SEC591 Week 6 Course Project: Disaster Recovery Plan (Onward University)
Week 6 Course Project: Onward University
Disaster Recovery Plan
Wardell Spates
SEC591: Prof. Patrick Coyle
Keller Graduate School of Management
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Guidelines and tips
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community
Ask the community for help and clear up your study doubts
University Rankings
Discover the best universities in your country according to Docsity users
Free resources
Our save-the-student-ebooks!
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
SEC 591 Week 6 Course Project; Disaster Recovery Plan (Onward University), Assignments of Computer Networks
SEC 591 Week 6 Course Project; Disaster Recovery Plan (Onward University)
Typology: Assignments
2024/2025
1 / 23
This page cannot be seen from the preview
Don't miss anything!
Related documents
Partial preview of the text
Download SEC 591 Week 6 Course Project; Disaster Recovery Plan (Onward University) and more Assignments Computer Networks in PDF only on Docsity!
Week 6 Course Project: Onward University Disaster Recovery Plan Wardell Spates SEC591: Prof. Patrick Coyle Keller Graduate School of Management
Introduction
Scope
Objectives
Assumptions
Policy Statement
Disaster Recovery Plan Phases
Roles & Responsibilities
Phase 1: Escalation/Activation & Notification
Outage Assessment Activation & Emergency Response Procedures Disaster Recovery Teams Onward University Communication & Notifications
Phase 2: Recovery
Sequence of Recovery Recovery Site Alternate Storage Facility Data Validation & Functionality Testing
Phase 3: Restoration
Event Documentation Deactivation
Training & Evaluation
Document Management
Document Ownership Plan Review & Maintenance Document Distribution
Appendices
Appendix A: Personnel Contact Data
Introduction
This Disaster Recovery Plan (DRP) is a repository of all information that describes Onward University’s ability to recover from disaster as well as the processes that must be followed to restore functionality after the disaster has been resolved. In the event of a disaster incident, the priority of Onward University is to ensure safety and wellbeing of staff, students, and partners. Onward University will ensure that all necessary steps are taken to safely secure all personnel before moving on to secondary operations. After all personnel are accounted for, OU’s next goal is to execute steps outlined in this DRP to bring all the organization’s critical systems into operational mode as quickly as possible. The main goals of this DRP are:
- Organization resource loss prevention
- Minimization of downtime in relation to IT resources
- Upkeep of daily operation during disaster
- Minimize the economic impact
- Establishment of alternative means of operation
- Training & evaluation
- Rapid response and restoration
Onward University’s mission is to ensure information system uptime, data integrity and availability, and business continuity.
Scope
This document details OU’s policies and procedures for technology disaster recovery, along with plans for recovery of critical technology platforms and the telecommunications infrastructure. This document summarizes the recommended procedures. In the event of emergency situations. Modification to this document may be made to ensure the safety of personnel, IT systems and data.
Objectives
The objective of the DRP is to develop, evaluate and document a well-structured and comprehensible plan which will help the company recover as quickly and effectively as possible from an unforeseen disaster or emergency that interrupts information systems and business operations. Onward University considerations include the following:
- Network and Server Infrastructure - Telephonic, Data Storage & Backup Systems - Organizational Software/Hardware & Database Systems - IT Documentation
Assumptions
This disaster response and recovery plan is based on the following assumptions:
- Once an incident is covered by this plan it is declared a disaster, the priority will be given to the recovery efforts and the resources and support required in the outline Disaster Recovery Plan will be available.
Policy Statement
Onward University will develop a comprehensive IT Disaster Recovery Plan. A formal risk assessment shall be undertaken to determine the requirements for the disaster recovery plan. The DRP should cover all essential and critical infrastructure elements, systems, and networks, in accordance with key business activities. The DRP should be periodically evaluated in a simulated environment to ensure that it can be implemented in emergency situations and that the staff and students understand how it is to be executed. All personnel must be made aware of this DRP and their perspective roles to thwart disaster. This DRP must be kept up to date to consider changing circumstances.
Disaster Recovery Plan Phases
This DRP has been developed to recover critical services using a three-phase approach. This approach ensures that system recovery efforts are performed in a methodical sequence to maximize the effectiveness of the recovery effort and minimize system outage time. The three phases are described below:
- Escalation/Activation & Notification – DRP activation occurs after disruption or outage event. System owners and users are notified of outages followed by an outage assessment. Information from the assessment is presented to the system owners and may be used to modify recovery procedures specific to the cause of the outage.
- Recovery Phase – this phase provides formal recovery operations that begin after the DRP has been initiated. Once assessments are completed and personnel have been notified, disaster recovery teams will be mobilized. The focus of this phase is to implement strategies to restore system capabilities at the original or new permanent locations. At the end of this phase, critical and mission essential functions will be operational.
- Restoration Phase – This phase defines actions to restore systems to the original or new permanent data centers. This phase consists of two major activities: validation of recovery and deactivation of the DRP. During validation, the system is verified operational before returning to normal status. The system is declared recovered and operational by system owners upon successful completion of system testing. During deactivation, system users are notified of operational system status. Documentations and after-action reports are conducted for future recovery events.
Alternate
Alternate DRP Director - Has same responsibilities as DRP director.
- Is activated when the DRP director is unavailable. Alternate DRP Coordinator - Has same responsibilities as DRP coordinator. - Is activated when the DRP coordinator is unavailable. Alternate Department Head - Has same responsibilities as department head. - Is activated when the department head is unavailable.
Recovery
Emergency Response Team (ERT) - must be activated in response to an incident.
