Difference between revisions of "INTRODUCTION"

From Projects
Jump to: navigation, search
(Created page with "Category:Disaster Recovery =PROLOGUE= This document is the Emergency Response Plan for '''Company _________''' located at ________________. It has been developed in compl...")
 
(No difference)

Latest revision as of 09:43, 13 April 2014

PROLOGUE

This document is the Emergency Response Plan for Company _________ located at ________________. It has been developed in compliance with the generally accepted practices in recovery planning.

This plan was specifically designed to guide (The Company) through a recovery effort of identified business functions. At the onset of an emergency condition, (The Company) employees and resources will respond quickly to any condition, which could impact (The Company)’s ability to perform the critical functions. The procedures contained within have been designed to provide clear, concise, and essential directions to recover from varying degrees of interruption and disaster.


CONFIDENTIALITY STATEMENT

This manual is classified as the confidential property of (The Company). Due to the sensitive nature of the information contained herein, this manual is available only to those persons who have been designated as plan participants, assigned membership to one of the (The Company) recovery teams, or who otherwise play a direct role in the recovery process. This manual remains the property of (The Company) and may be repossessed at any time. Unauthorized use or duplication of this manual is strictly prohibited. Information contained in this manual is (The Company) Restricted - Solely for authorized persons having a need to know pursuant to organizational instructions. Corporate Security Instructions (CSI) identify responsibilities and establishes minimum requirements for the protection of (The Company) proprietary information and critical applications as they relate to computer resource operations and systems. All employees, both regular and contract, who use, design, operate, have access to, or are responsible for Corporate information, systems and/or the data contained therein, must comply with the provisions of this CSI.

EMERGENCY/DISASTER DEFINED

Emergencies, disruptions, disasters, accidents and injuries can occur any time and without warning. Being prepared physically, technically as well as psychologically to handle emergencies is an individual as well as organizational responsibility. The Emergency Response preparedness procedures have been developed so that the impact of any emergency or business disruption on our people, products and services can be minimized. The better prepared we are, the more effective the results to minimize panic or confusion when an emergency occurs. For each operational system, adequate plans should be made and precautions taken to ensure that all operations can adequately recover from damage to the hardware, software, and critical data.

At a minimum, for all systems, there should be secure and remote backup storage of data files and programs. Beyond this, backup and contingency requirements may vary by system and need to be addressed separately.

In order to minimize the impact of key personnel being incapacitated by an emergency, a thorough cross training program for all employees will be maintained.

The following is a list of issues for the Senior Officer Committee and Executive Committee to address when assessing the possibilities of the potential losses:

  • Loss of assets
  • Loss of income
  • Loss of customers
  • Loss of competitive edge
  • Loss of business opportunity
  • Loss of customer confidence
  • Loss of consumer confidence
  • Legal and regulatory issues
  • Loss of business stability
  • Increased operating cost
  • Negative Media Coverage


PROJECT SCOPE

The intent of the study which produced this Plan was to develop a plan of action to enable (The Company) to resume our current business functions and business support functions in the shortest appropriate time, in the event of total or partial loss of access to our office environment, computer facilities, production facilities, the personnel or the tools that are normally used in our business activities. In addition, a higher purpose for this Plan is to provide a means of ensuring business continuity. This means that we have identified and, will continue to identify, threats to our organization and vulnerabilities that could allow these threats to materialize.

Business Support Functions are defined as 'all business administrative and management support functions that support one's core business operations and the provision of computing services'. These cover all aspects of business activities relating to information flow, documentation, communications facilities and office logistics, as well as the safety and security of personnel and facilities.

The scope of this current project included:

  • Identification of key disasters after which recovery is desired;
  • A preliminary identification of impact and costs;
  • A statement of requirements for prevention (enabling steps for recovery);
  • Observations on protection (reducing or eliminating the disaster);
  • Development of a prevention plan, and a recovery plan;
  • Development of a validity test plan, to test both the prevention and recovery plans for a sample division;
  • Execution of the validity test, according to the test plan;
  • Finalization of the prevention and recovery plans;
  • Preparation of a formal document describing the Emergency Response planning process.

In addition to this detailed plan, the project attempted to locate:

  • all existing emergency response plans for both office and operational facilities;
  • policies and procedures that relate to personnel safety and security; and,
  • any recovery plans that may exist for offices or operational facilities.

