...List 11 Section II: Business Continuity Strategy 12 A. Introduction 12 B. Business Function Recovery Priorities 12 C. Relocation Strategy and Alternate Business Site 12 D. Recovery Plan Phases 13 1. Disaster Occurrence 13 2. Plan Activation 13 3. Alternate Site Operations 13 4. Transition to Primary Site 13 E. Vital Records Backup 13 F. Restoration of Hardcopy Files, Forms, and Supplies 14 G. On-line Access to <ORGANIZATION NAME> Computer Systems 14 H. Mail and Report Distribution 15 Section III: Recovery Teams 16 A. Purpose and Objective 16 B. Recovery Team Descriptions 16 C. Recovery Team Assignments 16 D. Personnel Notification 17 E. Team Contacts 17 F. Team Responsibilities 17 Business Continuity Coordinator – <Insert Name> 19 EOC Communications Team – 19 EOC Human Resources Team – 20 EOC Administration Team – 20 Emergency Response Team – 21 Information Technology Recovery Team (See also Disaster Recovery Plan) – 21 Section IV: Recovery Procedures 23 A. Purpose and Objective 23 B. Recovery Activities and Tasks 24 PHASE I: Disaster Occurrence 24 PHASE II: Plan Activation 28 PHASE III: Alternate Site Operations 33 PHASE IV: Transition to Primary Operations 35 Section V: Appendices 38 Appendix A - Employee Telephone Lists 39 Appendix B - Recovery Priorities for Critical Business Functions 40 Appendix C - Alternate Site Recovery Resource Requirements 41 Appendix D - Emergency Operations Center (EOC) Locations 43 Appendix...
Words: 8008 - Pages: 33
...List 11 Section II: Business Continuity Strategy 12 A. Introduction 12 B. Business Function Recovery Priorities 12 C. Relocation Strategy and Alternate Business Site 12 D. Recovery Plan Phases 13 1. Disaster Occurrence 13 2. Plan Activation 13 3. Alternate Site Operations 13 4. Transition to Primary Site 13 E. Vital Records Backup 13 F. Restoration of Hardcopy Files, Forms, and Supplies 14 G. On-line Access to <ORGANIZATION NAME> Computer Systems 14 H. Mail and Report Distribution 15 Section III: Recovery Teams 16 A. Purpose and Objective 16 B. Recovery Team Descriptions 16 C. Recovery Team Assignments 16 D. Personnel Notification 17 E. Team Contacts 17 F. Team Responsibilities 17 Business Continuity Coordinator – <Insert Name> 19 EOC Communications Team – 19 EOC Human Resources Team – 20 EOC Administration Team – 20 Emergency Response Team – 21 Information Technology Recovery Team (See also Disaster Recovery Plan) – 21 Section IV: Recovery Procedures 23 A. Purpose and Objective 23 B. Recovery Activities and Tasks 24 PHASE I: Disaster Occurrence 24 PHASE II: Plan Activation 28 PHASE III: Alternate Site Operations 33 PHASE IV: Transition to Primary Operations 35 Section V: Appendices 38 Appendix A - Employee Telephone Lists 39 Appendix B - Recovery Priorities for Critical Business Functions 40 Appendix C - Alternate Site Recovery Resource Requirements 41...
Words: 8018 - Pages: 33
...be issued a CD and hard copy of this plan to be filed at home. Each member of the Disaster Recovery Team and the Business Recovery Team will be issued a CD and hard copy of this plan. A master protected copy will be stored on specific resources established for this purpose. Backup Strategy Key business processes and the agreed backup strategy for each are listed below. The strategy chosen is for a fully mirrored recovery site at the company’s offices in _____. This strategy entails the maintenance of a fully mirrored duplicate site which will enable instantaneous switching between the live site (headquarters) and the backup site. KEY BUSINESS PROCESS | BACKUP STRATEGY | IT Operations | Fully mirrored recovery site | Tech Support - Hardware | Fully mirrored recovery site | Tech Support - Software | Fully mirrored recovery site | Facilities Management | Fully mirrored recovery site | Email | Fully mirrored recovery site | Purchasing | Fully mirrored recovery site | Disaster Recovery | Fully mirrored recovery site | Finance | Fully mirrored recovery site | Contracts Admin | Fully mirrored recovery site | Warehouse & Inventory | Fully mirrored recovery site | Product Sales | Fully mirrored recovery site | Maintenance Sales | Fully mirrored recovery site | Human Resources | Off-site data storage facility | Testing Fully Mirrored Recovery site - | Fully mirrored...
