Upload
hoangkiet
View
214
Download
0
Embed Size (px)
Citation preview
Florida A&M University Contingency Plan Computing
And Data Systems (CPCDS)
Phase I – PeopleSoft
Robert Seniors Interim Vice President Information Technology / CIO
About This Document
Document Owner(s): Mike McAvoy Information Systems File name: J:\Security\FAMU_Contingency Plan Computing and Data Systems Phase I_111607.doc If you have any questions or comments about this document or would like to be added to the distribution list for this document, please contact the document owner.
© Copyright 2007 Florida A&M University
This document is proprietary to Florida A&M University and should not be disseminated to persons outside of Florida A&M University without express permission.
7/1/2008 0BIntroduction 1-1
Contents
Chapter 1: Introduction ........................................................ 1-3
Chapter 2: Assessing Business Risk and Impact of Potential Emergencies .......................................................... 2-18
Chapter 3: Preparing for a Possible Emergency.............. 3-25
Chapter 4: Testing the Disaster Recovery Plan ................. 4-1
Chapter 5: Training the Disaster Recovery Plan ................ 5-1
1-2 0BIntroduction 7/1/2008
Revision and History Page
Document Version #
Revision Date
Description of Change
Section #/ Paragraph #
Page # Name
7/1/2008 0BIntroduction 1-3
Chapter 1: Introduction
Orientation This Florida A&M University Contingency Plan Computing and Data Systems (CPDCS) Phase I – iRattler/PeopleSoft document provides guidance and documentation on which to base recovery efforts. It is not a substitute for wise judgment, and is not a rigid set of rules to be followed literally and/or at any cost.
It should be understood that the existence of this document, and the coordinated recovery planning efforts, recognizes and affirms the importance of information to Florida A&M University, and the responsibility of each manager and employee for safeguarding Florida A&M University information assets.
Due to the sensitive nature of the information contained herein, this manual is available only to those persons who have been designated as members of one of the Recovery Teams, or who otherwise play a direct role in the recovery efforts. Unless otherwise instructed, each Plan Recipient will receive and maintain two (2) copies of the Plan; one (1) copy will be kept in the Plan Recipient’s office and one (1) copy will be kept at the Plan Recipient’s home. For additional copies, contact the designated Disaster Recovery Coordinator. Plan copies may be hardcopy or on magnetic media, e.g., CD, Flash Drive, etc…
When a person is no longer a member of a recovery team or such member terminates employment, then that person will be required to return both copies of this manual to Florida A&M University upon their exit interview. Recovery Strategies overy Strategies 1. In the event of catastrophic failure at one of the University’s vendor host
sites, the vendor is contractually required to recover at an alternate site. • Refer to the DRP for Northwest Regional Data Center for a
description • of the available recovery sites and plans. (Legacy Mainframe
Applications) • Refer to the IBM ASP DRP for FAMU. (iRattler/PeopleSoft
Production)
1-4 0BIntroduction 7/1/2008
2. To use a Command Center to oversee recovery efforts.
• The possible locations for the Command Center are:
Choice Name & Location 1. 303 Lee Hall 2. 2000 Innovation Park 3. Perry-Paige Data Center
3. To use a recovery team approach for recovery efforts.
• Refer to the Recovery Teams and their Functions. Applicability and
Scope Florida A&M University has developed and will maintain the Contingency Plan Computing and Data Systems plan to provide FAMU with a viable and effective contingency operations capability to resume “mission critical” operations and services following a major disruption at the host site. The scope of this Plan is to provide a plan of action to recover mission critical operating services for the continuance of mission critical business operations when an event causes major damage, disruption and/or inaccessibility to either IBM AoD ASP in Sterling, Virginia or Northwest Regional Data Center in Tallahassee, Florida. The Contingency Plan Computing and Data Systems Plan establish FAMU emergency response procedures for incidents which could affect operations. The Contingency Plan Computing and Data Systems Plan define restoration processes for the mission critical information systems. The Contingency Plan Computing and Data Systems Plan identifies planning requirements for FAMU to resume normal operations after a major or catastrophic event. This is an integrated document to provide a sustainable operational capability for the University which provides contingency planning for minor incidents causing short-term disruptions to disasters that affect normal operations for an extended period. The material in this plan is to remain confidential and is to be used for training, testing, and recovery purposes only. This manual is one of a controlled set. It must not be reproduced, and it must be returned to the Disaster Recovery Coordinator, in the event of your transfer or termination.
7/1/2008 0BIntroduction 1-5
The Contingency Plan Computing and Data Systems Plan Disaster Recovery Plan (DRP) was developed by the Florida A&M University Information Security Manager in accordance with the BCP Policy Statement adopted by the Business Continuity Plan and Disaster Recovery Plan (BCP/DRP) Oversight Committee, and implemented by the Chief Information Officer. The DRP provides guidance on emergency events to continue mission critical functions and data systems as related to the University.
Authority
This plan adheres to the BCP Policy Statement, and compliance with this plan is the responsibility of Florida A&M University staff, and any vendors/contractors using critical applications. The objective of the Contingency Plan Computing and Data Systems Plan is to ensure that a viable capability exists to continue essential critical application functions across a wide range of potential emergencies, specifically when the primary facility is either threatened or inaccessible. The objectives of this plan include:
Objectives
High Level Objectives
1. Ensure timely resumption of operation. 2. Decrease the impacts or mitigate disruptions to operations (student,
faculty, and staff, lost revenues, etc…). 3. Minimize disruption of service to Florida A&M University. 4. Protect essential facilities, equipment, records, and other assets. 5. Ensure the continuous performance of the essential functions/operations
of iRattler/PeopleSoft and mainframe legacy during an emergency. 6. Reduce loss of life, minimize damage and losses. 7. Provide for a time-phased implementation of partial or full execution of
the plan to mitigate the effects of the emergency and shorten the crisis response time.
8. Identify and designate principals and support staff to be relocated. 9. Facilitate decision-making for execution of the plan and the subsequent
conduct of operations. 10. Achieve a timely and orderly recovery from the emergency and
resumption of full service to all students. Detailed Objectives
1. Recover iRattler/PeopleSoft application within 72 hours. 2. Recover Legacy Mainframe application within 72 hours.
1-6 0BIntroduction 7/1/2008
Assumptions In accordance with Federal and State guidance, a viable DRP capability:
• Must be maintained at a high-level of readiness; • Must be capable of implementation both with and without
warning; • Must be operational no later than 12 hours after deployment; • Must maintain sustained operations for up to 30 days; and, • Should take maximum advantage of existing State and local
government infrastructures. The following assumptions were used as a basis of design for the plan's concept of operations and implementation procedures: 1. This Plan is based on a worst-case scenario. Recovery from anything less
than complete destruction of host site can also be achieved by using portions of this plan.
2. Key employees of Florida A&M University are available to support the
recovery efforts. 3. External services (telephone, facilities, transportation, recovery site, etc…)
are available and operating. 4. All vital records (magnetic media, documentation, ect…) necessary for
recovery are available and usable from an off-site storage location. (Vendor responsibility)
5. A Command Center is functionally available to manage and support recovery
efforts. 6. Since Florida A&M University does have established locations (Alternate
Sites) at which it can relocate to and perform disaster recovery, two relocation sites will be assumed – Site 1 (Northwest Regional Data Center) and Site 2 (Sterling, Virginia). These two sites will accommodate the planning requirements for all scenarios.
7. Florida A&M University employees will be available to activate the
Contingency Plan Computing and Data Systems; able to deploy to the either Alternate Site; and capable with requisite knowledge, skills, and abilities to perform critical operations in support of Florida A&M University mission critical functions.
7/1/2008 0BIntroduction 1-7
8. Since there are no agreements in place with vendors to provide software,
hardware, equipment, or services which will be needed to recover critical or any other Florida A&M University operations, including the data center operation, at any site, this capability will be assumed for the efficacy of the plan. When it is necessary to refer to the equipment and service vendor, TBD will be used in accordance with direction from Business Continuity Plan and Disaster Recovery Plan Oversight Committee. Since a vendor has not been selected or contracted, any Florida A&M University relocation will therefore take considerably longer than 72 hours – possibly as long as seven days depending on the scenario and equipment/services availability.
9. Data tapes and other electronic media are stored off-site in various locations
depending on what building(s) the servers are housed and whether the application is hosted locally or by 3rd party vendors in an ASP or other type of agreement. The storage areas provide the highest level of protection from all types of events. These data tapes will be available, retrievable by assigned Florida A&M University employees, and capable of restoring critical data in a timely manner.
