ASSESSMENT

From Projects
Jump to: navigation, search

DISASTER DETECTION AND DETERMINATION

The detection of an event which could result in a disaster affecting production or information processing systems at The Company is the responsibility of your Protective Services, Computer Center staff, or whoever first discovers or receives information about an emergency situation developing in one of the functional areas or any other facility or about the communications lines between facilities.

DISASTER NOTIFICATION

Whoever detects the disaster will follow existing company procedures and notify the individuals who are acting as the Recovery Management Team Duty Persons (DP). The DP on call will monitor the evolving situation and, if appropriate, will then notify the Recovery Management Team representative based upon a predefined set of notification parameters. When a situation occurs that could result in an interruption of production or processing of major information processing systems, the DP will notify the appropriate Team Leaders.

AREAS THAT SHOULD BE REVIEWED

In The Company, there are several areas that should be reviewed in the preparation of this plan. These include the following:

  • Fire-Related Issues
  • Sabotage
  • Intrusion of Unauthorized Personnel
  • Software Failure
  • Viruses
  • Key Personnel
  • Negative Public Relations
  • Fire-Related
  • Use of fireproof storage containers for valuable information.
  • Storage of paper, solvents, flammable materials remotely from data storage areas.
  • Fire resistant equipment covers.
  • Ratings of fire doors, floor numbering in stairwells and emergency stairwell lighting.
  • Water sensors in data centers
  • Power-down procedures
  • Automated power-down of data centers, networks and work stations
  • Drainage or water protection in data center and media storage areas
  • Availability of waterproof equipment covers
  • Smoke detection equipment in data center and data storage areas
  • Location, security and materials of fire doors
  • Sabotage
  • Data center access security
  • Password security in effect
  • Policy for employee departure/termination with respect to securing vulnerable information
  • Backup procedures and cross-training of employees
  • Intrusion of Unauthorized Personnel
  • Data center access security
  • Data center location
  • Public relations policies
  • Building access security
  • Software Failure
  • Backup procedures for all data including hard copy, server-based, and PC-based information
  • Categorization by information urgency
  • Offsite storage facilities
  • Policy for software version review and upgrades
  • Software maintenance agreements
  • Viruses
  • Introduction and use of anti-virus software
  • Assignment of responsibilities to an effective group to control software installation, standards, and version maintenance
  • Secure data centers
  • Key Personnel
  • Cross-training programs
  • Alternate sources of mission-critical / business-critical information
  • Corporate policies regarding the protection of key personnel
  • Negative Public Relations
  • Public announcements policy
  • Corporate personnel safety awareness and standards
  • On-the-job injury prevention program

WHEN TO ACTIVATE THE PLAN

Later in this module, there is an explanation of how to activate the Plan but it also important to know when to do it. Some situations in which you activate the Plan are:

  • Fire
  • Water
  • Intrusion
  • Sabotage
  • Denial of access to your premises

The activation will occur when you have confirmed that at least one of these has occurred or if you are unable to confirm, following an alarm, that an incident has not occurred.

Furthermore, the Plan should be activated whenever an action occurs hampering your business.

WHAT TO DO WHEN A CRISIS ERUPTS

As soon as a potential crisis situation develops, the first persons to be alerted should be the Team Leader of the Emergency Response Management Team and the Senior Manager of the department in which the problem occurs. It is imperative that all employees understand this requirement.

The public relations professional should also be notified for a quick overview of the situation.

The Senior Manager of the department in which the problem occurs and the public relations professional and other necessary executives should meet immediately to determine who has been affected and, if the problem involves a rumor or complaint. They must evaluate the credibility of the source.

If it is determined an emergency situation has occurred or that a crisis is developing, senior management must be notified and have explained to them the corrective steps being initiated.

Immediately, the public relations professional will begin developing strategies related to the situation. Overall coordination will be determined based on the crisis and the structure of the organization. The public relations professional should take the lead in recommending a course of action as it relates to communications.