Purpose
The purpose of this disaster recovery plan is to provide guidelines and procedures to be followed to facilitate the rapid recovery from an actual disaster. It also is designed to get information that would be required in a disaster situation. This information could require costly hours and even be impossible to attain after a disaster strikes. Many portions of this plan will change with time. Therefore the plan must be updated and maintained as changes occur. It is intended that the plan be reviewed by senior management at least annually during the fourth qtr of the year. All team leaders are expected to keep staff personal information contained in the appendices of this plan confidential. All team leaders are expected keep a copy of the Disaster Recovery Plan readily assessable from home and a copy readily assessable at their office location at all times.
Levels of Disasters
There are three levels of disasters which require different actions. Level 1 – Short-term or temporary equipment outages. These outages can be caused by power or equipment failure and may last up to 24 hours. In the event of rolling black outs or other short term power outages Perfect -10’s normal priority of concerns will be in effect. The first step is the safety of all members and staff. Second we want to protect the assets of Perfect -10’s and finally we want to make everyone involved as comfortable as possible. The senior member of management at each location will ensure that the building is secure by locking the door. A staff member will be assigned to operate the locked door. Each transaction that is in process will be completed as much as possible and the member will be escorted out of the building. Level 2 – long-term equipment outages were the data center itself is still intact and functional. This level indicated that data processing function on existing equipment could not continue for a extended period of time. Long term outages could be cause by such things as employee sabotage or water leaking into and destroying equipment.

Level 3 - long-term outage where the data center and the surrounding building has been destroyed or no longer usable. This type of catastrophic condition could be cause by fire, flood, etc. or other natural disasters. During an outage of this nature all functions normally preformed at this location would be diverted to back up locations.
Control center The purpose of the control center is to establish a base to control all aspects of the recovery process. The control center location will vary depending on the level of the disaster. Level I and many level to disasters will leave the Northeast office off 35 & 410 (San Antonio Men’s Club) intact and it would therefore serve as a control center.
Contingency Plan Is intended to provide a framework for constructing plans to ensure the safety of employees and the resumption of time-sensitive operations and services in the event of an emergency (fire, power or communications blackout, tornado, hurricane, flood, earthquake, civil disturbance, etc.)
Purpose
The purpose of this plan is to enable the sustained execution of mission critical processes and information technology systems for Perfect-10 in the event of an extraordinary event that causes these systems to fail minimum production requirements. The Perfect-10 Contingency Plan will assess the needs and requirements so that Perfect-10 may be prepared to respond to the event in order to efficiently regain operation of the systems that are made inoperable from the event.
Scope
Insert information on the specific systems, locations, Facility divisions, technical boundaries and physical boundaries of the Perfect-10 Contingency Plan.

