Business Continuity and Disaster Recovery · 2016-11-25 · and disaster recovery plan needs to be occasionally tested to make sure it’s complete and up-to-date. Several methods

2013

Gerben Kleijn, Terence Nicholls, Kyle

Ferrera, and Will Hartman

Digiknight Technologies

4/29/2013

Business Continuity and Disaster Recovery

1

Change Management

Version Date Author Change Description

1.1 02-23-2013 Team Business as Usual Completed Risk

Assessment

1.2 03-23-2014 Team Business as Usual Added Business

Impact Analysis and

Mitigation Strategies

1.3 04-06-2013 Team Business as Usual Added

Communication plans

and templates

1.4 04-20-2013 Team Business as Usual Added Auditing and

Testing

2.0 04-29-2013 Team Business as Usual Reviewed and

Finalized BCDR

Document

2

Executive Summary

The current document outlines the Business Continuity Plan and Disaster Recovery Plan

(BCDR) for DigiKnight Technologies Inc. Business Continuity planning is a methodology used

to create and validate a plan for maintaining continuous business operations. Disaster Recovery

planning is a part of business continuity and deals with the immediate impact of an event such as

a threat or disaster. Both aspects of BCDR will be addressed in the current document and

specific scenarios and processes will be provided to ensure that DigiKnight Technologies is able

to recover from accidents or disasters.

DigiKnight Technologies is a video game printing company located in the Silicon Valley Region

of California. Its facilities include three buildings that total about 14,000 square feet of work

space. Business processes are divided up amongst eight separate departments. DigiKnight’s

critical assets which are absolutely required for business operations to continue are (1) its

buildings, (2) CD stamping machines, (3) its high-speed printer, (4) company servers, and (5)

client computers. In case of an event that compromises any of these critical assets, steps in the

BCDR plan to shift operations or initiate backups have to be taken immediately.

Included in the BCDR plan are risks assessments, loss analyses, and mitigation strategies for (1)

natural threats such as fires, earthquakes, or floods, (2) Man-made threats such as theft or

sabotage, labor disputes, and workplace violence, (3) IT and technology threats such as

intellectual property rights, damage to information resources, and viruses or malware, and (4)

environmental and infrastructure threats such as energy and fuel scarcity, material resource

scarcity, and even increases in digital media. Out of all specified threats and disaster situations,

the five prioritized threats are (1) Damage to information resources, (2) Earthquakes, (3) Viruses

and malware, (4) Theft, sabotage, and vandalism, and (5) Hardware equipment failure.

All business processes are outlined in the document and evaluated in their importance to our core

business operations. This has revealed that our IT business processes play an important role in

keeping our business going, as many of the non-IT business processes are actually dependent on

our network infrastructure. Our IT department has several mission-critical business processes

that would severely interrupt our operations if they were to be down for more than two hours.

DigiKnight would quickly lose revenue and relationships with clients and suppliers could be

damaged.

In order to mitigate these risks to our business and their impact, DigiKnight will employ a

strategy consisting of a mixture of risk transference, risk limitation, and risk avoidance. Risk

transference is accomplished by signing insurance policies that cover us is case of such

disruptions as structural damage to our buildings, damages to IT hardware, employee accidents,

fire, and many other such events. Risk limitation is accomplished by taking action that will limit

the impact of events if they do come to pass. For instance, DigiKnight has several backup servers

in place that can take over for primary servers in case they go down. All servers also have

multiple hard disks that are configured to RAID 5, so that if one hard disk fails, the information

can be easily rebuilt as soon as a replacement is inserted.

3

Another way in which we accomplish risk limitation is by having a warm backup site available

in case of a business disruption that is too severe to be dealt with at our primary site. The warm

backup site has all the critical assets that are required to continue with our core business

operations, and the site can be operational in a matter of hours. Not all DigiKnight’s assets are

available at the warm backup site so contracts have been signed with third parties to take over

certain business processes while the primary site is unavailable. As an alternative to the warm

backup site, we have also signed a contract with a mobile backup site delivery company. If a

disruption has made it impossible for our administrative staff to work from our primary site, but

the manufacturing and IT departments are still operational, then the mobile backup site will be an

ideal business continuity solution.

Risk avoidance is accomplished by having a mirrored backup site in place. Although a mirrored

backup site is a considerable investment, it is also the cheapest recovery and continuity strategy

once a business disruption happens, since all equipment is already operational and business

processes can be quickly and easily transferred over.

When a business disruption occurs, communication is a key element in quick recovery and

business continuation. The current document clearly designates certain key employees as

members of the Crisis Management Team (CMT) and how the lines of communication change

during a business disruption. Several communication plans and templates are also provided that

detail which parties need to be informed of a business disruption, what they need to be told, by

whom, and through what communication method. A business disruption can easily generate

unrest among employees and clients or suppliers, so fast and clear communication is of the

utmost importance.

Testing, training, and auditing of the current document is also included. A business continuity

and disaster recovery plan needs to be occasionally tested to make sure it’s complete and up-to-

date. Several methods for testing the plan are included, some of which are not disruptive to the

business at all and some of which are quite disruptive. Although a disruptive test will cost more

money than a non-disruptive test, the results are also much more reliable and informative.

Although a non-disruptive test is advised to be done at least twice a year, it is a good practice to

perform a disruptive test at least once every two years.

To safeguard the quality and efficiency of the BCDR plan, only authorized parties are allowed to

make changes. Other parties that would like to have changes made to the document need to

request approval, and if approval is given they then need to submit their revisions to be

incorporated into the document. Version changes will be closely monitored and documented to

ensure that every department and stakeholder has the most up-to-date version of the plan.

Finally, appendix B contains memos that have been previously sent out about change

management practices, testing of the plan, and the benefits of keeping members of the original

BCDR plan on staff. These memos contain important information and knowledge that is deemed

valuable to preserve, which is why these memos are included in the BCDR plan. It is advised

that these memos be occasionally reviewed as a reminder of good BCDR practices.

Of course, business continuity and disaster recovery strategies come at a price. In order to

incorporate the processes and strategies outlined in this plan, new hardware and equipment has to

be purchased. The insurance policies would come to $2,000 a month. The backup servers would

4

come to $15,000. The mirrored site would come to $500,000 in equipment, with a $20,000

monthly cost for rent and maintenance. The contracts with third party vendors and the mobile

backup site provider would cost $5,000 a year, with additional costs if we were to need them.

Overall, the implementation cost of the proposed BC/DR strategies would be around $515,000

initially, with an additional $269,000 a year.

Although this seems like a lot of money, management should keep in mind that DigiKnight ships

over 20 million videogames per year, with the average game selling to clients around $35. Our

total yearly revenue stream exceeds $700 million, meaning that if our business went down for a

single day we would lose on average about $2 million. The steps we take to ensure our business

continuity are well worth the price we pay for them.

5

Contents

Change Management ................................................................................................................ 0

Executive Summary .................................................................................................................. 2

Company Overview .................................................................................................................. 8

Facility ......................................................................................................................................... 8

Departments ................................................................................................................................ 9

Critical Assets ........................................................................................................................... 11

Contact Information .................................................................................................................. 12

Risk Assessment ..................................................................................................................... 13

A. Natural Threats ..................................................................................................................... 13

B. Man Made Threats ................................................................................................................ 15

C. IT and Technology Threats................................................................................................... 20

D. Environmental / Infrastructure Threats ................................................................................ 24

Prioritized list of threats ............................................................................................................ 26

Business Functions .................................................................................................................... 27

Shipping .............................................................................................................................................. 27

Manufacturing / Maintenance ............................................................................................................. 27

Security ............................................................................................................................................... 27

IT ......................................................................................................................................................... 28

Business Impact Analysis ....................................................................................................... 29

Business Processes .................................................................................................................... 29

Administration .................................................................................................................................... 29

Sales .................................................................................................................................................... 29

Marketing ............................................................................................................................................ 29

Research and Development ................................................................................................................. 29

Shipping .............................................................................................................................................. 29

Manufacturing / Maintenance ............................................................................................................. 29

Security ............................................................................................................................................... 29

IT ......................................................................................................................................................... 30

Requirements for business recovery ......................................................................................... 30

If manufacturing processes are halted: ................................................................................................ 30

If manufacturing processes are intact: ................................................................................................ 30

Resource Interdependencies ...................................................................................................... 31

Impact on Operations ................................................................................................................ 32

6

Priorities and Classification of Business Processes and Functions ........................................... 33

Recovery Point Objective: .................................................................................................................. 40

Financial, Operational, and Legal Impact of Disruption:.......................................................... 40

Insurance Quotes ....................................................................................................................... 42

FEMA ........................................................................................................................................ 43

Industry Liaison Program .......................................................................................................... 43

Suppliers .................................................................................................................................... 43

Activation of an Alternate Work Site ........................................................................................ 44

Cold Backup Site ................................................................................................................................ 45

Warm Backup Site .............................................................................................................................. 47

Hot Backup Site .................................................................................................................................. 49

Mirrored Site ....................................................................................................................................... 50

Plan to run a mobile site backup location ........................................................................................... 51

Plan to run a mirrored site backup location ........................................................................................ 53

Communication ....................................................................................................................... 54

CMT: ......................................................................................................................................... 54

Employee plan ........................................................................................................................... 57

Clients or Suppliers plan ........................................................................................................... 58

Media plan ................................................................................................................................. 58

Internal communication methods .............................................................................................. 59

External communication methods ............................................................................................. 59

Organizational Chart of Key Employees .................................................................................. 61

Emergency Response Organizations ......................................................................................... 62

Fire/Search and Rescue: ...................................................................................................................... 62

Hospital/Ambulance: .......................................................................................................................... 62

Police/Sheriff: ..................................................................................................................................... 62

Business Continuity and Disaster Recovery Activation Steps .................................................. 63

Determining Impact and Risk Template ................................................................................... 64

Emergency Testing Policies ...................................................................................................... 65

Layout of Buildings ................................................................................................................... 66

Shelter-in-place Procedures....................................................................................................... 67

Communication Templates ....................................................................................................... 67

Safety Procedures ................................................................................................................... 68

Inventory and Damage Assessment ........................................................................................ 69

Hazardous Materials and Conditions Assessment .................................................................. 70

7

IT Inventory and Damage Assessment ................................................................................... 71

Testing, Training, and Audit ................................................................................................... 72

Recommendation on Updates.................................................................................................... 73

Change Management Process ............................................................................................................. 73

Distribution of Updated Plans ............................................................................................................. 74

Nature-Based Test Scenario ...................................................................................................... 75

Man-Made-Based Test Scenario ............................................................................................... 76

Mudslide Tabletop Test ............................................................................................................. 76

Recommendations for Employee Acceptance........................................................................... 77

Managing Updates to BC/DR Documents ................................................................................ 77

Appendix A - Communication Templates ............................................................................. 79

Template 1: Employee Communications Plan (non-critical) .................................................... 79

Template 2: Employee Communications Plan (critical) ........................................................... 79

Template 3: Client and Suppliers Communications Plan ......................................................... 80

Template 4: Media Communications Plan ................................................................................ 80

In case of security breach where PII was compromised ..................................................................... 81

In case of a disaster originating from DigiKnight’s premises ............................................................. 81

Appendix B - Memos .............................................................................................................. 82

Update Memo ............................................................................................................................ 82

Test Memo................................................................................................................................. 83

Benefits of Retaining Team Memo ........................................................................................... 83

8

Company Overview

DigiKnight Technologies is a video game printing company, founded in 2000. Major video game

publishers contract DigiKnight to print their video games to CD’s and consequently distribute

them to stores around the world. The company is growing fast; going from contracting with just

one publisher in 2000 and shipping 2 million games worldwide, DigiKnight currently contracts

with more than 10 different publishers and has a distribution of over 19 million video games

worldwide.

Although DigiKnight has a computer control system in place that can automate virtually every

aspect of its manufacturing process, for efficiency reasons this is not normally done. The

manufacturing machines are operated by full time staff 24 hours a day, and seven days per week.

In total, DigiKnight currently employs 48 full-time employees.

Facility DigiKnight Technologies is a company located in the Silicon Valley region of California. Its

facilities encompass three buildings.

1. Building One houses the administration department. It is a small single story building of

roughly 2000 square feet. At its entrance is a reception desk for guests visiting the facility and

there is a security guard post at the front door. There are a total of five offices, as well as

bathrooms, and a medium sized conference room.

2. Building Two houses the Sales, R&D, Shipping, and Advertising departments. It is two stories

with usable floor space roughly double to that of the administrative building. Sales and Shipping

are located on the bottom floor, along with another security guard post. On the top floor is the

R&D Department and Purchasing Department. Instead of having individual offices for each

employee, the departments are single rooms (2 per floor), with cubicles set up to give each

employee some individual space. This helps to enhance team communication, and cuts down on

building costs.

3. Building Three is the production facility. It is 8000 square feet and consists of two rooms. In

one room the maintenance team is facilitated to quickly provide any necessary maintenance to

the machinery. The maintenance team also responds to maintenance issues in other buildings. In

the main room of the building is the production equipment. It consists of several CD Stamping

machines, each of which is capable of producing a large volume of discs. The discs then move

into a diagnostic machine which randomly checks discs for quality control. Only discs and in-

box materials are duplicated on site. The company receives pre-made boxes from another

manufacturer as well as silk-screened images to place on the CD’s. Manuals and in-box ads are

manufactured on site using a high speed printer. Once produced, a final machine places all items

in a box and the box is sent down a conveyor belt to an employee station that places the finished

boxes in a larger box for shipping to stores nationwide. Building Three also houses the IT

department, which contains the central servers for the facility.

9

Departments DigiKnight Technologies consists of the following departments:

Administration: The Administrative Departments function is to manage day to day operations

and interactions between all levels of employees and departments. Their roles in the business

include managing the calendar, maintaining files, making travel arrangements, preparing reports,

and assisting in communications with staff and outside entity’s. All administrative employees

should have a high-level understanding of the company and its goals. Additionally, the

Administrative Department will coordinate with the business to ensure we are adhering to all

federal and state regulations. The Administration department will also serve as the face of the

company for persons entering the building, and/or contacting the business via phone/email. It is

the responsibility of the Administration Department to provide excellent customer service and

represent the company in a professional matter at all times.

Sales: The Sales Department manages contacts with stories worldwide, and together with the

shipping department ensures the prompt, on time delivery of products to stores. Utilizing

shipping software developed in cooperation with its shipping partners, DigiKnight can accurately

track its shipments up to the minute. This department has a direction relationship with the

financial wellbeing of the company and regularly provides input upon the production of titles to

best assure sales. It is the responsibility of the sales department to build ongoing relationships

with publishers to maintain healthy business relationships. This department will require an

exceptional level of customer service and the ability to build rapport with business partners. The

sales department will work closely with marketing to ensure the company has a presence in the

industry. Additionally, the Sales Department will be required to coordinate with the

Manufacturing Department to ensure products are played into produce in a timely fashion in

accordance with delivery dates. Lastly, the Sales department will be responsible for

communicating with publishers throughout transactions.

Marketing: The Marketing department is constantly endeavoring to find and maintain publisher

contacts, it has proven successful in doing so, and has helped company growth with its findings.

research & Development. It is responsible for continuously creating, preparing, and establishing

marketing strategies and policies for the business. The department will coordinate efforts of

publicity, promotion, advertising, online, sales, and social media. Functions of the marketing

department include preparing presentation materials, audio recordings, fact sheets, pricing

strategies, establishing connections with new markets, and measuring the effectiveness of

strategies. For any promotional materials that connect be created in-house, it is the

responsibilities of the marketing department to hire professional copywriters, designers,

photographers, or advertising consultants to handle such tasks. The marketing department will

also act as a liaison between the company and the media, including newspapers, magazines,

television stations, radio stations, blogs, and websites. It will be the responsibility of this

department to create a business presence for DigiKnight within the industry.

Research and Development: The Research and Development team; it focuses primarily on

improvements that can be made to the production system as well as ways to cut manufacturing

costs. Its staff maintains contact with other Manufacturing locations to keep up to date with the

latest technology. The department will actively pursue no developmental ideas for the business.

10

This encompasses there entire process for the idea, including basic research, applied research,

building to prototype, testing, presenting the idea, and creating progress reports to present to the

company.

Shipping: The Shipping department is in charge of preparing the product for shipment, and in

receiving shipments for supplies and materials for producing the physical product. The

department is ultimately responsible for ensuring smooth-running operations in the warehouse

and logistics office. The department leads will make decisions about adjusting pickups, auditing,

shipping procedures, and time lines in order to improve productivity and accuracy. The shipping

department will also work closely with other departments. For example, the Shipping

Department will work with the Sales and Administration to resolve customer complaints and

provide accurate ship times, the Manufacturing to sustain proper warehouse inventory levels.