10. The Alternate Sites will be accessible including Internet access. 11. All computer systems and services are backed-up to tape on a regular basis,
and these tapes have accurate data from successful backups which are capable of restoring critical data in a timely manner.
Exclusions This Plan does not address:
• Business Impact Analysis • Mission Critical Applications Study • Prevention • Risk Assessment and Mitigation • Work in progress • Vital records management • Short-term outages (less than 72 hours)
Constraints
1-8 0BIntroduction 7/1/2008
The following constraints will limit the effectiveness and efficacy of the plan, the concept of operations, and the implementation procedures: 1. Must interface and operate with the current processing environment,
including the iRattlers/Peoplesoft and legacy Mainframe applications. 2. Recovery strategies which use current technology to facilitate no data loss
are limited due to distance parameters. 3. Resource limitations and fluxes in the budget cycle may impact adaptability
and overall effectiveness for coordinated recovery programs. 4. Given current circumstances and capabilities Florida A&M University will
not recover all systems and services; therefore, affecting the operational capability of Florida A&M University.
5. All computer systems and services are backed-up to tape on a regular basis.
The backup schedule and methodology for the systems vary. However, the general process is to take a full backup once a week with incremental backups conducted daily. The daily incremental backups are moved off-site on a daily basis during the week. The full backup is run over the weekend because of the time required to complete a full system backup
6. Data files that are in use at the time of a backup are not captured because the
current physical tape backup technology does not allow for this process. 7. Storage of data using the current tape archive architecture is the least
expensive method of providing for disaster recovery. While the cost is low the time required for recovery is the longest of any disaster recovery architecture.
8. The Florida A&M University Contingency Plan Computing and Data
Systems project planning includes data protection architecture; however, it does not cover all systems managed by Florida A&M University which are necessary to conduct Florida A&M University mission critical functions and business operations.
Policy
7/1/2008 0BIntroduction 1-9
It is the policy of the Florida A&M University (FAMU) to develop, implement and maintain a Disaster Recovery Plan (DRP) to ensure that the following are achieved:
• Provide for the safety and well-being of representatives on the campus at the time of a disaster;
• Continue critical business operations; • Minimize the duration of a serious disruption to operations and resources
(both information processing and other resources); • Minimize immediate damage and losses; • Establish management responsibilities; • Facilitate effective coordination of recovery tasks; • Reduce the complexity of the recovery effort; • Identify critical lines of business and supporting functions; • Determine vulnerability to significant service interruptions at FAMU and
define preventive measures that may be taken to minimize the probability and impact of interruptions;
• Determine immediate, intermediate and extended term recovery needs and resource requirements;
• Develop and implement contingency plans that address both immediate and longer-term needs for operational areas such as Accounting, Human Resources, Information Technology, Facilities Planning, and Research & Development.
The University must review and test their business continuity plan(s) at least annually. The Business Continuity and Disaster Recovery Board, are responsible for ensuring that all business units comply with this policy. The Business Continuity and Disaster Recovery Board is responsible for ensuring that the management of business continuity is in the University’s processes and structure. The Disaster Recovery Plan shall, as a minimum, address the following:
• Employee/Students safety, welfare and internal communications • Resumption of critical business functions • Meeting contractual obligations • Management of risk • Maintenance of client confidence and the reputation of the business (via
external communications) The DRP shall address the following situation:
1-10 0BIntroduction 7/1/2008
• Disasters: Most areas of the main campus and computer equipment/systems incur severe damage or are totally destroyed. Interruption of IT is expected to last more than 48 hours. Examples of this major incident risk are a major hurricane, fire, bomb, virus, equipment, wind, communication, hazardous spill, or other building/area disaster.
The DRP should also, where possible, address the following situations:
• Moderate Incidents: Areas of the main campus incur noticeable damage, with interruption of operations lasting between 8-48 hours. Most of the campus is closed to students. Some operations may be possible with limited staff. Examples of this type of incident are a localized fire, flood, tornado, or other temporary building disaster.
• Short Term Incidents: Some areas of the main campus or computer
equipment are damaged. Interruption of operations may last up to 8 hours. Some operations may be performed manually. Examples of this type of incident are a network or systems failure.
The DRP should also, where possible, address the following situations:
• The CIO will maintain and identify the mission essential functions for iRattler/PeopleSoft and Mainframe operations and roster the staff to support them.
• EIT will prepare supplemental procedures specifically addressing
operations in an emergency that requires the relocation of iRattler/PeopleSoft and Mainframe operations.
• The CIO will provide for the backup, replacement, and recovery of data,
equipment and staff resources, including work-around procedures in the event of a disruption.
• The CIO will coordinate the development of plans and procedures that
will enable identified governmental or contractor IT personnel to assume responsibility for iRattler/PeopleSoft and Mainframe operations in the event that Florida A&M University staff is unavailable.
• The CIO in coordination with the Business Continuity Plan and Disaster
Recovery Plan Oversight Committee will ensure that the DRP is regularly tested in accordance with a comprehensive Test, Training, and Exercise (TT&E) program which include performing regular employee training, exercises, and system testing to assure readiness.
• The CIO in coordination with the Business Continuity Plan and Disaster
Recovery Plan Oversight Committee is responsible for the maintenance and annual review and update of this plan.
7/1/2008 0BIntroduction 1-11
• The CIO in coordination with the Business Continuity Plan and Disaster Recovery Plan Oversight Committee will periodically conduct a business impact/risk analysis that identifies time-sensitive critical mission functions, financial exposures, and operational impacts, and that estimates total information technology resources necessary for successful business resumption.
• The DRP must comply with any requirements of any auditors, insurers,
or regulators.
Definitions Business Continuity Plan - is an effort within FAMU to ensure the continued performance of minimum essential functions during a wide range of potential emergencies. This is accomplished through the development of plans, comprehensive procedures, and provisions for alternate facilities, personnel, resources, interoperable communications, and vital records/databases. Business Unit - any academic or administrative department, unit, center, institute, division, or college. Cohort - a term used by the Business Continuity and Disaster Recovery Oversight Committee to uniquely group all FAMU business units with a commonality of services to facilitate a more efficient way of planning. Five (5) Cohorts have been identified to group departmental plans: Accounting, Human Resources, Information Technology, Facilities Planning, and Research & Development. Critical - functions or services offered that could not be interrupted or unavailable for several business days without significantly jeopardizing FAMU’s ability to serve its students and the communities of Florida. Disaster - a sudden, unplanned event with a significant scope of impact involving many people if not an entire community and is based on the scope of the event, number of lives impacted, and the devastation of property ; 1) The disruption of critical business activities for some predetermined period of time. 2) The period when FAMU management decides to divert from normal schedules and exercises its disaster recovery plan signified by the beginning of moving from primary to alternate processing. Disaster Recovery Plan - the document that defines the resources, actions, tasks, and data required to manage the business recovery process in the event of a business interruption. The plan is designed to assist in restoring the business process within the stated disaster. Emergency - A sudden or unexpected occurrence or combination of occurrences that may cause injury, loss of life, destruction of property or cause the interference, loss or disruption of a unit's normal business operations to such an
1-12 0BIntroduction 7/1/2008
extent that it poses a threat to the campus community. An emergency is something that may overwhelm FAMU’s ability to resolve the situation. Disaster Recovery Plan - the document that defines the resources, actions, tasks, and data required to manage the business recovery process in the event of a business interruption. The plan is designed to assist in restoring the business process within the stated disaster. Acronyms BCP – Business Continuity Plan DRP – Disaster Recovery Plan FAMU – Florida A&M University Responsibility and
Duties President, or his designee(s) • Provide supervision for the execution of the FAMU Disaster Recovery
Plan. • Coordinate matters of university and appropriate civil interest during
time of a disaster. • Direct dissemination of information to campus community and general
public. • Determine and contact essential personnel as needed.
Chief Information Officer (CIO)
• Responsible for the overall recovery progress and makes decisions as necessary for the timely execution of the DRP. The CIO provides liaison with the President and Vice Presidents for reporting the status of the recovery operation.
Information Security Manager (ISM)
• Assess the criticality of each business operation and associated information processing service and determine the risk to the business of their delay or loss.
• Complete a business impact analysis. • Contain and/or manage the risks in accordance with the DRP policy. • Prepare, keep and ensure the DRP is commensurate with the level of risk. • Ensure that the DRP is tested on schedule.
Information Security
• Assist the University President during the execution of the plan
7/1/2008 0BIntroduction 1-13
• Provide for the reestablishment of university electronic operations based on IT specific disaster recovery plan.
