Florida A&M University Contingency Plan Computing And … 3.11.1/CS 3.11.1 [27... · Florida A&M University . Contingency Plan Computing . And . Data Systems (CPCDS) Phase I – PeopleSoft

Florida A&M University Contingency Plan Computing

And Data Systems (CPCDS)

Phase I – PeopleSoft

Robert Seniors Interim Vice President Information Technology / CIO

About This Document

Document Owner(s): Mike McAvoy Information Systems File name: J:\Security\FAMU_Contingency Plan Computing and Data Systems Phase I_111607.doc If you have any questions or comments about this document or would like to be added to the distribution list for this document, please contact the document owner.

© Copyright 2007 Florida A&M University

This document is proprietary to Florida A&M University and should not be disseminated to persons outside of Florida A&M University without express permission.

7/1/2008 0BIntroduction 1-1

Contents

Chapter 1: Introduction ........................................................ 1-3

Chapter 2: Assessing Business Risk and Impact of Potential Emergencies .......................................................... 2-18

Chapter 3: Preparing for a Possible Emergency.............. 3-25

Chapter 4: Testing the Disaster Recovery Plan ................. 4-1

Chapter 5: Training the Disaster Recovery Plan ................ 5-1

1-2 0BIntroduction 7/1/2008

Revision and History Page

Document Version #

Revision Date

Description of Change

Section #/ Paragraph #

Page # Name


Chapter 1: Introduction

Orientation This Florida A&M University Contingency Plan Computing and Data Systems (CPDCS) Phase I – iRattler/PeopleSoft document provides guidance and documentation on which to base recovery efforts. It is not a substitute for wise judgment, and is not a rigid set of rules to be followed literally and/or at any cost.

It should be understood that the existence of this document, and the coordinated recovery planning efforts, recognizes and affirms the importance of information to Florida A&M University, and the responsibility of each manager and employee for safeguarding Florida A&M University information assets.

Due to the sensitive nature of the information contained herein, this manual is available only to those persons who have been designated as members of one of the Recovery Teams, or who otherwise play a direct role in the recovery efforts. Unless otherwise instructed, each Plan Recipient will receive and maintain two (2) copies of the Plan; one (1) copy will be kept in the Plan Recipient’s office and one (1) copy will be kept at the Plan Recipient’s home. For additional copies, contact the designated Disaster Recovery Coordinator. Plan copies may be hardcopy or on magnetic media, e.g., CD, Flash Drive, etc…

When a person is no longer a member of a recovery team or such member terminates employment, then that person will be required to return both copies of this manual to Florida A&M University upon their exit interview. Recovery Strategies overy Strategies 1. In the event of catastrophic failure at one of the University’s vendor host

sites, the vendor is contractually required to recover at an alternate site. • Refer to the DRP for Northwest Regional Data Center for a

description • of the available recovery sites and plans. (Legacy Mainframe

Applications) • Refer to the IBM ASP DRP for FAMU. (iRattler/PeopleSoft

Production)


2. To use a Command Center to oversee recovery efforts.

• The possible locations for the Command Center are:

Choice Name & Location 1. 303 Lee Hall 2. 2000 Innovation Park 3. Perry-Paige Data Center

3. To use a recovery team approach for recovery efforts.

• Refer to the Recovery Teams and their Functions. Applicability and

Scope Florida A&M University has developed and will maintain the Contingency Plan Computing and Data Systems plan to provide FAMU with a viable and effective contingency operations capability to resume “mission critical” operations and services following a major disruption at the host site. The scope of this Plan is to provide a plan of action to recover mission critical operating services for the continuance of mission critical business operations when an event causes major damage, disruption and/or inaccessibility to either IBM AoD ASP in Sterling, Virginia or Northwest Regional Data Center in Tallahassee, Florida. The Contingency Plan Computing and Data Systems Plan establish FAMU emergency response procedures for incidents which could affect operations. The Contingency Plan Computing and Data Systems Plan define restoration processes for the mission critical information systems. The Contingency Plan Computing and Data Systems Plan identifies planning requirements for FAMU to resume normal operations after a major or catastrophic event. This is an integrated document to provide a sustainable operational capability for the University which provides contingency planning for minor incidents causing short-term disruptions to disasters that affect normal operations for an extended period. The material in this plan is to remain confidential and is to be used for training, testing, and recovery purposes only. This manual is one of a controlled set. It must not be reproduced, and it must be returned to the Disaster Recovery Coordinator, in the event of your transfer or termination.


The Contingency Plan Computing and Data Systems Plan Disaster Recovery Plan (DRP) was developed by the Florida A&M University Information Security Manager in accordance with the BCP Policy Statement adopted by the Business Continuity Plan and Disaster Recovery Plan (BCP/DRP) Oversight Committee, and implemented by the Chief Information Officer. The DRP provides guidance on emergency events to continue mission critical functions and data systems as related to the University.

Authority

This plan adheres to the BCP Policy Statement, and compliance with this plan is the responsibility of Florida A&M University staff, and any vendors/contractors using critical applications. The objective of the Contingency Plan Computing and Data Systems Plan is to ensure that a viable capability exists to continue essential critical application functions across a wide range of potential emergencies, specifically when the primary facility is either threatened or inaccessible. The objectives of this plan include:

Objectives

High Level Objectives

1. Ensure timely resumption of operation. 2. Decrease the impacts or mitigate disruptions to operations (student,

faculty, and staff, lost revenues, etc…). 3. Minimize disruption of service to Florida A&M University. 4. Protect essential facilities, equipment, records, and other assets. 5. Ensure the continuous performance of the essential functions/operations

of iRattler/PeopleSoft and mainframe legacy during an emergency. 6. Reduce loss of life, minimize damage and losses. 7. Provide for a time-phased implementation of partial or full execution of

the plan to mitigate the effects of the emergency and shorten the crisis response time.

8. Identify and designate principals and support staff to be relocated. 9. Facilitate decision-making for execution of the plan and the subsequent

conduct of operations. 10. Achieve a timely and orderly recovery from the emergency and

resumption of full service to all students. Detailed Objectives

1. Recover iRattler/PeopleSoft application within 72 hours. 2. Recover Legacy Mainframe application within 72 hours.


Assumptions In accordance with Federal and State guidance, a viable DRP capability:

• Must be maintained at a high-level of readiness; • Must be capable of implementation both with and without

warning; • Must be operational no later than 12 hours after deployment; • Must maintain sustained operations for up to 30 days; and, • Should take maximum advantage of existing State and local

government infrastructures. The following assumptions were used as a basis of design for the plan's concept of operations and implementation procedures: 1. This Plan is based on a worst-case scenario. Recovery from anything less

than complete destruction of host site can also be achieved by using portions of this plan.

2. Key employees of Florida A&M University are available to support the

recovery efforts. 3. External services (telephone, facilities, transportation, recovery site, etc…)

are available and operating. 4. All vital records (magnetic media, documentation, ect…) necessary for

recovery are available and usable from an off-site storage location. (Vendor responsibility)

5. A Command Center is functionally available to manage and support recovery

efforts. 6. Since Florida A&M University does have established locations (Alternate

Sites) at which it can relocate to and perform disaster recovery, two relocation sites will be assumed – Site 1 (Northwest Regional Data Center) and Site 2 (Sterling, Virginia). These two sites will accommodate the planning requirements for all scenarios.

7. Florida A&M University employees will be available to activate the

Contingency Plan Computing and Data Systems; able to deploy to the either Alternate Site; and capable with requisite knowledge, skills, and abilities to perform critical operations in support of Florida A&M University mission critical functions.


8. Since there are no agreements in place with vendors to provide software,

hardware, equipment, or services which will be needed to recover critical or any other Florida A&M University operations, including the data center operation, at any site, this capability will be assumed for the efficacy of the plan. When it is necessary to refer to the equipment and service vendor, TBD will be used in accordance with direction from Business Continuity Plan and Disaster Recovery Plan Oversight Committee. Since a vendor has not been selected or contracted, any Florida A&M University relocation will therefore take considerably longer than 72 hours – possibly as long as seven days depending on the scenario and equipment/services availability.

9. Data tapes and other electronic media are stored off-site in various locations

depending on what building(s) the servers are housed and whether the application is hosted locally or by 3rd party vendors in an ASP or other type of agreement. The storage areas provide the highest level of protection from all types of events. These data tapes will be available, retrievable by assigned Florida A&M University employees, and capable of restoring critical data in a timely manner.