Manufacturing/Maintenance: The Manufacturing/Maintenance department is the workers that

maintain the system, and help it prevent non-planned shutdown or machine failure. The

department will also play a key role in quality control, ensuring that all products that are

packaged and sent out meet company/industry standards. It will be the responsibility of the

department heads to ensure that the facility meets all productions quotas and deadlines; this will

require coordinating with the sales and shipping departments. Lastly, the department will

maintain/enforce safety regulations and make recommendations for updating and replacing

equipment necessary for production.

Security: The Security department is to maintain the physical security of the facilities, and

provide a safe work environment for all workers at DigiKnight. The Security Department will

perform routine patrols and inspections of the facilities to ensure no suspicious actions are taking

place. Employees of this department have the right to search through purses, backpacks, luggage,

pockets, etc., of persons on the premises. Additionally, it is the responsibility of the Security

Department to maintain audio, video, and computer equipment used to observe and monitor both

public and private areas of the business. Lastly, department will be responsible for backing up

security data, and troubleshooting the equipment when necessary.

Information Technology: The Information Technology department maintains the technology to

support DigiKnight the company, Customers, and Users. DigiKnight is dependent upon the

technologies that it uses to meet deadlines. Therefore, the information technology department

will constantly be on call. IT employees are responsible for the creating and maintenance of

application and data architecture, as well as for the architecture/design of all databases and

repositories to fit DigiKnights needs. This departments functions include managing transitions

between technological upgrades, keeping documentation up to date, reviewing designs,

maintaining applications, troubleshooting in-house user problems, investigating potential

applications, performing audits, and creating and maintain network security policy’s and

procedures.

11

Critical Assets The following is a list of assets that DigiKnight Technologies has to have access to in order to do

business. Without these assets, DigiKnight would experience severe disruptions to its business

operations:

1. Buildings: Without its three buildings, DigiKnight would not be able to perform business.

Loss of building one would severely impact DigiKnight’s business operations but the production

facility, shipping facility, and IT department would be preserved. However, if building two or

three were in some way compromised, all business operations for the company would come to a

halt.

2. CD stamping machines: These are the devices required to imprint video game software onto a

physical medium - the CD. Printed video games are the product that DigiKnight’s business

revolves around, and if its CD stamping machines were to get damaged or disabled, no product

could be generated.

3. High-speed printer: This device is used to print manuals and in-box ads for video games.

Every video game ships with a manual and therefore the high-speed printer is just as essential to

DigiKnight’s business operations as the CD stamping machines. Without the high-speed printer,

no manuals or in-box ads could be printed, meaning no video games could be sold.

4. Company servers: DigiKnight’s IT department houses ten servers that provide services to all

of DigiKnight’s departments and also house critical data and backups. If the servers were to go

down, all of DigiKnight’s departments would experience downtime due to inaccessibility of

information and services.

5. Client computers: DigiKnight’s departments collectively use 42 client computers. Without

these computers, most of the company’s 48 full-time employees would not be able to perform

their duties.

12

Contact Information CEO & Founder

415-555-7841

Carlton Smith

Department Phone number Manager Administration 415-555-8643 Mark Saunders Sales 415-555-6312 Diane Ford Manufacturing 415-555-6161 Linda Kraemer Research & Development 415-555-3223 Carlton Bowden Maintenance 415-555-3970 Michael Winters Advertising 415-555-3131 Michael Churchill Shipping 415-555-6431 Kenneth Gilliam Purchasing 415-555-3298 Katherine Cavenaugh Security 415-555-3852 Brett Kelcey IT 415-555-8352 Alicia McKellips

Role of Department Heads

In the event of any disaster, the CEO will contact the department heads with instructions, and

will coordinate all efforts. Department heads will contact each of their respective employees with

their own instructions, advising them of the situation. In the event of a theft, sabotage, or other

potential employee caused incident, the head of Security will take charge, only contacting those

who are not suspected in order to prevent further dangers. Information will be given on a need-

to-know basis, in order to ensure control over the situation, as well as extra security. Department

heads are also in charge of making sure their employees are well trained and prepared for any

disasters. Each department is required to review the Business Continuity plan with their members

bi-annually to ensure competency as well as update the plan for changes within the department.

13

Risk Assessment

The following is a list of threats that could disrupt DigiKnight Technologies’ business

operations.

A. Natural Threats 1. Fire

Threat Source:

-Internal

Likelihood of occurrence: Moderate. With help from the local fire department, fire risks can be

reduced significantly. Fire response plan should be put in place in order to reduce damages from

employees and buildings.

Upstream loss analysis: High. If one of our supplier’s buildings were to catch on fire it could

significantly affect our business operations. A lack of supplies could potentially halt our business

operations.

Downstream loss Analysis: Low. If one of the companies that we supply to has a fire, the

chances of it affecting our business are rather low. We might have a temporary decline in sales,

but the company would need to restock afterwards, leaving our business with an increase in

sales.

-External

Likelihood of occurrence: Moderate. External forces causing a fire are much less predictable as

they can start from forest fires, neighboring buildings catching on fire, and earthquakes. A fire

response plan should be in place to help reduce the damages.

Upstream loss analysis: High. If one of our supplier’s buildings were to catch on fire it could

significantly affect our business operations. A lack of supplies could potentially halt our business

operations.

Downstream loss Analysis: Low. If one of the companies that we supply to has a fire, the


but the company would need to restock afterwards, leaving our business with an increase in

sales.

Assessed impact of threat on business operations: High. Fire could have a huge impact on

business operations. From destroying machines and buildings to hurting or killing employees, if

either of those occurred it could cause long term damage to production, and could require

additional funds to replace. Production could be put at a standstill until all things are replaced.

2. Earthquake

14

Threat Source:

-External

Likelihood of occurrence: High. Being located in California opens DigiKnight Technologies up

to a very high chance of earthquakes. Earthquakes can happen at any time without warning, and

so preparing for it can be difficult. Earthquake preparedness plans should be in place to minimize

damages. Keeping up to date with building codes, handling hazardous materials, and other things

of that nature should be mandatory.

Upstream loss analysis: High. If one of our suppliers suffers from a major earthquake disaster it

could significantly hurt our business by creating a lack of supplies, which could even halt

business altogether.

Downstream loss Analysis: Low. If one of the companies that we supply to has an earthquake,

the chances of it affecting our business are rather low. We might have a temporary decline in

sales, but the company should recover, allowing us to continue to sell to them.

Assessed impact of threat on business operations: High. Being located in Silicon Valley, our

threat for earthquakes is quite high. There is the risk of machinery being broken, buildings being

damaged, gas lines breaking, and many more threats. A full scale earthquake disaster plan needs

to be implemented to prevent the amount of possible damage.

3. Flood Threat Source:

-External

Likelihood of occurrence: Low. Flooding in Silicon Valley is not a common occurrence. When it

does, it generally only occurs in low valleys. There is the risk of mudslides is also present, but

does not commonly occur.

Upstream loss analysis: High. If one of our suppliers suffers from a major flood it could

significantly hurt our business by creating a lack of supplies, which could even halt business

altogether.

Downstream loss Analysis: Low. If one of the companies that we supply to has a flood, the


but the company should recover, allowing us to continue to sell to them.

Assessed impact of threat on business operations: Moderate. Being located in Silicon Valley,

our threat for floods is rather low. If a flood did occur it could potentially destroy machinery,

buildings, and infrastructure. Machinery and buildings would have to be repaired before business

could resume.

4. Tornado Threat Source:

-External

15

Likelihood of occurrence: Low. The likelihood of a tornado in Silicon Valley is low. They

happen very rarely.

Upstream loss analysis: High. If one of our suppliers suffers from a major tornado it could


altogether.

Downstream loss Analysis: Low. If one of the companies that we supply to has a tornado, the



Assessed impact of threat on business operations: Moderate. If DigiKnight was hit by a tornado

it could do significant damage to the building and the machinery, along with pose a danger to the

employees. All machinery and buildings would have to be repaired before production could

continue.

5. Storms Threat Source:

-External

Likelihood of occurrence: Low. Both the likelihood of electrical and winter storms are very low.

The amount of snowfall Silicon Valley receives is very low, and the amount of electrical storms

is also very low. The chances of a storm affecting business operations is very low.

Upstream loss analysis: High. If one of our suppliers suffers from a major storm it could


altogether.

Downstream loss Analysis: Low. If one of the companies that we supply to has a storm, the



Assessed impact of threat on business operations: Moderate. If DigiKnight was affected by a

large electrical storm there could be risk of fire, power outages, and building damage. This

would require repairing of the building and/or machinery before production could resume. If

DigiKnight was affected by a winter storm, water pipes might be frozen, which could cause

problems in production.

B. Man Made Threats 1. Theft, sabotage, vandalism Threat source:

- Internal

16

Likelihood of occurrence: High. Most theft, sabotage, or vandalism occurs from internal sources

(reference) and the likelihood of DigiKnight experiencing this at some point in their lifespan is

very high.

Upstream loss analysis: High. If one of our suppliers experiences theft, sabotage or vandalism

that disturbs their business operations, this could greatly affect our business operations as well,

since our product (copies of videogames) is dependent on receiving the original video game from

our suppliers. Without the original, we cannot produce our product.

Downstream loss analysis: Low. If one of our customers experiences theft, sabotage, or

vandalism, this is unlikely to severely impact our business operations. If their business

operations are so severely disturbed that it takes a considerable amount of time for them to

continue operations, we might experience a slight decline in sales. However, this has a low

likelihood of occurrence.

- External

Likelihood of occurrence: High. (reference with theft statistics needed)

Upstream loss analysis: Same as for internal threat source.

Downstream loss analysis: Same as for internal threat source.

Assessed impact of threat on business operations: High. DigiKnight presses videogames to discs

and then releases them to video game retail stores. Some of these video games are new releases,

not yet available for purchase. If copies of these games were stolen and published (potentially

online) before the games are available for purchase in stores, this would severely affect the

market for these games. In addition, DigiKnight would take a very heavy hit to its reputation and

public image, and would likely lose clients over such an incident. Sabotage or vandalism could

also present a high impact on DigiKnight’s business operations, since operations could come to a

complete stop if the sabotage or vandalism was severe enough that no discs could be pressed.

2. Labor Disputes Threat source:

There is only one threat source for labor disputes, which is DigiKnight’s workforce.

Likelihood of occurrence: Low. Labor disputes typically happen when workers are worked too

hard, under adverse conditions, or get paid too little (including benefits). DigiKnight operates in

California, where labor laws are generally generous to employees. The most at-risk group of

employees for labor disputes would be DigiKnight’s warehouse workers.

Upstream loss analysis: High. If one of our suppliers experiences labor disputes that disturb

their business operations, this could greatly affect our business operations as well, since our

product (copies of videogames) is dependent on receiving the original video game from our

suppliers. Without the original, we cannot produce our product. There is a moderate likelihood of

this occurring, since game developers make notoriously long days for extended periods of time,

and they don’t always receive the best treatment of compensation in return.

Downstream loss analysis: Moderate. DigiKnight delivers their products primarily to chain-

17

stores, so if there is a labor dispute in one retailer then other retailers of the same chain are likely

to be affected as well. Labor disputes could keep DigiKnight from delivering their products,

resulting in reduced sales and increased idle inventory.

Assessed impact of threat on business operations: High. If DigiKnight did experience labor

disputes they would likely be highly disruptive to business operations, since that is their sole

purpose. Office workers’ refusal to work would lead to a disruption in video game discs being

presses, while warehouse workers’ refusal to work would result in none of the pressed video

games being delivered to DigiKnight’s clients. In either case, business operations would be

unable to continue.

3. Workplace Violence Threat source: - Originating internally

Likelihood of occurrence: Low. In 2011, there were 708 cases nationwide of fatal workplace

violence (Bureau of Labor Statistics, 2011). Of these, 458 of these were homicides. Snedaker

(2007) states that only 9% of workplace homicides are committed by co workers.

Upstream loss analysis: Low. If one of DigiKnight’s suppliers was to experience workplace

violence, it might disrupt business operations for a short period of time. However, it is unlikely

that their operations would come to a complete stop and if they did they would likely resume

again quickly.

Downstream loss analysis: Low. If one of Digiknight’s clients experienced workplace violence,

it is unlikely to severely impact DigiKnight’s business operations. If their business operations are

so severely disturbed that it takes a considerable amount of time for them to continue operations,

we might experience a slight decline in sales. However, this has a low likelihood of occurrence.

- Originating externally

Likelihood of occurrence: Low. Workplace violence from external sources has a higher chance

of occurring than from internal sources, but the overall chance of workplace violence is still very

low.

Upstream loss analysis: Same as for internal threat source.

Downstream loss analysis: Same as for internal threat source.

Assessed impact of threat on business operations: High. If DigiKnight did experience workplace

violence, it would have a high impact on business operations. A serious injury or death would

lead to a disruption in our work force, shock or trauma among employees, and it could even lead

to the premises being sealed off for some time as a crime scene. Equipment could be seized as

part of the investigation, productivity would suffer, employees may choose to find employment

elsewhere, and DigiKnight’s reputation in the community and among suppliers and clients would

decline.

4. Terrorism

http://www.securityinfowatch.com/news/10834285/feds-workplace-violence-caused-nearly-17-percent-of-all-fatal-us-work-injuries-in-2011

18

Threat source:

- Terrorism through biological or chemical means

Likelihood of occurrence: Low. DigiKnight’s business operations put it at a relatively low risk as

a terrorism target. Main targets are typically airports or other busy transportation hubs,

powerplants, chemical factories, or government and political organizations. Terrorists would

have little to gain by launching an attack on a video game pressing and distribution company like

DigiKnight.

Upstream loss analysis: Moderate. DigiKnight’s suppliers are somewhat more at risk for

terrorism than DigiKnight itself. A major video game developing company could be a high-

profile target that terrorist groups typically look for. In addition, video games tend to be topics of

controversy and sometimes individuals choose misguided methods to try and make their point. If

one of DigiKnight’s suppliers was affected by terrorism through biological or chemical means,

this could seriously impact DigiKnight’s business operations because no copies of video games

can be pressed without receiving the originals from suppliers.

Downstream loss analysis: Moderate. Although DigiKnight’s clients are not the most likely

targets of terrorism, DigiKnight’s business operations could suffer if one of their clients was the

target of a terrorist attack. Video game sales would likely decline, at least for a period of time, as

the result of a terrorist attack on a video game retailer. DigiKnight might see a decline in sales

for a period of time.

Threat source:

- Terrorism through explosive means





DigiKnight.

Upstream loss analysis: Same as for terrorism through biological or chemical means.

Downstream loss analysis: Same as for terrorism through biological or chemical means.

- Terrorism through hostage situations





DigiKnight.

Upstream loss analysis: Same as for terrorism through biological or chemical means.

19

Downstream loss analysis: Same as for terrorism through biological or chemical means.

Assessed impact of threat on business operations: High. If DigiKnight did become the target of

terrorism, it would have a very high impact on its business operations. Employees could

experience physical and/ or emotional trauma, the company premises could be closed off as part

of a crime scene, and good employees might seek employment elsewhere to ensure personal

safety. Long-term effects could include a loss of clients and/ or suppliers and a decline in sales.

5. War Threat source:

- External - war fought abroad

Likelihood of occurrence: High. The United States is currently engaged in war with the Middle

East.

Upstream loss analysis: Low. The war that is currently fought abroad is not affecting most

businesses in a major way. It is unlikely that the war will impact DigiKnight’s suppliers.

Downstream loss analysis: Low. The war that is currently fought abroad is not affecting most

businesses in a major way. It is unlikely that the war will impact DigiKnight’s clients.

Threat source:

- Internal - war fought inside the United States

Likelihood of occurrence: Low. It is unlikely that another country would try to invade the United

States. Somewhat more likely is that another country might launch a long-distance attack on the

United States. For instance, North Korea has recently been performing nuclear tests and they

harbor ill will towards the US. Another possibility of war being fought within the United States

includes civil war, but the likelihood of this happening is also very low.

Upstream loss analysis: High. If a war was fought on US soil, many businesses would likely be

affected. Especially a luxury-good industry like the video game industry would suffer since

people would sooner spend their money on necessary items. If DigiKnight’s suppliers were

experiencing disruptions in their business operations, this would affect DigiKnight’s business

operations as well.

Downstream loss analysis: High. Although DigiKnight has many clients and can therefore

recover from an incident that affects one or only a few of them, a war on US soil would likely

impact all of DigiKnight’s clients and several affect sales. Demand for luxury goods like video

games would likely drop significantly.

