framework A risk management framework is the ‘set of components that provide the foundations and organisational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organisation’. The risk management framework should include a risk management strategy, policy, a stakeholder engagement plan, and governance structure. Records managers should be aware of the risk management framework that exists in the agency. This is due to the importance of aligning the records management and risk management functions across the agency. Alignment enables records related risks and business risks with a recordkeeping component to be identified and addressed consistently. Alignment may be achieved by: • Ensuring that the risk management strategy includes recordkeeping requirements; • Aligning the risk and records management policies; • Regular communication between the records management and risk management teams; • Identifying any risks associated with the agency’s current records management practices and procedures through regular self-assessments and internal audits; • Emphasising records management as a good risk mitigation tool as poor recordkeeping...

Words: 1887 - Pages: 8

Free Essay

Cis 502 Critical Infrastructure Protection

...CIS 502 Critical Infrastructure Protection Click Link Below To Buy: http://hwaid.com/shop/cis-502-critical-infrastructure-protection/ Due Week 6 and worth 50 points Critical Infrastructure Protection (CIP) is an important cybersecurity initiative that requires careful planning and coordination in protecting our infrastructure. The following documents titled, “National Infrastructure Protection Plan”, and “Critical Infrastructure Protection”, may be used to complete the assignment. Write a three to five (3-5) page paper in which you: 1. Examine the Department of Homeland Security’s : a. mission b. operations c. responsibilities 2. Explain what Critical Infrastructure Protection (CIP) initiatives are, what are protected, and the methods used to protect our assets. 3. Describe the vulnerabilities IS professionals need to be concerned with when protecting the U.S.’s critical infrastructure. 4. Evaluate the effectiveness of IS professionals in regard to protecting the U.S.’s critical infrastructure. 5. Suggest three (3) methods to improve the protection of our critical infrastructure and justify each suggestion. 6. Use at least three (3) quality resources outside of the suggested resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: • Be typed, double spaced, using Times...

Words: 1288 - Pages: 6

Premium Essay

Aspects of an Effective Security Policy

...III. Program implementation A. Risk assessment B. Security Policy C. Training 1. Insider Threat IV. Disaster Recovery Plan A. Why have a DRP B. Seven steps of planning V. Conclusion Aspects of an Effective Security Policy Today almost every business from large cooperation’s to your local small business owner, Aunt Nancy’s homemade quilts, rely heavily on information technology to develop sales strategies, promote their product by reaching out to consumers via social media, sell and distribute their goods, develop new products, and run daily operations from accounting to time cards. The scale at which they use technology may vary, but the need for each business large or small, to incorporate an effective security program is key to keeping their systems up and running while at the same time providing enough freedom to themselves or their employees to remain competitive and productive. In short too much security may result in a loss of business and profits, not enough security, the same thing can happen and much worse. For an effective security program to be establish and work, a business must incorporate a security policy that works for it. I will be covering some of the steps required by any business to successful incorporate a security program. Keep in mind that no two businesses are alike and so no one security policy will work for every business. So the...

Words: 2348 - Pages: 10