...Communications of the IIMA 25 2006 Volume 6 Issue 2 Disaster Planning and Management Holmes E. Miller Muhlenberg College, Allentown, PA 18104 Kurt J. Engemann Iona College, New Rochelle, NY 10801 Ronald R. Yager Iona College, New Rochelle, NY 10801 ABSTRACT Recent events such as hurricanes, tsunamis, earthquakes, power outages, and the threat of pandemics have highlighted our vulnerability to natural disasters. This vulnerability is exacerbated by many organizations’ increasing dependence on computer, telecommunications, and other technologies, and trends toward integrating suppliers and business partners into everyday business operations. In response many organizations are implementing disaster recovery planning processes. In this paper we discuss how to identify threats and scenarios; how to articulate the disaster recovery strategies; and four elements of the generic disaster recovery plan: Mitigation, preparedness, response, and recovery. We then provide examples of software that can help disaster recovery professionals in the planning and implementation process. Finally we present some trends that will reinforce the criticality of the issue. Keywords: Disaster Recovery Planning; Business Continuity Planning; Risk Assessment INTRODUCTION Several major natural disasters that have occurred in the past few years have placed disaster management on the front pages: The Tsunami of late 2004, Hurricanes Katrina and Rita, and the earthquake in Pakistan in 2005 affected both...
Words: 7241 - Pages: 29
...Disaster recovery plans allows and gives the opportunity to a business to be able to recoup from any number of disasters, whether it may be a natural disaster or a fault of equipment to include power loss. These plans can be fairly basic with a goal and summary of what is to happen in the event of a disaster, to intensely involved and well spelled out plans that break down the summary, personal, intent, goal, and a timeline of events to follow. While disasters are unforeseen events that a business may never see or have to implement their plan, it allows them to be setup for success if it were to happen and not be doomed for failure in hopes of it not being a possibility. For this report, contact was made with Richmond County in Augusta Georgia to their IT department to discuss their disaster recovery plan. Some organizations are well equipped and have staffed members that specialize and have sole intent on being the disaster recovery planner and implementer. Others may contract out to other businesses to provide support and guidance on the matter. In this case, Richmond County has looked to a company called intelliSystems to provide hands-on assistance in their disaster recovery plan. IntelliSystems is a local company to the area with a mission to help “many businesses rid themselves of technology worries so that they can concentrate on growing their businesses and realizing their goals” (intelliSystems, 2015). They do this by providing key areas of: Microsoft Small Business...
Words: 646 - Pages: 3
...DRP / ECP Disaster Recovery Plan Enterprise Continuity Plan This presentation will explore the different parts and pieces necessary for a successful Disaster Recovery Plan / Enterprise Continuity Plan. More specifically, this presentation will provide information needed to garner and bolster support for such a plan from the university’s executive team. A well prepared, maintained and rehearsed recovery and/or continuity plan should have the ability to keep the university up and running throughout any type of disruptive event. DRP/ECP Team Members & Roles ● ● ● ● ● ● ● ● ● ● Crisis Management Team Administrative Support Team Damage Assessment Team Recovery Coordination Team Corporate Communications Team Human Resources Support Team Site Restoration Team Transportation Support Team System Restoration Team Voice Recovery Team and End-User Tech Support Team The Crisis Management Team should be a cohort of upper level management that will be responsible for all significant decision making in response to the current event. Only specific members of the Crisis Management team should be authorized to declare an emergency and decide on the appropriate action. Key responsibilities of this group include: analyzation of preliminary reports, disaster declaration, determination of appropriate response, activation of contingency plans and notification of team leaders (Hiles, 2010). The Administrative Support Team includes representatives from all major departments who can provide...
Words: 2423 - Pages: 10
...State of Oklahoma Disaster Recovery Plan Template Version 1.0 31 October 2007 TABLE OF CONTENTS DISASTER RECOVERY PLAN – DOCUMENT CHANGE CONTROL 6 EXECUTIVE SUMMARY 8 Overview 8 Recovery Statement Summary 8 Recovery Scenario #1: The Preferred Solution for a Total Data Center Loss 8 Recovery Strategies: Activities and Time Frames 9 Short-Term (2 to 3 Days): 9 Medium-Term (6 to 12 weeks): 9 Longer-Term (6 months to 2 years): 9 Recovery Scenario #2: The Strategy for Loss of a Critical System or Component 9 Summary 10 INTRODUCTION 11 INFORMATION SECURITY POLICY – DEFINITIONS & STATED REQUIREMENTS 11 8.2 Disaster Recovery Plan 11 8.3 Business Recovery Strategy 11 PLAN DISTRIBUTION 11 PLAN OBJECTIVES 11 PLAN ASSUMPTIONS 12 Definitions 12 PROCESSING ENVIRONMENT 13 Scope of Recovery 13 Environment Description 13 Essential Equipment 13 Disaster Recovery Scripts 15 RECOVERY PLAN ELEMENTS 17 1. Recovery Plan for Major Disasters 17 A. Detection and Reaction 17 B. Identifying the problem – Notifying the authorities 17 C. Establishing a Command Center 17 D. Reducing Exposure 17 2. Roles and Responsibilities 20 A. Management / Damage Assessment Team: Initial Response 21 B. Disaster Recovery Teams — Emergency Contact List 22 (AGENCY) FUNCTIONAL AREA MANAGERS 23 3. Recovery Plan for Major Disasters 24 A. Establishment of Full Recovery at Backup Site 24 B. Disaster Recovery Team Checklists 24 C. Restoration of Facilities and...