Assessed impact of threat on business operations: High. If the United States became involved in

a war that was fought on its own soil, DigiKnight’s business operations would likely suffer

drastically. Demand for a luxury good like video games would likely drop to almost zero.

20

C. IT and Technology Threats

1. Intellectual Property Rights Threat source:

-Internal & External

Likelihood of occurrence: Medium. DigiKnight’s R&D department

is at potential risk of losing Intellectual Property. The employees who

interact with Intellectual Property on a routine bases are most likely to steal

it, so prevention and detection can be difficult.

Upstream loss Analysis: Medium. Any disruption to our publishers would directly reflect upon

us. If a publisher were to suffer loss of business critical Intellectual Property it may provide an

unfair advantage to their competitors to whom we do not have business relationships with.

However, we are not completely reliant on one publisher to remain operational, accordingly a

devastating blow to one of them, though unfortunate, would not halt us from continuing

business.

Downstream loss analysis: Low. Intellectual Property loss to one of our retailers will mildly

effect business operations. Any damages to our customers may inhibit their abilities to make

purchases, which does affect us. However, we have a distributed customer base and retailers are

not known to have high investments in Intellectual Property.

Assessed impact of threat on business operations: Medium. The loss of Intellectual Property

may discredit our reliability to protect trade secrets and strategies. However, any losses would

most likely only affect in-house operations and would not affect business relationships unless

information was leaked to the media. However, if Intellectual Property were leaked to a

competitor we would likely see a direct effect on business operations.

2. Damage to information resources Threat source:

-Internal & External

Likelihood of occurrence: Medium. “According to the Computer Security

Institute (CSI) in San Francisco, California, approximately 60 to 80 percent of

network misuse incidents originate from the inside network.”

Upstream loss analysis( Stream to us ): Medium. Our publishers face the same obstacles of

protecting information resources from internal sources. A severe blow to their critical

infrastructure that affects their ability to conduct business would directly affect DigiKnight.

However, we are not completely reliant on one publisher to remain operational, accordingly a

devastating blow to one of them, though unfortunate, would not halt us from continuing

business.

21

Downstream loss analysis( Stream to our customers ): Low. Informational Resource loss to one

of our retailers will mildly effect business operations. Any damages to our customers may inhibit

their abilities to make purchases, which does affect us. However, we have a distributed customer

base and retailers are not known to have high investments in Information Resources.

Assessed impact of threat on business operations: High. A compromise in information resources

could disrupt business communications, affect customer information, and/or tarnish public

reputation. We have a duty to both our suppliers and our customers to protect private and

proprietary information. Any breaches internally or externally would be detrimental to business.

Therefore, this has the potential to be a serious threat.

3. Password Security Threat source:

- Internal

Likelihood of occurrence: High. Many users struggle with creating and maintaining complex

passwords. Some common errors include: writing there password down, creating simple

passwords, always using the same password, and not changing their password. Study’s such as

the one conducted by Joseph Bonneau at the University of Cambridge show that “every

identifiable group of users generated a comparably weak password distribution”.

Upstream loss analysis: Low. A password compromise in a publisher’s environment will not

generally affect us and vice versa. These are typically internal issues, and any passwords

protecting confidential and/or proprietary information are regulated more thoroughly. This threat

is more common amongst daily users.

Downstream loss analysis( Stream to our customers ): Low. A password compromise in a

customer’s environment will not affect us except for rare circumstances. Unless the compromise

inhibits their ability to conduct business with DigiKnight, it will not affect business operations.

Assessed impact of threat on business operations: Medium. Password complications will fall

into two general categories: increased workload for IT personnel, and security breaches. The first

of the two is the more common occurrence and will cause IT to spend time away from

infrastructure issues in order to reset password and educate users on appropriate password

procedures. The second scenario could be detrimental to business operations as security breaches

due to poor password practices could lead to other threats such as damage to information

resources.

4. Virus & Malware Threatsource:

-External

Likelihood of occurrence: Medium. Parts of DigiKnight’s internal network will be exposed to

the internet. Therefore, it will be possible for Virus & Malware to breach our network and affect

22

business operations.

Upstream loss analysis( Stream to us ): High. Virus & Malware compromise in a publisher’s

environment could be detrimental to business operations. We have an inherent trust with our

business partners, which is necessary to produce their products. If we were to receive infected

data from publisher and release it into our production systems, our entire business operation

could potentially be brought down.

Downstream loss analysis( Stream to our customers ): Low. Virus & Malware compromise in a

publisher’s environment will not generally affect us and vice versa. These are typically internal

issues and unless the compromise inhibits their ability to conduct business with DigiKnight, it

will not affect business operations.

Assessed impact of threat on business operations: High. Digiknight’s infrastructure is highly

reliant upon controlled computer systems. Accordingly, infection of internal infrastructure

devices would greatly impact business operations. We face threats externally from both upstream

business partners, as well as randomized and targeted attacks via publicly transmitted data.

5. Hardware Equipment Failure Threat source:

- Internal

Likelihood of occurrence: High. This threat indicates both partial and complete failure of

technical hardware equipment and cables. Equipment deteriorates over time and it is very likely

we will experience some form of hardware failure during business operations.

Upstream loss analysis: Medium. Publishers equipment failure can affect their ability to

produce us with a product to manufacture. DigiKnight is not reliant upon one supplier, however

a disruption in normal business relationships would be noticeable in DigiKnight’s operations.

Downstream loss analysis: Low. Customer hardware failure will not directly affect DigiKnight

except for rare circumstances. Unless the compromise inhibits their ability to conduct business

with DigiKnight, it will not affect business operations.


reliant upon controlled computer systems. Accordingly, failed hardware for critical services

would greatly impact business operations. Other failures such as: workstations, access points,

printers, etc., would not be as detrimental.

6. Wireless Security Threat source:

- External Likelihood of occurrence: Medium. Wireless is often used as a point of attack into a network. If

DigiKnight were to be the target of an attack, wireless may be an exploitable area of the network.

23

Upstream loss analysis: High. A breach in the wireless security of one of our publishers could

be detrimental to our business operations. Such a breach of security could lead to other threat

sources, such as Virus’s & Malware being propagated throughout the publishers and/or our

business. View the “Virus & Malware” threat section for further information.

Downstream loss analysis: Low. Wireless security compromise in a publisher’s environment

will not generally affect us. These are typically internal issues and unless the compromise

inhibits their ability to conduct business with DigiKnight, it will not affect business operations.


reliant upon controlled computer systems. Accordingly, compromise of network infrastructure

would greatly impact business operations. We face threats externally from both upstream

business partners, as well as target attack via wireless signals.

7. Data Corruption/Loss Threat source:

- Internal

Likelihood of occurrence: High. It is typically in any environment to have data loss at some

point. With the appropriate measures in place, we can minimize the effect of data loss within the

organization.

Upstream loss analysis: Medium. Our publishers face the same obstacles of data loss as we do.

Data corruption/loss from a publisher may effect their business relationship with us. However,

we are not completely reliant on one publisher to remain operational, accordingly a devastating

blow to one of them, though unfortunate, would not halt us from continuing business.

Downstream loss analysis: Low. Data corruption/loss loss to one of our retailers will mildly

effect business operations. Any damages to our customers data may inhibit their abilities to make

purchases, which does affect us. However, is such data corruption/loss put the retailer out of

business, it would affect DigiKnights business operations.

Assessed impact of threat on business operations: Medium. Even in the most severe cases, data

corruption/loss is not likely to stop DigiKnight’s business operations. The typical data kept

within DigiKnight is customer and publisher contact information and past business transactions,

which is not business critical.

8. ISP Maintenance Threat source:

- External

Likelihood of occurrence: High. It is very likely our Internet Service Provider will perform

maintenance on our connection periodically.

24

Upstream loss analysis: Low. Publishers Internet Service Providers will also periodically

undergo maintenance. Unless they have a backup provider, that means down time for them.

However, these maintenances are typically done off business hours and will not affect business

relationship.

Downstream loss analysis: Low. Customers Internet Service Providers will also periodically

undergo maintenance. Unless they have a backup provider, that means down time for them.

However, these maintenances are typically done off business hours and will not affect business

relationship.

Assessed impact of threat on business operations: Low. DigiKnight is not reliant upon the

internet to conduct business. Therefore, any downtime due to Internet Service Provider

maintenance, even if done during business hours, will only cause minimal disruption to business

activities.

D. Environmental / Infrastructure Threats 1. Energy and fuel scarcity

Likelihood of occurrence: Moderate. While the global energy demand is increasing - The

International Energy Outlook expects a 50% increase by 2035 (source) - our methods of meeting

that rising demand are increasing as well. New technologies allow us to mine energy sources that

were previously unreachable, and renewable energy sources are getting more efficient and

prevalent. It is unclear whether we’ll be able to keep up with global energy demands in the long

run, which is why we believe there is a moderate likelihood that an energy and fuel scarcity

threat will occur.

Upstream loss analysis: High. If one of DigiKnight’s suppliers experienced interruptions in

business operations due to energy and fuel scarcity, it’s likely that DigiKnight’s operations

would suffer as well. DigiKnight cannot print video games to disc without receiving originals

from suppliers.

Downstream loss analysis: Moderate: If one or a few of DigiKnight’s clients experienced

interruptions in business operations due to energy and fuel scarcity, DigiKnight might experience

a minor loss of sales. However, DigiKnight’s business operations wouldn’t suffer too much

unless a significant portion of its clients would suffer the same threat.

Assessed impact of threat on business operations: High. If there was energy and fuel scarcity,

DigiKnight’s business operations would likely suffer severely. There might be a loss of

electricity and gas to the building, which would keep DigiKnight from producing product.

Additionally, it might be impossible for deliveries to be made to DigiKnight’s clients, effectively

halting all revenue sources.

2. Material Resource Scarcity

http://news.discovery.com/earth/global-warming/how-much-fossil-fuel-is-in-the-earth.htm

25

Likelihood of occurrence: Low. The only material resource that DigiKnight uses in production

are CD’s to which the video games are copied. CD’s are made from polycarbonate plastic,

covered with a thin layer of aluminum. Neither of these substances are particularly scarce or are

likely to become scarce in the near future. Polycarbonate plastic is made from other raw

materials, none of which are scarce themselves.

Upstream loss analysis: Low. DigiKnight’s suppliers use very little material resources in

production, since they develop video games through software applications.

Downstream loss analysis: Low. DigiKnight’s clients use very little material resources because

they sell the products that DigiKnight and other companies like DigiKnight delivers to them.

Assessed impact of threat on business operations: High. If DigiKnight did experience a scarcity

of material resources required for production, its business operations would be severely

impacted. Either another medium for video games would need to be found, or production would

not be able to continue.

3. Urbanization and congestion of infrastructure Likelihood of occurrence: High. More people are living in cities than ever before, a trend that is

not likely to stop in the near future. Traffic congestion is high in most major cities, and it will

likely only get worse.

Upstream loss analysis: Low. All of DigiKnight’s suppliers are software development

companies which are in a perfect position to have employees work from home. They are not

likely to be heavily affected by urbanization and congestion of infrastructure.

Downstream loss analysis: Moderate. DigiKnight relies on general infrastructure to deliver

copies of video games to its clients. Increasing urbanization and traffic congestion could affect

DigiKnight’s business operations due to delays and increased costs. Late deliveries are also

likely to diminish DigiKnight’s reputation with its clients.

Assessed impact of threat on business operations: Moderate. Urbanization and congestion of

infrastructure can affect DigiKnight’s business operations but not to the point where its effects

couldn’t be adjusted for. Deliveries can be made at different times of the day, even during the

night, so that clients never have to experience late arrival of merchandise. Although most of

DigiKnight’s employees can’t work from home, they could choose to work alternative hours so

as not to be stuck in traffic. The effects of urbanizations and infrastructure congestion should be

able to be mitigated.

4. Increase in digital media Likelihood of occurrence: High. Historically video games have always been bought on a

physical medium like a cartridge, CD, or DVD. More recently video games are increasingly

distributed through the Internet, where no physical medium is required for delivery. This is a

trend likely to continue in the future.

26

Upstream loss analysis: Low. DigiKnight’s suppliers are video game developing companies, and

therefore not likely to be affected by an increase in digital media.

Downstream loss analysis: High. DigiKnight’s clients are just as likely to be affected by an

increase in digital media. Video game developers could increasingly decide to make their games

directly available to the public through the Internet, thereby bypassing both DigiKnight and its

suppliers.

Assessed impact of threat on business operations: High. If video game developers increasingly

make their games available to the public through the Internet, there is no need for companies like

DigiKnight to copy the games to any physical medium. DigiKnight’s operations would be highly

affected due to a loss of business.

Prioritized list of threats From the threats listed, the following five threats have been determined to provide the most risk

to DigiKnight Technologies:

1. Damage to information resources

2. Earthquake

3. Virus and malware

4. Theft, sabotage, and vandalism

5. Hardware equipment failure

Damage to information resources is particularly threatening because it is unspecified what kind

of damage it is or what caused it. Damage to information resources can happen at any time and

for multiple reasons, such as accidental damage by an employee, intentional damage by an

outsider, or damage due to a ceiling lamp falling down. The unknown elements of timing and

impact of business operations, combined with the statistical certainty that such damage will

occasionally occur puts this threat on top of the list.

Second on the list is an earthquake, both because the chances of earthquakes in California are so

high, plus the potential damages to company assets as a result. Of the natural threats, the

earthquake is most likely to happen because of our location.

Viruses and malware are widespread these days, and can easily spread through a company’s IT

infrastructure because an employee opened an infected file they received through email. The

potential of damage to IT systems is great, and added to that are the costs of clean-up which is

why this threat is third on the list.

Theft, sabotage, and vandalism are unfortunately very likely to occur in any company. These are

threats with sources both external and internal. Statistics show that most company theft is

performed by employees of that company. These occurrences can have a huge impact both

financially and to employee morale, which is why it’s the number four threat on the list.

Finally, hardware equipment failure. This threat is number five on the list, not so much because

it doesn’t potentially have a huge impact on business operations - because it does - but more

because it is anticipated and DigiKnight has backup hardware parts for most of its critical and

non-critical IT systems. If this threat does occur, it is likely to be easily mitigated. However, the

27

potential financial impact of the threat if not easily mitigated still puts it on the list of prioritized

threats.

Business Functions

Mission Critical Functions Vital Functions Important Functions Shipping Administration Research and Development

Manufacturing / Maintenance Sales Marketing

Security

IT

Shipping Impact from Loss

Financial: If unable to ship product, loss of incoming revenue

Customers and Suppliers: May lose future work due to missing key dates or not meeting

expectations / volume

Public Relations and Credibility: May lose credibility if unable to fulfill important orders

Threat Impact If IT systems go down, can no longer prepare shipments

If manufacturing goes down, no longer have discs to ship

Physical loss of shipping warehouse – unable to ship products

Loss of boxes from all suppliers – no longer able to package shipments

Manufacturing / Maintenance Impact from Loss

Financial: If unable to produce discs, loss of all revenue

Customers and Suppliers: May lose future work due to missing key dates or not meeting

expectations / volume

Public Relations and Credibility: May lose credibility if unable to fulfill important orders

Threat Impact Physical destruction of equipment – unable to produce discs

Maintenance Staff unable to fix – unable to produce discs

Maintenance Staff cannot travel to work – unable to produce discs

Unable to obtain discs/cases from any supplier – unable to produce discs

Security Impact from Loss

Legal: Potential for physical breach and massive data loss, possible equipment loss

Loss Exposure: Theft could occur causing property loss

Human Resources: Employees may be hesitant due to lack of security, or some may try

and take advantage of no security

28

Threat Impact Security Equipment destroyed – Have to rely on staff only, no traceable security control

Security staff cannot come to work – no longer secure workplace

IT Impact from Loss

Financial: Loss of revenue, legal liabilities in the event of data loss / breach

Customers and Suppliers: Cannot contact customers / suppliers, as well as not being able

to get new customers. Possible risk of important data getting stolen, including unreleased

discs

Employees: Loss or theft of employee data may cause many employees to leave company

Public Relations and Credibility: Large hit on credibility

Legal: Data privacy laws and data security laws

Operational: Loss of IT functions would shut down Shipping department

Loss Exposure: Data breach would cause large fines

Corporate Image: Data breach would damage image to large extent

Threat Impact Loss of Internet Connection: Shipping department, Sales department, and Marketing department

would be shut down

Data Breach: Risk of confidential data being stolen, large fines, employee resignations, and loss

of customers

29

Business Impact Analysis

Business Processes

Administration - Managing organizational calendar

- Maintaining files

- Making travel arrangements

- Preparing reports

- Communication (internal and external)

- Ensuring DigiKnight adheres to both Federal and State regulations

Sales - Client acquisition

- Client management

- Supplier acquisition

- Supplier management

- Coordination with shipping to ensure on-time delivery of products

Marketing - Creation of marketing strategies for the company

- Public Relations

- Social Media

- Measuring effectiveness of marketing strategies

Research and Development - Improvement of manufacturing process

- Acquisition and testing of new technology

Shipping - Preparing products for shipping

- Receiving deliveries of materials for production

Manufacturing / Maintenance - Operating the production machinery to create a product

- System maintenance

- Quality control

- Establishing and enforcing safety regulations

- Implementation of new manufacturing technologies

Security - Ensuring safety and security of personnel

- Safeguarding the physical facilities

30

- Routine patrols

- Maintenance of security equipment (cameras, etc.)