• Communicate with department heads as necessary. University Purchasing Office
• Arrangements for emergency travel • Coordinate emergency purchasing issues, including procurement of
necessary supplies and equipment • Personnel & Human Resources issues, including pay and leave • Instruct employees on proper recordkeeping and reporting of the event. • Monitor costs related to incident and provide accounting, procurement,
time recording, cost analysis, and other documentation of the event.
University Payroll Office • In the event of a partial or full disaster or other circumstances, which
brings about the need for contingency operations, the normal organization of the Payroll department will shift into that of the contingency organization. The focus of the Payroll department will shift from the current structure and function of “business as usual” to the structure and function of a Payroll department that is working towards the resumption of time-sensitive business operations. The Payroll department will operate through phases of response, resumption, recovery, and restoration. Each phase involves exercising procedures and the teams executing those procedures. In the event of a full disaster all personnel will relocate to alternate site and continue recovery operations until normal operations can resume at the primary site.
Cohort Coordinator
• The Cohort Coordinator is responsible for ensuring that each business unit within their cohort has completed a Risk Assessment, Business Impact Analysis, and has developed a Business Continuity Plan consistent with the framework and templates established by the Department of Business Continuity and Disaster Recovery. They are also responsible for identifying a departmental contact for each business unit within the Cohort and ensuring the plans, assessments, and analyses are tested, reviewed, and updated with the established time periods. The Cohort Coordinator or designee is responsible for coordinating the above activities with the Department of Business Continuity and Disaster Recovery and must sign off on all business unit Risk Assessments, Business Impact Analysis, Business Continuity Plans/Disaster Recovery Plans, and Test Plans. Members of the Business Continuity and Disaster Recovery Committee serve as Cohort Coordinators.
Team Leaders
• Responsible for developing and coordinating the DRP Recovery Teams.
1-14 0BIntroduction 7/1/2008
During an emergency situation the Team Leaders will activate their respective recovery team and then direct all activities until the emergency is under control. In the absence of the CIO, the ISM will assume those duties.
• Participate in the evaluation and updates of the DRP to assure that all emergency situations have been adequately considered and that appropriate contingency plans have been prepared.
Recovery Team
• In case of a disaster, the emergency call list will need to be used. General duties of the disaster recovery members/managers are discussed. Team Leaders have been assigned in each area and general duties given. The Team Leaders will make assignment of employees in the major areas to specific tasks during the recovery stage over that area.
University Employees, Consultants, and Students
• Cooperate with the university personnel during the execution of this plan • Use increased safety precautions during the danger period. • Exercise extreme caution when leaving the university. Consider weather
forecasts, road conditions, and the time involved for travel. • Faculty should attempt to establish electronic communications with their
students. System Administrator Authority
• System administrative privileges shall be limited to those support personnel requirements for business purposes. Such authority shall be revoked upon determination by IT Operations management that such access is no longer required.
University Employees and Students
• Managers are responsible for ensuring that their staff complies with this policy.
• Managers will include information security as part of their employee orientation.
Business Continuity Plan and Disaster Recovery Plan (BCP/DRP) Oversight Committee
• To continue broad oversight of FAMU University Business Continuity and Disaster Recovery Planning, the President will appoint a Business Continuity and Disaster Recovery Oversight Committee. The committee is composed of a cross-section of academic and administrative leaders who have a working knowledge of business continuity and disaster recovery processes. The Committee has the following goals: o Reviews annual work goals of the Department of Business
Continuity o Reviews a representative number of risk assessments and tabletop
drills to determine adequacy of recovery plans o Makes recommendations on how to enhance Business Continuity
7/1/2008 0BIntroduction 1-15
processes o Provides an annual written summary to the Chancellor
Procedure Business Impact Analysis and Risk Assessment
Each business unit that meets the committee criteria of ‘critical' will conduct a Business Impact Analysis and Risk Assessment annually as directed by the respective Cohort Coordinator with results reported to the BCP/DRP Oversight Committee. The Business Impact Analysis will identify critical business functions and workflow; determine the qualitative and quantitative impacts of a vulnerability/threat, and prioritize/establish recovery time objectives for the critical functions. The Risk Assessment will identify vulnerabilities and threats that may impact the business unit’s ability to fulfill the mission of FAMU University and define the controls in place to reduce the exposure to the vulnerabilities/threats as well as evaluate the probability of a particular event. The Business Impact Analysis and Risk Assessment must be approved/signed off by the Department Head/Director
Business Continuity and Disaster Recovery Plan
• Each business unit will develop a business continuity and disaster
recovery plan as directed by the respective Cohort Coordinator with results reported to the Department of Business Continuity and Disaster Recovery. The Plan provides for the continuance of critical functions in the event of a business disruption. The Business Continuity Plan will consist of advance arrangements and procedures for maintaining or continuing the unit's identified critical business functions in the event of an interruption or essential change such as the absence of the administrative IT environment. The Disaster Recovery Plan will define the unit's resources, actions, tasks and data required to assist in the recovery of the unit's identified critical business functions. The BCP/DRP Oversight Committee will maintain a campus-wide capability for business units to develop and maintain business continuity plans. The BCP/DRP’s must be approved/signed off by the Department Head/Director.
Testing and Exercising Plans
• Critical business units are required to test the DRP at least annually as
directed by the BCP/DRP Oversight Committee with results reported to the BCP/DRP Oversight Committee. Departmental exercises may be conducted more frequently at the discretion of management. Test and
1-16 0BIntroduction 7/1/2008
Exercise plans must be approved/signed off by the Department Head/Director and Cohort Coordinator. The following shall apply: o The DRP plan must be exercised in accordance with the DRP
Exercise Guidelines. o The DRP plan must be exercised in accordance with the DRP
Exercise Schedules. o The DRP plan must conduct a Calling Tree Campaign on a no less
than semi-annual basis. This Calling Tree Campaign must achieve at least a 90% contact rate to be acceptable.
o Last Exercised Date fields must be updated every time a plan is exercised.
Business units are required to review their DRP plans at least semi-annually and update the plans whenever changes occur in their operating procedures, processes, or key personnel. Plans must be updated to maintain accurate lists of key personnel, telephone number, call trees and plan elements that may be affected by changes in unit structure or functions. The respective Department Head/Director, Dean or Vice Chancellor (or designated vice provost or associate vice chancellor), and Cohort Coordinator must review and approve the updated plan on, at least, an annual basis.
Plan Maintenance
• The DRP plan must be maintained on a no less than semi-annual basis.
Updates must be performed sooner if personnel or recovery strategy has changed.
• Version Control/Last Updated Date fields must be updated every time a plan is updated.
Credentialing This policy applies to all FAMU users (employees, contractors, consultants, temporaries, volunteers, etc.) who use the University’s computing or networking resources, as well as those who represent themselves as being connected--in any way --with FAMU. All users are expected to be familiar with and fully comply with this policy. Questions about the policy should be directed to the users BCP/DRP Oversight Committee.
Standards Compliance Compliance The DRP shall adhere to the regulatory compliance requirements of Florida A&M University.
7/1/2008 0BIntroduction 1-17
Enforcement Employees who violate this policy will be subject to disciplinary action up to and including termination of employment. Anyone who knows or has reason to believe that another person has violated this policy should report the matter promptly to his or her supervisor or the Information Security Officer. All reported matters will be investigated, and, where appropriate, steps will be taken to remedy the situation. Where possible, every effort will be made to handle the reported matter confidentially. Any attempt to retaliate against a person for reporting a violation of this policy will itself be considered a violation of this policy that may result in disciplinary action up to and including termination of employment. Exceptions xceptions The BCP/DRP Oversight Committee as defined in the DRP must approve any exceptions to this document.
2-18 1BAssessing Business Risk and Impact of Potential Emergencies 7/1/2008
Chapter 2: Assessing Business Risk and Impact of Potential Emergencies
Internal and External Emergency Services and Contact Numbers
al and External Emergency Services and Contact Numbers
The following identifies emergency agencies and departments as well as local agencies/departments, public and commercial emergency and broadcasting services with their telephone number and/or website.