Plan Information The Contingency Plan contains information in two parts related to the frequency of updates required. The first part contains the plan’s static information. The second part contains the plan’s dynamic information. This dynamic information is viewed as the action plan. The action plan should be considered a living document and will always require continuing review and modification in order to keep up with the changing Perfect-10 environment. It is The static information part of the Contingency Plan is contained in a MS-Word file and printed as part of this document. This static information should be read and understood by all employees, users, and administrators of the Perfect-10 or at least by those individuals who are involved in any phase of business response, resumption, recovery, or restoration. The dynamic information resides in the database of the DTMX01 and will be printed as output for the appendixes of this document. By using the database, dynamic information that is vital to the survival of the Perfect-10 will be easy to manage and update. The web-enabled database is designed for maintenance of personnel contact lists, emergency procedures, and technical components. For ease of use and reference, the static and dynamic information is maintained separately. While it is necessary to be familiar with the static information during resumption, it should not be necessary to read that information at the time of the event. The completed action plan of dynamic information provides all of the necessary lists, tasks, and reports used for response, resumption, or recovery. The primary focus of a contingency plan revolves around the protection of the two most important assets of any organization: personnel and data. All facets of a contingency plan should address the protection and safety of personnel and the protection and recovery of data. The primary objective of this plan is to establish policies and procedures to be used for information systems in the event of a contingency to protect and ensure functioning of those assets. This includes establishing an operational capability to process pre-designated critical applications, recovering data from off-site backup data sets, and restoring the affected systems to normal operational status.
Organization
In the event of a disaster or other circumstances which bring about the need for contingency operations, the normal organization Perfect-10 will shift into that of the contingency organization. The focus of Perfect-10 DTMX01 will shift from the current structure and function of “business as usual” to the structure and function of Perfect-10 DTMX01 working towards the resumption of time-sensitive business operations. In this plan, the Perfect-10 DTMX01 contingency organization will operate through phases of response, resumption, recovery, and restoration. Each phase involves exercising procedures of the Perfect-10 DTMX01 Contingency Plan and the teams executing those plans. The teams associated with the plan represent functions of a department or support functions developed to respond, resume, recover, or restore operations or facilities of the Perfect-10 DTMX01 and its affected systems. Each of the teams is comprised of individuals with specific responsibilities or tasks, which must be completed to fully execute the plan. Primary and alternate team leaders, who are responsible to the plan owner, lead each team.
RA OBJECTIVE One of the first steps of implementing the Contingency Program for Perfect-10 is to conduct a Risk Assessment (RA). This will help Perfect-10 to identify the current risks and threats to help implement, eliminate, or reduce potential risks. Once completed, the RA Project team will analyze the data and create prioritized risk reduction (mitigation) strategies to present to senior management.
Preventative Measures The following list contains examples of preventative measures that can be implemented by Perfect-10 to mitigate the potential risks that currently exist. Some of these activities may be achievable easily, as to where some may take more time and more resources.

Natural Risks These risks are usually associated with weather related events: flooding, high winds, severe storms, tornado, hurricane, fire, high winds, snow storms, and ice storms.
Risk / Threat Preventative Measures
Earthquakes • Move large and heavy objects to the fall to prevent injury (from falling on people.)
• Equipment tie-downs are used on all critical computer equipment.
• Emergency power is available on-site.
• Earthquake construction guidelines have been adhered to so that damage can be minimized.
• Critical data and vital records should be backed up and sent offsite for storage.
• Staff should be trained in Earthquake evacuations and safety.

Man-Made Risks
These risks are usually associated with man-made type of events: Bomb threats, vandalism, terrorism, civil disorder, sabotage, hazardous waste, work stoppage (internal/external), and computer crime.
Risk / Threat Preventative Measures
Staff Productivity Risks • Alternate sources of trained employees have been identified
• Proper training and necessary cross-training is conducted
• Files are backed up and procedures are documented
• The work areas are comfortable and safe

Environmental Risks
These risks are usually associated with exposures from surrounding facilities, businesses, government agencies, etc.
Risk / Threat Preventative Measures
Hazardous Materials Plant • There is a nightly backup of data processing electronic record and that backup is stored off-site
• The off-site backup facility is a sufficient distance away from this facility
• An alternate site has been identified for use in the event that this facility is unusable

Recovery Procedures
1. Contact Centurion personnel, review shipping options and make necessary arrangements for both communications equipment from securing and supplies to Centurion.
2. Retrieve tapes and supplies from off-site storage is required
3. Make travel arrangements for any of the operations staff going to Centurion.
4. Hand carry critical supplies, require databases, and software to Centurion
5. Centurion has the appropriate communications equipment already on site to establish a VPN with our disaster recovery router.