IT - Implementation and maintenance of technological infrastructure

- Acquisition, testing, and implementation of new IT equipment

- Creation, implementation, and maintenance of applications and software services

- Back-ups of IT systems

- IT troubleshooting and assistance.

Ordering these processes in terms of importance to overall operations, the following list is

obtained (the list does not include every business process):

1. Ensuring safety and security of personnel (Security)

2. Operating the production machinery to create a product (manufacturing / maintenance)

3. Shipping products for delivery (shipping)

4. Receiving deliveries of materials for production (shipping)

5. Creation, implementation, and maintenance of applications and software services (IT)

6. Implementation and maintenance of technological infrastructure (IT)

7. Back-ups of IT systems (IT)

8. Client management (Sales)

9. Supplier management (Sales)

10. Quality control (Manufacturing / maintenance)

Requirements for business recovery If manufacturing processes are halted: The requirements for business recovery are that DigiKnight is able to continue its main business

operations, meaning it can perform all of its revenue-generating activities. Since DigiKnight does

not own or operate a warehouse, the manufacturing process is among one of the most business-

critical. If manufacturing stops, DigiKnight has an extremely limited time-frame to get it back up

and running before the company starts to lose revenue. Therefore, in case of an extreme threat or

emergency where DigiKnight’s facilities or equipment are damaged to the point where

manufacturing has to stop, a back-up facility has to be in place from where business can be

continued in a short period of time. Due to the cost associated with a fully mirrored site - a

location where DigiKnight would have an identical set-up to its live site - the most practical and

cost-effective solution in this scenario would be a pre-arranged contract with another CD -

pressing facility.

If manufacturing processes are intact: In case of a less extensive threat or emergency where DigiKnight’s manufacturing processes are

not compromised or halted, the requirements for business recovery are different. For instance, if

the facilities and manufacturing equipment is intact but a threat or emergency has caused

DigiKnight’s IT infrastructure to fail, the time-frame for recovery is somewhat larger. Revenue-

generating activities can continue and shipments can still be sent out as scheduled, at least for a

period of time. There would be no way to verify what shipments need to go out at a later time or

date so eventually DigiKnight’s revenue-generating activities would still come to a halt.

31

In this case, the requirements for business recovery are to get all supporting business operations

back up and running. Software applications and services need to become accessible, shipping

schedules need to be available, and the sales and administration departments need to have access

to the client and supplier files for relationship management and customer service. If IT

equipment and infrastructure is disrupted but otherwise undamaged, these requirements can be

met through immediate system maintenance and restoring of backed-up data. However, if key

equipment or infrastructure is damaged beyond repair, the solution to recovery might be to resort

to a warm site.

If a threat or emergency arises where IT equipment and infrastructure is undamaged and remains

operational, but certain employees cannot access their workstations due to safety issues (for

instance a fire in one part of DigiKnight’s facilities or a gas leak) then the solution to recovery

might be found in a mobile site.

Resource Interdependencies DigiKnight’s ability to produce products depends heavily on the IT infrastructure. The means of

administration, marketing, research and development, shipping, and manufacturing all rely on IT

to work accurately and efficiently.

Tasks that cannot be completed without IT

Managing Organizational

Calendar

Maintaining Files Communication (internal and

external)

Social Media

Measuring effectiveness of

marketing strategies

Improvement of

manufacturing process

Acquisition and testing of new

technology

Preparing products for

shipping

Operating the production

machinery to create a product

System maintenance

Quality control

Implementation of new

manufacturing technologies

As a result, in a disaster scenario it is a priority to ensure the IT infrastructure is operational.

Additionally, the clerical departments have a few root functions that must be addressed in order

to provide support for the main business functions. These root functions are listed below in order

of priority:

1. Communication (internal and external)

2. Ensuring DigiKnight adheres to both Federal and State regulations

3. Managing organizational calendar

4. Creation of marketing strategies for the company

5. Maintaining files

32

Clerical Business Functions that are reliant on the root business functions

Making travel arrangements

Preparing reports

Client acquisition

Client management

Supplier acquisition

Supplier management

Coordination with shipping to

ensure on-time delivery of

products

Public Relations

Measuring effectiveness of

marketing strategies

Impact on Operations In a disaster scenario there are several impact points DigiKnight should be prepared to face.

These are critical areas that ensure the livelihood of the business. These areas include:

Critical Areas for our Business

Financial Loss of revenue, increase in the cost of production, financial

penalties, lawsuits, unexpected expenses.

Customers and suppliers Customers and/or suppliers may be lost of a disaster causes a

disruption of service. This may cause a shortage or surplus of

inventory, either of which would be disruptive to business operations.

Staff Catastrophic events could cause death, injury, or stress to employees.

An event causing harm to employees may leave DigiKnight

understaffed. Must meet expectations for staff safety and health

regulations

Reputation Failing to be resilient during a disaster may appear unprofessional.

This may cause the loss of business relationships. Additionally, the

loss of any proprietary or personal data during a disaster may cause

the business to lose credibility. Determine how corporate image will

be affected.

Legal & regulatory Must abide by laws and regulations during a disaster.

Environmental Avoid causing extra damage to the environment during a disaster.

Determine and mitigate the risks DigiKnight could cause to the

environment due to a catastrophic event.

Integrity A disaster should not affect the integrity of DigiKnight’s work. This

includes the quality of the product, how staff is treated, business

relationships, and customer service.

Human Resources Address issues of employee morale. Determine how staff is

personally affected by the disaster.

Credibility Determine how investors and banks will view the company in the

event of business disruption.

Systems How will critical systems be affected during a disaster, and what will

it take to make sure the systems are operational?

Delivery and service Ensuring the product can be delivered during a disaster, and uphold

the expected level of service.

33

Priorities and Classification of Business Processes and Functions

Business

Function

Business

Process

Criticality RTO WRT MTD Comment IT dependencies

Administration

Ensuring

DigiKnight

adheres to both

Federal and

State regulations

Vital 1 day 1 day 2 days Business operations must

maintain regulatory standards

File server needs to be

accessible to store reports.

Internet needs to be

accessible to look up

regulatory requirements.

Managing

organizational

calendar

Minor 4

days

1 day 5 days The organization calendar

can be recovered after other

more important processes are

recovered


accessible to store

calendar. Mail server

needs to be accessible to

allow sharing the calendar.

Maintaining files Vital 2

days

1 day 3 days Administration needs to

maintain files


accessible.

Making travel

arrangements

Minor 4

days

1 day 5 days Travel arrangements can be

recovered after other more

important process are

recovered


accessible to store travel

reports. Internet needs to

be accessible to make

arrangements.

Preparing

reports

Important 3

days

1 day 4 days Reports need to be prepared,

but are not as important as

other processes


accessible to store reports.

Communication

(internal and

external)

Mission-

Critical

2

hours

2

hours

4 hours Communication is required

especially after a disaster.

Administration needs to

ensure that other departments

are following the BC/DR

Plan

Mail server needs to be

accessible.

34

Business

Function

Business

Process


Sales

Client

acquisition

Minor 2

days

1 day 3 days Acquisitioning clients isn’t an

immediate need

File server, mail server,

and database server need

to be accessible.

Client

management

Vital 4

hours

4

hours

8 hours Clients might be upset about

delayed product

Mail server, database

server, and web server

need to be accessible.

Supplier

acquisition

Minor 2

days

1 day 3 days Acquisitioning suppliers isn’t

an immediate need


and database server need

to be accessible.

Supplier

management

Vital 4

hours

4

hours

8 hours Suppliers might be concerned

about DigiKnight’s ability to

continue business processes

Mail server, database

server, and web server


Coordination

with shipping to

ensure on-time

delivery of

products

Important 12

hours

12

hours

1 day This is important, but not

more vital than other

processes and functions

Mail server and database

server need to be

accessible.

35

Business

Function

Business

Process


Marketing

Creation of

marketing

strategies for

the company

Minor 5 days 2

days

1 week This can be put on hold

until other processes are

recovered


database server, print

server, web server, and

Internet need to be

accessible.

Public

Relations

Important 12

hours

12

hours

1 day If DigiKnight’s public

relations are at risk from

the incident, then they

need to be recovered

Database server, mail

server, web server, and

Internet need to be

accessible.

Social Media Minor 1 day 1 day 2 days This can wait until other

processes have recovered

Mail server and Internet


Measuring

effectiveness of

marketing

strategies

Minor 5 days 2

days

1 week This can wait until other


File server, database

server, and Internet need

to be accessible.

Research and

Development

Improvement

of

manufacturing

process

Minor 5 days 2

days

1 week Improvements can be put

on hold until other



and Internet need to be

accessible.

Acquisition

and testing of

new

technology

Minor 5 days 2

days

1 week This can be put on hold

until all other processes

are recovered

All IT systems need to be

accessible to properly

implement and test new

technology.

36

Business

Function

Business

Process


Shipping

Preparing

products for

shipping

Vital 4 hours 4

hours

8 hours To resume business

operations, preparing

products for shipping is

mission-critical

File server and database

server need to be

accessible.

Receiving

deliveries of

materials for

production

Vital 12

hours

12

hours

1 day If materials run out for

production, the business

can’t resume

Database server needs to

be accessible to log

delivery.

Manufacturing

/ Maintenance

Operating the

production

machinery to

create a

product

Mission-

Critical

2 hours 2

hours

4 hours To restore business

continuity, operating the

machinery is one of the

biggest steps

Database server and print

server need to be

accessible.

System

maintenance

Important 1 day 1 day 2 days System maintenance often

times needs to be done to

abide by safety standards

None.

Quality control Vital 12

hours

12

hours

1 day Quality should not be lost,

no matter the incident

None. The quality control

machine is an independent

device.

Establishing

and enforcing

safety

regulations

Mission-

Critical

2 hours 2

hours

4 hours Safety is extremely

important at DigiKnight

None.

Implementation

of new

manufacturing

technologies

Minor 5 days 2

days

1 week New manufacturing

technologies can wait

until after




technology.

37

Business

Function

Business Process Criticality RTO WRT MTD Comment IT dependencies

Security

Ensuring safety

and security of

personnel

Mission-

Critical

1 hour 1

hour

2 hours Security is a key principle

at DigiKnight, so it is

taken very seriously.

None.

Safeguarding the

physical facilities

Important 1 day 1 day 2 days The security of the

physical facilities are

important

File server and network

access are required to

watch, store, and pull

camera feeds.

Routine patrols Important 12

hours

12

hours

1 day Routine patrols are

important to maintain

security

None.

Maintenance of

security

equipment

Important 1 day 1 day 2 days Security equipment must

be kept functioning in

order to properly secure

the company

None.

38

Business

Function

Business Process Criticality RTO WRT MTD Comment IT dependencies

IT

Implementation

and maintenance

of technological

infrastructure

Mission-

Critical

2 hours 2

hours

4 hours Without the technological

infrastructure being

recovered, the whole

system could fall apart

Various IT systems,

depending on function.

Acquisition,

testing, and

implementation

of new IT

equipment

Minor 5 days 2

days

1 week New IT equipment can be

postponed until other





technology.

Creation,

implementation,

and maintenance

of applications

and software

services

Vital 4 hours 4

hours

8 hours Ensuring that applications

and software services are

running is vital

File server, database

server, mail server, and

web server need to be

accessible.

Making back-ups

of IT systems

Minor 2 days 2

days

4 days Backing up systems during

a threat or disaster is of

low importance.

Back-up server and WAN


Restoring back-

ups of IT systems

Mission-

critical

1 hour 1

hour

2 hours Restoring back-ups to IT

systems when necessary

needs to be done ASAP.

Back-up server and WAN


IT

troubleshooting

and assistance

Important 12

hours

12

hours

1 day If there are problems that

have a high priority then

troubleshooting those

should gain priority

All IT systems.

39

Business IT System RTO WRT MTD Comments

File Server 4 hours 4 hours 8 hours The file server is required for employees to store and pull files. It

supports two vital business processes and therefore cannot be

inaccessible for more than 8 hours.

Database Server 2 hours 2 hours 4 hours The database server stores client and order information. Mission-

critical processes depend on the database server so it can’t be down for

more than 4 hours.

Mail Server 2 hours 2 hours 4 hours E-mail is part of the backbone of DigiKnight’s internal and external

communications system. It supports mission-critical processes and

cannot be down for more than 4 hours.

Web Server 4 hours 4 hours 8 hours The web server hosts DigiKnight’s website and supports several vital

business processes. It cannot be down for more than 8 hours.

Print Server 2 hours 2 hours 4 hours The print server supports one mission-critical process, which is the

printing of in-box materials. Therefore, it cannot be down for more

than 4 hours.

Back-up Server 1 hour 1 hour 2 hours If the back-up server is down this slows down recovery for all other

systems. Therefore, the back-up server cannot be inaccessible for more

than 2 hours.

AD/DNS Servers 1 hour 1 hour 2 hours Since the AD/DNS servers make it possible for IT systems to find

each other and communicate, they support all other IT systems and

cannot be down longer than the lowest MTD, which is 2 hours.

Internet 1 hour 1 hour 2 hours Although the Internet doesn’t support any mission critical processes

when viewed as a collection of web pages, the Internet also serves as

the company’s WAN link which supports the mission-critical process

of restoring back-ups. Therefore it cannot be down for more than 2

hours.

40

Recovery Point Objective: DigiKnight’s recovery point objective (RPO) is four days. Every four days DigiKnight’s servers

and all data are backed-up to an off-site location. In case of a threat or disaster, DigiKnight can

afford to lose four days of data at most. Although certain departments and business processes

will be inconvenienced by losing data, no business critical processes would be severely affected.

Backing up more often than every four days would not be cost-effective.

Financial, Operational, and Legal Impact of Disruption:

Natural (Fire, earthquake, flood, tornado, or storms) Financial Impact: Possible loss of revenue of DigiKnight’s end-product is damaged. Cost to

replace damaged equipment and possible damage to DigiKnight’s buildings.

Operational Impact: A natural disruption would cause an evacuation of the premises, leading to

lost time and production. Depending on the damage, more time could be lost in restoring

operations. In case of severe disruption, a business continuity measure such as reverting

operations to another site or mobile site needs to be considered.

Legal Impact: Potential lawsuits in case of employee injuries. Contract disputes regarding

product delivery are also possible if operations are severely disrupted.

Theft, sabotage, vandalism Financial Impact: Costs to replace stolen or damaged equipment, if not covered by insurance.

Operational Impact: Disruptions in operations due to stolen or broken equipment. Further

disruptions may be due to investigating the issue and finding the person responsible.

Legal Impact: Filing charges and suing the responsible party. Costs for lawyers and legal fees,

and legal repercussions for firing the responsible party must also be considered. Contract

disputes regarding product delivery are also possible if operations are severely disrupted.

Labor disputes Financial Impact: Loss of revenues due to disrupted or halted production. Possible higher labor

costs as a result of the dispute.

Operational Impact: Severe operational impact due to disrupted or halted production and

possible relationship issues between management and employees.

Legal Impact: Costs for lawyers and legal fees to review labor contracts. Contract disputes

regarding product delivery are also possible if operations are severely disrupted.

Workplace violence Financial Impact: Possible loss of revenues due to disrupted production.

Operational Impact: Disrupted or halted production due to violence issue and possible

disruptions due to absence of involved employees. Additionally, further disruptions may be

caused by investigating the issue.

Legal Impact: Possible lawsuits and issues regarding firing employees of DigiKnight.

Terrorism

41

Financial Impact: Loss of revenues. Costs related to repairing or replacing broken equipment or

restoring structures.

Operational Impact: Disrupted or halted production. Possible further disruptions related to

changing work sites, if necessary. Employee absence due to injury or shock might cause further

disruptions. Additionally, further disruptions may be caused due to investigating the act of

terrorism and finding the responsible party.

Legal Impact: Possible lawsuits related to employee injuries. Contract disputes regarding product

delivery are also possible if operations are severely disrupted.

War Financial Impact: Loss of revenues.

Operational Impact: War would most certainly cause disruptions in production. Further

disruptions could be caused due to employee absence, and possibly damaged equipment.

