IMB Corporation Business

Introduction

IBM has smorgasbord technologies to run its global operations, systems and operations can have known and unknown risk, therefore, Plan B is important if anything uncertain. This document serves as an ICP that IBM Corporation to proactively respond to in uncertainty.

This document is also considered a standard procedure that also consist of tasks and information. It is necessary to maintain this document and cover all the causes of interruption of Corporate IT Services service and necessary action to resume the service with less impact on business.

This is a subset of IBM's Management Plan and helps the reader to get enough information to contingencies that could impact operations of the business, therefore considering the sensitivity of the information, the plan is as Strictly Confidential and to be used only by concerned whose names will also be listed in this plan.

Prior to preparation of this Plan IBM's management has confirmed that the service interruption can lead to business and financial loss, therefore they understand the importance of measures to be taken, and a team is also formed whose structure is provided in the plan.

Get quality help now

Sweet V

Verified writer

Proficient in: Business

4.9 (984)

“ Ok, let me say I’m extremely satisfy with the result while it was a last minute thing. I really enjoy the effort put in. ”

+84 relevant experts are online

Hire writer

IBM Risk Management team also does risk analysis for known-unknown and preventive controls and mitigation of those risk associated with Corporate IT Services.

An important aspect of maintaining this plan is revision, periodical updates, training to concern and must remain in as part of IT and business operations. The plan is not one time, it must be revised, and the revision log should be maintained.

Scope

This ISCP mainly covers Corporate Information System, maintained by the Information Technology Department of IBM Corporation HQ in Network. Data Center and related applications and databases managed by the IT Department of the company.

Purpose

This plan is a guide to for recovery procedures for Information Systems maintained by IT Department of IBM Corporation. And Objective of this plan is to access the damage that can cause by the disruption of IT Services, activities, procedures and roles related to restoration operations.

CP Policy Statement

Related Plans

This plan is integrated DRP, COOP, and/or BCP. The execution might activate all or some plans.

Contingency Organization (CPTM)

IBM establishes multiple roles and responsibilities for responding to outages, disruptions, and disasters for their Cloud systems. Individuals who are assigned roles for recovery operations collectively make up the Contingency Plan Team and are trained annually in their duties. Contingency Plan Team members are chosen based on their skills and knowledge

The Contingency Plan Team consists of personnel who have been selected to perform the roles and responsibilities described in the sections that follow. All team leads are considered key personnel.

Below we brief on some the tasks that each member in IBM CPMT performs.

The CPD performs the following duties:

• Makes the decision on activating the ISCP
• Start the initial notification to start the ISCP
• Evaluations the Business Impact Analysis (BIA)
• Check and validate the ISCP
• Informs the Contingency Plan Team leads and members as necessary triggers a recovery declaration statement after the system has returned to normal operations

The CPC performs the following duties:

• Implement and documents the ISCP under supervision of the CPD
• Exploit the BIA to rank recovery of components
• Modernizes the ISCP annually
• Guarantees that yearly ISCP exercise is conducted
• Helps constant ISCP testing exercises
• Manages and observes the general recovery process
• Chiefs the contingency response effort once the plan has been activated
• Counsels the Procurement and Logistics Coordinator on whether to order new equipment

The ODAL performs the following duties:

• Governs if there has been the harm of life or injuries
• Evaluates the extent of damage to the facilities and the information systems
• Approximations the time to recuperate operations
• Identifies salvageable hardware
• Maintains a log/record of all salvageable equipment
• Provisions the cleanup of the data center following an incident
• Improves and maintains a Damage Assessment Plan

The hardware recovery team performs the following duties:

• Installs hardware and connects power
• Installs cables and wiring as necessary
• performs arrangements to move hardware to other locations
• Confirms electrical panels are operational
• Approves that fire conquest system is operational
• Interconnects with hardware vendors as needed
• Counsels the PLC if new hardware should be purchased

The software recovery team performs the following duties:

• Installs software on all systems at an alternate site
• Completes live relocations to an alternate site
• Installs servers in the order described in the BIA
• Interconnect with software suppliers as needed
• Sustains system software configuration information in a storage facility

The Telecomm team performs the following duties:

• Measures the need for alternative communications devices and connection
• Communicates with IBM telephone vendors as needed
• Strategies for obtaining new hardware and telecommunication equipment
• Counsels the PLC if new equipment needs to be purchased
• Manages and installs communication equipment at the alternate site
• Preserves plan for installing and configuring VOIP

The PLC performs the following duties:

• Obtains new equipment and supplies as necessary
• Guarantees that equipment and supplies are delivered to locations
• Works with the CPC to provide transportation for staff as needed
• Processes requests for payment of all invoices related to the incident
• Procures alternate communications for teams as needed.