10. The Alternate Sites will be accessible including Internet access. 11. All computer systems and services are backed-up to tape on a regular basis,

and these tapes have accurate data from successful backups which are capable of restoring critical data in a timely manner.

Exclusions This Plan does not address:

• Business Impact Analysis • Mission Critical Applications Study • Prevention • Risk Assessment and Mitigation • Work in progress • Vital records management • Short-term outages (less than 72 hours)

Constraints


The following constraints will limit the effectiveness and efficacy of the plan, the concept of operations, and the implementation procedures: 1. Must interface and operate with the current processing environment,

including the iRattlers/Peoplesoft and legacy Mainframe applications. 2. Recovery strategies which use current technology to facilitate no data loss

are limited due to distance parameters. 3. Resource limitations and fluxes in the budget cycle may impact adaptability

and overall effectiveness for coordinated recovery programs. 4. Given current circumstances and capabilities Florida A&M University will

not recover all systems and services; therefore, affecting the operational capability of Florida A&M University.

5. All computer systems and services are backed-up to tape on a regular basis.

The backup schedule and methodology for the systems vary. However, the general process is to take a full backup once a week with incremental backups conducted daily. The daily incremental backups are moved off-site on a daily basis during the week. The full backup is run over the weekend because of the time required to complete a full system backup

6. Data files that are in use at the time of a backup are not captured because the

current physical tape backup technology does not allow for this process. 7. Storage of data using the current tape archive architecture is the least

expensive method of providing for disaster recovery. While the cost is low the time required for recovery is the longest of any disaster recovery architecture.

8. The Florida A&M University Contingency Plan Computing and Data

Systems project planning includes data protection architecture; however, it does not cover all systems managed by Florida A&M University which are necessary to conduct Florida A&M University mission critical functions and business operations.

Policy


It is the policy of the Florida A&M University (FAMU) to develop, implement and maintain a Disaster Recovery Plan (DRP) to ensure that the following are achieved:

• Provide for the safety and well-being of representatives on the campus at the time of a disaster;

• Continue critical business operations; • Minimize the duration of a serious disruption to operations and resources

(both information processing and other resources); • Minimize immediate damage and losses; • Establish management responsibilities; • Facilitate effective coordination of recovery tasks; • Reduce the complexity of the recovery effort; • Identify critical lines of business and supporting functions; • Determine vulnerability to significant service interruptions at FAMU and

define preventive measures that may be taken to minimize the probability and impact of interruptions;

• Determine immediate, intermediate and extended term recovery needs and resource requirements;

• Develop and implement contingency plans that address both immediate and longer-term needs for operational areas such as Accounting, Human Resources, Information Technology, Facilities Planning, and Research & Development.

The University must review and test their business continuity plan(s) at least annually. The Business Continuity and Disaster Recovery Board, are responsible for ensuring that all business units comply with this policy. The Business Continuity and Disaster Recovery Board is responsible for ensuring that the management of business continuity is in the University’s processes and structure. The Disaster Recovery Plan shall, as a minimum, address the following:

• Employee/Students safety, welfare and internal communications • Resumption of critical business functions • Meeting contractual obligations • Management of risk • Maintenance of client confidence and the reputation of the business (via

external communications) The DRP shall address the following situation:


• Disasters: Most areas of the main campus and computer equipment/systems incur severe damage or are totally destroyed. Interruption of IT is expected to last more than 48 hours. Examples of this major incident risk are a major hurricane, fire, bomb, virus, equipment, wind, communication, hazardous spill, or other building/area disaster.

The DRP should also, where possible, address the following situations:

• Moderate Incidents: Areas of the main campus incur noticeable damage, with interruption of operations lasting between 8-48 hours. Most of the campus is closed to students. Some operations may be possible with limited staff. Examples of this type of incident are a localized fire, flood, tornado, or other temporary building disaster.

• Short Term Incidents: Some areas of the main campus or computer

equipment are damaged. Interruption of operations may last up to 8 hours. Some operations may be performed manually. Examples of this type of incident are a network or systems failure.

The DRP should also, where possible, address the following situations:

• The CIO will maintain and identify the mission essential functions for iRattler/PeopleSoft and Mainframe operations and roster the staff to support them.

• EIT will prepare supplemental procedures specifically addressing

operations in an emergency that requires the relocation of iRattler/PeopleSoft and Mainframe operations.

• The CIO will provide for the backup, replacement, and recovery of data,

equipment and staff resources, including work-around procedures in the event of a disruption.

• The CIO will coordinate the development of plans and procedures that

will enable identified governmental or contractor IT personnel to assume responsibility for iRattler/PeopleSoft and Mainframe operations in the event that Florida A&M University staff is unavailable.

• The CIO in coordination with the Business Continuity Plan and Disaster

Recovery Plan Oversight Committee will ensure that the DRP is regularly tested in accordance with a comprehensive Test, Training, and Exercise (TT&E) program which include performing regular employee training, exercises, and system testing to assure readiness.

• The CIO in coordination with the Business Continuity Plan and Disaster

Recovery Plan Oversight Committee is responsible for the maintenance and annual review and update of this plan.


• The CIO in coordination with the Business Continuity Plan and Disaster Recovery Plan Oversight Committee will periodically conduct a business impact/risk analysis that identifies time-sensitive critical mission functions, financial exposures, and operational impacts, and that estimates total information technology resources necessary for successful business resumption.

• The DRP must comply with any requirements of any auditors, insurers,

or regulators.

Definitions Business Continuity Plan - is an effort within FAMU to ensure the continued performance of minimum essential functions during a wide range of potential emergencies. This is accomplished through the development of plans, comprehensive procedures, and provisions for alternate facilities, personnel, resources, interoperable communications, and vital records/databases. Business Unit - any academic or administrative department, unit, center, institute, division, or college. Cohort - a term used by the Business Continuity and Disaster Recovery Oversight Committee to uniquely group all FAMU business units with a commonality of services to facilitate a more efficient way of planning. Five (5) Cohorts have been identified to group departmental plans: Accounting, Human Resources, Information Technology, Facilities Planning, and Research & Development. Critical - functions or services offered that could not be interrupted or unavailable for several business days without significantly jeopardizing FAMU’s ability to serve its students and the communities of Florida. Disaster - a sudden, unplanned event with a significant scope of impact involving many people if not an entire community and is based on the scope of the event, number of lives impacted, and the devastation of property ; 1) The disruption of critical business activities for some predetermined period of time. 2) The period when FAMU management decides to divert from normal schedules and exercises its disaster recovery plan signified by the beginning of moving from primary to alternate processing. Disaster Recovery Plan - the document that defines the resources, actions, tasks, and data required to manage the business recovery process in the event of a business interruption. The plan is designed to assist in restoring the business process within the stated disaster. Emergency - A sudden or unexpected occurrence or combination of occurrences that may cause injury, loss of life, destruction of property or cause the interference, loss or disruption of a unit's normal business operations to such an


extent that it poses a threat to the campus community. An emergency is something that may overwhelm FAMU’s ability to resolve the situation. Disaster Recovery Plan - the document that defines the resources, actions, tasks, and data required to manage the business recovery process in the event of a business interruption. The plan is designed to assist in restoring the business process within the stated disaster. Acronyms BCP – Business Continuity Plan DRP – Disaster Recovery Plan FAMU – Florida A&M University Responsibility and

Duties President, or his designee(s) • Provide supervision for the execution of the FAMU Disaster Recovery

Plan. • Coordinate matters of university and appropriate civil interest during

time of a disaster. • Direct dissemination of information to campus community and general

public. • Determine and contact essential personnel as needed.

Chief Information Officer (CIO)

• Responsible for the overall recovery progress and makes decisions as necessary for the timely execution of the DRP. The CIO provides liaison with the President and Vice Presidents for reporting the status of the recovery operation.

Information Security Manager (ISM)

• Assess the criticality of each business operation and associated information processing service and determine the risk to the business of their delay or loss.

• Complete a business impact analysis. • Contain and/or manage the risks in accordance with the DRP policy. • Prepare, keep and ensure the DRP is commensurate with the level of risk. • Ensure that the DRP is tested on schedule.

Information Security

• Assist the University President during the execution of the plan


• Provide for the reestablishment of university electronic operations based on IT specific disaster recovery plan.

• Communicate with department heads as necessary. University Purchasing Office

• Arrangements for emergency travel • Coordinate emergency purchasing issues, including procurement of

necessary supplies and equipment • Personnel & Human Resources issues, including pay and leave • Instruct employees on proper recordkeeping and reporting of the event. • Monitor costs related to incident and provide accounting, procurement,

time recording, cost analysis, and other documentation of the event.