EMERGENCY SERVICES
Tallahassee, FL and Surrounding Metropolitan Areas
CONTACT NUMBER
Police /Fire/Ambulance
Florida A&M University Police
Non Emergency Tallahassee Police
Non Emergency Sheriff Leon County
Non Emergency Sheriff Gadsden County
Non Emergency Sheriff Wakulla County
TDD Hearing Impaired
CRIMESTOPPERS
Tallahassee Fire
Quincy Fire
911
850-599-3256
850-891-4200
850-922-3300
850-627-9233
850-926-0800
850-891-4375
850-891-4357
850-891-6600
850-627-7111
7/1/2008 1BAssessing Business Risk and Impact of Potential Emergencies 2-19
Hospitals/Medical Facilities
Non-Emergency Transport
(Health Facilities/Nursing Homes & Rehab Centers)
850-921-0900
Leon County Emergency Medical Services
(Administration of the Volunteer Department (VFDs) • Chaires-Capitola • Lake Iamonia • Lake Jackson • Lake Talquin • Miccosukee • Woodville
850-606-2100 850-942-4033 850-552-2035 850-562-4441 850-591-4137 850-893-1177 850-933-4018
Tallahassee Memorial 850-431-1155
Capital Regional Medical Center 850-656-5000
Television Stations WCTV CBS 6 www.sctv6.com
850-893-6666
WTWC TV NBC 40 www.wtwc40.com
850-893-4140
The CW (WFXU) www.cwtv.com
WCOT TV 13
850-891-8081
WFSU (Local PBS) www.wfsu.org
850-487-3170
WTLH TV Fox 49 www.fox49.com
850-576-4990
WTXL TV ABC 27 www.wtxl.com
850-893-3127
2-20 1BAssessing Business Risk and Impact of Potential Emergencies 7/1/2008
Radio Stations WVFS “The Voice” V89.7 FSU Student Radio www.wvfs.fsu.edu
850-644-1837
100.7 WFLA www.wflafm.com
850-205-9352
WTLY Magic 107.1 www.magic1071.com
850-422-2107
http://www.srh.noaa.gov/tlh/tlh/nwr.html
NOAA Weather Radio All Hazards
WTNT 94.9 www.wtntfm.com
850-385-9868
WXSR X101.5 www.x1015.com
850-386-3101
1270 The Team www.1270theteam.com
850-205-9352
WBZE Star 98.9 www.mystar98.com
850-385-0989
WGLF Gulf 104 www.gulf104.com
850-681-0436
WHBX 96.1 JAMZ www.961jamz.com
850-201-5269
WWLD-FM Blazin www.blazin1023.com
850-201-1023
WEGT – The Eagle www.eagle999.com
850-531-9990
WHTG-Hot 104.9 www.hot1049.com
850-383-1049
WJZT 97.9 Smooth Jazz www.wjztfm.com
850-561-8400
7/1/2008 1BAssessing Business Risk and Impact of Potential Emergencies 2-21
Newspapers Associated Press www.ap.org
850-224-1211
Capital Outlook www.capitaloutlook.com
850-681-1852
Florida Times-Union http://jacksonville.com
850-224-7515
Gadsden County Times
850-627-7649
Gannett News Service www.gannett.com
850-222-8384
Tallahassee Democrat www.tallahassee.com
850-999-2271
Publications Capital Outlook www.capitaloutlook.com
850-681-1852
The FAMUAN www.thefamuan.com
850-599-3159
Internet Sites http://www.srh.noaa.gov/tlh/
National Weather Service (Tallahassee)
http://www.nhc.noaa.gov/index.shtml Latest Hurricane Warning and Tracking Information
http://www.tallytown.com/redcross/hsg.html http://www.floridadisaster.org/index.asp
American Red Cross
http://www.fema.gov
Federal Emergency Management Agency
http://www.nfpa.org
National Fire Protection Association
http://www.usgs.gov
Unites States Geological Survey
http://www.coj.net/Departments
Jacksonville City Government Agencies…
2-22 1BAssessing Business Risk and Impact of Potential Emergencies 7/1/2008
Other Call before You Dig 800-438-4636 Tallahassee ( Power and Water) Emergencies Sprint (Phone Service) US Coast Guard (Marine and Air Emergencies) 904-247-7311 American Red Cross (Community Disaster) 850/878-6080 Hurricane Information Evacuation /Emergency Preparedness
904-630-2472
National Response Center ( Toxic Chemical & Oil)
800-424-8802 or 904-630-3635
Poison Information Center 800-222-1222 FEMA Washington D.C • Emergency Support Team • Public/Private
202-566-1600 202-646-2440 202-646-3561
Tallahassee Environmental Quality (Air, Odors, Noise, Water)
Tallahassee Emergency Preparedness. Occupational Safety & Health Administration (OSHA)
7/1/2008 1BAssessing Business Risk and Impact of Potential Emergencies 2-23
Premises Issues In the event that an emergency situation affects the Florida A&M University premises, it is necessary to have information to hand on the authority (and responsibility) of individuals involved in the emergency recovery procedures to effect repairs immediately.
The team charged with restoring the premises to normal working will need to understand their levels of authority for commissioning works from outside contractors. Very often in an actual emergency situation, it is difficult to obtain approvals urgently. For this reason, the DRP contains information on the authority levels available and how further approvals may be obtained in the event of such emergencies occurring.
LOCATION OF PROPERTY : Florida A&M University Campus Buildings Responsibility for maintenance Insurance coverage Responsibility for emergency repairs External approvals needed before work can commence
Internal approvals needed before commissioning contractors
Procedures for obtaining approvals in emergency situations
Persons responsible for premises recovery activities, with emergency contact details
Persons responsible for approving repairs or replacement for equipment or furniture, with emergency contact details
Responsibility and Authority for Building Repairs
LOCATION OF PROPERTY : Florida A&M University Off-Campus Buildings Responsibility for maintenance Insurance coverage Responsibility for emergency repairs External approvals needed before work can commence
Internal approvals needed before commissioning contractors
Procedures for obtaining approvals in emergency situations
Persons responsible for premises recovery activities, with emergency contact details
Persons responsible for approving repairs or replacement for equipment or furniture, with emergency contact details
2-24 1BAssessing Business Risk and Impact of Potential Emergencies 7/1/2008
Backup generators have been provided in critical areas to allow critical business processes to continue when there is a power outage. UPS systems are also used for key equipment or services, which may be affected by sudden surges of power, or where data may be corrupted when the system switches over from mains power to a backup generator.
Backup Power Arrangements
Existing backup power arrangements are listed below, together with the critical functions, which they support:
Florida A&M University
TYPE OF BACKUP GENERATOR
CRITICAL FUNCTIONS SUPPORTED
REQUIRED FREQUENCY OF TESTING
DATE TEST LAST CARRIED OUT
PERSON RESPONSIBLE FOR TESTING/ MAINTENANCE
Emergency Electric Backup Power Generator for Perry Paige Computer System, Manufactured by Olympian Power System, Capacity
150 KW, Model No:D150P1_1
Backup power supply to Computer Systems, Air Conditioning Systems and lights in Computer Room only
Twice a year September 2007
Mr. James Regan, from Tampa Armature Works, Inc. Scheduled and coordinated by Chhagan Dalsania, Coordinator, FAMU/P
Sterling, Virginia
TYPE OF BACKUP GENERATOR
CRITICAL FUNCTIONS SUPPORTED
REQUIRED FREQUENCY OF TESTING
DATE TEST LAST CARRIED OUT
PERSON RESPONSIBLE FOR TESTING/ MAINTENANCE
(Maintained by IBM)
7/1/2008 2BPreparing for a Possible Emergency 3-25
Chapter 3: Preparing for a Possible Emergency
The scope of this Phase is to deal with major operating disruptions at the host site, which in turn would leave Florida A&M University without access to iRattler Student Administration or Legacy Payroll application.
Operation Disruption
These operating disruptions include, but are not limited to, major fire, flood, bomb, building structure (floor and/or ceiling) failure, and other unforeseen catastrophic events. Other operating disruptions such as minor fire, flood, equipment failure, power failure, etc., are not within the scope of this Plan. Following an operating disruption, it may not be readily apparent whether or not to declare a disaster. For this purpose, disaster declaration procedures have been established and are located in the next section of this Plan.
Since emergencies, or potential emergencies, may affect the ability of Florida A&M University to perform iRattler/PeopleSoft and Mainframe mission essential functions from the Data Center or the Campus. The following are three scenarios that could mandate the activation of the DRP:
Activation Scenarios tivation Scenarios
1. The Data Center is closed to normal business activities as a result of an event
(whether or not originating within the building) or credible threats of action that would preclude access or use of the building and the surrounding area.
2. The Florida A&M University campus is closed to normal business activities
as a result of an event (whether or not originating in the complex) or credible threats of action that would preclude access or use of the campus and the surrounding area.
3. The Tallahassee, Florida metropolitan area is closed to normal business activities as a result of a widespread utility failure, natural disaster,
3-26 2BPreparing for a Possible Emergency 7/1/2008
significant hazardous material incident, civil disturbance, terrorist or military attack(s) or credible threats of action. Under this scenario there could be uncertainty regarding whether additional events such as secondary explosions, or cascading utility failures could occur.