Words: 17396 - Pages: 70
...Purpose The purpose of this disaster recovery plan is to provide guidelines and procedures to be followed to facilitate the rapid recovery from an actual disaster. It also is designed to get information that would be required in a disaster situation. This information could require costly hours and even be impossible to attain after a disaster strikes. Many portions of this plan will change with time. Therefore the plan must be updated and maintained as changes occur. It is intended that the plan be reviewed by senior management at least annually during the fourth qtr of the year. All team leaders are expected to keep staff personal information contained in the appendices of this plan confidential. All team leaders are expected keep a copy of the Disaster Recovery Plan readily assessable from home and a copy readily assessable at their office location at all times. Levels of Disasters There are three levels of disasters which require different actions. Level 1 – Short-term or temporary equipment outages. These outages can be caused by power or equipment failure and may last up to 24 hours. In the event of rolling black outs or other short term power outages Perfect -10’s normal priority of concerns will be in effect. The first step is the safety of all members and staff. Second we want to protect the assets of Perfect -10’s and finally we want to make everyone involved as comfortable as possible. The senior member of management at each location will ensure that the building...
Words: 2406 - Pages: 10
...Medical Management software along with a backup solution. The diagram below shows the current floor plan for HHC. It should be noted that more workstations, printers and laptops will be added (see next page). Additionally, wireless access points will be setup in the bullpen areas, designed with limited distance access. Floor Plan of Home Hospice [pic] The above illustration shows the floor plan for HHC. The equipment in the table below is what we’ll be requiring: |Employee Title |Computers | | |Needed | [pic] The table below indicates level of file permissions for the various positions [pic] Network Disaster Recovery Plan (This Draft will be finalized when approved by Management) Home Hospice Care (HHC) Emergency notification contacts |Name |Address |Home Phone |Mobile/Cell Phone | |Office Manager | | | | |Director of Prof Svcs | | | | |Managing Nurse | | | | |Office Head ...
Words: 1030 - Pages: 5
...1. Executive Summary 2 2. Introduction 3 2.1 Company Overview 3 2.2 Security Policy Overview 4 2.3 Security policy goals 4 2.3.1 Confidentiality 4 2.3.2 Integrity 5 2.3.3 Availability 5 3. Disaster Recovery Plan 6 3.1 Risk Assessment 6 3.1.1Critical Business Processes 7 3.1.2 Internal, external, and environmental risks 7 3.2 Disaster Recovery Strategy 8 3.3 Disaster Recovery Test Plan 8 3.3.1 Walk-throughs 8 3.3.2 Simulations 9 3.3.3 Checklists 9 3.3.4 Parallel testing 9 3.3.5 Full interruption 9 4. Physical Security Policy 10 4.1 Security of the building facilities 10 4.1.1Physical entry control 10 4.1.2 Security offices, rooms and facilities 11 4.13.Isolated delivery and loading areas 12 4.2 Security of the information systems 12 4.2.1Workplace protections 12 4.2.2Unused ports and cabling 13 4.2.3 Network/server equipment 13 4.2.4 Equipment maintenance 13 4.2.5 Security of laptops/roaming equipment 13 5. References 14 Executive Summary The objective of this proposal is to present the information security policy created for Bloom Design Group. The issue of a company’s network security continues to be crucial because the results of data loss or significant system failure can be disastrous for a company. An alarming number of companies fail to realize how vulnerable their network is to internal, external, and environmental risks. One of the top priorities of an organization should be maintaining...