University Payroll Office • In the event of a partial or full disaster or other circumstances, which

brings about the need for contingency operations, the normal organization of the Payroll department will shift into that of the contingency organization. The focus of the Payroll department will shift from the current structure and function of “business as usual” to the structure and function of a Payroll department that is working towards the resumption of time-sensitive business operations. The Payroll department will operate through phases of response, resumption, recovery, and restoration. Each phase involves exercising procedures and the teams executing those procedures. In the event of a full disaster all personnel will relocate to alternate site and continue recovery operations until normal operations can resume at the primary site.

Cohort Coordinator

• The Cohort Coordinator is responsible for ensuring that each business unit within their cohort has completed a Risk Assessment, Business Impact Analysis, and has developed a Business Continuity Plan consistent with the framework and templates established by the Department of Business Continuity and Disaster Recovery. They are also responsible for identifying a departmental contact for each business unit within the Cohort and ensuring the plans, assessments, and analyses are tested, reviewed, and updated with the established time periods. The Cohort Coordinator or designee is responsible for coordinating the above activities with the Department of Business Continuity and Disaster Recovery and must sign off on all business unit Risk Assessments, Business Impact Analysis, Business Continuity Plans/Disaster Recovery Plans, and Test Plans. Members of the Business Continuity and Disaster Recovery Committee serve as Cohort Coordinators.

Team Leaders

• Responsible for developing and coordinating the DRP Recovery Teams.


During an emergency situation the Team Leaders will activate their respective recovery team and then direct all activities until the emergency is under control. In the absence of the CIO, the ISM will assume those duties.

• Participate in the evaluation and updates of the DRP to assure that all emergency situations have been adequately considered and that appropriate contingency plans have been prepared.

Recovery Team

• In case of a disaster, the emergency call list will need to be used. General duties of the disaster recovery members/managers are discussed. Team Leaders have been assigned in each area and general duties given. The Team Leaders will make assignment of employees in the major areas to specific tasks during the recovery stage over that area.

University Employees, Consultants, and Students

• Cooperate with the university personnel during the execution of this plan • Use increased safety precautions during the danger period. • Exercise extreme caution when leaving the university. Consider weather

forecasts, road conditions, and the time involved for travel. • Faculty should attempt to establish electronic communications with their

students. System Administrator Authority

• System administrative privileges shall be limited to those support personnel requirements for business purposes. Such authority shall be revoked upon determination by IT Operations management that such access is no longer required.

University Employees and Students

• Managers are responsible for ensuring that their staff complies with this policy.

• Managers will include information security as part of their employee orientation.

Business Continuity Plan and Disaster Recovery Plan (BCP/DRP) Oversight Committee

• To continue broad oversight of FAMU University Business Continuity and Disaster Recovery Planning, the President will appoint a Business Continuity and Disaster Recovery Oversight Committee. The committee is composed of a cross-section of academic and administrative leaders who have a working knowledge of business continuity and disaster recovery processes. The Committee has the following goals: o Reviews annual work goals of the Department of Business

Continuity o Reviews a representative number of risk assessments and tabletop

drills to determine adequacy of recovery plans o Makes recommendations on how to enhance Business Continuity


processes o Provides an annual written summary to the Chancellor

Procedure Business Impact Analysis and Risk Assessment

Each business unit that meets the committee criteria of ‘critical' will conduct a Business Impact Analysis and Risk Assessment annually as directed by the respective Cohort Coordinator with results reported to the BCP/DRP Oversight Committee. The Business Impact Analysis will identify critical business functions and workflow; determine the qualitative and quantitative impacts of a vulnerability/threat, and prioritize/establish recovery time objectives for the critical functions. The Risk Assessment will identify vulnerabilities and threats that may impact the business unit’s ability to fulfill the mission of FAMU University and define the controls in place to reduce the exposure to the vulnerabilities/threats as well as evaluate the probability of a particular event. The Business Impact Analysis and Risk Assessment must be approved/signed off by the Department Head/Director

Business Continuity and Disaster Recovery Plan

• Each business unit will develop a business continuity and disaster

recovery plan as directed by the respective Cohort Coordinator with results reported to the Department of Business Continuity and Disaster Recovery. The Plan provides for the continuance of critical functions in the event of a business disruption. The Business Continuity Plan will consist of advance arrangements and procedures for maintaining or continuing the unit's identified critical business functions in the event of an interruption or essential change such as the absence of the administrative IT environment. The Disaster Recovery Plan will define the unit's resources, actions, tasks and data required to assist in the recovery of the unit's identified critical business functions. The BCP/DRP Oversight Committee will maintain a campus-wide capability for business units to develop and maintain business continuity plans. The BCP/DRP’s must be approved/signed off by the Department Head/Director.

Testing and Exercising Plans

• Critical business units are required to test the DRP at least annually as

directed by the BCP/DRP Oversight Committee with results reported to the BCP/DRP Oversight Committee. Departmental exercises may be conducted more frequently at the discretion of management. Test and


Exercise plans must be approved/signed off by the Department Head/Director and Cohort Coordinator. The following shall apply: o The DRP plan must be exercised in accordance with the DRP

Exercise Guidelines. o The DRP plan must be exercised in accordance with the DRP

Exercise Schedules. o The DRP plan must conduct a Calling Tree Campaign on a no less

than semi-annual basis. This Calling Tree Campaign must achieve at least a 90% contact rate to be acceptable.

o Last Exercised Date fields must be updated every time a plan is exercised.

Business units are required to review their DRP plans at least semi-annually and update the plans whenever changes occur in their operating procedures, processes, or key personnel. Plans must be updated to maintain accurate lists of key personnel, telephone number, call trees and plan elements that may be affected by changes in unit structure or functions. The respective Department Head/Director, Dean or Vice Chancellor (or designated vice provost or associate vice chancellor), and Cohort Coordinator must review and approve the updated plan on, at least, an annual basis.

Plan Maintenance

• The DRP plan must be maintained on a no less than semi-annual basis.

Updates must be performed sooner if personnel or recovery strategy has changed.

• Version Control/Last Updated Date fields must be updated every time a plan is updated.

Credentialing This policy applies to all FAMU users (employees, contractors, consultants, temporaries, volunteers, etc.) who use the University’s computing or networking resources, as well as those who represent themselves as being connected--in any way --with FAMU. All users are expected to be familiar with and fully comply with this policy. Questions about the policy should be directed to the users BCP/DRP Oversight Committee.

Standards Compliance Compliance The DRP shall adhere to the regulatory compliance requirements of Florida A&M University.


Enforcement Employees who violate this policy will be subject to disciplinary action up to and including termination of employment. Anyone who knows or has reason to believe that another person has violated this policy should report the matter promptly to his or her supervisor or the Information Security Officer. All reported matters will be investigated, and, where appropriate, steps will be taken to remedy the situation. Where possible, every effort will be made to handle the reported matter confidentially. Any attempt to retaliate against a person for reporting a violation of this policy will itself be considered a violation of this policy that may result in disciplinary action up to and including termination of employment. Exceptions xceptions The BCP/DRP Oversight Committee as defined in the DRP must approve any exceptions to this document.

2-18 1BAssessing Business Risk and Impact of Potential Emergencies 7/1/2008

Chapter 2: Assessing Business Risk and Impact of Potential Emergencies

Internal and External Emergency Services and Contact Numbers

al and External Emergency Services and Contact Numbers

The following identifies emergency agencies and departments as well as local agencies/departments, public and commercial emergency and broadcasting services with their telephone number and/or website.