Disaster Declaration Notice
Event Disclosure May be Harmful to Florida A&M University, Do Not Discuss the Situation With Anyone, Other Than Team Members
In an event so severe that normal operations are interrupted, or if such an incident appears imminent and it would be prudent to evacuate the Tallahassee, Florida area as a precaution, the CIO in consultation with the President, will direct the activation of the DRP.
Plan Execution
The Alternate Sites will be notified and/or activated, if necessary, and at the discretion of the CIO. The Disaster Control Team consists of Florida A&M University employees and may be supplemented by selected staff from appropriate contractors/vendors. Selected members of the Disaster Control Team may be identified to serve as on other Recovery Teams for the DRP activation or potential thereof. These selected Recovery Teams will conduct operations while in transit from mobile communications systems, or operate remotely from an assembly site in the Tallahassee vicinity, or relocate temporarily to one of the Alternate Sites, if necessary. The Recovery Operations Team will be responsible to continue mission essential functions of the iRattler/PeopleSoft and Mainframe within 24 hours of deployment and for a period up to seven to thirty days pending regaining access to the Florida A&M University campus or the occupation of an Alternate Site determined by the situational circumstances in the Tallahassee vicinity. The Alternate Sites are pre-designated fixed facilities and selection will be made at the time of DRP Activation and determined by the event or threat. If the Florida A&M University campus is inaccessible and a threat exists in the Tallahassee, Florida vicinity, the Far Point Recovery Site is in Sterling, Virginia. The CIO will execute vendor and service contracts at the time the DRP activation to provide all equipment, hardware, software, resources, and emergency support services to outfit, configure, restore, and maintain iRattler/PeopleSoft and Mainframe operations. These contracts are not pre-negotiated and therefore all equipment, resources, and services may not be available at the time of activation. Mobile voice and data systems will be the primary operational capability for the Recovery Teams using cellular telephones, laptop computers with wireless capabilities, and Personal Digital Assistants (PDAs). To supplement the
7/1/2008 2BPreparing for a Possible Emergency 3-27
interoperable communications capabilities and logistical requirements at the Alternate Sites, TO BE DETERMINED contingency services will be utilized. To assure an immediate response capability at the Alternate Sites, a command staff of Florida A&M University and contractor personnel will co-occupy the data centers with existing site staff. The remainder of the Recovery Teams will be positioned for the first 12 to 96 hours at facilities to be determined at time of the plan’s activation near to the Alternate Sites or on the facility grounds. The majority of the Recovery Teams members will support the efforts to establish iRattler/PeopleSoft and Mainframe operational capability. Within 168 hours (seven days) it is expected that a sufficient facility accommodations will be acquired and equipped using various TO BE DETERMINED contingency services. Such incidents could occur with or without warning and during duty or non-duty hours. Whatever the incident or threat, the DRP will be executed in response to a full-range of disasters and emergencies, to include natural disasters, terrorist threats and incidents, and technological disruptions and failures. It is expected that, in most cases, Florida A&M University will receive a warning of at least a few hours prior to an incident. Under these circumstances, the process of activation would normally enable the partial, limited, or full activation of the BCP/DRP with a complete and orderly alert and notification of all personnel, and activation of the plan. This will be followed by the subsequent deployment of the Recovery Teams to an assembly site or pre-identified Alternate Site. Without warning, the process becomes less routine, and potentially more serious and difficult. The ability to execute the DRP following an incident that occurs with little or no warning will depend on the severity of the incident's impact on the physical facilities, and whether Florida A&M University personnel and contractors are present on the campus or in the surrounding area. The operational direction and control of iRattler/PeopleSoft and Mainframe functions for Florida A&M University under the worst-case scenario would revert back to the CIO, the President or designee could perform the functions or re-assign them to another organization or vendor. Positive personnel accountability throughout all phases of emergencies, to include DRP, is of utmost concern, especially if the emergency occurs without warning, during duty hours. The Florida A&M University Building Evacuation Plans and provide for such accountability.
Notification Procedures The nature and severity of an emergency, will of course, dictate which teams are
notified and when. The declaration of an emergency effecting Florida A&M University is the responsibility of the CIO. The first person to be called into
3-28 2BPreparing for a Possible Emergency 7/1/2008
action in the event of an emergency is the Evaluation Function Leader. This person will make the initial determination of the nature and extent of any damage to the Florida A&M University facilities. Depending on the nature and extent of the emergency, the remaining departmental recovery teams may or may not be notified by the Evaluation Function Leader. The person shown as Caller is responsible for initiating the call down sequence. If Caller is not available, Primary Contact assumes the responsibility for initiating the call down sequence. In the event that the Caller and Primary Contact are not available, the Secondary Contact assumes the responsibility. Persons marked with ** do not call anyone.
Call Down List
Caller Primary Contact Secondary Contact
Robert Seniors ** Michael McAvoy ** Daniel Andrew
DR Contact List
7/1/2008 2BPreparing for a Possible Emergency 3-29
Overview of Florida A&M University Disaster Recovery Life Cycle
3-32 2BPreparing for a Possible Emergency 7/1/2008
Introduction to the
Recovery Team/Function Concept
Business Continuity Plan and Disaster Recovery Plan Oversight Committee
Team/Function –
Acronym/Name
Charter Membership
Business Continuity Plan and Disaster Recovery Plan Oversight Committee
Responsible for the development, implementation and management of the DRP. Responsible for declaring that a service disruption has occurred, coordinating the appropriate response to a service disruption and managing the recovery effort after a service disruption.
Chairman: President Members:
Initial Evaluation
Function Leader ial Evaluation
Function Leader The Initial Evaluation Function Leader is the first Recovery Team to be notified and activated after a service disruption occurs; it is then responsible for notifying the BCP/DRP Oversight Committee of its findings. Responsibilities Takes immediate steps to safeguard public safety. Interface with public law enforcement and fire department agencies. Determine the severity of the situation. Determine the safety/accessibility of the facility. If the facility is deemed safe to enter, determine the extent of damage and the salvage ability to the contents of the ‘machine room’. Estimate the length of time to repair and/or restore the mission critical resources. Notify the BCP/DRP Oversight Committee of its findings. Each team member will receive a copy of the Plan.
7/1/2008 2BPreparing for a Possible Emergency 3-33
FAMU Specific Emergency Response & Evaluation Overview
Potential
Emergency Situation Occurs
FAMU Police Facility Services
Report on Severity/Extent of
Damage Initial Evaluation Function Leader
Evaluates Situation
No Additional Information
Required
Additional Information
Required Do Not Declare an Emergency
Declare an Emergency
Activate DRP Teams Necessary to Respond to the
Situation Do Not Declare an Emergency
Wait for Instructions From
Emergency Operations Center
Activate Disaster Control Team to
Gather Additional Information
Initial Evaluation Function Leader
Reviews Information
Received From Disaster Control
Declare an emergency
Activate Recovery Teams Necessary to Respond to the Situation
Wait for Instructions From
Emergency Operations Center
University BCP/DRP Teams
Activate Alternate Processing
Strategy
Activate Alternate Processing
Strategy
Initial Evaluation Function Leader
3-34 2BPreparing for a Possible Emergency 7/1/2008
Business Continuity
and Disaster Recovery Plan Oversight Committee Check List
ontinuity and Disaster Recovery Plan Oversight Committee Check List
1. Incident occurs 2. Initial Evaluation Function Leader responds
a. See the Initial Evaluation Function Leader Check List for where to meet and how to proceed
3. Initial Evaluation Function Leader reports findings to BCP/DRP Oversight
Committee 4. The Disaster Control Team (DCT) assembles at command center
5. The Initial Evaluation Function Leader notifies all recovery team leaders to
stand by 6. The BCP/DRP Oversight Committee reviews/evaluates findings from Initial
Evaluation Function Leader 7. The BCP/DRP Oversight Committee evaluates report from Initial Evaluation
Function Leader
a. Determines that critical services can be restored in 3 working days
• Activates necessary Recovery Teams to accomplish objectives
b. Determines that critical services cannot be restored in 3 working days
• Activates necessary Recovery Teams to accomplish objectives • Notifies vendors of the need for services
• Notifies executive management
7/1/2008 2BPreparing for a Possible Emergency 3-35
Initial Evaluation
Function Leader Check List
1) Incident occurs 2) Initial Evaluation Function Leader responds
a) Initial Evaluation Function Leader notifies Disaster Control team members
b) Assemble at Emergency Command Center
c) Interface with Campus Police and/or other emergency authorities d) Evaluate site and situation
e) Are there Injuries?
Yes ( ) No ( ) If yes, how many?
f) Are there fatalities?