The Security Coordinator performs the following duties:

• Provides training for employees in IBM facility emergency procedures
• Offers physical security, and access control to support recovery effort
• Organizes with the building management for legal personnel access
• Guarantees that IBM data center at alternate site has locks on the doors
• Organizes the transportation of files, reports, and equipment.

Business Impact Analysis (BIA)

IBM Business Impact Analysis (BIA) is conducted to be part of their contingency planning process. It was prepared on 25-April-2019.

Purpose

The main idea behind conducting the BIA is to identify IBM system components by correlating them to the business processes, the system supports and using this information to measure the impact on the process if the system were inaccessible.

The step of BIA are:

• Identify business processes and recovery significance. Identify the downtime if the process went down, which should reflect the maximum that an organization can tolerate while still maintaining the recovery mission.
• Determine the required resources. Accurate recovery efforts require a thorough evaluation of the resources required to resume business processes and related interdependencies as quickly as possible. Such resources can be facilities, personnel, equipment, software, data files, system components, and vital records.
• Determine recovery priorities for system resources. Based upon the results from the previous activities, system resources can more clearly be linked to critical business processes. Priority levels can be established for sequencing recovery activities and resources.

This document is used to build the IBM Information System Contingency Plan (ISCP) and is included as a key component of the ISCP. It also may be used to support the development of other contingency plans associated with the system, including, but not limited to, the Disaster Recovery Plan (DRP).

Determine Process and System Criticality

Step one of the BIA process - Working with input from users, managers, mission/business process owners, and other internal or external points of contact (POC), identify the specific business processes that depend on or support the information system.

IBM Exchange Server: Receive or process only messages from authenticated users Security Communication Protocol: Encrypts all communications internally between all its corporate servers and workstations. External Access: Retrieve and receive documents from outside the company safely. Regular Backup Process: Daily backups to secure all critical business.

IBM Central File Server: A file server that has all corporate data files.

IBM mail server: Allows employees to use their internal e-mails from outside the company

Internet Service Provider: Provides internet connectivity to the company

Business Impact and Weight Analysis and Prioritization

Business Function

• Impact on Profitability (30%)
• Contribution to Strategic Objectives (30%)
• Impact on Internal Operations (20%)
• Impact on Public Image (20%)
• Total Weight (100%)

Outage Impacts

Following notification, a thorough outage assessment is necessary to determine the extent of the disruption, any damage, and expected recovery time. The following impact categories represent important areas for consideration in the event of a disruption or impact.

The impact value prioritization:

• Severe = $75k and above
• Moderate = $15k-$75k
• Minimal = $15k and below

The table below summarizes the impact on each mission/business process if IBM services were unavailable, based on the following criteria:

• Business Process
• Impact Category
• Outage Estimated Cost

Impact IBM Exchange Server $30k Moderate

Security communication protocol $60k Moderate

• External Access $90k Severe
• Regular Backup $110k Severe
• IBM File Server $90k Severe
• IBM mail server $20k Moderate
• Internet Service Provider $130k Severe

Estimated Downtime

Working directly with business process holders, staff, and stakeholders, estimate the downtime factors for consideration because of a disruptive event.

Maximum Tolerable Downtime (MTD). The MTD denotes the total amount of time stakeholders are willing to accept for a business process outage

Recovery Time Objective (RTO). RTO describes the supreme amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources, supported business processes, and the MTD.

Recovery Point Objective (RPO). The RPO denotes the point in time, to which business process data must be recovered after an outage.

The table below pinpoints the MTD, RTO, and RPO for the organizational business processes that rely on IBM service

Business Process

• MTD
• RTO
• RPO

IBM Exchange Server

• 23 hours
• 5 hours
• 24 hours

Security communication protocol

• 23 hours
• 5 hours
• 24 hours

External Access

• 23 hours
• 8 hours
• 24 hours

Regular Backup

• 18 hours
• 48 hours
• 24 hours

IBM File Server

• 8 hours
• 5 hours
• 24 hours

IBM mail server

• 9 hours
• 5 hours
• 24 hours

Internet Service Provider

• 5 hours
• 2
• 24 hours

Identify Resource Requirements

• System Resource/Component
• Platform/OS/Version (as applicable)
• Description
• firewall gateway
• Windows
• Gateway that assure security validity
• IBM mail server
• Windows
• Responsible for mail access internally
• IBM Exchange Server
• Linux
• Responsible for mail access internally
• IBM file server
• Linux
• Data file

It is assumed that all identified resources support the mission/business processes identified in Section 3.1 unless otherwise stated.

