See Page 33 for a list of the designated recovery sites. The time required for recovery of the functional area and the eventual restoration of normal processing depends on the damage caused by the disaster. The time frame for recovery can vary from several days to several months.
In either case, the recovery process begins immediately after the disaster and takes place in parallel with back-up operations at the designated hot site. The primary goal is to restore normal operations as soon as possible. Specifically, each function of these systems was evaluated and allocated a place in one of four risk categories, as described below.
Note: Category IV functions are important to MIT administrative processing, but due to their nature, the frequency they are run and other factors, they can be suspended for the duration of the emergency.
Recovery for these systems too must be based upon an assessment of the impact of their loss and the cost of their recovery. Composed of sub-teams the Institute Support Teams , the Business Continuity Management Team as a whole plans and implements the responses and recovery actions in the event of a disaster disabling either a functional area, Central Administration or the main data center.
Also responsible for ongoing maintenance, training and testing of the Business Continuity Plan. Provides alternate voice and data communications capability in the event normal telecommunication lines and equipment are disrupted by the disaster.
Evaluates the requirements and selects appropriate means of backing up the MIT telecommunications network. Provides for physical security and emergency support to affected areas and for notification mechanisms for problems that are or could be disasters. Extends a security perimeter around the functional area affected by the disaster. Provides coordination with public emergency services Cambridge Police, etc.
Coordinates all services for the restoration of plumbing and electrical systems and structural integrity. Assesses damage and makes a prognosis for occupancy of the structure affected by the disaster. Director, Personnel Department. Coordinates all activities of the recovery process with key attention to the personnel aspects of the situation. This includes releasing staff from areas affected, initiating emergency notification systems and working with the MIT News office on dissemination of information about the recovery effort.
Communicates with the news media, public, staff, faculty, and student body who are not involved in the recovery operation. Represents the Office of the President. Represents the Vice President for Financial Operations. To oversee the development, maintenance and testing of recovery plans addressing all Category I and II business functions.
The Team is composed of key management personnel from each of the areas involved in the recovery process. The team interfaces with and is responsible for all business continuity plans and planning personnel at MIT. On a quarterly basis, the team will meet to review FARM Team plans that have been completed in the last quarter.
On an annual basis, the Team will review the overall status of the recovery plan, and report on this status through the Information Security Officer, to the Administrative Computing Steering Committee.
Individual Team members will prepare recovery procedures for their assigned areas of responsibility at MIT. They will ensure that changes to their procedures are reflected in any interfacing procedures. They will also participate in emergency preparedness drills initiated by the Safety Office or other appropriate campus organizations.
The Business Continuity Plan procedures supplement, and are subordinate to those in the Black Book, which takes precedence in the case of any difference. Following assessment of the damage, the team is then responsible for salvage operations in the area affected. Headed by the Administrative Officer for Physical Plant and activated during the initial stage of an emergency, the team reports directly to the Business Continuity Management Team, evaluates the initial status of the damaged functional area, and estimates the time to reoccupy the facility and the salvageability of the remaining equipment.
During an emergency situation, the individual designated in the Black Book will take operational responsibility for implementation of damage assessment. Following assessment, the team is responsible for salvaging equipment, data, and supplies following a disaster; identifying which resources remain; and determining their future utilization in rebuilding the data center and recovery from the disaster.
Identification of all equipment to be kept current. A quarterly report will be stored off-site. The listing will show all current information, such as engineering change levels, book value, lessor, etc. Configuration diagrams will also be available. Emergency equipment, including portable lighting, hard hats, boots, portable two-way radios, floor plans and equipment layouts will be maintained by Physical Plant.
A listing of all vendor sales personnel, customer engineers and regional sales and engineering offices is to be kept and reviewed quarterly. Names, addresses and phone numbers normal, home, and emergency are also to be kept. To provide for all facets of a positive security and safety posture, to assure that proper protection and safeguards are afforded all MIT employees and Institute assets at both the damaged and backup sites.
