















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
SEC 591 Week 6 Course Project; Disaster Recovery Plan (Onward University)
Typology: Assignments
1 / 23
This page cannot be seen from the preview
Don't miss anything!
Week 6 Course Project: Onward University Disaster Recovery Plan Wardell Spates SEC591: Prof. Patrick Coyle Keller Graduate School of Management
Outage Assessment Activation & Emergency Response Procedures Disaster Recovery Teams Onward University Communication & Notifications
Sequence of Recovery Recovery Site Alternate Storage Facility Data Validation & Functionality Testing
Event Documentation Deactivation
Document Ownership Plan Review & Maintenance Document Distribution
Appendix A: Personnel Contact Data
This Disaster Recovery Plan (DRP) is a repository of all information that describes Onward University’s ability to recover from disaster as well as the processes that must be followed to restore functionality after the disaster has been resolved. In the event of a disaster incident, the priority of Onward University is to ensure safety and wellbeing of staff, students, and partners. Onward University will ensure that all necessary steps are taken to safely secure all personnel before moving on to secondary operations. After all personnel are accounted for, OU’s next goal is to execute steps outlined in this DRP to bring all the organization’s critical systems into operational mode as quickly as possible. The main goals of this DRP are:
Onward University’s mission is to ensure information system uptime, data integrity and availability, and business continuity.
This document details OU’s policies and procedures for technology disaster recovery, along with plans for recovery of critical technology platforms and the telecommunications infrastructure. This document summarizes the recommended procedures. In the event of emergency situations. Modification to this document may be made to ensure the safety of personnel, IT systems and data.
The objective of the DRP is to develop, evaluate and document a well-structured and comprehensible plan which will help the company recover as quickly and effectively as possible from an unforeseen disaster or emergency that interrupts information systems and business operations. Onward University considerations include the following:
- Network and Server Infrastructure - Telephonic, Data Storage & Backup Systems - Organizational Software/Hardware & Database Systems - IT Documentation
This disaster response and recovery plan is based on the following assumptions:
Onward University will develop a comprehensive IT Disaster Recovery Plan. A formal risk assessment shall be undertaken to determine the requirements for the disaster recovery plan. The DRP should cover all essential and critical infrastructure elements, systems, and networks, in accordance with key business activities. The DRP should be periodically evaluated in a simulated environment to ensure that it can be implemented in emergency situations and that the staff and students understand how it is to be executed. All personnel must be made aware of this DRP and their perspective roles to thwart disaster. This DRP must be kept up to date to consider changing circumstances.
This DRP has been developed to recover critical services using a three-phase approach. This approach ensures that system recovery efforts are performed in a methodical sequence to maximize the effectiveness of the recovery effort and minimize system outage time. The three phases are described below:
Alternate DRP Director - Has same responsibilities as DRP director.
- Is activated when the DRP director is unavailable. Alternate DRP Coordinator - Has same responsibilities as DRP coordinator. - Is activated when the DRP coordinator is unavailable. Alternate Department Head - Has same responsibilities as department head. - Is activated when the department head is unavailable.
Emergency Response Team (ERT) - must be activated in response to an incident.
- Immediate response to incident - Disaster assessment; impact on business, data center, etc.… - Decision of what elements of DRP must be activated - Establish recovery team - Make notifications and allocate responsibilities Disaster Recovery Team (DRT) - Determines the expected duration of the failover to the alternate site. - Prioritizes the sequence of resource recovery. - Performs all system recovery and resumption activities. - Ensures voice and data communications are functioning. - Provides IP numbers and network routing information to appropriate personnel. - Includes validation testing teams or personnel.
The activation and notification phase covers initial actions taken once an event has been determined. The phase includes outage assessments, DRP activation and personnel notification.