EMERGENCY SERVICES

Tallahassee, FL and Surrounding Metropolitan Areas

CONTACT NUMBER

Police /Fire/Ambulance

Florida A&M University Police

Non Emergency Tallahassee Police

Non Emergency Sheriff Leon County

Non Emergency Sheriff Gadsden County

Non Emergency Sheriff Wakulla County

TDD Hearing Impaired

CRIMESTOPPERS

Tallahassee Fire

Quincy Fire

911

850-599-3256

850-891-4200

850-922-3300

850-627-9233

850-926-0800

850-891-4375

850-891-4357

850-891-6600

850-627-7111

7/1/2008 1BAssessing Business Risk and Impact of Potential Emergencies 2-19

Hospitals/Medical Facilities

Non-Emergency Transport

(Health Facilities/Nursing Homes & Rehab Centers)

850-921-0900

Leon County Emergency Medical Services

(Administration of the Volunteer Department (VFDs) • Chaires-Capitola • Lake Iamonia • Lake Jackson • Lake Talquin • Miccosukee • Woodville

850-606-2100 850-942-4033 850-552-2035 850-562-4441 850-591-4137 850-893-1177 850-933-4018

Tallahassee Memorial 850-431-1155

Capital Regional Medical Center 850-656-5000

Television Stations WCTV CBS 6 www.sctv6.com

850-893-6666

WTWC TV NBC 40 www.wtwc40.com

850-893-4140

The CW (WFXU) www.cwtv.com

WCOT TV 13

850-891-8081

WFSU (Local PBS) www.wfsu.org

850-487-3170

WTLH TV Fox 49 www.fox49.com

850-576-4990

WTXL TV ABC 27 www.wtxl.com

850-893-3127

http://www.sctv6.com/

http://www.wtwc40.com/

http://www.cwtv.com/

http://www.wfsu.org/

http://www.fox49.com/

http://www.wtxl.com/


Radio Stations WVFS “The Voice” V89.7 FSU Student Radio www.wvfs.fsu.edu

850-644-1837

100.7 WFLA www.wflafm.com

850-205-9352

WTLY Magic 107.1 www.magic1071.com

850-422-2107

http://www.srh.noaa.gov/tlh/tlh/nwr.html

NOAA Weather Radio All Hazards

WTNT 94.9 www.wtntfm.com

850-385-9868

WXSR X101.5 www.x1015.com

850-386-3101

1270 The Team www.1270theteam.com

850-205-9352

WBZE Star 98.9 www.mystar98.com

850-385-0989

WGLF Gulf 104 www.gulf104.com

850-681-0436

WHBX 96.1 JAMZ www.961jamz.com

850-201-5269

WWLD-FM Blazin www.blazin1023.com

850-201-1023

WEGT – The Eagle www.eagle999.com

850-531-9990

WHTG-Hot 104.9 www.hot1049.com

850-383-1049

WJZT 97.9 Smooth Jazz www.wjztfm.com

850-561-8400

http://www.wvfs.fsu.edu/

http://www.wflafm.com/

http://www.magic1071.com/

http://www.srh.noaa.gov/tlh/tlh/nwr.html

http://www.wtntfm.com/

http://www.x1015.com/

http://www.1270theteam.com/

http://www.mystar98.com/

http://www.gulf104.com/

http://www.961jamz.com/

http://www.blazin1023.com/

http://www.eagle999.com/

http://www.hot1049.com/

http://www.wjztfm.com/


Newspapers Associated Press www.ap.org

850-224-1211

Capital Outlook www.capitaloutlook.com

850-681-1852

Florida Times-Union http://jacksonville.com

850-224-7515

Gadsden County Times

850-627-7649

Gannett News Service www.gannett.com

850-222-8384

Tallahassee Democrat www.tallahassee.com

850-999-2271

Publications Capital Outlook www.capitaloutlook.com

850-681-1852

The FAMUAN www.thefamuan.com

850-599-3159

Internet Sites http://www.srh.noaa.gov/tlh/

National Weather Service (Tallahassee)

http://www.nhc.noaa.gov/index.shtml Latest Hurricane Warning and Tracking Information

http://www.tallytown.com/redcross/hsg.html http://www.floridadisaster.org/index.asp

American Red Cross

http://www.fema.gov

Federal Emergency Management Agency

http://www.nfpa.org

National Fire Protection Association

http://www.usgs.gov

Unites States Geological Survey

http://www.coj.net/Departments

Jacksonville City Government Agencies…

http://www.ap.or/

http://www.capitaloutlook.com/

http://jacksonville.com/

http://www.gannett.com/

http://www.tallahassee.com/

http://www.capitaloutlook.com/

http://www.thefamuan.com/

http://www.srh.noaa.gov/tlh/

http://www.nhc.noaa.gov/index.shtml

http://www.tallytown.com/redcross/hsg.html

http://www.floridadisaster.org/index.asp

http://www.fema.gov/

http://www.nfpa.org/

http://www.usgs.gov/

http://www.coj.net/Departments


Other Call before You Dig 800-438-4636 Tallahassee ( Power and Water) Emergencies Sprint (Phone Service) US Coast Guard (Marine and Air Emergencies) 904-247-7311 American Red Cross (Community Disaster) 850/878-6080 Hurricane Information Evacuation /Emergency Preparedness

904-630-2472

National Response Center ( Toxic Chemical & Oil)

800-424-8802 or 904-630-3635

Poison Information Center 800-222-1222 FEMA Washington D.C • Emergency Support Team • Public/Private

202-566-1600 202-646-2440 202-646-3561

Tallahassee Environmental Quality (Air, Odors, Noise, Water)

Tallahassee Emergency Preparedness. Occupational Safety & Health Administration (OSHA)


Premises Issues In the event that an emergency situation affects the Florida A&M University premises, it is necessary to have information to hand on the authority (and responsibility) of individuals involved in the emergency recovery procedures to effect repairs immediately.

The team charged with restoring the premises to normal working will need to understand their levels of authority for commissioning works from outside contractors. Very often in an actual emergency situation, it is difficult to obtain approvals urgently. For this reason, the DRP contains information on the authority levels available and how further approvals may be obtained in the event of such emergencies occurring.

LOCATION OF PROPERTY : Florida A&M University Campus Buildings Responsibility for maintenance Insurance coverage Responsibility for emergency repairs External approvals needed before work can commence

Internal approvals needed before commissioning contractors

Procedures for obtaining approvals in emergency situations

Persons responsible for premises recovery activities, with emergency contact details

Persons responsible for approving repairs or replacement for equipment or furniture, with emergency contact details

Responsibility and Authority for Building Repairs

LOCATION OF PROPERTY : Florida A&M University Off-Campus Buildings Responsibility for maintenance Insurance coverage Responsibility for emergency repairs External approvals needed before work can commence

Internal approvals needed before commissioning contractors

Procedures for obtaining approvals in emergency situations

Persons responsible for premises recovery activities, with emergency contact details

Persons responsible for approving repairs or replacement for equipment or furniture, with emergency contact details


Backup generators have been provided in critical areas to allow critical business processes to continue when there is a power outage. UPS systems are also used for key equipment or services, which may be affected by sudden surges of power, or where data may be corrupted when the system switches over from mains power to a backup generator.

Backup Power Arrangements

Existing backup power arrangements are listed below, together with the critical functions, which they support:

Florida A&M University

TYPE OF BACKUP GENERATOR

CRITICAL FUNCTIONS SUPPORTED

REQUIRED FREQUENCY OF TESTING

DATE TEST LAST CARRIED OUT

PERSON RESPONSIBLE FOR TESTING/ MAINTENANCE

Emergency Electric Backup Power Generator for Perry Paige Computer System, Manufactured by Olympian Power System, Capacity

150 KW, Model No:D150P1_1

Backup power supply to Computer Systems, Air Conditioning Systems and lights in Computer Room only

Twice a year September 2007

Mr. James Regan, from Tampa Armature Works, Inc. Scheduled and coordinated by Chhagan Dalsania, Coordinator, FAMU/P

Sterling, Virginia

TYPE OF BACKUP GENERATOR

CRITICAL FUNCTIONS SUPPORTED

REQUIRED FREQUENCY OF TESTING

DATE TEST LAST CARRIED OUT

PERSON RESPONSIBLE FOR TESTING/ MAINTENANCE

(Maintained by IBM)

7/1/2008 2BPreparing for a Possible Emergency 3-25

Chapter 3: Preparing for a Possible Emergency

The scope of this Phase is to deal with major operating disruptions at the host site, which in turn would leave Florida A&M University without access to iRattler Student Administration or Legacy Payroll application.

Operation Disruption

These operating disruptions include, but are not limited to, major fire, flood, bomb, building structure (floor and/or ceiling) failure, and other unforeseen catastrophic events. Other operating disruptions such as minor fire, flood, equipment failure, power failure, etc., are not within the scope of this Plan. Following an operating disruption, it may not be readily apparent whether or not to declare a disaster. For this purpose, disaster declaration procedures have been established and are located in the next section of this Plan.

Since emergencies, or potential emergencies, may affect the ability of Florida A&M University to perform iRattler/PeopleSoft and Mainframe mission essential functions from the Data Center or the Campus. The following are three scenarios that could mandate the activation of the DRP:

Activation Scenarios tivation Scenarios

1. The Data Center is closed to normal business activities as a result of an event

(whether or not originating within the building) or credible threats of action that would preclude access or use of the building and the surrounding area.