Legal Impact: Contract disputes regarding product delivery are possible if operations are

severely disrupted.

Intellectual Property Rights Disputes Financial Impact: Potential legal liabilities with financial penalties.

Operational Impact: Disrupted production until IP dispute is resolved.

Legal Impact: Legal fees related to lawsuits.

Damage to Information Resources Financial Impact: Loss of revenues. Costs to repair or replace damaged resources.

Operational Impact: Besides disruptions in production, further disruptions would be caused by

investigating the issue and finding the responsible party.

Legal Impact: Legal fees related to lawsuits and issues in firing employees of DigiKnight.

Contract disputes regarding product delivery are possible if operations are severely disrupted.

Password Security Financial Impact: Password security threats have no directly related financial impacts.

Operational Impact: Indirectly, weak passwords can lead to compromised systems and

disruptions in production.

Legal Impact: Password security threats have no directly related legal impacts.

Virus and Malware Financial Impact: Loss of revenues. Costs related to cleaning or repairing affected systems.

Operational Impact: Viruses and malware can cause systems to stop functioning as they are

supposed to, leading to disrupted production. Additional disruptions could come from

implementing counter-measures and investigating the issue.

Legal Impact: Possible legal issues relating to firing employees responsible for the virus

infection, if anyone is determined to be at fault. Contract disputes regarding product delivery are

possible if operations are severely disrupted.

Hardware Equipment Failure Financial Impact: Loss of revenues. Costs related to repairing or replacing the equipment that

42

failed.

Operational Impact: Depending on what hardware equipment failed, operations can be

minimally or severely interrupted. Further interruptions might be caused by the repair process.

Legal Impact: If the hardware equipment failure led to any employee injuries there might be

legal fees related to lawsuits. Contract disputes regarding product delivery are possible if

operations are severely disrupted.

Data Corruption or Loss Financial Impact: Loss of revenues.

Operational Impact: Data corruption or loss is likely to cause disruptions in operations due to

employees not having access to the data they need.

Legal Impact: None.

Energy and Fuel Scarcity Financial Impact: Higher costs for energy and fuel.

Operational Impact: If there was energy and fuel scarcity, DigiKnight’s business operations

would likely suffer severely. There might be a loss of electricity and gas to the building, which

would keep DigiKnight from producing product. Additionally, it might be impossible for

deliveries to be made to DigiKnight’s clients, effectively halting all revenue sources.


severely disrupted.

Material Resource Scarcity Financial Impact: Higher costs for material resources

Operational Impact: If DigiKnight did experience a scarcity of material resources required for

production, its business operations would be severely impacted. Either another medium for video

games would need to be found, or production would not be able to continue.


severely disrupted.

Urbanization and Congestions of Infrastructure Financial Impact: Higher costs related to product deliveries to clients.

Operational Impact: DigiKnight employees might experience difficulty in getting to work,

leading to disruptions in operations. Deliveries to clients would take longer, and there might be

disruptions in receiving material resources for production.


severely disrupted.

Increase in Digital Media Financial Impact: Loss of revenues.

Operational Impact: Increases in digital media would not lead directly to disruptions in

operations, but fewer sales would indirectly lead to lower production.

Legal Impact: None.

Insurance Quotes Authorized Employees

43

Only the Board of Directors has the right to contact the insurance provider

Insurance Provider All of DigiKnight’s insurance is through Aflac. Their phone number is 1-800-882-3522

DigiKnight has general liability insurance, commercial property insurance, and disability

insurance.

Reporting Claims Be sure to gather all evidence of the situation via photographs, video, police reports (depending

on situation) and any other relevant information BEFORE contacting the insurance company. Be

as specific as possible, being sure to not leave out anything relating to what has occurred.

FEMA The Federal Emergency Management Agency provides many services to communities and small

or large businesses. They have information on preparing for disasters, including detailed

information on various natural disasters. From earthquakes to winter storms, they have

preparation information along with recovery information. They suggest having warning systems

and signals for natural disasters. Wireless Emergency Alerts are text like messages that alert

employees of potential disasters or dangers. There is also IPAWS or Integrated Public Alert and

Warning System. This system allows locals or businesses to send out warnings of potential

disasters or dangers. FEMA also awards grants to those who are prepared for disaster. If contact

needs to be made with FEMA about any FEMA programs the contact information is below:

Industry Liaison Program Kimberly C. Brown

Industry Liaison Program Manager

Phone: (202) 646-1895

Fax: (202) 646-4348

Industry Liaison Support Center

Phone: 202-646-1895

Email: [email protected]

Suppliers

DigiKnight’s Supplier Information

Primary Vendor Secondary Vendor Tertiary Vendor

Computer Systems Dell

One Dell Way

Round Rock, Texas

78682

(1-800-WWW-DELL)

HP

3000 Hanover Street

Palo Alto, CA 94304-1185

USA

(800-282-6672)

Bold Data

Technology, Inc.

48363 Fremont

Blvd.

Fremont, CA

94538

800-923-2653

Blank CD / DVD

Cases

The Tech Geek

48965 Warm Springs

DiscMakers

http://www.discmakers.com

Dub-It Media

Services

mailto:[email protected]

http://www.discmakers.com/

44

Blvd

Fremont, CA 94539

1-800-456-0825

7905 N. Route 130

Pennsauken, NJ 08110-

1402

Toll Free: 800-468-9353

Local: 856-663-9030

Hollywood Sales

Office

1110 North

Tamarind

Avenue

Hollywood,

California 90038

1-888-99DUB-

IT

Local: 323-993-

9570

Boxes Customized Packaging

Solutions Inc.

8333 24th Avenue

P.O. Box 278060

Sacramento, CA 95826

The Packaging House, Inc.

6330 North Pulaski Road

Chicago, Illinois 60646-

4594

800-966-1808

Paper JC Paper

47422 Kato Rd

Fremont, CA 94538

(510) 413-4700

Communications B&H Foto and

Electronics Corp

420 9th Ave

New York, NY 10001

Newegg.com

9997 Rose Hills Road

Whittier, CA. 90601

Flashlights Fry's Electronics

600 East Brokaw

San Jose, CA 95112

USA

B&H Foto and Electronics

Corp

420 9th Ave

New York, NY 10001

Batteries Fry's Electronics

600 East Brokaw

San Jose, CA 95112

USA

B&H Foto and Electronics

Corp

420 9th Ave

New York, NY 10001

First-aid kits REI

1700 - 45th St. E.

Sumner, WA 98352

Cabelas

One Cabela Dr

Sidney, NE 69160

Activation of an Alternate Work Site The leader of the activation team will be Carlton Smith, CEO of DigiKnight Technologies. Also

on the team is Mark Saunders, manager for the administration department, Linda Kraemer,

manager for the manufacturing department, Brett Kelcey, manager for security, and Alicia

McKellips, manager for IT.

Name Location Phone Number

Carlton Smith CEO - Location N/A 415-555-7841

Mark Saunders Administration 415-555-8643

45

Linda Kraemer Manufacturing 415-555-6161

Brett Kelcey Security 415-555-3852

Alicia McKellips IT 415-555-8352

Depending on the type of backup site that is transferred or activated, procedures will change.

Carlton Smith will decide when the activation of the alternate work site needs to be made.

Carlton Smith will then contact the other members and inform them. If the employees need to be

transferred to an alternative work site, Mark Saunders will handle legal and HR repercussions.

Linda Kraemer will work to secure the transfer of equipment if there is a need to do so. Brett

Kelcey will insure the safety of all employees while the process is occurring. He will also be in

charge of physical security during the transfer. Alicia McKellips will be in charge of insuring

that the server information is backed up and secured, and transferred to the backup site if need

be.

Cold Backup Site A cold backup site is an empty location on standby. In this scenario, everything required to

restore the business must be delivered to the site before the recovery process may begin. As a

result, a proper plan should be in place defining where the cold site is established. This will

prevent unnecessary confusion during a disaster and provide a smoother transition to the site. Using a cold backup site will allow DigiKnight to inexpensively resume critical business

operations at another location. In order for this option to be viable, the cold backup site must be

large enough to support all critical business functions (see section on business processes and

functions). Additionally, regular tape backups must be made of business critical data and stored

off site and manually restored at the cold site. As a result of these efforts, DigiKnight must

accept a minimum of 3-6 days’ worth of downtime before becoming completely operational. Requirements for a Cold Backup Site

1. Tape backups A contract is established with Iron Mountain® as a full solution for storing offsite tape backups.

The company will pick up and deliver DigiKnight’s tape backups to a secure facility. Here they

will be stored and managed by Iron Mountain®. The company has arranged 24/7/365 service to

ensure DigiKnight’s backups will always be available.

2. Obtain a Location The location of the site should be far enough away to avoid facing the same environmental

threats as the primary site, but close enough to transport the equipment within one day. This site

will be leased, but remain empty until needed. The cold site location is Livermore in California, about 20 miles northeast of Fremont.

Livermore is easily accessible from Fremont by highways 680 and 84, but it’s far enough

removed that any hazards affecting DigiKnight’s live site are unlikely to also affect the cold site.

The exception to this would be an earthquake, which could potentially affect both sites but any

location far enough removed from Fremont to not be affected by an earthquake is unlikely to be

accessible to DigiKnight’s employees in a timely manner, so this is a risk that must be accepted.

Livermore is further removed from the bay, meaning that if an earthquake or other disaster did

46

occur that might cause flooding, Livermore would be unlikely to be affected as much as

Fremont. The office space that has been rented as the location for the cold site is a facility at 3037

Independence Drive, Building F, Livermore, CA, 94550. At 4,729 square feet it’s smaller than

DigiKnight’s live production facility (8,000 square feet) but large enough to house all necessary

manufacturing and IT equipment and take over production for a short period of time. The

building has easy access to the parking lot through the back, where products can be made ready

for shipping and loaded into the trucks.

3. Establish a transportation company A contract is established with Machine Transport INC. to transport DigiKnight’s equipment to

the cold backup site. This equipment consists of: Manufacturing: - CD stamping machines - Diagnostic machine for quality control - High speed printer for in-box materials - Machine that places all materials in a box IT: - Five workstations (3.2 GHz Pentium 4 Processors, 1024 MB of RAM, 100 GB SATA Hard

Drive, Built-In Video Card, Gigabit Network Card, 21 Inch Monitor, Windows XP) - Ten servers (Dual core 3.2 GHz Processors, 4 GB of RAM, 3 X 500 GB Hard Drive,

(configured to RAID 5), Windows Server 2008, Dual Gigabit Network Cards, 15 Inch Monitor) - Miscellaneous equipment, this includes but not limited to: Computer Chairs, Computer Desks,

Tables, Appliances such as refrigerators, microwaves, etc., moveable Lighting fixtures, Desk

Accessories, Maintenance equipment, Spare parts, and Office files.

An SLA has been established between DigiKnight and Machine Transport INC. confirming that

Machine Transport INC. MUST be on site and begin the transportation process within four hours

from first contact. Machine Transport INC. must have agreed upon equipment at the recovery

site WITHIN 36 hours of first contact. Lastly, all equipment must be unloaded and transported

within the recovery building WITHIN 48 hours of initial contact. All efforts will be coordinated

with crisis team, and all transportation duties, as outlined in the SLA, are the responsibilities of

Machine Transport INC. unless DigiKnight’s negligence can be proven. Contact information for tape backup and transportation vendors:

Company Phone Number Home Office Website

Iron Mountain® 425-888-7821 8150 Signal Ct

Sacramento, CA 95827

www.ironmountain.com

Machine Transport 425-820-2938 12306 NE 144th Street machinetransport.com

47

INC. Kirkland, WA 98034

Warm Backup Site This site already has the necessary equipment to get the business up and running in the event of a

disaster. Backups must be delivered to the site, and then the process of restoration can begin.

This is more expensive than a cold backup site because of the cost of redundant equipment. Using a warm backup site will allow DigiKnight to quickly resume critical business operations at

another location. However, the cost of redundant equipment is substantial. Also, to provide a

smooth transition in the recovery, the warm backup site should have maintenance performed on a

bi-monthly basis. This maintenance includes: -Installing patches -Installing new software -Installing new parts and/or equipment -Testing of machinery -Miscellaneous task that ensure the site is optimal Performing this maintenance will reduce downtime during a recovery. Additionally, the warm backup site must be large enough to support all critical business

functions (see section on business processes and functions). Furthermore, nightly backups must

be made of business critical data from the primary site to the warm site. As a result of these

efforts, DigiKnight must accept a minimum of 1-3 days’ worth of downtime before becoming

completely operational. Requirements for a Warm Backup Site

1. Backup Plan DigiKnight will adopt a full recovery model that will replicate the entire database to the warm

site at the close of business each Friday. This is the most viable option because the replication

will be taking place over the WAN connection. To supplement excessive data loss between

weekly backups, DigiKnight will replicate differential backups at the close of business Monday-

Thursday. This ideally minimizes data loss to a maximum of 24 hours, a risk DigiKnight will

accept.

2. Obtain a Location The location of the site should be far enough away to avoid facing the same environmental

threats as the primary site, but close enough drive to within the RTO. This site will be leased and

most equipment will be stored and powered off. While this site is not being used for recovery, it

will act as a satellite location for the administration, sales, and marketing departments.

Employees will be able to access DigiKnight’s network via VPN tunneling in order to access

resources necessary for their job criteria. The warm site location is Livermore in California, about 20 miles northeast of Fremont.


removed that any hazards affecting DigiKnight’s live site are unlikely to also affect the warm

site. The exception to this would be an earthquake, which could potentially affect both sites but

any location far enough removed from Fremont to not be affected by an earthquake is unlikely to

be accessible to DigiKnight’s employees in a timely manner, so this is a risk that must be

accepted. Livermore is further removed from the bay, meaning that if an earthquake or other

48

disaster did occur that might cause flooding, Livermore would be unlikely to be affected as much

as Fremont.

The office space that has been rented as the location for the warm site is a facility at 3037






3. Provide all equipment that live site has to the warm site The equipment that will be permanently stored and available at the warm site is the same

equipment that is used by the manufacturing and IT departments of DigiKnight’s live site. This

equipment consists of:

Manufacturing: - CD stamping machines - Diagnostic machine for quality control - High speed printer for in-box materials - Machine that places all materials in a box

IT: - Five workstations (3.2 GHz Pentium 4 Processors, 1024 MB of RAM, 100 GB SATA Hard


(configured to RAID 5), Windows Server 2008, Dual Gigabit Network Cards, 15 Inch Monitor) Additionally, the site is also completely furnished and provided with all necessary utilities such

as water and electricity. Workstations will only be powered on if in use by clerical employees

working at the site. Servers will always be up and running and connected to the company

network through a WAN (wide area network) link in order to receive nightly backups. Create a plan to run a hot site backup location, detail what equipment and other resources are

needed. A hot site is a fully redundant site that mirrors everything going on in the live site. Hot sites

provide the highest degree of availability and therefore risk mitigation, because every transaction

that happens on the live site is also processed on the hot site simultaneously (Snedaker, 2007). For DigiKnight technologies, a hot site would need to have exactly the same equipment as what

DigiKnight’s IT and manufacturing departments have available. The hot site does not need to

have equipment for DigiKnight’s other departments. Having a hot site that is 100% identical to

all three facilities of DigiKnight’s live site would simply be too expensive and not cost-effective.

In case of a threat or emergency that would render DigiKnight’s live site unavailable, most

employees would be able to continue their jobs from a mobile site, the plan outline for which is

49

included elsewhere in this BCDR plan. However, a mobile site would not allow DigiKnight’s IT

or manufacturing departments to continue their business processes and therefore a small hot site

is required so that DigiKnight’s revenue-generating business operations can continue regardless

of what happens.

Hot Backup Site 1. Obtain a location The location of the hot site has to be some distance away from the live site, so that whatever

threat or emergency has disabled the live site is unlikely to also have disabled the hot site.

However, at the same time the hot site cannot be so far away that employees cannot reach it in a

manageable time to continue business operations. The hot site location is Livermore in California, about 20 miles northeast of Fremont. Livermore

is easily accessible from Fremont by highways 680 and 84, but it’s far enough removed that any

hazards affecting DigiKnight’s live site are unlikely to also affect the hot site. The exception to

this would be an earthquake, which could potentially affect both sites but any location far enough

removed from Fremont to not be affected by an earthquake is unlikely to be accessible to

DigiKnight’s employees in a timely manner, so this is a risk that must be accepted. Livermore is

further removed from the bay, meaning that if an earthquake or other disaster did occur that

might cause flooding, Livermore would be unlikely to be affected as much as Fremont. The office space that has been rented as the location for the hot site is a facility at 3037

Independence Drive, Building F, and Livermore, CA, 94550. At 4,729 square feet it’s smaller

than DigiKnight’s live production facility (8,000 square feet) but large enough to house all

necessary manufacturing and IT equipment and take over production for a short period of time.