The outage assessment determines the extent of disruption, system damage and potential disruption for the future. The assessment predicts potential recovery times of the system and data center. The assessment is conducted by the assessment team and results are provided to the DRP coordinator to assist in coordination of system recovery. The outage assessment will address the following:
- Cause of the outage - Personnel safety - Is the primary data site assessable - Are there remote systems - Can recovery occur in primary location - Location of alternate recovery - Planning - Backup recovery hardware/software
Activation of the DRP occurs once an incident has been detected or appears to be imminent. After activation, notify emergency response personnel to perform recovery actions to restore system functions. Incidents may indicate outage of critical systems that may be down at primary sites of operation. The DRP Director will determine if critical systems can be recovered at primary sites and dispatch disaster recovery teams to act and recover critical IT systems.
been addressed to ensure that communication quickly established between ERT and OU personnel while activating disaster recovery. Notification procedures may include:
- Identification of who makes the initial notifications. - The sequence in which personnel are notified, e.g., system owner, technical point of contact (POC), business continuity management (BCM) coordinator, school/department POC, and recovery team POC. - The method of internal and external notifications, e.g., email, mobile phone, automated notification system, etc. - What to do if no single person in the notification sequence cannot be reached? - Alerts and/or notification messages. Call trees are an effective means of conveying the communication sequence in which leadership, recovery personnel, and school/department POCs should be alerted. OU leadership will keep hard copies of staff and student contact information list. OU leadership will serve as focal points for disaster recovery communications to staff and students. All management personnel will keep hard copies of disaster recovery and business continuity plans in their homes in the event school facilities are inaccessible. If OU leadership is unreachable in the event of crisis, OU personnel are strongly encouraged to reach out to the ERT.
The recovery phase provides formal recovery operations that begin after the DRP has been activated, outage assessments have been completed, personnel have been notified, and emergency teams have been mobilized. Recovery phase activities focus on implementing recovery strategies to restore system capabilities through the restoration of IT components, repair damage, and resumption of operational capabilities at the original or new permanent location. At recovery phase completion, critical services will be functional.
Critical requirements for disaster recovery are that ensuring all necessary information is available to ensure that hardware, software, and data can be returned to a state as close to “pre-disaster” as possible. Specifically, this section addresses the backup and storage practices as well as documentation related to hardware configurations, applications, operating systems, support packages, and operating procedures. The following activities occur during the recovery phase:
- Identify recovery location - Identify resources to perform recovery procedures - Retrieve backup and system installation media - Recover systems from recovery procedures - Perform system functionality test
The Disaster Command and Control Center or standby facilities will be used after the DRP Director has declared a disaster has occurred. This location is separate from the primary facility. The current facility located at Onward University is located at the technical education center 20 miles away from the primary facility.
IT and disaster recovery teams will use the standby facility. It will function as the central location where decisions are made regarding the disaster. It will also function as the communications center for Onward University. The standby facility must always have the following resources available:
- Copies of this DRP document - Fully redundant server room - Sufficient servers and storage infrastructure to support enterprise business operations - Office space for DR teams and IT to use in the event of a disaster - External data and voice connectivity
It is important to document recovery events to include actions taken, problems encountered during recovery, and lessons learned for inclusion to the DRP. It is the responsibility of each recovery team and all personnel involved to document their actions during the recovery effort and provide documentation to the DRP Coordinator. Alternatively, one of the recovery teams may be tasked to track the events. Information to be tracked and added to the IT DRP includes:
- Activity logs, including recovery steps performed and by whom, the time the steps were initiated and completed, and any problems or concerns encountered while executing activities. - Functionality and data testing results. - Lessons learned documentation. - After action report
Once all activities are complete and documentation has been updated, the DRP Director will formally deactivate the DRP recovery efforts. Notification of this declaration will be provided to OU POCs.
The DRP Director and Disaster Recovery Teams in coordination with the OU IT department staff will develop training and evaluate OU personnel annually on disaster recovery efforts and procedures in the event of future incidents. Training will consist of the following attributes:
- Ensuring the OU personnel and students are familiar with the DRP and its associated activation, recovery, and restoration procedures - Annually validate DRP policies and procedures - Exercise procedures using tabletop and functional exercises - Ensure hardware, software, backup data, and records required to support recovery are available and functional
The contents of this document are responsibility of Onward University, which has assigned the DRP Director responsibility for its content, modifications, curriculum, and distribution to stakeholders.
To ensure currency, this document will be reviewed annually in consultation with the annual test/exercise and when system modifications occur.
Figure 1 Phone Tree sample