The team will consist of the Campus Police Department Supervisor and appropriate support staff. The Campus Police Team will interface with the following teams or organizational units, relative to security and safety requirements:.
Identify the number of Campus Police personnel needed to provide physical security protection of both the damaged and backup sites. Identify the type of equipment needed by Campus Police personnel in the performance of their assigned duties. Identify and provide security protection required for the transport of confidential information to and from both off-site and backup sites.
Coordinate with the appropriate MIT Department. The most difficult time to maintain good public relations is when there is an accident or emergency. Public relations planning is required so that when an emergency arises, inquiries from the news media, friends and relatives of staff, faculty, and students can be handled effectively. While we cannot expect to turn a bad situation into a good one, we can assist in making sure facts presented to the public are accurate and as positive as possible given the situation.
It is in our best interest to cooperate with the media as much as possible, so that they will not be forced to resort to unreliable sources to get information that could be untrue and more damaging to the Institute than the facts.
All public information must be coordinated and disseminated by their staff. Refrain from releasing information on personnel casualties until families have been notified. Once families have been notified, names of those personnel should be released quickly to alleviate the fears of relatives of others. Provide factual information to the press and authorities as quickly as facts have been verified, and use every means of communications available to offset rumors and misstatements.
Avoid speculating on anything that is not positively verified, including cause of accident, damage estimates, losses, etc. Fire Officials normally release their own damage estimates.
Situations calling for implementation of the Emergency Public Information Plan may include, but are not limited to:. The News Office alternates are listed in Appendix A. In their absence the responsibility will revert to the Senior Manager on the scene. Copies of all status reports to the Business Continuity Management Team or Administrative Computing Steering Committee will be forwarded to the Public Information Officer for potential value in information distribution for good public relations.
They will work with the Personnel Department in dissemination of information to staff. Existing relationships with local media will be utilized to notify the public of emergency and recovery status. The Public Information Officer will maintain up-to-date contact information for the media and other required parties. A facility will be identified to be used as a press room.
Arrangements will be made to provide the necessary equipment and support services for the press. Coordination with the Telecommunications Team for additional voice communication, if required, will also be made. To provide for all facets of insurance coverage before and after a disaster and to ensure that the recovery action is taken in such a way as to assure a prompt and fair recovery from our insurance carriers.
The team will consist of the Director of Insurance and Legal Affairs and required staff and insurance carrier personnel. The team reports through the Business Continuity Management Team, of which it is a member. Determine needs for insurance coverage. Identify the coverage required for both hardware, media, media recovery, liability and extra expense.
Ensure that an equipment inventory is available, to include model and serial number of all devices. Evaluate all new products and services offered by MIT for potential liability in the event of a disaster. To provide voice and data communications to support critical functions.
Restore damaged lines and equipment. The team will consist of appropriate Telecommunications Systems staff. Telecommunications Systems will also coordinate with and supervise outside contractors as necessary. The Telecommunications Systems team will interface with the following teams or organizational units, relative to telecommunications requirements:. Provide critical voice and data communications services in the event that normal telecommunications lines and equipment are disrupted or relocation of personnel is necessary.
Consult with outside contractors and service providers to ensure that replacement equipment and materials are available for timely delivery and installation.
Utilize available resources, such as the MIT Cable Television network and voice mail system, to broadcast information relevant to the disaster. This appendix contains the names and telephone numbers of managers and personnel who must be notified in the event of a disaster.
The Business Continuity Management Team Coordinator is responsible for keeping this notification list up-to-date. Two individuals are assigned responsibility for the interface with other campus organizations, such as Physical Plant Operations, to monitor emergencies as they occur. In addition, each Duty Person is equipped with a cellular phone for emergency use.
Duty Person To leave phone number To leave an 80 character text Number call: message call:. The people on duty will monitor the situation and determine if it has the potential to impact our processing ability.
This appendix contains instructions to the Business Continuity Management Team Coordinators for overseeing disaster response and recovery efforts. Coordinator Begin notification of all recovery teams.
