This document outlines our policies and procedures for technology disaster recovery, as well as our process-level plans for recovering critical technology platforms and the telecommunications infrastructure. This document summarizes our recommended procedures. In the event of an actual emergency situation, modifications to this document may be made to ensure physical safety of our people, our systems, and our data.
Our mission is to ensure information system uptime, data integrity and availability, and business continuity. OBJECTIVES The principal objective of the disaster recovery program is to develop, test and document a well-structured and easily understood plan which will help the company recover as quickly and effectively as possible from an unforeseen disaster or emergency which interrupts information systems and business operations.
Additional objectives include the following: •The need to ensure that all employees fully understand their duties in implementing such a plan •The need to ensure that operational policies are adhered to within all planned activities •The need to ensure that proposed contingency arrangements are cost-effective •The need to consider implications on other company sites •Disaster recovery capabilities as applicable to key customers, vendors and others BACK UP STRATEGY Battle Creek, Michigan is susceptible to various natural disasters such as wild fires, tornadoes, and hurricanes.
When it comes to data backup and restoration for the servers at DLIS after any given natural disaster, we recommend using the services of Carbonite for offsite vaulting. Their services include automatic backup, anytime anywhere access, easy file recovery, web-based dashboard, automatic video backup, free valet Install, U.
S based support, unlimited computers, external drives and NAS devices, HIPAA Compatible, and unlimited Windows Servers. For email services we recommend using Outlook: email cloud. Migrating email to the cloud offers substantial financial savings and eliminates on-site mail system infrastructure.
The company can avoid email server backups, shrink email support time, off-load maintenance, and bypass the need for server-based anti-virus, anti-spam and email filtering products, For email security, we recommend using Barracuda’s Email Security Service. They offer business continuity, security, data loss prevention, encryption, and optimized email. When a disaster strikes, Barracuda is prepared to forward emails to a secondary email server and spooling emails for up to 96 hours which ensures emails are delivered during disaster recovery situations.
Their security uses the most advanced technology to block the latest spam, viruses, worms, and DoS attacks. For DLP (Data Loss Prevention), they scan emails and attachments for keywords like social security and automatically block or encrypt sensitive emails. Lastly, they provide the option for users to encrypt their emails while administrators can enforce encryption policies on classes of email. RISK MANAGMENT There are many potential disruptive threats which can occur at any time and affect the normal business process.
We have considered a wide range of potential threats and the results of our deliberations are included in this section. Each potential environmental disaster or emergency situation has been examined. The focus here is on the level of business disruption which could arise from each type of disaster. Potential disasters have been assessed as follows: Potential Disaster Probability Rating Impact Rating Brief Description Of Potential Consequences ; Remedial Actions Flood 3 4 All critical equipment is located on 1st Floor Fire 3 4 FM200 suppression system installed in main computer centers.
Fire and smoke detectors on all floors. Tornado 5 Electrical power failure 3 4 Redundant UPS array together with auto standby generator that is tested weekly ; remotely monitored 24/7. UPSs also remotely monitored. Loss of communications network services 4 4 Two diversely routed T1 trunks into building. WAN redundancy, voice network resilience Probability: 1=Very High, 5=Very LowImpact: 1=Total destruction, 5=Minor annoyance PLAN TRIGGERING EVENTS Key trigger issues at headquarters that would lead to activation of the DRP are: Total loss of all communications Total loss of power
Flooding of the premises Loss of the building ASSEMBLY POINTS Where the premises need to be evacuated, the DRP invocation plan identifies two evacuation assembly points: •Primary – Far end of main parking lot; •Alternate – Parking lot of company across the street ACTIVATION OF EMERGENCY RESPONSE TEAM When an incident occurs the Emergency Response Team (ERT) must be activated. The ERT will then decide the extent to which the DRP must be invoked. All employees must be issued a Quick Reference card containing ERT contact details to be used in the event of a disaster.
Responsibilities of the ERT are to: •Respond immediately to a potential disaster and call emergency services; •Assess the extent of the disaster and its impact on the business, data center, etc. ; •Decide which elements of the DR Plan should be activated; •Establish and manage disaster recovery team to maintain vital services and return to normal operation; •Ensure employees are notified and allocate responsibilities and activities as required. DISASTER RECOVERY TEAM The team will be contacted and assembled by the ERT. The team’s responsibilities include: •Establish facilities for an emergency level of service within 2. 0 business hours; •Restore key services within 4. 0 business hours of the incident; •Recover to business as usual within 8. 0 to 24. 0 hours after the incident; •Coordinate activities with disaster recovery team, first responders, etc. •Report to the emergency response team. EMERGENCY ALERT, ESCALATION, AND DRP ACTIVATION This policy and procedure has been established to ensure that in the event of a disaster or crisis, personnel will have a clear understanding of who should be contacted. Procedures have been addressed to ensure that communications can be quickly established while activating disaster recovery.
The DR plan will rely principally on key members of management and staff who will provide the technical and management skills necessary to achieve a smooth technology and business recovery. Suppliers of critical goods and services will continue to support recovery of business operations as the company returns to normal operating mode. EMERGENCY ALERT The Emergency Response Team (ERT) is responsible for activating the DRP for disasters identified in this plan, as well as in the event of any other occurrence that affects the company’s capability to perform normally.
One of the tasks during the early stages of the emergency is to notify the Disaster Recovery Team (DRT) that an emergency has occurred. The notification will request DRT members to assemble at the site of the problem and will involve sufficient information to have this request effectively communicated. The Business Recovery Team (BRT) will consist of senior representatives from the main business departments. The BRT Leader will be a senior member of the company’s management team, and will be responsible for taking overall charge of the process and ensuring that the company returns to normal working operations as early as possible.