Yes ( ) No ( ) If Yes, how many?
g) Which utilities available? Electricity ( ) Water ( ) Gas ( ) Sewer ( )
h) Is emergency generator on?
Yes ( ) No ( )
i) Can buildings be accessed?
Yes ( ) No ( ) If No, give brief description why:
j) Are buildings safe to enter?
Yes ( ) No ( ) If No, give brief description why:
k) Are interior hallways and rooms free of debris?
Yes ( ) No ( )
l) Will interior doors open?
Yes ( ) No ( ) If No, list rooms that cannot be accessed:
3-36 2BPreparing for a Possible Emergency 7/1/2008
m) Is phone service available?
Yes ( ) No ( )
n) Is computer room floor intact?
Yes ( ) No ( )
o) Are wall mounted panels intact
Yes ( ) No ( ) If No, list panels not intact:
p) Is there power in the computer room?
Yes ( ) No ( )
q) Are any bare power leads visible? (to be determined by qualified personnel only)
Yes ( ) No ( )
r) Is there debris on the computer room floor?
Yes ( ) No ( )
s) Is air conditioning available
Yes ( ) No ( )
t) Is there evidence of fire?
Yes ( ) No ( )
u) Is there evidence of water damage:
Yes ( ) No ( )
v) Has any computer equipment fallen through the floor?
Yes ( ) No ( )
w) Have any equipment racks tipped over?
Yes ( ) No ( )
7/1/2008 2BPreparing for a Possible Emergency 3-37
Mission Critical Procedures & Information
The following contains the procedures, specifications, and information for re-establishing critical recovery operations for Florida A&M University. Network Control Center Restoration Procedures
The following identifies and describes each backup/recovery telecommunications connection, and explains the special instructions necessary to re-establish each data communication line.
Florida A&M University’s Recovery Resource reports begin on the following pages. Recovery Resources
& Inventory Reports These reports identify and describe the resources Florida A&M University had before the disaster, which may be necessary to support recovery operations. These recovery resource reports are current as of the publishing of this document. The most recent information is maintained in the Web-based Disaster Recovery System (DRD) planning software database, which is available at any time using Internet Explorer 5.5 or higher.
3-38 2BPreparing for a Possible Emergency 7/1/2008
In an event so severe that normal operations are interrupted, or if such an incident appears imminent and it would be prudent to evacuate the Tallahassee, Florida area as a precaution, the CIO in consultation with the President, will direct the activation of the DRP.
Plan Execution
The Alternate Sites will be notified and/or activated, if necessary, and at the discretion of the CIO. The Disaster Control Team consists of Florida A&M University employees and may be supplemented by selected staff from appropriate contractors/vendors. Selected members of the Disaster Control Team may be identified to serve as on other Recovery Teams for the DRP activation or potential thereof. These selected Recovery Teams will conduct operations while in transit from mobile communications systems, or operate remotely from an assembly site in the Tallahassee vicinity, or relocate temporarily to one of the Alternate Sites, if necessary. The Recovery Operations Team will be responsible to continue mission essential functions of the iRattler/PeopleSoft and Mainframe within 24 hours of deployment and for a period up to seven to thirty days pending regaining access to the Florida A&M University campus or the occupation of an Alternate Site determined by the situational circumstances in the Tallahassee vicinity. The Alternate Sites are pre-designated fixed facilities and selection will be made at the time of DRP Activation and determined by the event or threat. If the Florida A&M University campus is inaccessible and a threat exists in the Tallahassee, Florida vicinity, the Far Point Recovery Site is in Sterling, Virginia. The CIO will execute vendor and service contracts at the time the DRP activation to provide all equipment, hardware, software, resources, and emergency support services to outfit, configure, restore, and maintain iRattler/PeopleSoft and Mainframe operations. These contracts are not pre-negotiated and therefore all equipment, resources, and services may not be available at the time of activation. Mobile voice and data systems will be the primary operational capability for the Recovery Teams using cellular telephones, laptop computers with wireless capabilities, and Personal Digital Assistants (PDAs). To supplement the interoperable communications capabilities and logistical requirements at the Alternate Sites, TO BE DETERMINED contingency services will be utilized. To assure an immediate response capability at the Alternate Sites, a command staff of Florida A&M University and contractor personnel will co-occupy the data centers with existing site staff. The remainder of the Recovery Teams will be positioned for the first 12 to 96 hours at facilities to be determined at time of the plan’s activation near to the Alternate Sites or on the facility grounds. The majority of the Recovery Teams members will support the efforts to establish iRattler/PeopleSoft and Mainframe operational capability. Within 168 hours (seven days) it is expected that a sufficient facility accommodations will be
7/1/2008 2BPreparing for a Possible Emergency 3-39
acquired and equipped using various TO BE DETERMINED contingency services. Such incidents could occur with or without warning and during duty or non-duty hours. Whatever the incident or threat, the DRP will be executed in response to a full-range of disasters and emergencies, to include natural disasters, terrorist threats and incidents, and technological disruptions and failures. It is expected that, in most cases, Florida A&M University will receive a warning of at least a few hours prior to an incident. Under these circumstances, the process of activation would normally enable the partial, limited, or full activation of the BCP/DRP with a complete and orderly alert and notification of all personnel, and activation of the plan. This will be followed by the subsequent deployment of the Recovery Teams to an assembly site or pre-identified Alternate Site. Without warning, the process becomes less routine, and potentially more serious and difficult. The ability to execute the DRP following an incident that occurs with little or no warning will depend on the severity of the incident's impact on the physical facilities, and whether Florida A&M University personnel and contractors are present on the campus or in the surrounding area. The operational direction and control of iRattler/PeopleSoft and Mainframe functions for Florida A&M University under the worst-case scenario would revert back to the CIO, the President or designee could perform the functions or re-assign them to another organization or vendor. Positive personnel accountability throughout all phases of emergencies, to include DRP, is of utmost concern, especially if the emergency occurs without warning, during duty hours. The Florida A&M University Building Evacuation Plans and provide for such accountability.
Notification Procedures
tification Procedures
The nature and severity of an emergency, will of course, dictate which teams are notified and when. The declaration of an emergency effecting Florida A&M University is the responsibility of the CIO. The first person to be called into action in the event of an emergency is the Evaluation Function Leader. This person will make the initial determination of the nature and extent of any damage to the Florida A&M University facilities. Depending on the nature and extent of the emergency, the remaining departmental recovery teams may or may not be notified by the Evaluation Function Leader. The person shown as Caller is responsible for initiating the call down sequence. If Caller is not available, Primary Contact assumes the responsibility for initiating the call down sequence. In the event that the Caller and Primary
3-40 2BPreparing for a Possible Emergency 7/1/2008
Contact are not available, the Secondary Contact assumes the responsibility. Persons marked with ** do not call anyone.
7/1/2008 3BTesting the Disaster Recovery Plan 4-1
Chapter 4: Testing the Disaster Recovery Plan
Post-Planning Phase – Testing the Disaster Recovery Plan The Disaster Recovery Plan needs to be a “living document” in several ways: DRP Up-Keep Up-Keep
• Ongoing Review and Updates: The content presented in this version of the Disaster Recovery Plan represents the information documented from structured interviews of key business owners. The content has been distributed to the key business owners for review, and as a result there may be updates.
• Preparation Activities: A series of preparation actions were identified for
each key business area and disruption scenario and documented accordingly. Each preparation step should be evaluated for its appropriateness, and if deemed to be required, should be assigned and a target date should be determined.
• Periodic Structured reviews/Updates: A periodic, scheduled and
structured review should be conducted of all key business areas, on an annual basis (or more frequently for specific higher impact business functions and/or disruption scenarios).
• Periodic test/Drills: A periodic, scheduled test/drill should be executed
for one or more disruption scenarios. This could for example be in the form of a “tabletop exercise” or some method, or it could include a full-scale drill for a specific, high impact, high-risk scenario.
Each of the above-recommended next steps should be coordinated through the Business Continuity Plan and Disaster Recovery Plan Oversight Committee.
