The mission-critical business systems and services that must be protected by this DRP are as follows: Payroll, Human Resource Data, POS backup media, and Web Servers and their services. b. Internal, External, and Environmental Risks b. i. Examples of internal risks that may affect business are unauthorized access by individuals who are employed by the company, and those who aren’t employed by the company but still have access to individual store’s computer systems, applications, or areas where the servers and backup media are located.
Other external and environmental risks include fire, floods, power outages, hardware failure, software glitches and failure, storms, and other acts of nature. II. Disaster Recovery Strategy a. Most cases, having an alternative site (a hot site, or cold site depending on the disaster) would be the correct way of dealing with most disasters. As well as having a backup and retention site to work from, and recover from for the main servers and web services. b. Unwanted access can be turned off, or excluded when logged in via a monitoring service, as well as time restricted login.
Any unauthorized logins will be recorded and terminated as well as site information and tracing information. Security measures are implied (camera, onsite security, etc. ). III. Disaster Test Plan a. Monthly walkthroughs of the equipment, as well as quality assurance through the electric company, Internet Service providers, will ensure upkeep of the facilities main sources of outside connection as well as power. Weekly walkthroughs from management will keep the records up to date, as well as daily walkthroughs by IT will keep day to day evaluations up to
date. b. Working with the electric company, as well as the internet service provider for the company will ensure that during a “Blackout” that services will be restored or alternative accommodations are made. Such as Internet Service Provider at the main location has been lost, the backup “hot” site is then initiated and work to restore the main site is commenced as well as recorded. If the hot site is compromised as well, the cold site and/or the backup media site will then come into play.
This goes for in an event where power is lost, or a natural disaster happens at the main location, the services then begin on alternative sites where backup has been made, or at least working services implemented. c. Unwanted access will again be monitored and recorded, as well as terminated upon login. d. During a full interruption of service, where the site as well as backup media, hot site, and cold site are not accessible, emergency protocol is implemented to recover main site as soon as possible with minimal loss. In worst case scenario, the hot site will become the main site until main site become available again.