If these plans exist, they should be referenced by this response plan. This referencing is required to ensure there is no overlap or confusion on responsibilities in the event of a disaster.

OBJECTIVES

The primary objective of the Emergency Response Plan is to help ensure the continued operation of our business by:

  • providing for the safety of our employees and customers;
  • protecting the assets, and;
  • restoring operating services in the event of a business interruption.


SCOPE OF THE RECOVERY PLAN

The primary objective of this Plan is to identify and correct obstacles to our continued business activity. This means that we have taken steps to identify threats and vulnerabilities and have developed measures to mitigate those exposures.

The secondary objective of this Plan is to restore most critical (Category I) systems within an acceptable timeframe (usually 2 days), and Essential (Category II) systems within another acceptable timeframe (usually 4 weeks) of a disaster that disables any functional area and/or essential equipment supporting the systems or functions in that area.

This risk category identifies applications that have the highest priority and must be restored within 7 days of a disaster disabling a functional area. Specifically, each function of these systems was evaluated and allocated a place in one of four risk categories, as described below.

Category I - Critical Functions Category II - Essential Functions Category III - Necessary Functions Category IV - Desirable Functions

Note: Category IV functions are important to (The Company) administrative processing, but due to their nature, the frequency they are run and other factors, they can be suspended for the duration of the emergency. The administrative systems in Categories I - IV are those that provide (The Company) services. There are many departmental systems as well as non-information processing systems that are also either essential for (The Company) or the local area(s) they support. Recovery for these systems too must be based upon an assessment of the impact of their loss and the cost of their recovery.

POLICY STATEMENT

It is the policy of (The Company) to maintain a comprehensive Emergency Response Plan for all critical business functions. Each business unit manager is responsible for ensuring compliance with this policy and that their respective plan component is tested no less often than specified later in this plan (usually annually). (The Company) response efforts exercise reasonable measures to protect employees, safeguard assets, and client information..

DEFINED SCENARIO

A disaster is defined as a disruption of normal business functions where the expected time for returning to normalcy would seriously impact (The Company)’s ability to maintain customer commitments and regulatory compliance. (The Company)'s response and recovery program is designed to support a recovery effort where (The Company) would not have access to its facilities and data at the onset of the emergency condition.

MANUAL DISTRIBUTION

Each plan recipient will receive and maintain two copies of the Response Plan manual; one copy will be kept in the recipient’s work area and the second copy will be kept at the recipient’s residence. Each manual has a control number to track its distribution. Backup copies are maintained at (The Company)’s offsite data storage facility.

MANUAL RECLAMATION

Plan recipients who cease to be an active member of a response or recovery team or an employee of (The Company) must surrender both copies of their Plan manual. (The Company) reserves any and all rights to pursue the return of these manuals.

PLAN REVISION DATE

The latest manual revision date appears in the footer. This date indicates the most recent published date of the plan section. Printed manuals should be audited quarterly for updates to the Crisis Management Plan.

DECLARATION INITIATIVES

(The Company)'s decision process for implementing any of the three levels of recovery strategies to support the restoration of critical business functions are based on the following declaration initiatives: Every reasonable effort has been made to provide critical services to (The Company)'s customers by first attempting to restore the primary facility and/or operate using intra-day procedures. After all reasonable efforts have failed to restore the primary facility , and using manual procedures severely degrades client support, (The Company) will invoke a recovery strategy that may require the relocation of personnel and resources to an alternate recovery facility. If the outage will clearly extend past the acceptable period of time identified in the Recovery Portfolio, a declaration of disaster will immediately be made.


PROJECT BACKGROUND

See ROC-introduction

Work has been launched in recent weeks to develop a Business Continuity Plan for the (The Company). Because of the pressures of quickly developing SOPs for Event_Management, a complete plan will be crafted throughout 2009-2010. It is well understood that a Plan is an evergreen document in that it is always changing and must be maintained.

TEAM CONCEPT

This plan is based on the concept that dividing our staff, consultants, contractors and suppliers into specialty teams is the most effective way to effect an orderly and timely recovery. It is important that the teams be established, the activities to be done before, during and after a disaster be set and that all team members are familiar with their duties.

During an emergency each team member contributes the skills that they use in their everyday work to the overall response.