Words: 1478 - Pages: 6
...Risk Management Plan Project Name: IS305 Project Manager: Paul Bettinger Date: October 1, 2013 RISK management PLAN INTRODUCTION 2 PURPOSE AND SCOPE 2 RISK MANAGEMENT PLANNING 3 RISK MANAGEMENT ASSIGNMENTS 6 RISK MANAGEMENT TIMELINE 7 MITIGATION PLAN Introduction 8 Cosiderations 8 Prioritizing 9 Cost benefit analysis 10 Implementation 11 Follow-up 11 Buisness impact analysis Introduction 12 Scope 12 PURPOSE AND objectives 13 Steps of bia 13 final review 15 BUSINESS CONTINUITY PLAN Introduction 16 oBJECTIVES 16 BCP PLANNING 17 PLAN UPDATES AND TRAINING 21 computer incident response team Introduction 22 Purpose 22 elements of the plan 23 incident handling process 23 cirt members 23 detection 24 containment 24 recovery and review 24 cirt policies 25 FINAL THOUGHT RISK MANAGEMENT PLAN INTRODUCTION A risk management plan is a process for identifying, assessing, and prioritizing risks that could cause the company a loss. Identifying these risks, threats and vulnerabilities and taking action to prevent or control them now and in the future. Creating a risk management consists of measuring and prioritizing risks involved and taking actions to reduce any loss the company may encounter. Being that indirectly we work with the Department of Defense, which as you knows is a department of the United States Government dealing with national security, a well-developed risk management plan is of the upmost importance. Without updating...
Words: 5009 - Pages: 21
...guide local recovery? Throughout history, we can now with certainty state that disaster happens, especially in my home of State of Florida. In Florida, we are of course known for hurricanes and everything else that comes with it. But we must also keep in mind that disasters are local and occurs in cities and counties of all sizes. The question that we can ask is what happens following a disaster? Well, the answer is that the people of that particular city or county is looking for the leadership of their elected officials in order to lead them through the devastating time; to act swiftly and quickly with an immediate response and reassuring the community that their lives will promptly return to normalcy. Nonetheless, no matter the size of the city, the local government leaders are responsible to oversee all four phases of the Emergency Management process, which are Preparedness, Response, Recovery and Mitigation. Furthermore, whenever we discuss disaster, the first thought that comes to mind is “Hurricane Katrina” because of the blatant misguided approach and lack of timely and effective response during this disaster recovery. But if I were to guess the major reason for such disastrous approach is because the government was focusing on a short-term relief while disregarding the long-term recovery process. Based on the readings and research, it would appear that historically this has been the situation for many other cases. When we are looking at “Long-Term Recovery”, it involves...
Words: 2822 - Pages: 12
...IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History |revision |date |name |description | |Original 1.0 | | | | | | | | | | | | | | Table of Contents Information Technology Statement of Intent 5 Policy Statement 5 Objectives 5 Key Personnel Contact Info 6 Notification Calling Tree 7 External Contacts 8 External Contacts Calling Tree 10 1 Plan Overview 11 1.1 Plan Updating 11 1.2 Plan Documentation Storage 11 1.3 Backup Strategy 11 1.4 Risk Management 11 2 Emergency Response 12 2.1 Alert, escalation and plan invocation 12 2.1.1 Plan Triggering Events 12 2.1.2 Assembly Points 12 2.1.3 Activation of Emergency Response Team 12 2.2 Disaster Recovery Team 13 2.3 Emergency Alert, Escalation and DRP Activation 13 2.3.1 Emergency Alert 13 2.3.2 DR Procedures for Management 14 2.3.3 Contact with Employees 14 2.3.4 Backup Staff 14 2.3.5 Recorded Messages / Updates 14 2.3.7 Alternate Recovery Facilities...
Words: 4679 - Pages: 19
...obtain senior mgmt support 2) define a project scope, the objectives, to be achieved and planning assumptions 3) estimate the project resources needed (human and financial) 4) Define a timeline and major deliverables Senior leadership's two major goals 1) Grow the business 2) Protect the brand What are the risk to a corporation for not having BC/DRP? 1) Financial 2) Reputational 3) Regulatory Formula for calculating financial risk P * M = C P: Probability of harm M: Magnitude of harm C: Cost of prevention Prudent man rule exercise the same care in managing the company affairs as in managing one's own affairs 1. Which of the following is considered the most important component of the enterprisewide continuity planning program? c. Executive management support 2. During the threat analysis phase of the continuity planning methodology, which of the following threats should be addressed? a. Physical security b. Environmental security c. Information security d. All of the above d. All of the above 3. The major objective of the business impact assessment process is to: a. Prioritize time-critical business processes b. Determine the most appropriate recovery time objective for business processes c. Assist in prioritization of IT applications and networks d. All of the above d. All of the above 4. Continuity of IT technologies or IT...