2. The Florida A&M University campus is closed to normal business activities

as a result of an event (whether or not originating in the complex) or credible threats of action that would preclude access or use of the campus and the surrounding area.

3. The Tallahassee, Florida metropolitan area is closed to normal business activities as a result of a widespread utility failure, natural disaster,

3-26 2BPreparing for a Possible Emergency 7/1/2008

significant hazardous material incident, civil disturbance, terrorist or military attack(s) or credible threats of action. Under this scenario there could be uncertainty regarding whether additional events such as secondary explosions, or cascading utility failures could occur.

Disaster Declaration Notice

Event Disclosure May be Harmful to Florida A&M University, Do Not Discuss the Situation With Anyone, Other Than Team Members

In an event so severe that normal operations are interrupted, or if such an incident appears imminent and it would be prudent to evacuate the Tallahassee, Florida area as a precaution, the CIO in consultation with the President, will direct the activation of the DRP.

Plan Execution

The Alternate Sites will be notified and/or activated, if necessary, and at the discretion of the CIO. The Disaster Control Team consists of Florida A&M University employees and may be supplemented by selected staff from appropriate contractors/vendors. Selected members of the Disaster Control Team may be identified to serve as on other Recovery Teams for the DRP activation or potential thereof. These selected Recovery Teams will conduct operations while in transit from mobile communications systems, or operate remotely from an assembly site in the Tallahassee vicinity, or relocate temporarily to one of the Alternate Sites, if necessary. The Recovery Operations Team will be responsible to continue mission essential functions of the iRattler/PeopleSoft and Mainframe within 24 hours of deployment and for a period up to seven to thirty days pending regaining access to the Florida A&M University campus or the occupation of an Alternate Site determined by the situational circumstances in the Tallahassee vicinity. The Alternate Sites are pre-designated fixed facilities and selection will be made at the time of DRP Activation and determined by the event or threat. If the Florida A&M University campus is inaccessible and a threat exists in the Tallahassee, Florida vicinity, the Far Point Recovery Site is in Sterling, Virginia. The CIO will execute vendor and service contracts at the time the DRP activation to provide all equipment, hardware, software, resources, and emergency support services to outfit, configure, restore, and maintain iRattler/PeopleSoft and Mainframe operations. These contracts are not pre-negotiated and therefore all equipment, resources, and services may not be available at the time of activation. Mobile voice and data systems will be the primary operational capability for the Recovery Teams using cellular telephones, laptop computers with wireless capabilities, and Personal Digital Assistants (PDAs). To supplement the


interoperable communications capabilities and logistical requirements at the Alternate Sites, TO BE DETERMINED contingency services will be utilized. To assure an immediate response capability at the Alternate Sites, a command staff of Florida A&M University and contractor personnel will co-occupy the data centers with existing site staff. The remainder of the Recovery Teams will be positioned for the first 12 to 96 hours at facilities to be determined at time of the plan’s activation near to the Alternate Sites or on the facility grounds. The majority of the Recovery Teams members will support the efforts to establish iRattler/PeopleSoft and Mainframe operational capability. Within 168 hours (seven days) it is expected that a sufficient facility accommodations will be acquired and equipped using various TO BE DETERMINED contingency services. Such incidents could occur with or without warning and during duty or non-duty hours. Whatever the incident or threat, the DRP will be executed in response to a full-range of disasters and emergencies, to include natural disasters, terrorist threats and incidents, and technological disruptions and failures. It is expected that, in most cases, Florida A&M University will receive a warning of at least a few hours prior to an incident. Under these circumstances, the process of activation would normally enable the partial, limited, or full activation of the BCP/DRP with a complete and orderly alert and notification of all personnel, and activation of the plan. This will be followed by the subsequent deployment of the Recovery Teams to an assembly site or pre-identified Alternate Site. Without warning, the process becomes less routine, and potentially more serious and difficult. The ability to execute the DRP following an incident that occurs with little or no warning will depend on the severity of the incident's impact on the physical facilities, and whether Florida A&M University personnel and contractors are present on the campus or in the surrounding area. The operational direction and control of iRattler/PeopleSoft and Mainframe functions for Florida A&M University under the worst-case scenario would revert back to the CIO, the President or designee could perform the functions or re-assign them to another organization or vendor. Positive personnel accountability throughout all phases of emergencies, to include DRP, is of utmost concern, especially if the emergency occurs without warning, during duty hours. The Florida A&M University Building Evacuation Plans and provide for such accountability.

Notification Procedures The nature and severity of an emergency, will of course, dictate which teams are

notified and when. The declaration of an emergency effecting Florida A&M University is the responsibility of the CIO. The first person to be called into


action in the event of an emergency is the Evaluation Function Leader. This person will make the initial determination of the nature and extent of any damage to the Florida A&M University facilities. Depending on the nature and extent of the emergency, the remaining departmental recovery teams may or may not be notified by the Evaluation Function Leader. The person shown as Caller is responsible for initiating the call down sequence. If Caller is not available, Primary Contact assumes the responsibility for initiating the call down sequence. In the event that the Caller and Primary Contact are not available, the Secondary Contact assumes the responsibility. Persons marked with ** do not call anyone.

Call Down List

Caller Primary Contact Secondary Contact

Robert Seniors ** Michael McAvoy ** Daniel Andrew

DR Contact List


Overview of Florida A&M University Disaster Recovery Life Cycle




Introduction to the

Recovery Team/Function Concept

Business Continuity Plan and Disaster Recovery Plan Oversight Committee

Team/Function –

Acronym/Name

Charter Membership

Business Continuity Plan and Disaster Recovery Plan Oversight Committee

Responsible for the development, implementation and management of the DRP. Responsible for declaring that a service disruption has occurred, coordinating the appropriate response to a service disruption and managing the recovery effort after a service disruption.

Chairman: President Members:

Initial Evaluation

Function Leader ial Evaluation

Function Leader The Initial Evaluation Function Leader is the first Recovery Team to be notified and activated after a service disruption occurs; it is then responsible for notifying the BCP/DRP Oversight Committee of its findings. Responsibilities Takes immediate steps to safeguard public safety. Interface with public law enforcement and fire department agencies. Determine the severity of the situation. Determine the safety/accessibility of the facility. If the facility is deemed safe to enter, determine the extent of damage and the salvage ability to the contents of the ‘machine room’. Estimate the length of time to repair and/or restore the mission critical resources. Notify the BCP/DRP Oversight Committee of its findings. Each team member will receive a copy of the Plan.


FAMU Specific Emergency Response & Evaluation Overview

Potential

Emergency Situation Occurs

FAMU Police Facility Services

Report on Severity/Extent of

Damage Initial Evaluation Function Leader

Evaluates Situation

No Additional Information

Required

Additional Information

Required Do Not Declare an Emergency

Declare an Emergency

Activate DRP Teams Necessary to Respond to the

Situation Do Not Declare an Emergency

Wait for Instructions From

Emergency Operations Center

Activate Disaster Control Team to

Gather Additional Information

Initial Evaluation Function Leader

Reviews Information

Received From Disaster Control

Declare an emergency

Activate Recovery Teams Necessary to Respond to the Situation

Wait for Instructions From

Emergency Operations Center

University BCP/DRP Teams

Activate Alternate Processing

Strategy

Activate Alternate Processing

Strategy

Initial Evaluation Function Leader


Business Continuity

and Disaster Recovery Plan Oversight Committee Check List

ontinuity and Disaster Recovery Plan Oversight Committee Check List

1. Incident occurs 2. Initial Evaluation Function Leader responds

a. See the Initial Evaluation Function Leader Check List for where to meet and how to proceed

3. Initial Evaluation Function Leader reports findings to BCP/DRP Oversight

Committee 4. The Disaster Control Team (DCT) assembles at command center

5. The Initial Evaluation Function Leader notifies all recovery team leaders to

stand by 6. The BCP/DRP Oversight Committee reviews/evaluates findings from Initial

Evaluation Function Leader 7. The BCP/DRP Oversight Committee evaluates report from Initial Evaluation

Function Leader

a. Determines that critical services can be restored in 3 working days

• Activates necessary Recovery Teams to accomplish objectives

b. Determines that critical services cannot be restored in 3 working days

• Activates necessary Recovery Teams to accomplish objectives • Notifies vendors of the need for services

• Notifies executive management


Initial Evaluation

Function Leader Check List

1) Incident occurs 2) Initial Evaluation Function Leader responds

a) Initial Evaluation Function Leader notifies Disaster Control team members

b) Assemble at Emergency Command Center

c) Interface with Campus Police and/or other emergency authorities d) Evaluate site and situation

e) Are there Injuries?