Check to ensure all recovery participants have been notified. Coordinator Monitor the activities of the recovery teams. Assist them as required in their recovery efforts. Report to Administrative Computing Steering Committee as appropriate on recovery status. Building Services Notify team members, and vendors to report to the site for initial damage assessment and clean-up.
Take a service representative from each of the appropriate vendors, the insurance claims representative and appropriate Physical Plant and Information Systems personnel into the site. Team Members Review and assess the damage to the facility. List all equipment and the extent of damage. Team Leader Notify the BCMT if the area be restored to the required level of operational capability in the required time frame. Salvage Team Have the Building Services Supervisor determine which equipment and furniture can be salvaged.
Photograph all damaged areas as soon as possible for potential insurance claims. Based upon advice from Insurance Team and customer engineering, contact computer hardware refurbishers regarding reconditioning of damaged equipment. A sample of the configuration and full equipment inventory report from the Fixed Asset Control Systems or other automated equipment inventories should be inserted here.
The Continuity Plan Masters in off-site storage will contain the full listing. This appendix contains instructions to the Campus Police for disaster response and recovery efforts. Campus Police Duty Sgt. As per standard police procedure, this report will detail the names of all victims, witnesses, injuries, facility damage description, etc.
Assign Campus Police personnel to both the damaged and backup sites, as required. Ensure that all Campus Police personnel are properly equipped at each affected location and the recovery sites. Page Public Information Officer Assess the public relations scope of the emergency, in consultation with senior management if necessary, and determine the appropriate public relations course of action. In instances where media are notified immediately, due to fire department or police involvement, the Public Information Officer will proceed to the scene at once to gather initial facts.
Emphasis must be placed upon getting pertinent information to the news media as quickly as possible. PIO Staff Assistant Maintain a log of all incoming calls to ensure a quick response to media and other requests. Public Information Officer Maintain a log of all information which has been released to the media. Public Information Officer When appropriate, prepare news releases on a periodic basis for distribution to the local media list.
Public Information Officer If employee injuries or fatalities are involved, notify Personnel to send appropriate management personnel to the homes of the involved families. Personnel Notify Public Information Officer as soon as families have been informed. This will permit the release of names and addresses of victims so that families of those not involved can be relieved of anxiety.
Public Information Officer Contact the public relations director s at the hospitals where injured have been taken to coordinate the release of information. My thanks goes to all organizations which I managed to visit and observe their IT-DRP and understand basics on the ground. I also take this opportunity to thank my publisher who helped me with the procedures in publishing this summary research paper, as well as showing me the way on how to share my views with other researchers, scholars and other research and education institutions in the world of research.
As a research I feel privilege to conduct this research and share with you this knowledge and findings as well as conclusion. As IT systems have become increasingly critical to the smooth operation of a company, and arguably the economy as a whole, the importance of ensuring the continued operation of those systems, and their rapid recovery, has increased.
As a result, preparation for continuation or recovery of systems needs to be taken very seriously. Therefore, it is very important to make sure that all these systems are properly backed up with an appropriate technology for easy and quick recovery for business operations continuity in case of any disruption may occur.
IT disaster recovery plans provide step-by-step procedures for recovering disrupted systems and networks, and help them resume normal operations. The goal of these processes is to minimize any negative impacts to company operations. The IT disaster recovery process identifies critical IT systems and networks; prioritizes their recovery time objective; and delineates the steps needed to restart, reconfigure, and recover them.
A comprehensive IT DR plan also includes all the relevant supplier contacts, sources of expertise for recovering disrupted systems and a logical sequence of action steps to take for a smooth recovery. Electronic data interchange EDI is used to transmit data including orders and payments from one Ministry, Department or Agency to another. Servers process information and store large amounts of data. Desktop computers, laptops and wireless devices are used by employees to create, process, manage and communicate information.
What will you do when your information technology stops working? Priorities and recovery time objectives for information technology should be developed during the business impact analysis. Technology recovery strategies should be developed to restore hardware, applications and data in time to meet the needs of the business recovery.