Words: 2067 - Pages: 9
...ACCT 4926 Assignment #1 Chapter 2 4. Disaster Recovery Plans a. The computer security weaknesses present at Hill Crest Corporation that made it possible for a disastrous data lost to occur include: * Not housing the data-processing facility in a building constructed of fire-retardant materials, and instead using one with exposed wooden beams and a wooden-shingled exterior. * The absence of a sprinkler (halon) system and a fire-suppression system under a raised floor; fire doors. * An on-line system with infrequent (weekly) tape backups. Backups, with checkpoints and restarts, should be performed at least daily. “Grandfather” and “Father” backup files should be retained at a secure off-site storage location. * Data and programs should have been kept in a library separate from the data-processing room, with the library area constructed of fire-retardant materials. * Lack of a written disaster recovery plan with arrangements in place to use an alternate off-site computer center in the event of a disaster or an extended service interruption. There was a phone list of DP personnel, but without assigned responsibilities as to actions to be taken when needed. * Lack of complete systems documentation kept outside the data-processing area. b. The components that should have been included in the disaster recovery plan at Hill Crest Corporation to ensure computer recovery within 72 hours include the following: * A written...
Words: 1700 - Pages: 7
...plan approach Introduction This chapter focuses on planning for the unexpected event, when the use of technology is disrupted and business operations come close to a standstill. “Procedures are required that will permit the organization to continue essential functions if information technology support is interrupted.” On average, over 40% of businesses that don't have a disaster plan go out of business after a major loss. What Is Contingency Planning? The overall planning for unexpected events is called contingency planning (CP). CP is the process by which organizational planners position their organizations to prepare for, detect, react to, and recover from events that threaten the security of information resources and assets, both human and artificial. The main goal of CP is the restoration to normal modes of operation with minimum cost and disruption to normal business activities after an unexpected event. CP Components Incident response plan (IRP) focuses on immediate response to an incident. Disaster recovery plan (DRP) focuses on restoring operations at the primary site after disasters occur. Business continuity plan...
Words: 3573 - Pages: 15
...------------------------------------------------- Risk Management – Sector I Risk Management Plan Introduction Version 1.2.0 Designed by: Defense Logistics Information Systems Designers: Matthew Gugumuck Michael Mawyer Daryl Giggetts | Overview | * The goal of the Risk Management plan is to design and execute the implementation of various security policies and different counter-measures in the event of any type of risk, threat, and/or vulnerabilities against the organizations daily operations and sensitive information. By combining both hardware devices and software applications will boost the effectiveness of security and preventing unauthorized access and effectively repulsing attacks. | Authority/Ownership | * Any information and sensitive contents contained in this document has been planned and developed by DLA Logistics Information Service and in which is the rightful owner of this document. All materials contained within this document is considered CLASSIFIED and is also copyrighted by DLA Logistics Information Service (DLIS). Any wrongful use of such material and/or reference to this document without the rightful expressed and written consent of the owner(s) may result in criminal prosecution. | Sections contained in DLIS Risk Management Plan | * Risk Management Overview * Planning and Implementation of Risk Management * Key Personnel Roles * Risk Assessment Plan * System Analysis and Characterization ...
Words: 4166 - Pages: 17
...Best practices for Disaster Recovery. Research Assignment 9 Robert Montini (18738519) Mr. Troianos Research Assignment 9 Robert Montini (18738519) Mr. Troianos Best practices for securing SQL Server. Best Practices for Disaster Recovery. Bad things happen, but to a corporation, entity or country, a bad thing happening to its server is worse than bad. It’s a Disaster. The loss of crucial information, records and vital statistics can bring the death to whatever the data base is associated to. That is why Disaster Recovery is one of the most prioritized tasks a data base team may face. Given that the creating a data base is in itself the major goal, protecting that data base should a disaster befall it is as important. There are numerous ways to do this. This paper deals with the best practices of how to accomplish this. The first thing should be to make a backup plan. This should: 1. A computer where the backup will be stored 2. What programs that will be used to back up the database 3, The computers to be backed up 4. A schedule of when to backup new data to the data base 5. The offsite location where the data base recovery data will be stored The second practice is to document all the changes that are made to the database. These include service packs, hot fixes and QFEs that have been applied. This is crucial for getting a data base restored to its original state should a disaster occur. These steps should be implemented to help prevent or minimize the...