4-2 3BTesting the Disaster Recovery Plan 7/1/2008
The Disaster Recovery Plan should be maintained routinely and exercised/tested at least annually. Disaster Recovery procedures must be tested periodically to ensure the effectiveness of the plan. The scope, objective, and measurement criteria of each exercise will be determined and coordinated by the Business Continuity Manager on a “per event” basis. The purpose of exercising and testing the plan is to continually refine resumption and recovery procedures to reduce the potential for failure. There are two categories of testing: announced and unannounced. In an announced test, departmental managers are instructed when testing will occur, what the objectives of the test are, and what the scenario will be for the test. Announced testing is helpful for the initial test of procedures. It gives Florida A&M University Departmental Recovery Teams the time to prepare for the test and allows them to practice their skills. Once the team(s) has had an opportunity to run through the procedures, practice, and coordinate their skills, unannounced testing may be used to test the completeness of the procedures and sharpen the team’s abilities. Unannounced testing consists of testing without prior notification. The use of unannounced testing is extremely helpful in preparing a team for disaster preparation because it focuses on the adequacy of in-place procedures and the readiness of the team. Unannounced testing, combined with closely monitored restrictions, will help to create a simulated scenario that might exist in a disaster. This more closely measures the teams’ ability to function under the pressure and limitations of a disaster. Once it has been determined whether a test will be announced or unannounced, the actual objective(s) of the test must be determined. There are several different types of tests that are useful for measuring different objectives. There are several reasons to test, primarily to inform Florida A&M University management of the recovery capabilities of Information Technology (IT). Other specific reasons area as follows:
1. Testing verifies that Florida A&M University. is compliant with Sarbanes-Oxley and COBIT Information Technology systems control objectives and controls.
2. Testing verifies the accuracy of the recovery procedures and identifies deficiencies.
3. Testing prepares and trains the personnel to execute their emergency duties.
4. Testing verifies the processing capability of the Florida A&M University facility maintaining the iRattler (PeopleSoft) application and legacy Mainframe application.
7/1/2008 3BTesting the Disaster Recovery Plan 4-3
Testing schedule A recommended schedule for testing is as follows:
1. Desktop testing on a quarterly basis 2. One structured walk-through semi-annually 3. Two/three integrated business operations/information systems exercise
per year The Team Leaders and Business Continuity Manager together will determine end-user participation. The Florida A&M University DRP should be tested within a realistic environment, which means simulating conditions, which would be applicable in an actual emergency. It is also important that the persons who would be responsible for those activities in a crisis should carry out the tests. The Disaster Recovery Plan has been written to include the following Information Technology (IT) Systems control objectives and controls. Disaster Recovery Plan Evaluation Checklist identifies all the controls that have been included into the DRP:
1. IT COBIT: Control Objectives for Information and Related Technology audit guidelines as identified by the Information Systems Audit and Control Association (ISACA).
2. National Institute of Standards and Technology (NIST) Special Publication 800-34, Contingency Planning Guide for Information Technology (IT) Systems control objectives and controls
3. ISO27002:2005 control objectives and controls
Testing Methods Objectives and
Scope of Tests There are five types of Disaster Recovery Plan tests. The listing here is prioritized, from the simplest to the most complete testing type. As Information Technology (IT) progresses through the tests, each test is progressively more involved and more accurately depicts the actual responsiveness of Florida A&M University. Some of the testing types, for example, the last two, require major investments of time, resources, and coordination to implement.
1. Checklist - During a checklist type of Disaster Recovery Plan, copies of the plan are distributed to each key business function Team Leader.
2. Structured Walkthrough Test - In this type of test, each key business
unit Team Leader meets to walk through the Disaster Recovery Plan. The goal is to ensure that the plan accurately reflects the University’s ability to recover successfully, at least on paper. Each step of the plan is walked-through in the meeting and marked as performed. Major glaring faults with the plan should be apparent during the walk-through.
4-4 3BTesting the Disaster Recovery Plan 7/1/2008
3. Simulation Test - During a simulation, all of the operational and support
personnel expected to perform during an actual emergency meet in a practice session. The goal here is to test the ability of the personnel to respond to a simulated disaster. The simulation goes to the point of relocating to Sterling, Virginia or enacting recovery procedures, but does not perform any actual recovery process or alternate processing.
4. Parallel Test - A parallel test is a full test of the recovery plan, utilizing
all personnel. The difference between this and the full-interruption test below is that the primary production processing of the business does not stop; the test processing runs in parallel to the real processing. The goal of this type of test is to ensure that critical systems will actually run at Sterling, Virginia, parallel processing is initiated, and the results of the transactions and other elements are compared. This is the most common type of Business Continuity Plan and Disaster Recovery Plan testing.
5. Full-Interruption Test - During a full-interruption test, a disaster is
replicated even to the point of ceasing normal production operations. The plan is totally implemented as if it were a real disaster, to the point of involving emergency services (although for a major test, local authorities may be informed and help coordinate).
Setting Objectives Each test is designed around a worst-case scenario for equipment, as this will ensure the entire plan is examined for all possible disastrous situations. For staffing, base tests are designed around best-case scenarios to ensure that all participants are involved and all available expertise is on hand to understand and resolve each issue in the process of building a complete plan. Florida A&M University employees should note any weaknesses or opportunities to improve the plan for action. Once confident that the recovery plan is effective, other scenarios for staffing can be tested, e.g., worst-case scenarios, to verify the procedures are complete and can be performed by less technical personnel. Only when every requirement associated with each component has been documented and verified can the recovery plan be said to be complete and functional. It is important that all aspects of the test are properly examined before a commitment is made to invoke the test. Because it is a test, some considerations will be necessary which perhaps would not be valid in a real disaster. For example, a test may require agreement with business units such as all Human Resources and Payroll to prevent any impact to production, require them to switch to data backup or voice backups. This may result in the test being rescheduled or conducted over a weekend. The last thing Florida A&M University management or participants of the test want is for the test to be
7/1/2008 3BTesting the Disaster Recovery Plan 4-5
cancelled because a simple item has been overlooked. It then would be a waste of time, commitment and money. Test objectives should include:
1. Recovery of a critical/essential/deferred key business area at Florida A&M University.
2. Establishment of an environment to enable full accommodation of the nominated applications.
3. Recovery of critical documents and equipment from Florida A&M University.
Defining the Boundaries Test boundaries are needed to satisfy the Disaster Recovery strategy, methodology and processes. Florida A&M University management and Recovery Teams also must consider future test criteria to ensure a realistic and obtainable progression to meet the end objectives. Opportunities to test actual recovery procedures should be taken wherever possible, e.g., a purchase of new/additional equipment, vendor agreements (use of Warm Site or cold site). Management also must determine whether or not to include internal (auditors/management) or external (data security services) observers or a combination of both. Scenario The scenario is the description of a disaster and explains the various criteria associated with such a disaster.
1. The scenario should outline what caused the disaster and the level of damage sustained to Florida A&M University facilities, or whether or not anything can be salvaged from the wreckage.
2. The purpose is not to get bogged down in great detail but to explain to all participants what is or is not available, what tools can or cannot be used, what the object of the exercise is, the time the disaster occurred and the planned recovery point.
Test Criteria Not all tests will require all personnel to attend. The test "criteria advise all participants, including observers as appropriate, where they are to be located and the time/day the exercise will take place. The role of the observer is to give an unbiased view and to comment on areas of success or concern to assist in future testing. Assumptions Assumptions will need to be made. They allow a test to achieve the results without being bound by other elements of the recovery plan, which may not yet have been verified. Assumptions allow prerequisites of a particular component/module to be established outside the test boundaries. Examples include:
4-6 3BTesting the Disaster Recovery Plan 7/1/2008
1. All technical information documented in the plan, including appendices,
is complete and accurate. 2. All purchases (equipment/furniture, etc.) can be made in the RTO
required. Test Prerequisites Before any test is attempted, the Disaster Recovery Plan must be verified as being fully documented in all sections, including all appendices and attachments referenced to each process. Each of the participating teams in a test must be aware of how their role relates to other teams, when and how they are expected to perform their tasks, and what tools are permissible. It is the responsibility of each team leader to keep a log of proceedings for later discussion and action to prepare better for future tests. Briefing Session No matter whether it is a hypothetical, component, module or full test, a briefing session for the teams is necessary. The boundaries of the test are explained and the opportunity to discuss any technical uncertainties is provided. Depending on the complexity of the test, additional briefing sessions may be required--one to outline the general boundaries, another to discuss any technical queries and perhaps one to brief Florida A&M University management on the test's objectives. The size of the exercise and number of staff involved will determine the time between the briefing session(s) and the test. However, this time period must provide sufficient opportunity for personnel to prepare adequately, particularly the technical staff. It is recommended that the final briefing be held no more than two days prior to a test date to ensure all activities are fresh in the minds of the participants and the test is not impacted through misunderstandings or tardiness. An agenda could be:
1. Team objectives 2. Scenario of the disaster 3. Time of the test 4. Location of each team 5. Restrictions on specific teams 6. Assumptions of the test 7. Prerequisites for each team
Checklists Checklists provide the minimum preparation for all test types. Checklists are directly related to specific modules of the recovery plan and all sections relevant to a particular test must be verified as complete before a test date is set. As these checklists follow the various modules associated with the recovery plan, only those parts applicable to the forthcoming test are compulsory prerequisites for that test. However it is recommended that all sections of the checklist be completed as soon as possible. See Attachment? for a detailed Florida A&M University checklist.