Yes ( ) No ( ) If yes, how many?

f) Are there fatalities?

Yes ( ) No ( ) If Yes, how many?

g) Which utilities available? Electricity ( ) Water ( ) Gas ( ) Sewer ( )

h) Is emergency generator on?

Yes ( ) No ( )

i) Can buildings be accessed?

Yes ( ) No ( ) If No, give brief description why:

j) Are buildings safe to enter?

Yes ( ) No ( ) If No, give brief description why:

k) Are interior hallways and rooms free of debris?

Yes ( ) No ( )

l) Will interior doors open?

Yes ( ) No ( ) If No, list rooms that cannot be accessed:


m) Is phone service available?

Yes ( ) No ( )

n) Is computer room floor intact?

Yes ( ) No ( )

o) Are wall mounted panels intact

Yes ( ) No ( ) If No, list panels not intact:

p) Is there power in the computer room?

Yes ( ) No ( )

q) Are any bare power leads visible? (to be determined by qualified personnel only)

Yes ( ) No ( )

r) Is there debris on the computer room floor?

Yes ( ) No ( )

s) Is air conditioning available

Yes ( ) No ( )

t) Is there evidence of fire?

Yes ( ) No ( )

u) Is there evidence of water damage:

Yes ( ) No ( )

v) Has any computer equipment fallen through the floor?

Yes ( ) No ( )

w) Have any equipment racks tipped over?

Yes ( ) No ( )


Mission Critical Procedures & Information

The following contains the procedures, specifications, and information for re-establishing critical recovery operations for Florida A&M University. Network Control Center Restoration Procedures

The following identifies and describes each backup/recovery telecommunications connection, and explains the special instructions necessary to re-establish each data communication line.

Florida A&M University’s Recovery Resource reports begin on the following pages. Recovery Resources

& Inventory Reports These reports identify and describe the resources Florida A&M University had before the disaster, which may be necessary to support recovery operations. These recovery resource reports are current as of the publishing of this document. The most recent information is maintained in the Web-based Disaster Recovery System (DRD) planning software database, which is available at any time using Internet Explorer 5.5 or higher.


In an event so severe that normal operations are interrupted, or if such an incident appears imminent and it would be prudent to evacuate the Tallahassee, Florida area as a precaution, the CIO in consultation with the President, will direct the activation of the DRP.

Plan Execution

The Alternate Sites will be notified and/or activated, if necessary, and at the discretion of the CIO. The Disaster Control Team consists of Florida A&M University employees and may be supplemented by selected staff from appropriate contractors/vendors. Selected members of the Disaster Control Team may be identified to serve as on other Recovery Teams for the DRP activation or potential thereof. These selected Recovery Teams will conduct operations while in transit from mobile communications systems, or operate remotely from an assembly site in the Tallahassee vicinity, or relocate temporarily to one of the Alternate Sites, if necessary. The Recovery Operations Team will be responsible to continue mission essential functions of the iRattler/PeopleSoft and Mainframe within 24 hours of deployment and for a period up to seven to thirty days pending regaining access to the Florida A&M University campus or the occupation of an Alternate Site determined by the situational circumstances in the Tallahassee vicinity. The Alternate Sites are pre-designated fixed facilities and selection will be made at the time of DRP Activation and determined by the event or threat. If the Florida A&M University campus is inaccessible and a threat exists in the Tallahassee, Florida vicinity, the Far Point Recovery Site is in Sterling, Virginia. The CIO will execute vendor and service contracts at the time the DRP activation to provide all equipment, hardware, software, resources, and emergency support services to outfit, configure, restore, and maintain iRattler/PeopleSoft and Mainframe operations. These contracts are not pre-negotiated and therefore all equipment, resources, and services may not be available at the time of activation. Mobile voice and data systems will be the primary operational capability for the Recovery Teams using cellular telephones, laptop computers with wireless capabilities, and Personal Digital Assistants (PDAs). To supplement the interoperable communications capabilities and logistical requirements at the Alternate Sites, TO BE DETERMINED contingency services will be utilized. To assure an immediate response capability at the Alternate Sites, a command staff of Florida A&M University and contractor personnel will co-occupy the data centers with existing site staff. The remainder of the Recovery Teams will be positioned for the first 12 to 96 hours at facilities to be determined at time of the plan’s activation near to the Alternate Sites or on the facility grounds. The majority of the Recovery Teams members will support the efforts to establish iRattler/PeopleSoft and Mainframe operational capability. Within 168 hours (seven days) it is expected that a sufficient facility accommodations will be


acquired and equipped using various TO BE DETERMINED contingency services. Such incidents could occur with or without warning and during duty or non-duty hours. Whatever the incident or threat, the DRP will be executed in response to a full-range of disasters and emergencies, to include natural disasters, terrorist threats and incidents, and technological disruptions and failures. It is expected that, in most cases, Florida A&M University will receive a warning of at least a few hours prior to an incident. Under these circumstances, the process of activation would normally enable the partial, limited, or full activation of the BCP/DRP with a complete and orderly alert and notification of all personnel, and activation of the plan. This will be followed by the subsequent deployment of the Recovery Teams to an assembly site or pre-identified Alternate Site. Without warning, the process becomes less routine, and potentially more serious and difficult. The ability to execute the DRP following an incident that occurs with little or no warning will depend on the severity of the incident's impact on the physical facilities, and whether Florida A&M University personnel and contractors are present on the campus or in the surrounding area. The operational direction and control of iRattler/PeopleSoft and Mainframe functions for Florida A&M University under the worst-case scenario would revert back to the CIO, the President or designee could perform the functions or re-assign them to another organization or vendor. Positive personnel accountability throughout all phases of emergencies, to include DRP, is of utmost concern, especially if the emergency occurs without warning, during duty hours. The Florida A&M University Building Evacuation Plans and provide for such accountability.

Notification Procedures

tification Procedures

The nature and severity of an emergency, will of course, dictate which teams are notified and when. The declaration of an emergency effecting Florida A&M University is the responsibility of the CIO. The first person to be called into action in the event of an emergency is the Evaluation Function Leader. This person will make the initial determination of the nature and extent of any damage to the Florida A&M University facilities. Depending on the nature and extent of the emergency, the remaining departmental recovery teams may or may not be notified by the Evaluation Function Leader. The person shown as Caller is responsible for initiating the call down sequence. If Caller is not available, Primary Contact assumes the responsibility for initiating the call down sequence. In the event that the Caller and Primary


Contact are not available, the Secondary Contact assumes the responsibility. Persons marked with ** do not call anyone.

7/1/2008 3BTesting the Disaster Recovery Plan 4-1

Chapter 4: Testing the Disaster Recovery Plan

Post-Planning Phase – Testing the Disaster Recovery Plan The Disaster Recovery Plan needs to be a “living document” in several ways: DRP Up-Keep Up-Keep

• Ongoing Review and Updates: The content presented in this version of the Disaster Recovery Plan represents the information documented from structured interviews of key business owners. The content has been distributed to the key business owners for review, and as a result there may be updates.

• Preparation Activities: A series of preparation actions were identified for

each key business area and disruption scenario and documented accordingly. Each preparation step should be evaluated for its appropriateness, and if deemed to be required, should be assigned and a target date should be determined.

• Periodic Structured reviews/Updates: A periodic, scheduled and

structured review should be conducted of all key business areas, on an annual basis (or more frequently for specific higher impact business functions and/or disruption scenarios).

• Periodic test/Drills: A periodic, scheduled test/drill should be executed

for one or more disruption scenarios. This could for example be in the form of a “tabletop exercise” or some method, or it could include a full-scale drill for a specific, high impact, high-risk scenario.

Each of the above-recommended next steps should be coordinated through the Business Continuity Plan and Disaster Recovery Plan Oversight Committee.