Words: 3568 - Pages: 15
...Enterprise Continuity Planning Integrated Principles of Disaster Recovery and Enterprise Continuity 19 Dec 2011 By Thomas A. Groshong Sr. Summary 1. DRP/ECP Roles 2. Resilience Layers 3. Resilience Layers Examples 4. Disaster Recovery Training 5. Outside Expertise 6. Awareness Campaign 7. Awareness Campaign Implementation 1.1 Disaster Recovery Plan / Enterprise Continuity Plan (DRP/ECP) Roles Maintaining DRP & ECP documents Personnel responsibilities Backup data scheduling Maintaining equipment status reports Security systems and emergency lighting Operational procedures Environmental controls (Cunningham et al., 2007) 2. Resilience Layers Six Resilience Layers 1. Strategy & Vision 2. Organization 3. Processes 4. Applications & Data 5. Technology 6. Facilities (Goble, G., Fields, H., & Cocchiara, R., 2002) 2.1 Strategy & Vision Business goals & objectives Resilience assessment Assess Risks Assess Vulnerabilities Strategic plan for success Baseline objectives (Goble et al., 2002; A comprehensive, 2007) 2.2 Organization Document roles Responsibilities Accountability Communications protocols Business links Skills critical to organization (Goble et al., 2002; A comprehensive, 2007) 2.3 Processes Process creation Process sustainment Process alternatives Contingency planning (Goble et al., 2002; A comprehensive, 2007) 2.4 Applications & Data Provide reliable data Align disparate data and applications Determine tolerance...
Words: 522 - Pages: 3
...________________________________________________________________________ UNIVERSITI TEKNOLOGI MARA TEST 1 ________________________________________________________________________ COURSE : EDP AUDITING COURSE CODE : AUD 370 DATE : FEBRUARY 2013 TIME : 2 HOURS NAME : GROUP : MATRIX NUMBER : SEMESTER : DEC 2012 – APR 2013 INSTRUCTIONS TO CANDIDATES 1. 2. 3. Answer ALL questions. Start each answer on a new page. Do not bring any material into the examination room unless permission is given by the invigilator. DO NOT TURN THIS PAGE UNTIL YOU ARE TOLD TO DO SO This test paper consists of 8 printed pages 2 TEST 1 PART A This part consists of 20 multiple-choice questions. Choose the most suitable answer and shades the corresponding alphabet representing the answer. 1. Among the objectives of an operating system are as follows EXCEPT a. b. c. d. the operating system must protect itself from users the operating system must protect users from each other the operating system must protect users from themselves the operating system must be totally free from errors 2. One of the criteria for accessing the firewall effectiveness is _______________ a. authorization b. flexibility c. supervision d. access control 3. Electronic fund transfer is adopted by EDI trading partners due to implication on ________ a. b. c. d. Audit trails of transactions Cash disbursement and receipts ...
Words: 3159 - Pages: 13
... Roles of the DRP/ECP Team • Declares a disaster has occurred • Maintain current documentation of the DRP • Responsibility of staff • Testing DRP Six Resilience Layers 1. 2. 3. 4. 5. 6. Strategy Organization Processes Data / Application Technology Facilities / Security Outline of Resilience Layers 1. Strategy • Achieving business goals and objectives • Complete resilience assessment: • Determine the baseline for the organization • Asses vulnerabilities and risk • Success of resilience plan Outline of Resilience Layers 2. Organization • • • • • Executive committee sponsor Details roles and responsibilities Accountabilities Communication Skills important to the organization Outline of Resilience Layers 3. Processes • Creating and sustaining a processes • Alternate processes and procedures • Contingency plan Outline of Resilience Layers 4. Data / Application • • • • • Reliable data provided Alignment of disparate data and application Measurement of Key application Modification of application and data Testing of applications Outline of Resilience Layers 5. Technology • • • • Hardware and software Aligning IT investment with business objective Primary site vs. alternative site Points of failure within the system Outline of Resilience Layers 6. Facilities / Security • • • • Logical and physical security Environmental considerations Safety measures Testing Examples of Resilience • Recovery • Hardening • Redundancy • Accessibility •...
Words: 330 - Pages: 2
...various Business Continuity & Disaster Recovery Planning models. Information is a vital resource to modern companies. The loss of that information can throw a company into chaos and even be the end of it. For these reasons, businesses go to great lengths to ensure that the information they store and rely on will always be safe and available. Unfortunately despite these best efforts, disaster can still strike and the few hours of days after such an event may be crucial to the long term survival of the company. This is why businesses must be able to recover quickly from natural and man-made disasters. Business Continuity & Disaster Recovery covers how companies should act in the hours and days after a disruptive event. “What is Business Continuity and Disaster Recovery” describes disaster recovery as “...specific steps taken to resume operations in the aftermath of a catastrophic natural disaster or national emergency.” They go to give examples of such steps to include restoring servers and data connections, egress, employee muster, etc. Business Continuity is described as a the steps a company takes to ensure its information systems don't go down during a disaster (What is Business Continuity and Disaster Recovery). This may include the location of hot or cold sites as well as procedures for relocating to them. Disaster Recovery plans may also focus on preventive measures such as smoke alarms and fire drills (Smith, C., n.d.). Business recovery plans may cover loans and insurance...