Contingency center
Centurion Disaster Recovery Center: 1-800-299-4411 Centurion Disaster Recovery supports core and complementary solutions with production-proven disaster recovery services. The process begins with planning all aspects required for full data recovery. Strategically located, regional hot sites are fully equipped with the technology platforms and redundancies necessary to mirror diverse financial institutions’ operational infrastructures and recreate unique business environments. Each hot site is staffed by industry and technical experts with proven working knowledge of software and hardware platforms, and financial institution operations. These multitier services will support all key business activities including information and item/image processing, safeguard financial institutions against disasters, minimize the potential business interruptions and the inherent risks, and ensure compliance with the related regulatory requirements.
What It Does
• Provides production-proven disaster recovery systems for core processing solutions and complementary products.
• Provides fully equipped regional hot sites that can recreate financial institution-specific business environments.
• Supports all key business activities, including information and item/image processing.
• Provides access to industry and technical experts with working knowledge of software solutions, core and peripheral hardware platforms, and financial institution operations.
• Provides mobile units as alternatives to temporarily relocating operations to a regional disaster recovery center.
• Facilitates annual testing and updates of financial institution-specific business recovery plans.
Location:
1021 Central Expressway South Allen, TX 75013

Damage Assessment Team The Damage Assessment Team is a technical group responsible for assessing damage to Perfect-10 DTMX01 and its components. It is composed of personnel with a thorough understanding of hardware and equipment and the authority to make decisions regarding the procurement and disposition of hardware and other assets. This team is primarily responsible for initial damage assessment, accounting of damage assessment, loss minimization, salvage and procurement of necessary replacement equipment and interfaces. This team should include vendor representatives. The Damage Assessment Team will enter the facility as soon as they have received permission to do so from emergency services. A written detailed account should be made of the general status of the work area, with specific attention to the condition of hardware, software, furnishings, and fixtures. Recommendations should be made that all damaged equipment, media, and documentation be routed immediately to disaster recovery and restoration experts for a determination as to its ability to be salvaged or restored. Team overview Teams play a vital role in recovering from any disaster. Organizing and monitoring the team is one of the most important aspects of a recovery plan. These teams are directly responsible for implementing the recovery of the or plan and organizing employees to facilitate a rapid recovery. Team leaders will be responsible for improving the original plan and reviewing it on an basis. When organizing teams, it is important to evaluate all potential members. Evaluation criteria included the distance to and from work, the overall knowledge of the task, the amount of time spent out of town, personal commitments such as part time jobs or young children, and leadership qualities. Above all, team members must be assessable and ready to be respond should the need arise. Alternate leaders are appointed to act as team leader, should the team leader be unable to fulfill the commitments of the duty. Each team should have enough members to complete all responsibilities assigned to the team. Team leaders may adjust responsibilities if conditions warrant, such that the overall objective of recovering mission critical functions is achieved.
Executive management team
Team leaders: Hue Hefner (Owner)
Alternate team leader: Pamela Anderson
Member: John Muro
Responsibilities:
1. Verify the extent of the disaster
2. Keep all team leader updated on recovery status
3. Make decisions on plan activation and level
4. Delegate, monitor and supervise all other team leaders.
5. Notify board members and maintain communication with them.
6. Notify insurance providers.
7. Provide funding for all aspects of the recovery effort as well as replacing lost assets.
8. Interface with authorities (police, fire, etc.)
9. Review alternate sites and formalize arrangements for relocation.
10. Activate control center and act as focal point for vendors and internal personnel.

Information systems team
Team leader: John Muro
Alternate team leader: Jonathon James (Hacker contracted Employee works from prison)
Member: Adrian Lamo (contracted Employee)
Responsibilities:
1. assess extent of disaster and level of recovery steps required
2. retrieved tapes and supplies from off-site storage
3. ship backup tapes to Hugh Hefner, Inc
4. locate, purchase and reconfigure replacement equipment
5. contact all mission-critical vendors affected, implement backup plans if necessary
6. keep all I.T. vendors informed of recovery needs and status
7. ensure their critical files are backed up and stored off-site
8. ensure reliable Internet is available
9. provide team support around the clock until systems are restored

Communications team
Team leaders: Walter, Cronkite
Alternate team leader: Dan Rather
1. Write copy for notification to the general public on the disaster situation and distribute through preapproved media channels (radio, television, websites, social media)
2. Ensure employees are kept updated on recovery status of operations, including when and where to report for work.