Words: 1274 - Pages: 6
...business continuity planning and disaster recovery planning will leave a company is at risk of a catastrophic loss of revenue due to the loss of the Information Systems. Any company that relies on its Information Systems for their operations should invest the time and revenue in developing an efficient and effective Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP). This study will compare the differences in what a Business Continuity Plan is used for and what a Disaster Recovery Plan is used for. Additionally, it will evaluate the risk having a Business Continuity Plan and Disaster Recovery Plan versus accepting the potential loss of revenue and business in the event of a disaster. It is important to any company that uses it Information Systems to generate revenue. If a company is effected by a disaster, the longer a company takes to respond to the emergency and recover its resources, the more time it will take the company to get back to normal operations (Harris, 2013, p. 887). As history has shown, our world has and will continue to experience many destructive events such as, floods, earthquakes, terrorism, hurricanes, and many other catastrophic events that could cripple a company that is not prepared. Disasters are uncontrollable and over time, every organization will have to deal with the fallout of a disaster. Three of the most common categories for the causes of disaster are, environmental, human, and natural. Natural disasters can include tornadoes, earthquakes...
Words: 2924 - Pages: 12
...Impact of Organizational Environment The Federal government has become more involved in response and recovery from major disasters. With the just recent disaster of Hurricane Sandy that devastated north east portion of the United States, specifically New York and New Jersey; has called for the services of emergency response units for response. Even to this day, thousands of people are without electricity and heat in their homes; others are homeless because their homes were destroyed by the wind, fire, and the Atlantic Ocean. Mitigation and having a Contingency Plan is important to help prevent high numbers of loss of life. When Hurricane Sandy came through, flooding and powerful waves slammed into homes and businesses, flooding areas of communities; which prevented fire departments from extinguishing fires that broke out. Local and national news were able to warn people ahead of time of the hurricane that was approaching; in which has probably saved thousands of lives. However, one of the four phases of Emergency Management has yet to be implemented effectively; Recovery. With so many homes and business obliterated, thousands of people displaced and homeless; they are looking for help, support, and answers from the federal government. Utility companies are feverishly working to reinstate electricity to the homes and businesses that were not destroyed; but recovery is going to be a long process and funding will have to be required in order to support the communities. ...
Words: 1075 - Pages: 5
...The New Plan 8 Using Recovery Planner 8 Configuration for TPT 9 Presentation 9 Compliance 10 Comprehensive Planning 10 Leadership Approval 12 The Plan Strategy 12 Team Structure 12 Figure 1: The Business Continuity Plan Team Organizational Chart 13 Emergency Management Team 13 Business Continuity Team 14 Business Unit Teams 15 Fly Out Teams 16 Fire Teams 16 The Four Phases of the Plan 16 Figure 2: The four phases of the Plan 16 Phase I - Appraisal 17 Phase II – Recovery Coordination 18 Phase III - Production 18 Phase IV – Site Restoration 19 Business Unit Plan Structure 20 Alternative Sites 21 Planning Refinement Recommendations 22 Risk Assessment 22 Business Impact Analysis 22 Emergency Response 23 Disaster Recovery 23 Testing and Restoration 24 Future State 25 Comprehensive Business Planning 25 ACP Workflow Planning 26 Awareness and Training 27 Maintaining Support 27 Projected Timeline 28 Figure 3: Projected Timeline 29 Tasks 29 Conclusion 30 Sources 31 Appendix A 32 Appendix B 34 Executive Summary Business continuity at Company has been undergoing a significant transformation from July to October of 2009. This analysis reviews that transformation in detail, covering the new technologies implemented, planning and team concepts, and the required...
Words: 6761 - Pages: 28
...during and after a disaster, such as a fire, flood, tornado or even a disease epidemic.Your BCP must be thought out, written down, and distributed to key personnel well ahead of any incident that could cause a disruption to your operations. Copies should be stored off-site — an obvious but often overlooked requirement. Here are 10 things a good BCP includes. —more—Note: This information is available as a PDF download. #1: Analysis of potential threats Your company's response to a disaster will depend on both the nature and the extent of the disaster. Some threats, such as a tornado or flood, may physically destroy your IT infrastructure. Others, such as pandemic disease, affect human resources while leaving buildings and machinery intact. A cyberterrorism attack might bring down your network but not affect the functionality of the hardware or your personnel. A bombing may destroy both human life and network components. A power outage could render your equipment unusable, but do no lasting damage. Thus your plan should cover contingencies for as many threat types as possible. #2: Areas of responsibility A key component in any crisis management situation — which is what you have during and perhaps immediately after the disaster — is assignment of areas of responsibility and establishment of a chain of command. This is no time to have department heads squabbling about who has decision-making authority. And remember that some types of disasters may result in loss...
Words: 2561 - Pages: 11