- Immediate response to incident - Disaster assessment; impact on business, data center, etc.… - Decision of what elements of DRP must be activated - Establish recovery team - Make notifications and allocate responsibilities Disaster Recovery Team (DRT) - Determines the expected duration of the failover to the alternate site. - Prioritizes the sequence of resource recovery. - Performs all system recovery and resumption activities. - Ensures voice and data communications are functioning. - Provides IP numbers and network routing information to appropriate personnel. - Includes validation testing teams or personnel.
Phase 1: Activation & Notification
The activation and notification phase covers initial actions taken once an event has been determined. The phase includes outage assessments, DRP activation and personnel notification.
Outage Assessment
The outage assessment determines the extent of disruption, system damage and potential disruption for the future. The assessment predicts potential recovery times of the system and data center. The assessment is conducted by the assessment team and results are provided to the DRP coordinator to assist in coordination of system recovery. The outage assessment will address the following:
- Cause of the outage - Personnel safety - Is the primary data site assessable - Are there remote systems - Can recovery occur in primary location - Location of alternate recovery - Planning - Backup recovery hardware/software
Activation & Emergency Response Procedures
Activation of the DRP occurs once an incident has been detected or appears to be imminent. After activation, notify emergency response personnel to perform recovery actions to restore system functions. Incidents may indicate outage of critical systems that may be down at primary sites of operation. The DRP Director will determine if critical systems can be recovered at primary sites and dispatch disaster recovery teams to act and recover critical IT systems.
been addressed to ensure that communication quickly established between ERT and OU personnel while activating disaster recovery. Notification procedures may include:
- Identification of who makes the initial notifications. - The sequence in which personnel are notified, e.g., system owner, technical point of contact (POC), business continuity management (BCM) coordinator, school/department POC, and recovery team POC. - The method of internal and external notifications, e.g., email, mobile phone, automated notification system, etc. - What to do if no single person in the notification sequence cannot be reached? - Alerts and/or notification messages. Call trees are an effective means of conveying the communication sequence in which leadership, recovery personnel, and school/department POCs should be alerted. OU leadership will keep hard copies of staff and student contact information list. OU leadership will serve as focal points for disaster recovery communications to staff and students. All management personnel will keep hard copies of disaster recovery and business continuity plans in their homes in the event school facilities are inaccessible. If OU leadership is unreachable in the event of crisis, OU personnel are strongly encouraged to reach out to the ERT.
Phase 2: Recovery
The recovery phase provides formal recovery operations that begin after the DRP has been activated, outage assessments have been completed, personnel have been notified, and emergency teams have been mobilized. Recovery phase activities focus on implementing recovery strategies to restore system capabilities through the restoration of IT components, repair damage, and resumption of operational capabilities at the original or new permanent location. At recovery phase completion, critical services will be functional.
Sequence of Recovery Activities
Critical requirements for disaster recovery are that ensuring all necessary information is available to ensure that hardware, software, and data can be returned to a state as close to “pre-disaster” as possible. Specifically, this section addresses the backup and storage practices as well as documentation related to hardware configurations, applications, operating systems, support packages, and operating procedures. The following activities occur during the recovery phase:
- Identify recovery location - Identify resources to perform recovery procedures - Retrieve backup and system installation media - Recover systems from recovery procedures - Perform system functionality test
Recovery Site
The Disaster Command and Control Center or standby facilities will be used after the DRP Director has declared a disaster has occurred. This location is separate from the primary facility. The current facility located at Onward University is located at the technical education center 20 miles away from the primary facility.
Alternate Storage Facility
IT and disaster recovery teams will use the standby facility. It will function as the central location where decisions are made regarding the disaster. It will also function as the communications center for Onward University. The standby facility must always have the following resources available:
- Copies of this DRP document - Fully redundant server room - Sufficient servers and storage infrastructure to support enterprise business operations - Office space for DR teams and IT to use in the event of a disaster - External data and voice connectivity
Event Documentation
It is important to document recovery events to include actions taken, problems encountered during recovery, and lessons learned for inclusion to the DRP. It is the responsibility of each recovery team and all personnel involved to document their actions during the recovery effort and provide documentation to the DRP Coordinator. Alternatively, one of the recovery teams may be tasked to track the events. Information to be tracked and added to the IT DRP includes:
- Activity logs, including recovery steps performed and by whom, the time the steps were initiated and completed, and any problems or concerns encountered while executing activities. - Functionality and data testing results. - Lessons learned documentation. - After action report
Deactivation
Once all activities are complete and documentation has been updated, the DRP Director will formally deactivate the DRP recovery efforts. Notification of this declaration will be provided to OU POCs.
Training and Evaluations
The DRP Director and Disaster Recovery Teams in coordination with the OU IT department staff will develop training and evaluate OU personnel annually on disaster recovery efforts and procedures in the event of future incidents. Training will consist of the following attributes:
- Ensuring the OU personnel and students are familiar with the DRP and its associated activation, recovery, and restoration procedures - Annually validate DRP policies and procedures - Exercise procedures using tabletop and functional exercises - Ensure hardware, software, backup data, and records required to support recovery are available and functional
Document Management
Document Ownership
The contents of this document are responsibility of Onward University, which has assigned the DRP Director responsibility for its content, modifications, curriculum, and distribution to stakeholders.
Plan Review & Maintenance
To ensure currency, this document will be reviewed annually in consultation with the annual test/exercise and when system modifications occur.
Appendix A: Personnel Contact Data
Appendix B: Call Tree
Figure 1 Phone Tree sample