4-2 3BTesting the Disaster Recovery Plan 7/1/2008

The Disaster Recovery Plan should be maintained routinely and exercised/tested at least annually. Disaster Recovery procedures must be tested periodically to ensure the effectiveness of the plan. The scope, objective, and measurement criteria of each exercise will be determined and coordinated by the Business Continuity Manager on a “per event” basis. The purpose of exercising and testing the plan is to continually refine resumption and recovery procedures to reduce the potential for failure. There are two categories of testing: announced and unannounced. In an announced test, departmental managers are instructed when testing will occur, what the objectives of the test are, and what the scenario will be for the test. Announced testing is helpful for the initial test of procedures. It gives Florida A&M University Departmental Recovery Teams the time to prepare for the test and allows them to practice their skills. Once the team(s) has had an opportunity to run through the procedures, practice, and coordinate their skills, unannounced testing may be used to test the completeness of the procedures and sharpen the team’s abilities. Unannounced testing consists of testing without prior notification. The use of unannounced testing is extremely helpful in preparing a team for disaster preparation because it focuses on the adequacy of in-place procedures and the readiness of the team. Unannounced testing, combined with closely monitored restrictions, will help to create a simulated scenario that might exist in a disaster. This more closely measures the teams’ ability to function under the pressure and limitations of a disaster. Once it has been determined whether a test will be announced or unannounced, the actual objective(s) of the test must be determined. There are several different types of tests that are useful for measuring different objectives. There are several reasons to test, primarily to inform Florida A&M University management of the recovery capabilities of Information Technology (IT). Other specific reasons area as follows:

1. Testing verifies that Florida A&M University. is compliant with Sarbanes-Oxley and COBIT Information Technology systems control objectives and controls.

2. Testing verifies the accuracy of the recovery procedures and identifies deficiencies.

3. Testing prepares and trains the personnel to execute their emergency duties.

4. Testing verifies the processing capability of the Florida A&M University facility maintaining the iRattler (PeopleSoft) application and legacy Mainframe application.


Testing schedule A recommended schedule for testing is as follows:

1. Desktop testing on a quarterly basis 2. One structured walk-through semi-annually 3. Two/three integrated business operations/information systems exercise

per year The Team Leaders and Business Continuity Manager together will determine end-user participation. The Florida A&M University DRP should be tested within a realistic environment, which means simulating conditions, which would be applicable in an actual emergency. It is also important that the persons who would be responsible for those activities in a crisis should carry out the tests. The Disaster Recovery Plan has been written to include the following Information Technology (IT) Systems control objectives and controls. Disaster Recovery Plan Evaluation Checklist identifies all the controls that have been included into the DRP:

1. IT COBIT: Control Objectives for Information and Related Technology audit guidelines as identified by the Information Systems Audit and Control Association (ISACA).

2. National Institute of Standards and Technology (NIST) Special Publication 800-34, Contingency Planning Guide for Information Technology (IT) Systems control objectives and controls

3. ISO27002:2005 control objectives and controls

Testing Methods Objectives and

Scope of Tests There are five types of Disaster Recovery Plan tests. The listing here is prioritized, from the simplest to the most complete testing type. As Information Technology (IT) progresses through the tests, each test is progressively more involved and more accurately depicts the actual responsiveness of Florida A&M University. Some of the testing types, for example, the last two, require major investments of time, resources, and coordination to implement.

1. Checklist - During a checklist type of Disaster Recovery Plan, copies of the plan are distributed to each key business function Team Leader.

2. Structured Walkthrough Test - In this type of test, each key business

unit Team Leader meets to walk through the Disaster Recovery Plan. The goal is to ensure that the plan accurately reflects the University’s ability to recover successfully, at least on paper. Each step of the plan is walked-through in the meeting and marked as performed. Major glaring faults with the plan should be apparent during the walk-through.


3. Simulation Test - During a simulation, all of the operational and support

personnel expected to perform during an actual emergency meet in a practice session. The goal here is to test the ability of the personnel to respond to a simulated disaster. The simulation goes to the point of relocating to Sterling, Virginia or enacting recovery procedures, but does not perform any actual recovery process or alternate processing.

4. Parallel Test - A parallel test is a full test of the recovery plan, utilizing

all personnel. The difference between this and the full-interruption test below is that the primary production processing of the business does not stop; the test processing runs in parallel to the real processing. The goal of this type of test is to ensure that critical systems will actually run at Sterling, Virginia, parallel processing is initiated, and the results of the transactions and other elements are compared. This is the most common type of Business Continuity Plan and Disaster Recovery Plan testing.

5. Full-Interruption Test - During a full-interruption test, a disaster is

replicated even to the point of ceasing normal production operations. The plan is totally implemented as if it were a real disaster, to the point of involving emergency services (although for a major test, local authorities may be informed and help coordinate).

Setting Objectives Each test is designed around a worst-case scenario for equipment, as this will ensure the entire plan is examined for all possible disastrous situations. For staffing, base tests are designed around best-case scenarios to ensure that all participants are involved and all available expertise is on hand to understand and resolve each issue in the process of building a complete plan. Florida A&M University employees should note any weaknesses or opportunities to improve the plan for action. Once confident that the recovery plan is effective, other scenarios for staffing can be tested, e.g., worst-case scenarios, to verify the procedures are complete and can be performed by less technical personnel. Only when every requirement associated with each component has been documented and verified can the recovery plan be said to be complete and functional. It is important that all aspects of the test are properly examined before a commitment is made to invoke the test. Because it is a test, some considerations will be necessary which perhaps would not be valid in a real disaster. For example, a test may require agreement with business units such as all Human Resources and Payroll to prevent any impact to production, require them to switch to data backup or voice backups. This may result in the test being rescheduled or conducted over a weekend. The last thing Florida A&M University management or participants of the test want is for the test to be


cancelled because a simple item has been overlooked. It then would be a waste of time, commitment and money. Test objectives should include:

1. Recovery of a critical/essential/deferred key business area at Florida A&M University.

2. Establishment of an environment to enable full accommodation of the nominated applications.

3. Recovery of critical documents and equipment from Florida A&M University.

Defining the Boundaries Test boundaries are needed to satisfy the Disaster Recovery strategy, methodology and processes. Florida A&M University management and Recovery Teams also must consider future test criteria to ensure a realistic and obtainable progression to meet the end objectives. Opportunities to test actual recovery procedures should be taken wherever possible, e.g., a purchase of new/additional equipment, vendor agreements (use of Warm Site or cold site). Management also must determine whether or not to include internal (auditors/management) or external (data security services) observers or a combination of both. Scenario The scenario is the description of a disaster and explains the various criteria associated with such a disaster.

1. The scenario should outline what caused the disaster and the level of damage sustained to Florida A&M University facilities, or whether or not anything can be salvaged from the wreckage.

2. The purpose is not to get bogged down in great detail but to explain to all participants what is or is not available, what tools can or cannot be used, what the object of the exercise is, the time the disaster occurred and the planned recovery point.

Test Criteria Not all tests will require all personnel to attend. The test "criteria advise all participants, including observers as appropriate, where they are to be located and the time/day the exercise will take place. The role of the observer is to give an unbiased view and to comment on areas of success or concern to assist in future testing. Assumptions Assumptions will need to be made. They allow a test to achieve the results without being bound by other elements of the recovery plan, which may not yet have been verified. Assumptions allow prerequisites of a particular component/module to be established outside the test boundaries. Examples include:


1. All technical information documented in the plan, including appendices,

is complete and accurate. 2. All purchases (equipment/furniture, etc.) can be made in the RTO

required. Test Prerequisites Before any test is attempted, the Disaster Recovery Plan must be verified as being fully documented in all sections, including all appendices and attachments referenced to each process. Each of the participating teams in a test must be aware of how their role relates to other teams, when and how they are expected to perform their tasks, and what tools are permissible. It is the responsibility of each team leader to keep a log of proceedings for later discussion and action to prepare better for future tests. Briefing Session No matter whether it is a hypothetical, component, module or full test, a briefing session for the teams is necessary. The boundaries of the test are explained and the opportunity to discuss any technical uncertainties is provided. Depending on the complexity of the test, additional briefing sessions may be required--one to outline the general boundaries, another to discuss any technical queries and perhaps one to brief Florida A&M University management on the test's objectives. The size of the exercise and number of staff involved will determine the time between the briefing session(s) and the test. However, this time period must provide sufficient opportunity for personnel to prepare adequately, particularly the technical staff. It is recommended that the final briefing be held no more than two days prior to a test date to ensure all activities are fresh in the minds of the participants and the test is not impacted through misunderstandings or tardiness. An agenda could be:

1. Team objectives 2. Scenario of the disaster 3. Time of the test 4. Location of each team 5. Restrictions on specific teams 6. Assumptions of the test 7. Prerequisites for each team

Checklists Checklists provide the minimum preparation for all test types. Checklists are directly related to specific modules of the recovery plan and all sections relevant to a particular test must be verified as complete before a test date is set. As these checklists follow the various modules associated with the recovery plan, only those parts applicable to the forthcoming test are compulsory prerequisites for that test. However it is recommended that all sections of the checklist be completed as soon as possible. See Attachment? for a detailed Florida A&M University checklist.