Much and most of that data are important and crucial. Some data is vital to the survival and continued operation of the business. The impact of data loss or corruption from hardware failure, human error, hacking or malware could be so much significant to the Ministry.
Therefore, a plan for data backup and restoration of electronic information is essential. This includes networks, servers, desktops, laptops, wireless devices, data and connectivity. Priorities for IT recovery should be consistent with the priorities for recovery of business functions and processes that were developed during the business impact analysis. IT resources required to support time-sensitive business functions and processes should also be identified. The recovery time for an IT resource should match the recovery time objective for the business function or process that depends on the IT resource.
Information technology systems require hardware, software, data and connectivity. They utilize dual data centers capable of handling all data processing needs, which run in parallel with data mirrored or synchronized between the two centers.
However, there are other solutions available for small to medium sized businesses with critical business applications and data to protect. Hardware as an alternate facility can be configured to run similar hardware and software applications when needed. Assuming data is backed up off-site or data is mirrored between the two sites, data can be restored at the alternate site and processing can continue.
These sites are fully configured data centers with commonly used hardware and software products. Subscribers may provide unique equipment or software either at the time of disaster or store it at the hot site ready for use. Data streams, data security services and applications can be hosted and managed by vendors. This information can be accessed at the primary business site or any alternate site using a web browser.
These vendors can also provide data filtering and detection of malware threats, which enhance cyber security. It begins by compiling an inventory of hardware e. The plan should include a strategy to ensure that all critical information is backed up. Identify critical software applications and data and the hardware required to run them. Using standardized hardware will help to replicate and reimage new hardware. Ensure that copies of program software are available to enable re- installation on replacement equipment.
Prioritize hardware and software restoration. Document the IT disaster recovery plan as part of the business continuity plan. Test the plan periodically to make sure that it works. Data can be lost, corrupted, compromised or stolen through hardware failure, human error, hacking and malware. Loss or corruption of data could result in significant business disruption. Data backup and recovery should be an integral part of the business continuity plan and information technology disaster recovery plan.
The plan should include regularly scheduled backups from wireless devices, laptop computers and desktop computers to a network server. Data on the server can then be backed up. Backing up hard copy vital records can be accomplished by scanning paper records into digital formats and allowing them to be backed up along with other digital data. The frequency of backups, security of the backups and secure off-site storage are usually addressed in the plan.
Backups should be stored with the same level of security as the original data. This is a cost effective solution for businesses with an internet connection. Software installed on the client server or computer is automatically backed up. There are available technologies for disk to disk backup, which provide total data backup and the image of the system state according to the scheduling plan which is configured, this provide more flexibility in using the technology and management point of view.
Because restoration is just within two to three hours since everything will be backed up at the volume level and snapshot image of the system state. This phenomena lead me to take a closer look into the basics of DRP and technologies which are available with their pros and cons.
Because when disruption happen, causes so much trouble to the organization such as un-availability of services, loss of revenue and reputation, time consuming in recovery as well as additional cost for business to be back in operation, sometime in rare cases the beginning of the organization downfall.
But also to test and demonstrate different tools, techniques and methods of research methodology for the purpose of having correct and genuine evidence and results to support my findings, conclusion and recommendations. This paper will add values to the body of knowledge in the area of Disaster Recovery by identifying and eliminating factors that contribute to IT-DRP implementation failures, providing more information and details related to proper IT-DRP Framework, Data Backup best practise, plans and strategies for the successful business continuity, by identify the requirements as readiness towards IT-DRP implementation, and providing more rooms for research in the area of DR and related technologies.
Literature Reviewing b. Interviewing c. Site Visiting and d. STUDY MILESTONE As a research milestone, the following were the steps followed throughout the study to make sure I do the research in a systematic and scientific way:- Step 1: Identify the Problem In this step, the study done in order to get the challenges, limitation and constraints which the business industry faces in managing IT- DRP during a disaster, as well as getting the correct information on the research area, this serves as the focus of the study.
Step 2: Review the Literature Now that the problem has been identified, as a researcher I had to learn more about the topic. To do this, I reviewed the literatures related to the problem area.