The building has easy access to the parking lot through the back, where products can be made

ready for shipping and loaded into the trucks.

2. Provide all equipment that live site has to the hot site The equipment that will be permanently stored and available at the hot site is the same



Manufacturing: - CD stamping machines - Diagnostic machine for quality control - High speed printer for in-box materials - Machine that places all materials in a box



(configured to RAID 5), Windows Server 2008, Dual Gigabit Network Cards, 15 Inch Monitor)

50

Additionally, the site is also completely furnished and provided with all necessary utilities such

as water and electricity. Although the workstations will typically be turned off, the servers will

always be up and running and connected to the company network through a WAN (wide area

network) link. Every transaction that takes place on DigiKnight’s local area network is

duplicated to the hot site so that if it needs to be used for production, all information,

applications, and services are readily available.

Mirrored Site Mirrored sites contain a fully redundant infrastructure that mirrors everything on the live site. A

mirrored site is essentially a hot site with the capability of load balancing network traffic

between the two sites. For DigiKnight, this solution will provide active-active sites for the network infrastructure.

During normal business operations network traffic will be load balanced between the primary

site and the mirrored site. This will effectively improve network efficiency. However, in a

disaster scenario all traffic will be routed to the mirrored site, or vice versa. Additionally, having

a mirrored site allows DigiKnight to completely shift its operations to one site or the other in

order to perform maintenance or upgrades. For DigiKnight technologies, a hot site would need to have exactly the same equipment as what

DigiKnight’s IT and manufacturing departments have available. The hot site does not need to

have equipment for DigiKnight’s other departments. Having a hot site that is 100% identical to

all three facilities of DigiKnight’s live site would simply be too expensive and not cost-effective.

In case of a threat or emergency that would render DigiKnight’s live site unavailable, most

employees would be able to continue their jobs from a mobile site, the plan outline for which is

included elsewhere in this BCDR plan. However, a mobile site would not allow DigiKnight’s IT

or manufacturing departments to continue their business processes and therefore a small hot site

is required so that DigiKnight’s revenue-generating business operations can continue regardless

of what happens. Requirements for planning a mirrored site:

1. Obtain a location The location of the mirrored site has to be some distance away from the live site, so that

whatever threat or emergency has disabled the live site is unlikely to also have disabled the

mirrored site. However, at the same time the mirrored site cannot be so far away that employees

cannot reach it in a manageable time to continue business operations. The mirrored site location is Livermore in California, about 20 miles northeast of Fremont.


removed that any hazards affecting DigiKnight’s live site are unlikely to also affect the mirrored






as Fremont.

51

The office space that has been rented as the location for the mirrored site is a facility at 3037

Independence Drive, Building F, and Livermore, CA, 94550. At 4,729 square feet it’s smaller

than DigiKnight’s live production facility (8,000 square feet) but large enough to house all

necessary manufacturing and IT equipment and take over production for a short period of time.

The building has easy access to the parking lot through the back, where products can be made

ready for shipping and loaded into the trucks.

2. Provide all equipment that live site has to the mirrored site The equipment that will be permanently stored and available at the mirrored site is the same


equipment consists of: Manufacturing: - CD stamping machines - Diagnostic machine for quality control - High speed printer for in-box materials - Machine that places all materials in a box IT: - Five workstations (3.2 GHz Pentium 4 Processors, 1024 MB of RAM, 100 GB SATA Hard


(configured to RAID 5), Windows Server 2008, Dual Gigabit Network Cards, 15 Inch Monitor) Additionally, the site is also completely furnished and provided with all necessary utilities such




duplicated to the mirrored site so that if it needs to be used for production, all information,


3. Synchronize Data DigiKnight’s infrastructure is built upon virtualized servers. In order to effectively run active-

active sites in which either could take over as the primary, the sites must synchronously mirror

data between one another. In the event of failure, all virtual machines will be transferred and

reloaded at the alternative site. Since the data is synchronized on the alternative site, there will

not be an interruption of service.

Plan to run a mobile site backup location Background A mobile site is a self-contained unit that can be transported to establish an alternate computing

or working site. They are often contained within a mobile trailer that is delivered by truck to a

specified location (Snedaker, 2007).

A mobile site provides backup office space in case the offices at the live site become unusable

52

for any reason. A mobile site comes equipped with certain standard features such as built-in plan

tables, built-in desks with file cabinets and heating and air conditioning. However, it will be

DigiKnight’s responsibility to supply chairs, computers and devices to use.

A mobile site will only be a BCDR solution in situations where the business processes of both

manufacturing and IT are not compromised. If no CD’s can be printed and DigiKnight’s

revenue-generating processes are halted, a mobile site will not provide an acceptable solution

because it doesn’t allow manufacturing to continue their operations. In such a situation, a hot or

mirrored site would be more acceptable, although due to costs associated with these solutions it

is more likely that DigiKnight would instead sign contracts with other CD-printing facilities to

take over (part of) the company’s workload.

Similarly, if the business processes of DigiKnight’s IT department were halted, a mobile site

would not be an acceptable solution because even though employees would gain access to a

workspace and a computer, they would not be able to use the applications and services they

require IT to provide for them. Only if the mobile site could be combined with another BCDR

solution where the IT department could also continue their business process such as a warm or

hot site would it make sense for a mobile site to be ordered.

Contract for mobile site DigiKnight has established a contract with Pacific Mobile Structures for delivery of one or more

mobile sites when needed. Pacific Mobile Structures offers mobile offices in different sizes but

the contract states that one or more mobile offices of 8’ by 24’ will be rented, depending on

DigiKnight’s needs. An 8’ by 24’ mobile office will fit twelve employees.

Permits to house one or more mobile offices at DigiKnight’s site have been obtained from the

city as well as from the utility provider. Every mobile office needs to be connected to electricity

and data feeds, as well as to plumbing or the sewage system at the local site. Permits for these

connections have been obtained and once a mobile site is delivered to DigiKnight’s facilities it

should be possible to have it up and running in a short time.

Contracts for computers and other required equipment Since the mobile offices provided by Pacific Mobile Structures don’t come equipped with

computers or other devices, these need to be separately obtained from a third party if

DigiKnight’s own computers cannot be used or accessed. A contract has been signed with

Rentacomputer.com who will provide technological rental equipment.

Since the mobile offices provided by Pacific Mobile Structures don’t come equipped with

furniture, these need to be separately obtained from a third party if DigiKnight’s own office

furniture cannot be used or accessed. A contract has been signed with Brook Furniture Rental

who will provide rental office furniture.

Contact information for mobile site:

Company Phone number Email address Website

53

Pacific Mobile

Structures

(800) 225 - 6539 pmsi@pacificmobile.

com

Pacificmobile.com

Rentacomputer.com (800) 736 - 8772 rentals@rentacomput

er.com

Rentacomputer.com

Brook Furniture

Rental

(866) 276 - 6547 office_customerservic

[email protected]

Bfr.com

Plan to run a mirrored site backup location Background A mirrored site is a fully redundant site that mirrors everything going on in the live site. Mirrored

sites provide the highest degree of availability and therefore risk mitigation, because every

transaction that happens on the live site is also processed on the mirrored site simultaneously

(Snedaker, 2007).

For DigiKnight technologies, a mirrored site would need to have exactly the same equipment as

what DigiKnight’s IT and manufacturing departments have available. The mirrored site does not

need to have equipment for DigiKnight’s other departments. Having a mirrored site that is 100%

identical to all three facilities of DigiKnight’s live site would simply be too expensive and not

cost-effective. In case of a threat or emergency that would render DigiKnight’s live site

unavailable, most employees would be able to continue their jobs from a mobile site, the plan

outline for which is included elsewhere in this BCDR plan. However, a mobile site would not

allow DigiKnight’s IT or manufacturing departments to continue their business processes and

therefore a small mirrored site is required so that DigiKnight’s revenue-generating business

operations can continue regardless of what happens.

The location of the mirrored site has to be some distance away from the live site, so that

whatever threat or emergency has disabled the live site is unlikely to also have disabled the

mirrored site. However, at the same time the mirrored site cannot be so far away that employees

cannot reach it in a manageable time to continue business operations.

Location The mirrored site location is Livermore in California, about 20 miles northeast of Fremont.


removed that any hazards affecting DigiKnight’s live site are unlikely to also affect the mirrored






as Fremont.

The office space that has been rented as the location for the mirrored site is a facility at 3037



54




Equipment The equipment that will be permanently stored and available at the mirrored site is the same



Manufacturing: - CD stamping machines

- Diagnostic machine for quality control

- High speed printer for in-box materials

- Machine that places all materials in a box


Drive, Built-In Video Card, Gigabit Network Card, 21 Inch Monitor, Windows XP)

- Ten servers (Dual core 3.2 GHz Processors, 4 GB of RAM, 3 X 500 GB Hard Drive,

(configured to RAID 5), Windows Server 2008, Dual Gigabit Network Cards, 15 Inch Monitor)

Additionally, the site is also completely furnished and provided with all necessary utilities such




duplicated to the mirrored site so that if it needs to be used for production, all information,


Communication

If or when a crisis occurs, it is of the utmost importance that the crisis communication command

center is notified immediately. Not everyone in the office will know exactly how to respond to a

particular threat or emergency, but members of the crisis communication command center will

have had special training and they will also have access to the BCDR plan. This team of people

will be the Crisis Management Team (CMT)

CMT: The CMT is the team responsible for making the high-level decisions; for coordinating efforts of

internal and external staff, vendors, and contractors; and for determining the most appropriate

responses to situations as they occur.

The leader of the CMT will be Carlton Smith, CEO of DigiKnight Technologies. Also on the

CMT is Mark Saunders, manager for the administration department, Linda Kraemer, manager for

the manufacturing department, Brett Kelcey, manager for security, and Alicia McKellips,

55

manager for IT.

In the event of a threat or disaster, Carlton Smith will contact the members of the CMT with

instructions and will coordinate all efforts. Carlton will also reach out to managers and

employees of other departments that are not represented in the CMT, so that there is a company-

wide understanding of what is happening. During the crisis, all communication must pass

through the CMT so as to avoid multiple sources of communication. Although a communication

bottleneck is undesirable, it is equally if not more important that there is correct and consistent

communication and that the CMT is in the loop on everything going on in all departments.

Mark Saunders, as manager of administration, will be in charge of human resource and legal

issues. He will need to specifically address the needs of employees and maintain communication

with employees. This includes keeping track of employees who may have been injured from the

event and providing support to them including facilitating access to emergency or ongoing

medical or psychological services. Depending on the nature of the event, he will also need to

contact legal counsel and investigate any liabilities in contracts with suppliers or clients or in

employment contracts when it comes to injury or even death.

Linda Kraemer, as manager for the manufacturing department, will be in charge of ensuring the

continued revenue-generating business operations for DigiKnight Technologies. She will need to

assess the state of all machinery and the facilities to determine if production can continue or if it

needs to shift to DigiKnight’s mirrored site.

Brett Kelcey, manager of the security department, will be in charge of employee safety and will

need to asses if employees can continue using DigiKnight’s facilities. If any hazardous

conditions exist he will need to decide if employees should perform their duties from a different

site, such as a war or hot site or even a mobile site. If employees need to be evacuated quickly he

will also be in charge of making that happen in an ordered and smooth manner, and making sure

that every employee is accounted for.

Alicia McKellips, manager of the IT department, will be in charge of ensuring that IT equipment,

infrastructure, and network remain intact and operational. If any applications or services become

unavailable due to the event, Alicia will need to decide if it can be brought back up in an

acceptable timeframe or if IT processes need to be moved to the company’s mirrored site.

Below is a flow chart of how communication will take place during a crisis, including names and

telephone numbers for key personnel.

56

57

Communication plans

In case of a threat or emergency certain parties need to be notified. The following

communication plans describe what needs to be communicated and to whom, who is responsible

for this communication, and when these plans need to be executed. During a threat or

emergency, all communications must always go through CMT first to be approved for release.

Employee plan Responsible

party for

executing the

plan

Contacts and

phone

numbers

Plan Objectives Triggers

CMT

Carlton Smith

415 - 555 -

7841

(1) State the nature of the

threat or emergency

(2) If available, state the

cause

(3) State what areas or

processes of the

company are affected

(4) If the threat is not

limited to the

company, state the

impact area of the

threat

(5) If necessary, urge

employees to contact

their families to ensure

their safety

(6) State when the threat

or emergency is

expected to be

resolved

(7) State who to contact

for further information

(1) If IT services or

applications for

employees are

affected

(2) If employees might

be personally

affected

(3) If employees’

families might be

affected

Mark

Saunders

415 - 555 -

8643

Linda

Kraemer

415 - 555 -

6161

Brett Kelcey

415 - 555 -

3852

Alicia

McKellips

415 - 555 -

8352

58

Clients or Suppliers plan Responsible party for executing the plan

Contacts and phone numbers


Marketing

(Through CMT)

Michael

Churchill

415 - 555 -


threat or emergency


cause

(3) State what areas or

processes of the

company are affected

(4) State how the threat or

emergency might

affect our ability to

meet contractual

obligations


or emergency is

expected to be

resolved



(1) If a threat or

emergency is

expected to impact

deliveries to clients

(2) If a threat or

emergency is

expected to impact

DigiKnight’s

manufacturing

process

Media plan Responsible party for executing the plan

Contacts and phone numbers


Marketing

(Through CMT)

Michael

Churchill

415 - 555 -


threat or emergency


cause

(3) State how the threat of

emergency might

affect the public


or emergency is

expected to be

resolved



(1) If a threat or

emergency has been

caused by

DigiKnight, or

originated on

DigiKnight’s

premises

(2) If a threat or

emergency affects

the public

59

Communication distribution methodology In case of a threat or emergency the leader of the crisis management team - Carlton Smith - will

be contacted first. If Carlton Smith in unreachable, another member of the CMT will be

contacted instead. This initial member of the CMT will contact the other members of the CMT

with instructions. The CMT will also reach out to managers and employees of other departments

that are not represented in the CMT, so that there is a company-wide understanding of what is

happening. During the crisis, all communication must pass through the CMT so as to avoid

multiple sources of communication.

Internal communication methods (1) If email is available All internal communications will be done by email to employee

email accounts if possible.

(2) If email is down The CMT will contact each department head through phone.

The department heads will then inform their teams.

(3) If phone is down The CMT will contact security personally, and security

personnel will contact each department head. The department

heads will then inform their teams.

External communication methods (1) If phone is available All external communications will be done by phone if possible

(2) If phone is down If phone lines are down but email is up, external

communications will be done by email

(3) If email is down If both phone and email are down, external communications

will need to be done from an employee mobile phone

Regulatory constraints on communication Since DigiKnight is a privately owned company there are not many regulatory constraints

regarding threats or emergencies that have to be followed. DigiKnight does not collect or store

medical information, so HIPAA (Health Information Portability and Accountability Act) does

not apply. DigiKnight is also not classified as a financial institution, so the GLB (Gramm-Leach-

Bliley) Act also does not apply. The only regulations that DigiKnight has to follow regarding

communication of company threats or emergencies are California State laws on security breaches

where PII (personally identifiable information) was compromised.

California data security breach notification law SB 1386, Cal. Civ. Code 1798.82 and 1798.29:

SB1386, amending civil codes 1798.29, 1798.82 and 1798.84 is a California law regulating the

privacy of personal information. Essentially, it requires any agency, person or business that

conducts business in California and owns or licenses computerized 'personal information' to

disclose any breach of security to any resident whose unencrypted data is believed to have been

disclosed.

60

To determine if DigiKnight should disclose a security breach, the following checklist should be

used:

1. Does the compromised data include personal information?

2. Does that personal information relate to a California resident?

3. Was the personal information unencrypted?

4. Was there a breach of the security of the data?

5. Was the personal information acquired, or is reasonably believed to have been acquired,

by an unauthorized person?

If the answer to all of these questions is ‘yes’, then all affected clients have to be notified of the

security breach.

Threat

Did the threat originate on

DigiKnight’s premises?

Yes

No

Employee

communications plan

(critical)

Client and Suppliers

Communications PlanMedia

Communications Plan

Is the general public

affected in any way?

Are deliveries affected in

any way?

Yes

Do we have to shift

operations to a backup

site?

Are IT systems

affected?

Is manufacturing

affected?

Employee

communications plan

(non-critical)

YesNo

Yes

Yes

Yes

No

No

No

No

Template 3 Template 2 Template 1 Template 4

61

Organizational Chart of Key Employees Mangers of each department have key access to all areas of their department. The person listed below them also has an emergency key

to all areas. If neither person is contactable, security has keys to all departments, along with Carlton Smith.