Words: 399 - Pages: 2
...Disaster Recovery Plan Company Overview Strategic Business Solutions is a Veteran-owned small business with less than fifty employees and the business goal is to continue specializing in Information Technology (IT), project management, and business development solutions. Our main projects involve Internet-based E-commerce solutions. The following diagram depicts our current network, which is PCI compliant and can handle high-traffic websites: Risk Assessment Critical business processes Disruption of an information resource is not a disaster in itself, unless it is related to a critical business process, for example, an organization losing its revenue generating business process due to an information system failure. Other examples of potential critical business processes may include: * Production of finished goods * Advertising of the organization’s product(s) to be sold * Selling of the enterprise’s products or services * Receiving payments * Dispatching of finished goods * Provision of final services * Legal and regulatory compliance * Safeguarding of private and confidential data and other Information assets * Logistics services in the organization * Paying the employees Internal, external, and environmental risks Although all forms of corporate risks and potential damage can’t be avoided, but a realistic objective is to ensure the survival of the organization by establishing a culture that will identify and manage...
Words: 1568 - Pages: 7
...Disaster Recovery Plan Saphia Christopher Strayer University CIS 462 Dr. Basta An IT disaster recovery plan provides step-by-step procedures for recovering disrupted systems and networks, to help them resume normal operations. The goal of these processes is to minimize any negative impacts to company operations. The IT disaster recovery process identifies critical IT systems and networks; prioritizes their recovery time objective; and delineates the steps needed to restart, reconfigure, and recover them. A comprehensive IT DR plan also includes all the relevant supplier contacts, sources of expertise for recovering disrupted systems and a logical sequence of action steps to take for a smooth recovery (Kirvan, 2009). The following Disaster Recovery Plan has been put together for the mock company which will be named ABC Technologies. The information contained in the DRP is partially real information from my current employer and other parts are made up. This is in response to my current firm’s policy against the dissemination of proprietary information. Information Technology Statement of Intent This document delineates our policies and procedures for technology disaster recovery, as well as our process-level plans for recovering critical technology platforms and the telecommunications infrastructure. This document summarizes our recommended procedures. In the event of an actual emergency situation...
Words: 2966 - Pages: 12
...As Information Technology is increasing rapidly IT organisations should keep up-to-date with changing guidelines, software and hardware and skill set. The most of common challenges most of the IT industry face are: disaster recovery, platforms, security and consultants (Small Business - Chron.com, 2013). Information technology has become the essential part of the telecommunications industry. Today every organization is facing the task of balancing the need of have a sophisticated Technology with the need to keep the cost of IT reasonable (atkearney.com, 2010). Telstra at its current growth phase faces host of different challenges in all sectors of its business. Network Management The Telstra has recently look to invest heavily on fast expansion of 4G network (Lemay, 2013). The decision for this expansion was taken to limit growth and reputation of its competitor Vodafone in the 4G race. This huge investment has led to expensive 4G tariff to existing and new Telstra customers when compared to its competitors like Optus. The reason for the above problem is due to poor network planning. According to Finchman and Kemerer (1999), introduction of new technology is always greeted with great sense of enthusiasm and enjoy widespread initial attainment, however it fails to be carefully deployed among many firms. They propose to have diffusion modelling curve to solve above problem. In a diffusion modelling curve Company should jot down the time they take for acquisition and...
Words: 2770 - Pages: 12
...Business Continuity Planning (BCP) Sample Plan For Nonprofit Organizations Introduction The following is a ABC disaster recovery plan. Please note that this plan is provided to generate ideas only on the creation of an organization’s plan. It is not intended to be a complete work. Plans can be developed using many different formats this represents just one. Additionally, not every recovery function is represented and not every plan component is presented. 1.0 Overview 1.1 Policy Statement It is the Policy of ABC Company (“ABC”) to maintain a comprehensive Business Continuity Plan for all critical organization functions. Each department head is responsible for ensuring compliance with this policy and that their respective plan component is tested no less than annually. ABC’s Disaster Recovery efforts exercise reasonable measures to protect employees, safeguard assets, and client accounts. 1.2 Introduction This document is the Business Continuity Plan for ABC located at 911 Recovery Drive, Any Town, USA 99999. It has been developed in compliance with the National Fire Protection Association (NFPA) Standard 1600. This plan was specifically designed to guide ABC through a recovery effort of specifically identified organization functions. At the onset of an emergency condition, ABC employees and resources will respond quickly to any condition, which could impact ABC’s ability to perform its critical organization functions. The procedures contained within have been...
Words: 3620 - Pages: 15