Identify Recovery Priorities for System Resources

The table below lists the order of recovery for IBM services resources. The table also shows the predictable time for recovering the resource following a worst case disruption.

Priority

• System Resource/Component
• Recovery Time Objective
• Medium
• firewall gateway

Plan testing is a critical element of a viable contingency capability. Testing enables plan deficiencies to be identified and addressed. Testing also helps evaluate the ability of the recovery staff to implement the plan quickly and effectively. Each IT contingency plan element should be tested to confirm the accuracy of individual recovery procedures and the overall effectiveness of the plan.

Purpose

In an effort to validate the IBM Contingency Plan (CP) dated [27-April- 2019], tests will be conducted on to examine processes and procedures associated with the implementation of the CP. The type of tests required is a full functional exercise based on the impact level for the availability objective for the system. This exercise will be a [5]-hour event that will begin at [9am] and will last until [13pm].

The exercise is designed to facilitate communication among select personnel regarding the implementation of recovery operations following an event causing the outage of mission-critical systems that are housed in the [IBM Data Center]. This exercise is designed to help validate existing CP procedures. This is an effort to ensure successful activation of the plan in event that File Server of the CP are not available for the first few hours resulting from the extent of the disaster. Recovery personnel are trained on the following plan elements:

Purpose of the plan

• Cross-team coordination and communication
• Reporting procedures
• Security requirements
• Team-specific processes (Notification/Activation, Recovery, and Reconstitution Phases)
• Individual responsibilities (Notification/Activation, Recovery, and Reconstitution Phases)

Scope

The applicability of the test plan is predicated on key contingency assumptions:

The IBM facility in [UAE] is inaccessible; therefore, the test is unable to perform information processing for IBM service.

A valid plan exists with an alternate site that designates that site in [Suadi Arabia] as the alternate operating facility for the test. This plan contains provisions such that:

IBM will use the alternate site facility and alternate information system resources to recover functionality during an emergency situation that prevents access to the original facility.

The designated computer system at the alternate site has been configured and secured to begin timely processing of the system information.

The alternate site will be used to continue the system recovery and processing throughout the period of disruption, until the return to normal operations.

• The following objectives are exercised and evaluated in this contingency plan test:
• System recovery on an alternate platform from prepositioned backup media
• Coordination among recovery teams
• Internal and external connectivity
• Restoration of normal operations
• Notification procedures
• Concept of Operations

Scenario

The recovery team should be able to restore the IBM File Server by activating the backup server in another region.

Method

• The team should allocate the region where the server went down
• The team should ensure that the server backup the latest data
• The team should identify the closet region from the failure when IBM File server installed
• The team should be able to synchronize data from IBM HQ server to the regional server
• The team should accomplish this task within 1 hour
• The expected result is to restore service with no data loses
• Note that participants will be presented with an exercise scenario affecting this test. The objectives of the exercise are as follows:
• Validate the team's ability to recover information system operations at an alternate facility.
• Validate the completeness and accuracy of recovery procedures documented in the CP.
• Identify areas of the CP that need to be improved, revised, or augmented.

After Action Report

In the CP Test Plan, provide for an After Action Report that documents and informs the appropriate managers and stakeholders of the exercise results. Develop the After Action Report with the following format and content:

On [28-April-2019], the IBM team participated in a 5-hour exercise designed to validate their understanding of the system CP.

Result

The general outcome of the test as it applies to the following objectives:

The test demonstrates that the system can be brought to an operational condition at the designated alternate site using only the staff resources tasked in the CP and by following CP procedures and instructions.

The test verifies that the plan can be successfully implemented using only resources that are normally located away from the site where the incident occurs. understand their responsibilities and are able to carry them out correctly, completely, and in a timely manner.

The test verifies that the system can be brought to a secure, operational condition within the planned recovery time.

The test verifies that system information can be restored to the required state, so that mission operations can resume in a synchronized manner.