Carlton SmithPhone:

415-555-7841

Mark SaundersPhone:

415-555-8643Ext. 0180

Diane FordPhone:

415-555-6312Ext. 0200

Linda KraemerPhone:

415-555-6161Ext. 0150

Carlton BowdenPhone:

415-555-3223Ext. 0100

Michael WintersPhone:

415-555-3970Ext. 0400

Michael ChurchillPhone:

415-555-3131Ext. 0610

Kenneth GilliamPhone:

415-555-6431Ext. 0130

Kathy CavenaughPhone:

415-555-3298Ext. 0120

Brett KelceyPhone:

415-555-3852Ext. 0170

Alicia McKellipsPhone:

415-555-8352Ext. 0190

Rod HatherlyPhone:

415-555-8643Ext. 0181

Jessica TalenPhone:

415-555-6161Ext. 0151

Kurt GossardPhone:

415-555-3223Ext. 0101

Bell RosenburgPhone:

415-555-3970Ext. 0141

Aaron McDowelPhone:

415-555-0161Ext. 0161

Shay RobertsonPhone:

415-555-3298Ext. 0121

Frank ArronsPhone:

415-555-3852Ext. 0171

Luke McDowelPhone:

415-555-8352Ext. 0191

Administration Sales ManufacturingResearch &

Development Maintenance Advertising Purchasing Security IT

CEO & Founder

62

Emergency Response Organizations With the following organizations, managers are trained on whether incidents in their departments

are emergency or non-emergency. They will then make appropriate actions to contact the various

organizations on whichever line is most appropriate. This alongside FEMA’s IPAWS system, all

disaster organizations should be notified.

Fire/Search and Rescue: 3300 Capitol Ave., Building A

Fremont, CA 94538

Non-Emergency: (510) 494-4200

Emergency: 911

Hospital/Ambulance: Washington Hospital

2000 Mowry Ave.

Fremont, CA 94538


Emergency: 911

Police/Sheriff: 2000 Stevenson Blvd.

Fremont, CA 94538


Emergency: 911

63

Business Continuity and Disaster Recovery Activation Steps

One Two

Three Four

Five

Six

Injuries?

Yes No

Minor Injuries:

__________

Severe Injuries:

__________

Casualties:

__________

Still Operational?

Yes No

State of Facilities:

Usable Not Usable

State of Servers:

Usable Not Usable

CMT notified?

Yes No

Time Notified:

__________

Hot Site Activated?

Yes No

Time Contacted:

__________

Estimated Recovery Time:

__________

Cause of Disaster:

___________________________________________________________

___________________________________________________________

___________________________________________________________

Employees Contacted?

Yes No

Community Contacted?

Yes No

Vendors Contacted?

Yes No

Contractors Contacted?

Yes No

Customers Contacted?

Yes No

Business Partners Contacted?

Yes No

Legal & Regulatory Agencies Contacted?

Yes No

Media Contacted?

Yes No

Date of Event:

__________

Time of event:

__________

Classification:

Mild Major

Severe

Emergency Responders notified?

Yes No

Time Notified:

__________

64

Determining Impact and Risk Template This section overviews the procedure for assessing a catastrophic event. All critical business

operations are contained within building 3, so this will be the focus for the assessment. Although

building 2 contains the shipping department, which is necessary to complete transactions, the

service can be temporarily supplemented by a third party. However, failure of production and/or

IT departments would cause critical failure in the process chain. In regards to IT, the main threats

are structural damage, fire, water, and user error. The following chart can be used to assess the

level of damage:

Can the Servers Receive Power?

Yes No

Is the network online?

Yes No

Can the Servers Communicate with

eachother?

Yes No

Can transactions be performed?

Yes No

Can users access the systems necessary for

there job?

Yes No

Are the phones usable?

Yes No

Can users access the internet??

Yes No

If no, catastrophic

If no, catastrophic

If no, catastrophic

If no, catastrophic

If no, major

If no, major

If no, minor

65

Emergency Testing Policies

Fire Alarm Systems Digiknight is equipped with an electronic fire alarm system, that performs self-tests regularly.

Fire Suppression Systems Digiknight has standard (ABC) fire extinguishers in each room, along with a sprinkler system

that is automatically triggered by ceiling temperature sensors, and can also be manually

triggered.

Emergency Signals Each room has multiple exits, each with visible Exit signs that glow. Loud alarms sound

automatically in the event of alarm trigger (whether that is fire or burglary). Alarms can be

manually triggered by pull-down alarms in each room.

CPR and First Aid Equipment There are first aid kits in every room, with a visible sign overhead. Digiknight also has an AED

(automated external defibrillator) in each building.

Hazardous Material Safety Digiknight Technologies does not work with any hazardous materials

Facility Shutdown Procedure Facility Shutdown is only for extreme circumstances which it is dangerous to continue operations.

Servers and other essential technology Servers, networking equipment, and other essential equipment is only to be shut down in dire situations. If the need arises, it should be done in a proper fashion, not by disconnecting the power.

Non-Essential Equipment Individual workstations, telephone equipment, and other non-essential equipment will be disconnected at the first sign of adverse effects.

Evacuation Points In the event of a facility evacuation, we will meet in the far corner of the Northern and Southern parking lots. If there is a more serious threat, or a situation that requires farther distance, department heads will coordinate a proper evacuation point.

66

Layout of Buildings

67

Shelter-in-place Procedures This section explains the procedures necessary if a disaster is inhibited employees from leaving

the work place. The first course of action is to have employees meet inside of buildings 3. This

building was chosen as the hub because it is the largest, and contains a storage area with

necessities. Items that can be found within the storage closet include: water, water purification

tablets, shelf-stable food supplies, clothing, blankets, and other materials. Examine the layout

below for the location of the storage closet. Once in building 3, staff may lounge within the hall

ways.

In the event power goes out, the circuit breaker may need to be flipped. The buildings power

consolidates into the building at the exterior North West corner; this is also where the circuit

breaker is located. Examine the building layout below for the location of the breaker. Lastly the

utility lines such as water, electric, and gas, consolidate in the center of the north exterior wall.

Similarly the utility closet can be found near the center of the north wall inside the building.

Contacting a Disaster Recovery Specialist Only the Board of Directors can contact disaster recovery providers.

Checklist:

Contact information and location of provider

Information on pre-negotiated contracts

How to access emergency funding

Information regarding disaster and needs

Contact information for IT Department

Priorities for Recovery

Contacting Suppliers Only members of the Purchasing department or the Board of Directors can contact suppliers.

Suppliers need to be notified of the following information:

Disaster that occurred

How supplier is affected by disaster

How supplier can assist with disaster recovery

How supplier can contact Digiknight during recovery

Timeframe for recovery

What information can be distributed to others (for example, their suppliers)

Communication Templates See appendix A

68

Safety Procedures

During a critical disaster employees should follow these specific steps to ensure safety. It is

important to understand that disaster scenarios such as floods, earthquakes, mudslides,

equipment malfunction, fire, etc., may cause severe injury or death. The priority in any situation

is the preservation of life. Secondly, critical infrastructure should be protected, if possible. In

order to mitigate unnecessary risks and damages, the following procedures should be taken:

1. Assess the situation. It is possible that a disaster brings a sudden catastrophic shock to the

business, invoking panic/chaos. It is important to take a moment to understand what is

going on and collect yourself. Look toward your team leads and work collectively as a

group to get everyone to safety.

2. If your safe and are able to, call 9-11. Additionally, contact the Crisis Management Team.

3. Evacuate the building if appropriate. If asked to leave the building, do so immediately.

First responders may already be there or on route, leaving the building frees up space for

them. Additionally, shut off water, gas, and electricity if possible without risking injury.

All personnel should meet at the designated post-evacuation point. Lastly, take

emergency medical supplies with you on the way out if possible.

4. If the disaster requires you to stay within the building, close all doors and windows.

Prepare medical supplies, food, and water. Take a head count and assess any injuries.

Tune into the local news stations and/or radio for additional information. Lastly, prepare

for evacuation.

5. Secure critical files and data

6. Anyone who knows the building well should work with emergency responders and help

them assess the situation.

7. Contact alternate site in begin the recovery process

8. Contact customers, vendors, contractors, and other third parties to make them aware of

the situation.

9. Communicate with staff. Ensure that appropriate medical care is received before

returning home.

10. Work diligently with the Crisis Management Team to help DigiKnight recover and

resume business processes.

Following the above procedures will mitigate damages during a disaster. During a disaster, it is

likely there will not be time to go over documentation, so it is important that all staff read and

understand these procedures beforehand. If there are any questions, discrepancies, or clarification

is required for these procedures, please contact the Crisis Management Team.

69

Inventory and Damage Assessment

Device New cost Status Operational Financial loss Time to recover

Example device $2,000 damaged no $750 12 hours

Generator $25,000

Power Supply Unit $5,000

Circuit Breaker $2,500

Electrical Wiring $10,000

Water Lines $10,000

Hot Water Heater $2,500

Water Filtration $3000

Gas Lines $10,000

Gas for Generator $500

After any threat or emergency, the above inventory and damage assessment checklist needs to be filled out immediately. Specifically, it

needs to be documented which assets are operational and which are not. An asset shall only be marked operational if every aspect is fully

functional. How long does it take for the device to be recovered? These assets should only be analyzed if the building is safe to be in. In

the case of a gas leak, loose electrical wiring, or extreme water conditions, the building should not be entered until the threats have been

contained. Extreme damages to any of these areas may be conclusive to a catastrophic event, and the recovery site should be brought up.

70

Hazardous Materials and Conditions Assessment

Condition Status Severity Operational Financial loss Time to

recover

Comments

Air Conditioning

System (Example) All

components

destroyed

in flood

High Cannot

perform any

operations

in building

$600,000 1 Week Without system, any

equipment would overheat,

and would cause even more

damage

Chemical Spill

(Example) Ammonia

spilled on

warehouse

floor

Medium Cannot

operate in

building

until after

cleanup

Undetermined 1 Day It is unsafe for any workers

to breath in the harmful

fumes

71

After any threat or emergency, the above hazardous materials and conditions assessment checklist needs to be filled out immediately.

Specifically, it needs to be documented where the conditions or materials are. While looking for these dangerous conditions, you must

also be sure not to endanger yourself.

IT Inventory and Damage Assessment

Device New cost Status Operational Financial loss Time to

recover

Comments

Example device $2,000 damaged no $750 12 hours Minor fire damage. Hard

drives need to be replaced.

New power cord needed.

File Server $4,000

Database Server $4,000

Mail Server $4,000

Web Server $4,000

Print Server $4,000

Back-up Server $4,000

AD/DNS Servers $4,000

IT workstations

(5) $1,200 each

Cabling $2,000 total

Air conditioning $15,000

Switches (5) $1,600 each

Routers (3) $1,800 each

Firewall $4,500

DSU/CSU $500

After any threat or emergency, the above inventory and damage assessment checklist needs to be filled out immediately. Specifically, it

needs to be documented which assets are operational and which are not. An asset shall only be marked operational if every aspect is

fully functional. If a device is not operational, can it be salvaged? Can any parts of it be salvaged? How long does it take for the device

to be recovered? These questions need to be answered immediately so the CMT can decide if operations need to be switched to a backup

site.

72

Testing, Training, and Audit

There are several different ways in which the BCDR plan can be tasted, reviewed, and if

necessary - modified. The four basic ways are:

1. Paper walk-through

2. Functional exercises

3. Field exercises

4. Full interruptions

To test and review the BCDR plan it is not recommended to go from plan creation directly to a

full interruption review training. More than likely, the plan is still suffering from certain

omissions or errors that would render a full interruption training unsuccessful, leading to time

and money being wasted.

Instead, after the BCDR plan has been initially created it should be subjected to a paper walk-

through. This type of test is the least disruptive to normal business operations. The results will

also be less accurate than from some of the other training and review methods but they can still

be very helpful in incrementally improving the BCDR plan. They key to running a successful

paper walk-through test is to develop realistic scenario’s and evaluation criteria. How well did

participants able to follow and utilize the plan? How well were participants able to

communicate? These criteria will show if the plan needs certain adjustments before moving on

to another type of testing and review.

Functional exercises are used to actually test some of the plan’s functionality and train staff in

critical procedures or functions needed to respond to and address a disruption. These functional

exercises go hand in hand with a paper walk-through, which would provide the scenario. The

functional exercise would simply add a practical element, but they are restricted to one specific

function so they don’t share the scope of a field exercise or a full interruption.

Field exercises involve realistic exercises based on likely scenarios. They require much more

time and effort, and are more interruptive than paper walk-through’s or functional exercises.

However, they also provide much better information on which sections of the BCDR plan might

need to be adjusted.

Full interruptions are similar to field exercises but are more disruptive to the business

operations. Rather than provide simulations while normal business operations continue in the

background, the full interruption will interrupt business operations just like a real threat or

emergency situation would. Often, full interruption exercises happen unannounced, so to many

employees there is no difference between the full interruption and a real emergency. Because of

that, they provide the best feedback on BCDR plan performance and areas for review and

adjustment. However, for obvious reasons they are also the most costly exercises to perform.

In order to acquire accurate testing and review of the BCDR plan, the recommendation that is

made to DigiKnight Technologies is to perform a paper walk-through of the plan upon

73

completion. This should provide some suggestions as to where the plan needs to be reviewed

and possibly adjusted. Once adjustments are made, the plan should undergo another paper walk-

through, accompanied by several key functional exercises. These exercises should be those

functions and processes that are most likely to be affected by a real emergency scenario, and

those that are most critical to the company’s business operations.

Paper walk-through’s with function exercises should be done at least once every year to ensure

that the BCDR plan is still up to date. Additionally, if budget and resources allow it, it is also

recommended to perform a field exercises at least once every two years. Based on the results

from these training exercises, the plan should be reviewed and adjusted as needed.

Recommendation on Updates DigiKnight believes that an updated Business Continuity and Disaster Recovery Plan is a must.

The plan will be reviewed twice a month. The first week and the third week of each month the

managers of each department will meet to discuss any recommended or needed changes. If

changes are made it will further be evaluated to decide if a new plan will need to be distributed

and the old plans destroyed. If so all managers are responsible for the collection and destruction

of the business continuity and disaster recovery plans in their departments. All vendors, partners,

or alternative work sites will be handled by either the administration department or the sales

department. Once all plans are collected, the managers will then distribute the new plans to their

department. Emergency meetings may be needed if drastic changes have been made.

This biweekly evaluation will allow for quick turnaround in business continuity changes while

still ensuring the integrity of it. Rather than constantly testing, managers are responsible for

keeping up to date on the procedures of the business continuity plan. This ensures safety in

implementation in case of disaster, as well as allows for a more cost effective method than

constant testing. Though testing is still a needed aspect of the business continuity and disaster

recovery plan.

Quarterly tests will be held to evaluate the efficiency and effectiveness of the business

continuity plan. The tests will change depending on the quarter, cycling through various

disasters or possible incidents; allowing for different aspects of the business continuity and

disaster recovery plan to be evaluated. After tests conclude the business continuity and disaster

recovery plan will be updated to be more accurate if need be.

Change Management Process Documentation

The BCDR plan will have a section at the start of the document where its version is displayed.

Along with the current version, there will also be documentation of the previous five versions

and changes that have been made from one version to another. It is very important that every

department has a copy of the most recent version on the BCDR plan so that no unnecessary

mistakes are made when a threat or disaster occurs.

The version of the BCDR plan will be documented in the format of ‘version 1.0’. Any time a

minor change is made to the document, the decimal will increase. ‘Version 1.0’ would change to

74

‘version 1.1’. Any time a major change is made to the document, the unit number increases by

one and the decimal is reset to 0. ‘Version 1.1’ would change to ‘version 2.0’. A minor change

would include such changes as an update of assets, personnel and contact information changes,

changes in vendors, and any other changes that only require small rewrites of sections of the

document. A major change would include such changes as new BCDR processes, changes in

backup sites and equipment, and other changes that require large sections of the document to be

rewritten.

Request for change evaluation and change implementation

When a department requests for a change to be made to the BCDR plan this request will be

evaluated by members of the Crisis Management Team. Approval depends on the necessity of

the revision being implemented. To keep change management and BCDR plan distribution

manageable, not every request can be approved. However, if a key department member has left

the company, if a significant update to a BCDR process in the department needs to be included,

or if denial of the request could compromise the effectiveness of the BCDR plan then the

evaluation will be approved.

If the CMT decides that the request shall be approved, the right department is notified to draft a

revision to the section in question. Since most BCDR documentation requires significant

research and data gathering, the department shall be granted two weeks to provide the draft.