The information discovered during this step helped me fully understand in depth the magnitude of the research area. Step 3: Clarify the Problem The aim of this step was to clarify the problem and narrows the scope of the study due to the fact, initially in any research the idea always becomes wide in scope and it is not easy to conduct a wide- scale research area. This was done after the literature been pre- reviewed. Step 4: Clearly Define Synonyms, Abbreviations, Terms and Concepts Synonyms, Abbreviations, Terms and concepts are words or phrases used in the study, these items need to be specifically defined as they apply to the study.
Terms or concepts often have different definitions depending on who is reading the study. Step 5: Define the Population Usually any research focuses on a specific group of people, facilities, or the integration of technology into the operations e. In research terms, the group to involve in the study called population. Therefore, I identified the group that the study results will apply is to be all IT people who are managing IT Service Delivery within an organization.
This ensures that I have carefully thought through all these decisions and that I provides a step-by-step plan to be followed in the study. Step 7: Collect Data Once the instrumentation plan is completed, the actual study begins with the collection of data. Every study includes the collection of some type of data—whether it is from the literature or from subjects —to answer the research question. Data can be collected in the form of words on a survey, with a questionnaire, through observations, or from the literature.
Step 8: Analyze the Data All the time, effort, and resources dedicated to steps 1 through 7 of the research process culminate in this final step.
Finally at this step, I had data to analyze so that the research question can be answered as well as research significance. This process have been done to make sure data collected are useful and provide useful meaning, and data analysis tool which have been used is SPSS Package due to the fact that, it is the most reputable and worldwide recognized for its ability and flexibility in analyzing data as well as providing correct and meaningful results. Also assuming that all IT systems and networks are performing normally, your firm ought to be fully viable, competitive and financially solid.
When an incident -- internal or external -- negatively affects the IT infrastructure, the business could be compromised. Develop the contingency planning policy statement.
A formal policy provides the authority and guidance necessary to develop an effective contingency plan. Conduct the business impact analysis BIA. The business impact analysis helps to identify and prioritize critical IT systems and components.
Identify preventive controls. These are measures that reduce the effects of system disruptions and can increase system availability and reduce contingency life cycle costs. Develop recovery strategies. Thorough recovery strategies ensure that the system can be recovered quickly and effectively following a disruption. Develop an IT contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system. Plan testing, training and exercising.
Testing the plan identifies planning gaps, whereas training prepares recovery personnel for plan activation; both activities improve plan effectiveness and overall agency preparedness. Plan maintenance. The plan should be a living document that is updated regularly to remain current with system enhancements. This is a cost-effective solution for businesses with an internet connection. Data should be backed up as frequently as necessary to ensure that, if data is lost, it is not unacceptable to the business.
Lost revenues plus extra expenses means reduced profits. Insurance does not cover all costs and cannot replace customers that defe 22ct to the competition. A business continuity plan to continue business is essential. Information technology IT includes many components such as networks, servers, desktop and laptop computers and wireless devices. The ability to run both office productivity and enterprise software is critical. Therefore, recovery strategies for information technology should be developed so technology can be restored in time to meet the needs of the business.
Manual workarounds should be part of the IT plan so business can continue while computer systems are being restored. Recovery strategies are alternate means to restore business operations to a minimum acceptable level following a business disruption and are prioritized by the recovery time objectives RTO developed during the business impact analysis.
Recovery strategies require resources including people, facilities, equipment, materials and information technology. An analysis of the resources required to execute recovery strategies should be conducted to identify gaps. For example, if a machine fails but other machines are readily available to make up lost production, then there is no resource gap.
However, if all machines are lost due to a flood, and insufficient undamaged inventory is available to meet customer demand until production is restored, production might be made up by machines at another facility—whether owned or contracted. Strategies may involve contracting with third parties, entering into partnership or reciprocal agreements or displacing other activities within the company. Staff with in-depth knowledge of business functions and processes are in the best position to determine what will work.
0コメント