Setting the Test

Environment One of the greatest challenges in testing the Disaster Recovery Plan is in creating realistic conditions for carrying out the tests. These need to be carefully planned to create an effective set of conditions to simulate as far as possible a real, disruptive event. It is important, however, that these tests do not disrupt the normal business process in any way, and they may need to be conducted out of normal working hours. This stage is concerned with:

1. Maintaining the strategy, plans, and procedures. 2. Ensuring education and awareness of business continuity is given

sufficient prominence. 3. Review of the plans and risks (with their associated reduction measures),

testing of the plans, controlling changes to the strategy and the plans so these are maintained to be consistent with each other.

4. Training people to produce the strategy and plans as well as to undertake the action embodied within the plans.

5. Assurance of the quality and applicability of the plan. In this context quality refers to adaptability, completeness, data quality, efficiency, friendliness/usability (very important as the plan will only be used in a time of chaos or disaster), maintainability, portability, reliability, resilience, security, testability, and timeliness.

Identify Who is to Conduct the Tests

To ensure consistency of the testing process throughout Florida A&M University, one or more members of the Disaster Recovery Plan Recovery Team should be nominated to co-ordinate the tests within each business unit.

BUSINESS UNIT

PERSON(S) NOMINATED TO

CO-ORDINATE TESTS

DUTIES OF CO-ORDINATOR

Information Technology (IT)

I/T Manager

I/T DRP Team Leaders

Identify type of test scenario

Implement test scenario

Control and Monitor test

Handout Feedback Questionnaire


It is very important to for the Business Continuity Manager (BCM) to get feedback from the persons participating in each of the tests. The intent of the feedback postmortem is to review exactly how the test was executed as well as to identify what went well, what needs to be improved, and what enhancements or efficiencies could be added to improve future tests.

Prepare Feedback Questionnaires

Completion of feedback forms in should be mandatory for all employees participating in the testing process, either during the tests (to record a specific issue) or as soon as practical once the testing has finished.

7/1/2008 4BTraining the Disaster Recovery Plan 5-1

Chapter 5: Training the Disaster Recovery Plan

All staff should be trained in the disaster recovery process. This is particularly important when the procedures are significantly different those pertaining to normal operations. This training may be integrated with the training phase or handled separately. The training should be carefully planned and delivered on a structured basis. The training should be assessed to verify that it has achieved its objectives and is relevant for the procedures involved.

Managing the Training Process

For the DRP training phase to be successful it has to be both well managed and structured. It will be necessary to identify the objective and scope for the training, what specific training is required, who needs it and a budget prepared for the additional costs associated with this phase. Once the training has been arranged, it is necessary to advise employees of the training Program(s) they will be attending, and on which scheduled date(s). This communication should allow staff the opportunity to state if the scheduled date(s) are not convenient to them. The wording of the communication will be as follows:

Communication to Staff

munication to Staff

As part of the Florida A&M University Disaster Recovery Planning process, it is necessary for all members of Florida A&M University to undergo training in the Disaster Recovery procedures relevant to their own roles within the University. In some instances, the Disaster Recovery processes will be significantly different to those pertaining to normal business operations, and it is critical to the success of any Disaster Recovery operation that each member of Florida A&M University is familiar with the appropriate emergency procedures.

5-2 4BTraining the Disaster Recovery Plan 7/1/2008

Your own training has been scheduled as follows: Name of training Program: Date: Location: If you are unable to attend on this date, it is important that you should inform <name of person> immediately, so that an alternative date can be arranged." A separate communication should be sent to the managers of the Florida A&M University business units advising them of the proposed training schedule to be attended by their staff. This should be worded as follows:

1. As part of the Disaster Recovery Planning process, all Florida A&M University employees are required to be trained in the relevant Disaster Recovery procedures.

2. The attached training schedule is proposed for the staff within your own

business unit. It would be appreciated if you would review this schedule and confirm that it meets your unit's requirements and that the dates are acceptable to you. Once confirmed, we will inform staff individually of the dates for their own training.

Develop Objectives and Scope of Training

op Objectives and Scope of Training

The agreed objectives and scope of the DRP Training activities are as follows:

OBJECTIVES: 1. “To train all staff in the particular procedures to be followed during the

business recovery process”. 2. 3.

SCOPE: 1. “The training is to be carried out in a comprehensive and exhaustive manner

so that staff become familiar with all aspects of the recovery process. The training will cover all aspects of the Disaster Recovery activities section of the DRP including IT systems recovery”.

2. 3.


Training Needs Assessment

The persons, or group of people, who require training should be specified, together with the type of training each will require. All new or revised processes will need to be explained carefully to staff, and must be fully understood by those responsible for carrying out the procedures involved.


Prepare Training Schedule

Once those who require training have been identified and the training materials have been prepared, a detailed training schedule should be drawn up. The following is an overview of the training schedule indicating which groups are to be trained.

Assessing the

Training The individual DRP Training Program and the overall training process should be assessed to ensure its effectiveness and applicability. This information will be gathered from the trainers and also the trainees through the completion of feedback questionnaires.


Keeping the Plan Up-to-date Responsibility

Responsibility for maintaining the Disaster Recovery Plan should rest with the Business Continuity Manager, who will retain responsibility for the plan after it has been finalized.

Responsibilities For Maintenance of Each Part of the Plan

PERSON RESPONSIBLE FOR MAINTENANCE DRP PLAN CONTENT

NAME POSITION

Chapter 1: Disaster Recovery Phase Michael McAvoy

Business Continuity Manager

Disaster Recovery Phase Chapter 2: Testing the Disaster Recovery Process

Michael McAvoy


Planning the Tests Chapter 3: Training Staff in the Disaster Recovery Process

Michael McAvoy


Training Chapter 4: Keeping the Plan Up-to-date

Michael McAvoy


Maintaining the DRP Regular Review

1. The Business Continuity Manager should establish a regular review meeting

2. The objectives of the meeting will be to ensure that the content, testing and training of the I/T Disaster Recovery Plan is up to date.

3. It should set a timetable for a review group to meet. 4. It should assign responsibilities to the Business Continuity Manager and

Team Leaders for the maintenance of the Disaster Recovery Plan. 5. Minutes of meetings or notes arising should be made available to all staff

as part of the ‘Awareness’ program.


Typical Agenda for Review Meetings The Business Continuity Manager should establish a regular review meeting with an agenda that includes the following typical items.

1. Actions outstanding from previous meeting – to pick up any items from the last meeting.

2. Organizational Changes – has Florida A&M University undergone any significant change since the last version of the plan was issued, such as departmental reorganizations, new buildings, reporting and responsibility changes and what impact these have on the plan?

3. System Changes – has there been any significant changes in I/T systems (software and hardware) and what impact these have on the plan

4. Update of data stored – is all key information such as records up to date for contact and call tree exercises

5. Training – do new staff requiring training and does the awareness of the plan need to be refreshed with staff.

Update And Maintenance Of The Plan It is inevitable in the changing environment of the computer and telecommunication industry that this Disaster Recovery Plan will become outdated and unusable unless it is kept up to date. Changes that will likely affect the plan fall into several categories:

1. Hardware changes 2. Software changes 3. Facility changes 4. Procedural changes 5. Employee changes

As changes occur in any of the areas mentioned above, the Business Continuity Manager will determine if changes to the plan are necessary. This decision will require that the managers be familiar with the plan in some detail. The staff in the affected area will make changes that affect the functional group recovery portions of the plan. After the changes have been made, the Business Continuity Manager will be advised that the updated documents are available. They will in make the changes into the body of the plan and distribute as required.


Security The information contained in this plan is FOR OFFICIAL USE ONLY and is protected by The Privacy Act. It is to be used only to contact Florida A&M University employees in response to an emergency situation. Unauthorized use of this information may constitute an invasion of privacy. Distribution is limited, and should not be distributed or transmitted electronically for any reason.

Documents

Florida A&M University Contingency Plan Computing And … 3.11.1/CS 3.11.1 [27... · Florida A&M University . Contingency Plan Computing . And . Data Systems (CPCDS) Phase I – PeopleSoft