Testing and auditing revisions

If a major change to the BCDR plan is made, these changes need to be tested to ensure that they

will work reliably during a threat or disaster situation. The CMT will organize for a test situation

to be created within four weeks of the draft submission date. If the test goes well and the change

proves to be effective, the revision will be included in the BCDR plan.

Notifying stakeholders and distributing updated copies

When a change has been made to the BCDR plan, stakeholders have to be notified immediately.

Email communication to plan stakeholders should be sent out, informing them that the BCDR

plan has been updated and that they will receive a copy in the next two days. If they don’t

receive a copy in the next two days, stakeholders are encouraged to contact the CMT to request

a copy of the document.

BCDR plan deliveries will be made to al stakeholders and departments. Key personnel will have

to sign off on receiving a copy of the plan, and the old version of the plan has to be handed off

to the person making the delivery to ensure that the new copy will in fact replace the old one. In

a crisis situation, there cannot be multiple copies circulating around the company.

Standard update If no change requests and approvals are made to the BCDR document, a new version will go out

regardless every six months to ensure that every department has a copy of the document.

Distribution of Updated Plans

75

There are various ways that plan updates can be distributed ranging from using the intranet to

paper. The use of multiple distribution methods can lead to increased redundancy, but that isn’t

always a bad thing. With multiple methods, maintenance can be difficult as all variations have to

be updated. With multiple distribution methods you can insure that there is always a copy at

hand if need be. Each method has its advantages and disadvantages. Paper copies of the business

continuity and disaster recovery plan gives access to the plan when the power or internet is out,

but requires a lot more work when it comes to collecting and destroying old copies. Hosting it on

the intranet allows for ease of use, access to all employees, and business partners; on top of that

it has a lower maintenance cost. The downside of the intranet is a required intranet access to get

to it, which means if the server is down, you wouldn’t have access. Having a third party website

server host the business continuity and disaster recovery plan means that if DigiKnight servers

go down, the plan is still accessible, though if internet is down, or the web server hosting it, then

you cannot access it. With these options being outlined, DigiKnight has decided that they will

have two distribution methods.

An updated copy of the business continuity and disaster recovery plan will be available on the

intranet as well as a paper copy. This will mean that it will be easy for business partners and

employees to see the updated plan, while still maintaining physical copies means if power is out

or the server down, the business continuity and disaster recovery plan is still easily accessible.

Biweekly meetings with managers allow for constant updating, and the procedure for collecting

and destroying outdated plans is entailed in that section.

Nature-Based Test Scenario Nature-based disasters can happen at any time, and business continuity and disaster recovery

plans need to be able to handle them. Tests allow for business continuity and disaster recovery

plans to be improved without the actual incident occurring.

The objective of this test is to find errors and improve upon the business continuity and disaster

recovery plan as a whole.

All managers will be notified of the time of the upcoming test. All tests are held on a real time

basis unless discussed by management beforehand. Dependent on the scenario being tested

various steps will need to be taken:

Notify stakeholders of the test, and the objectives that we hope to be fulfilled by the tests

Before the test scenario clarify the objectives of the test

Choose dedicated employees to collect data on how the tests run

Encourage employee feedback after the test

For example, if the test was for an earthquake, personnel would be told beforehand that the

objective of the scenario would be to find possible faults or improvements to the business

continuity and disaster recovery plan in terms of earthquake recovery. Over the intercoms there

would be an announcement that the earthquake was happening. Employees would be expected to

follow safety precautions and then implement recovery of procedures. After the test would be

completed documentation of faults or improvements would be filled out.

The test team would need to evaluate certain criteria:

76

Did the employees follow correct safety procedures?

Was machinery shutoff according to emergency procedures?

Were recovery plans executed?

Where could the plan be improved?

Man-Made-Based Test Scenario The procedure for man-made test scenarios is very similar to the procedure for nature-based.

Man-made disasters can range from riots to network outage. Tests allow for business continuity

and disaster recovery plans to be improved without the actual incident occurring.

The objective of this test is to find errors and improve upon the business continuity and disaster

recovery plan as a whole.

All managers will be notified of the time of the upcoming test. All tests are held on a real time

basis unless discussed by management beforehand. Dependent on the scenario being tested

various steps will need to be taken:

Notify stakeholders of the test, and the objectives that we hope to be fulfilled by the tests

Before the test scenario clarify the objectives of the test

Choose dedicated employees to collect data on how the tests run

Encourage employee feedback after the test

For example, if the test was for an bomb threat, personnel would be told beforehand that the

objective of the scenario would be to find possible faults or improvements to the business

continuity and disaster recovery plan in terms of bomb threat recovery. Over the intercoms there

would be an announcement that there was a fake bomb threat happening. Employees would be

expected to follow safety precautions and then implement recovery of procedures. After the test

would be completed documentation of faults or improvements would be filled out.

The test team would need to evaluate certain criteria:

Did the employees follow correct safety procedures?

Was machinery shutoff according to emergency procedures?

Were recovery plans executed?

Where could the plan be improved?

Mudslide Tabletop Test DigiKnight faces the threat of many natural disasters, including mudslides. Although threats

cannot be eliminated, their level of damage can be minimized through individual and business

preparedness. The company must understand the risks of a mudslide and throughly prepare

reactive and proactive measures to mitigate the risks. Overall, this will reduce the threat

mudslides pose to business operations and employee wellbeing. To prepare for this event, a

tabletop test will be run. The test will be conducted as follows:

1. All members of the CMT notified, and a date will be set for the test. The entire CMT

should be present for the test, this includes: Carlton Smith, Mark Saunders, Linda

Kraemer, Brett Kelcey, and Alicia McKellips. Additionally, department leads along with

77

at least one representative from each department should be present.

2. Building three will be occupied during the test. A memo will be sent out notifying

employees of the test. Employees should understand this will be ran as if it is a live event.

Accordingly, business processes may be interrupted.

3. Each participant in the tabletop test may help in any area in addition to having specific

tasks. The specific tasks are as follows:

a. Carlton Smith – Coordinate with all members of the CMT and act as a central

point of contact. In the event Carlton Smith is unavailable, Mark Saunders will act

as the central point of contact.

b. Mark Saunders – Verify the well-being of administration employees. Verify the

integrity of administrative workstations, and files. Communicate with 3rd

parties

c. Linda Kraemer – Verify the well-being of manufacturing employees. Verify the

integrity of manufacturing equipment. Ensure proper safety regulations are being

followed.

d. Brett Kelcy – Verify the well-being of manufacturing employees. Inspect the

building for safety hazards. Identify any damages that may cause security

breaches and act appropriately.

e. Alicia McKellips – Verify the well-being of IT employees. Verify the integrity of

IT systems. Coordinate with Carlton Smith to determine if business operations

should be transferred to the recovery site.

4. Department heads – Oversee department employees during the recovery process. Record

all relevant actions taken during the recovery process.

5. Department representatives – Follow department heads instructions to get the business

operational. If unable to receive contact from department heads, assess the situation and

act appropriately.

6. Time should be recorded from the instant of the event. With respect to the RTO, the CMT

will decide if and when the recovery process should begin at the alternate site.

7. After the simulation, all participants will meet to discuss the events. During this meeting,

all documentation recorded during the process will be reviewed. This will be an open

floor meeting where all members are encouraged to provide feedback and criticism.

8. A memo will be sent out to all employees summarizing the event.

Recommendations for Employee Acceptance Not all employees are interested or find the importance in business continuity and disaster

recovery. In order to peak their interests some simple things that can be done. Providing

breakfast / lunch for employees, offering them an increased wage for the days of attendance, or

offering incentives, such as a bonus if you attend all the meetings for a quarter.

Managing Updates to BC/DR Documents BC/DR documents will be kept on CD-ROM, on-site and off-side servers, and paper documents.

There will be a list of everywhere the documents are, and when updates are made, we can go

through the entire list, making sure each copy is replaced with the new version.

Rank of Importance

1. Off-Site Server Copy

2. Paper Copies

78

3. On-Site Server Copy

4. CD-ROM Copies

When creating CD-ROM copies, be sure to label the version number, date it was released, and

when the next update is scheduled for. Also be sure to run SHA512 hashes on the CD to verify

the integrity.

The same rules apply to Off-site and On-site server copies.

The Network Administrator receives a text message when any server is offline for more than 30

minutes, so this will ensure that our server copies are always online.

Paper copies will have the version, date, and next update release on the front cover, allowing fast

verification to be sure it is the newest.

79

Appendix A - Communication Templates

Template 1: Employee Communications Plan (non-critical)

Message Distributor: CMT

Priority Communications Channel: Email

Backup Communications Channel: Phone

Frequency of Communication: Once when threat has been detected and identified

Once when threat has been solved

To all of DigiKnight’s employees,

Management has been notified of a current threat to our business operations. Do not be alarmed -

you are not in any danger. However, the threat may impact some of your work activities. If you

are unable to access certain information sources, applications, or services, please refrain from

contacting our IT department at this time as they have been notified and are working to correct

the issue. We expected the issue to be resolved shortly, and we’ll let you know immediately if

any new developments occur.

Please direct any further questions do your immediate supervisor.

Regards,

DigiKnight’s Threat Management Team.

Template 2: Employee Communications Plan (critical)

Message Distributor: CMT




Every ninety minutes until threat has been solved

To all of DigiKnight’s employees,

DigiKnight is declaring a state of emergency, effective immediately. A recent event has caused a

critical outage which is affecting our business operations. As a result, DigiKnight is in the

process of shifting the infrastructure to the backup site.

Please evacuate the premises immediately to ensure your personal safety. Cooperate with all

emergency and security personnel. Do not re-enter the facilities unless access has been granted

80

by the crisis management team and you are escorted by emergency personnel. To effectively

recover from this event, it will require a full team effort. Your personal wellbeing is the first

priority, after that has been established; please work diligently with the crisis management team

to help the recovery process.

Further updates will be sent out every ninety minutes until DigiKnight is recovered and is stable.

Please contact your immediate supervisor with any further questions.

The Crisis Management Team.

Template 3: Client and Suppliers Communications Plan Message Distributor: Marketing, through CMT

Priority Communications Channel: Phone

Backup Communications Channel: Email


Every three hours until threat has been solved

Dear sir/madam,

This message is to inform you that DigiKnight has experienced a business threat. A recent event

has caused a critical outage at the primary site located in Silicon Valley, California. This event is

critical and has rendered the facilities and equipment unusable and they have to will to be

repaired or replaced. As a result, DigiKnight is in the process of shifting the infrastructure to the

backup site.

Effective immediately, production is at a temporary halt. To ensure your safety please refrain

from coming to our facility or delivering any products. Do not enter the facilities at the primary

site. DigiKnight is working vigorously to transition to the backup site to resume our business

processes. There is no immediate action necessary on your behalf but please understand we are

temporarily unable to process or deliver products. We kindly ask for your understanding in this

matter.

Further updates will be communicated every three hours until DigiKnight is recovered and is

stable. If you have any further questions, please contact us at

[email protected].

Regards,

DigiKnight’s Crisis Management Team

Template 4: Media Communications Plan Message Distributor: Marketing, through CMT




Every two days until threat has been solved


81

In case of security breach where PII was compromised Dear sir/madam,

This message is to inform you that DigiKnight has experienced a business threat. A breach by

outsiders of DigiKnight’s IT systems has caused a compromise of personally identifiable

information (PII) that was stored on our systems. We are notifying you because there is a

possibility that your information might have been compromised.

We are currently working with state and federal agencies to determine the impact of the security

breach and to indentify and prosecute the responsible parties. We will send out a follow up email

every two days with further information on this situation.

We would like to offer our sincere apologies for this incident. If you have any further questions,

please contact us at [email protected].

Regards,

Carlton Smith,

CEO of DigiKnight Technologies

In case of a disaster originating from DigiKnight’s premises To whom it may concern,

DigiKnight is declaring a state of disaster, effective immediately. A recent event has caused a

critical situation at the primary site located in Silicon Valley, California. This event is

catastrophic and has rendered the facilities and equipment unusable and unsafe. Unfortunately,

the incident was of such magnitude that buildings are areas surrounding DigiKnight might also

be affected.

To ensure your safety, please do not venture onto or near DigiKnight’s premises until the

situation has been restored. DigiKnight is working with state and federal agencies to determine

the impact of the incident and discover its cause. We will send out a follow up email every two

days with further information on this situation.

If you have been injured or otherwise affected by this incident, please contact our legal and

regulatory team for further information at [email protected].

The DigiKnight Crisis Management Team



82

Appendix B - Memos

Update Memo To: Department Heads

From: Carlton Smith

Date: 11/5/2013

Re: Keeping the DR plan up-to-date

It is important for all of us to work as a team to keep the Disaster Recovery plan up to date. As a

result, we need to implement a policy for maintaining documentation. To do this effectively, it

will take a full team effort. I am putting forth a policy for review by the team, it can be found in

the BCDR document. Provided below is a brief outline of how we can maintain the BCDR

documentation.

Documentation will be reviewed on a bi-weeky basis, meaning the first and third week of every

month. The DR plan will be divided up and delegated between departments to be reviewed.

Department heads will be responsible for maintaining documentation for their department, and

may disperse tasks throughout their department. The process of reviewing the documentation

should not be a severely time consuming process. However, during this time we will be able to

spot discrepancies and submit necessary changes for policy. Additionally, the sections to be

reviewed by each department will be rotated periodically.

Furthermore we will conduct tests simulating disaster scenarios on a quarterly basis. This will

provide team members with hands on experience with DR. After each tests the process will be

evaluated, and the plan can be updated if necessary. Consequentially we will all constantly gain a

better understanding of the disaster recovery process and be prepared for a real DR.

This will be an ongoing process and will require considerable communication and cross

departmental teamwork. Therefore, I encourage you to respond and present any ideas, criticism,

suggestions, etc., with all team members. My contact information is provided below for your

convenience; please let me know what you think.

Regards,

Carlton Smith

415-555-7841

[email protected]

83

Test Memo To: Carlton Smith

From: BC/DR Team

Date: 11/5/2013

Re: Testing Strategy of BC/DR Plan

The BC/DR Team will be running through some testing to better prepare for a disaster scenario

and to be sure the plan we have created applies properly in a real event. We will start by

completing multiple evacuation and disaster scenarios. We will also perform a full restore

during the weekend, to avoid interfering with business. I will buy the team food and make it a

full team-building event.

The plan will need to be reviewed after testing is complete. We will conduct Root Cause

Analysis (RCA) for any problems we encountered and complete with both individual and team

post-mortems. After these events I would like to schedule time with you to sit down and review

the results, along with what can be done to improve the plan.

Thank you for your support throughout the entire process of developing and testing this plan, as

this will ensure we will have everything prepared if disaster ever strikes.

BC/DR Team

Benefits of Retaining Team Memo To: Carlton Smith

From: BC/DR Team

Date: 11/5/2013

Re: Testing Strategy of BC/DR Plan

The following paragraphs contain information on certain advantages and disadvantages of

retaining members of the original BCDR planning team. When personnel decisions such as

hiring or firing employees are made, this information needs to be taken into account when it

comes to employees who contributed to the BCDR plan documentation and employees who are

members of the Crisis Management Team.

BCDR documentation is mainly created per department. Employees in the IT department are

responsible for the creation of BCDR documentation related to IT, just as employees of the HR

department are responsible for the HR section of the BCDR document. Although each of these

84

sections go through a central approval process, it is important to realize that there typically is no

one employee in the company who knows the all the fine details of each department’s BCDR

plan.

Because of the decentralized nature of BCDR knowledge, when an original plan member leaves

the company he or she likely takes much knowledge about the BCDR process with them.

Although this knowledge is saved and retained within the BCDR document, there is a vast

difference between reading a plan and researching or designing a plan. Even if a new employee

takes over these responsibilities, they might not be able to completely grasp all the finer details

of the BCDR plan which were acquired through intensive research and planning.

On the other hand, an employee who was a member of the original BCDR planning team might

be resistant to changes in the BCDR plan. After all, they likely spent much time and effort on

the research and design process of the original BCDR plan and they might not wish to see it

changed, even if the proposed changes could be very beneficial and effective. Over the course of

time, a BCDR plan might become outdated simply by not keeping up with new developments

and recovery techniques. For instance, why backup to the cloud when the BCDR plan has a

detailed tape backup procedure?

It is for these reasons that a close eye needs to be kept on the development of the BCDR plan in

regards to who contributes to it. The expertise of original members cannot be overlooked, but at

the same time the BCDR planning committee needs to include fresh members as well. Original

members know the finer details of the BCDR processes and why they are documented the way

they are, but new members will bring a fresh perspective on these processes and might be able to

suggest changes that original members have overlooked.

BC/DR Team