7/1/2008 3BTesting the Disaster Recovery Plan 4-7
Setting the Test
Environment One of the greatest challenges in testing the Disaster Recovery Plan is in creating realistic conditions for carrying out the tests. These need to be carefully planned to create an effective set of conditions to simulate as far as possible a real, disruptive event. It is important, however, that these tests do not disrupt the normal business process in any way, and they may need to be conducted out of normal working hours. This stage is concerned with:
1. Maintaining the strategy, plans, and procedures. 2. Ensuring education and awareness of business continuity is given
sufficient prominence. 3. Review of the plans and risks (with their associated reduction measures),
testing of the plans, controlling changes to the strategy and the plans so these are maintained to be consistent with each other.
4. Training people to produce the strategy and plans as well as to undertake the action embodied within the plans.
5. Assurance of the quality and applicability of the plan. In this context quality refers to adaptability, completeness, data quality, efficiency, friendliness/usability (very important as the plan will only be used in a time of chaos or disaster), maintainability, portability, reliability, resilience, security, testability, and timeliness.
Identify Who is to Conduct the Tests
To ensure consistency of the testing process throughout Florida A&M University, one or more members of the Disaster Recovery Plan Recovery Team should be nominated to co-ordinate the tests within each business unit.
BUSINESS UNIT
PERSON(S) NOMINATED TO
CO-ORDINATE TESTS
DUTIES OF CO-ORDINATOR
Information Technology (IT)
I/T Manager
I/T DRP Team Leaders
Identify type of test scenario
Implement test scenario
Control and Monitor test
Handout Feedback Questionnaire
4-8 3BTesting the Disaster Recovery Plan 7/1/2008
It is very important to for the Business Continuity Manager (BCM) to get feedback from the persons participating in each of the tests. The intent of the feedback postmortem is to review exactly how the test was executed as well as to identify what went well, what needs to be improved, and what enhancements or efficiencies could be added to improve future tests.
Prepare Feedback Questionnaires
Completion of feedback forms in should be mandatory for all employees participating in the testing process, either during the tests (to record a specific issue) or as soon as practical once the testing has finished.
7/1/2008 4BTraining the Disaster Recovery Plan 5-1
Chapter 5: Training the Disaster Recovery Plan
All staff should be trained in the disaster recovery process. This is particularly important when the procedures are significantly different those pertaining to normal operations. This training may be integrated with the training phase or handled separately. The training should be carefully planned and delivered on a structured basis. The training should be assessed to verify that it has achieved its objectives and is relevant for the procedures involved.
Managing the Training Process
For the DRP training phase to be successful it has to be both well managed and structured. It will be necessary to identify the objective and scope for the training, what specific training is required, who needs it and a budget prepared for the additional costs associated with this phase. Once the training has been arranged, it is necessary to advise employees of the training Program(s) they will be attending, and on which scheduled date(s). This communication should allow staff the opportunity to state if the scheduled date(s) are not convenient to them. The wording of the communication will be as follows:
Communication to Staff
munication to Staff
As part of the Florida A&M University Disaster Recovery Planning process, it is necessary for all members of Florida A&M University to undergo training in the Disaster Recovery procedures relevant to their own roles within the University. In some instances, the Disaster Recovery processes will be significantly different to those pertaining to normal business operations, and it is critical to the success of any Disaster Recovery operation that each member of Florida A&M University is familiar with the appropriate emergency procedures.
5-2 4BTraining the Disaster Recovery Plan 7/1/2008
Your own training has been scheduled as follows: Name of training Program: Date: Location: If you are unable to attend on this date, it is important that you should inform <name of person> immediately, so that an alternative date can be arranged." A separate communication should be sent to the managers of the Florida A&M University business units advising them of the proposed training schedule to be attended by their staff. This should be worded as follows:
1. As part of the Disaster Recovery Planning process, all Florida A&M University employees are required to be trained in the relevant Disaster Recovery procedures.
2. The attached training schedule is proposed for the staff within your own
business unit. It would be appreciated if you would review this schedule and confirm that it meets your unit's requirements and that the dates are acceptable to you. Once confirmed, we will inform staff individually of the dates for their own training.
Develop Objectives and Scope of Training
op Objectives and Scope of Training
The agreed objectives and scope of the DRP Training activities are as follows:
OBJECTIVES: 1. “To train all staff in the particular procedures to be followed during the
business recovery process”. 2. 3.
SCOPE: 1. “The training is to be carried out in a comprehensive and exhaustive manner
so that staff become familiar with all aspects of the recovery process. The training will cover all aspects of the Disaster Recovery activities section of the DRP including IT systems recovery”.
2. 3.
7/1/2008 4BTraining the Disaster Recovery Plan 5-3
Training Needs Assessment
The persons, or group of people, who require training should be specified, together with the type of training each will require. All new or revised processes will need to be explained carefully to staff, and must be fully understood by those responsible for carrying out the procedures involved.
5-4 4BTraining the Disaster Recovery Plan 7/1/2008
Prepare Training Schedule
Once those who require training have been identified and the training materials have been prepared, a detailed training schedule should be drawn up. The following is an overview of the training schedule indicating which groups are to be trained.
Assessing the
Training The individual DRP Training Program and the overall training process should be assessed to ensure its effectiveness and applicability. This information will be gathered from the trainers and also the trainees through the completion of feedback questionnaires.
7/1/2008 4BTraining the Disaster Recovery Plan 5-5
Keeping the Plan Up-to-date Responsibility
Responsibility for maintaining the Disaster Recovery Plan should rest with the Business Continuity Manager, who will retain responsibility for the plan after it has been finalized.
Responsibilities For Maintenance of Each Part of the Plan
PERSON RESPONSIBLE FOR MAINTENANCE DRP PLAN CONTENT
NAME POSITION
Chapter 1: Disaster Recovery Phase Michael McAvoy
Business Continuity Manager
Disaster Recovery Phase Chapter 2: Testing the Disaster Recovery Process
Michael McAvoy
Business Continuity Manager
Planning the Tests Chapter 3: Training Staff in the Disaster Recovery Process
Michael McAvoy
Business Continuity Manager
Training Chapter 4: Keeping the Plan Up-to-date
Michael McAvoy
Business Continuity Manager
Maintaining the DRP Regular Review
1. The Business Continuity Manager should establish a regular review meeting
2. The objectives of the meeting will be to ensure that the content, testing and training of the I/T Disaster Recovery Plan is up to date.
3. It should set a timetable for a review group to meet. 4. It should assign responsibilities to the Business Continuity Manager and
Team Leaders for the maintenance of the Disaster Recovery Plan. 5. Minutes of meetings or notes arising should be made available to all staff
as part of the ‘Awareness’ program.
5-6 4BTraining the Disaster Recovery Plan 7/1/2008
Typical Agenda for Review Meetings The Business Continuity Manager should establish a regular review meeting with an agenda that includes the following typical items.
1. Actions outstanding from previous meeting – to pick up any items from the last meeting.
2. Organizational Changes – has Florida A&M University undergone any significant change since the last version of the plan was issued, such as departmental reorganizations, new buildings, reporting and responsibility changes and what impact these have on the plan?
3. System Changes – has there been any significant changes in I/T systems (software and hardware) and what impact these have on the plan
4. Update of data stored – is all key information such as records up to date for contact and call tree exercises
5. Training – do new staff requiring training and does the awareness of the plan need to be refreshed with staff.
Update And Maintenance Of The Plan It is inevitable in the changing environment of the computer and telecommunication industry that this Disaster Recovery Plan will become outdated and unusable unless it is kept up to date. Changes that will likely affect the plan fall into several categories:
1. Hardware changes 2. Software changes 3. Facility changes 4. Procedural changes 5. Employee changes
As changes occur in any of the areas mentioned above, the Business Continuity Manager will determine if changes to the plan are necessary. This decision will require that the managers be familiar with the plan in some detail. The staff in the affected area will make changes that affect the functional group recovery portions of the plan. After the changes have been made, the Business Continuity Manager will be advised that the updated documents are available. They will in make the changes into the body of the plan and distribute as required.
7/1/2008 4BTraining the Disaster Recovery Plan 5-7
Security The information contained in this plan is FOR OFFICIAL USE ONLY and is protected by The Privacy Act. It is to be used only to contact Florida A&M University employees in response to an emergency situation. Unauthorized use of this information may constitute an invasion of privacy. Distribution is limited, and should not be distributed or transmitted electronically for any reason.