1 Amherst County Public Schools Technology Support Group Disaster Recovery Plan Introduction This document is the disaster recovery plan for Amherst County Public Schools, Technology Support Group. The information present in this plan guides administrators and technical staff in the recovery of computing and network facilities operated by ACPS in the event that a disaster destroys all or part of the facilities. Description The Recovery plan is composed of a number of sections that document resources and procedures to be used in the event that a disaster occurs at the Technology Center located at 257 Trojan Road. Each supported computing platform has a section containing recovery procedures. There are also sections that document the personnel that will be needed to perform the recovery tasks and an organizational structure for the recovery process. General Information About The Plan Over the years, dependence upon the use of computers in the day-to-day business activities of many organizations has become the norm. Amherst County Public Schools certainly is no exception to this trend. These machines are linked together by a sophisticated network that provides communications with other machines across our locations and around the world. Vital functions of ACPS depend on the availability of this network of computers. Consider for a moment the impact of a disaster that prevents the use of the system to process Student Registration, Payroll, Accounting, or any other vital application for weeks. Students and faculty rely upon our systems for instruction and research purposes, all of which are important to the well-being of ACPS. It is hard to estimate the damage to the Division that such an event might cause. One tornado properly placed could easily cause enough damage to disrupt these and other vital functions of the Division. Without adequate planning and preparation to deal with such an event, the Division s central computer systems could be unavailable for many weeks. Primary Focus of the Plan The primary focus of this document is to provide a plan to respond to a disaster that destroys or severely cripples the Division s central computer systems. The intent is to restore operations as quickly as possible with the latest and most up-to-date data available. All disaster recovery plans assume a certain amount of risk, the primary one being how much data is lost in the event of a disaster. Disaster recovery planning is much like the insurance business in many ways. There are compromises between the amount of time, effort, and money spent in the planning and preparation of a disaster and the amount of data loss you can sustain and still remain operational
2 following a disaster. Time enters the equation, too. Many organizations simply cannot function without the computers they need to stay in business. So their recovery efforts may focus on quick recovery, or even zero down time, by duplicating and maintaining their computer systems in separate facilities. The techniques for backup and recovery used in this plan do NOT guarantee zero data loss. The Division's administration is willing to assume the risk of data loss and do without computing for a period of time in a disaster situation. Data recovery efforts in this plan are targeted at getting the systems up and running with the last available off-site backup. Significant effort will be required after the system operation is restored to (1) restore data integrity to the point of the disaster and (2) to synchronize that data with any new data collected from the point of the disaster forward. This plan does not attempt to cover either of these two important aspects of data recovery. Instead, individual users and departments will need to develop their own disaster recovery plans to cope with the unavailability of the computer systems during the restoration phase of this plan and to cope with potential data loss and synchronization problems. Primary Objectives of the Plan This disaster recovery plan has the following primary objectives: 1. Present an orderly course of action for restoring critical computing capability to the ACPS Division. 2. Set criteria for making the decision to recover at a cold site or repair the affected site. 3. Describe an organizational structure for carrying out the plan. 4. Provide information concerning personnel that will be required to carry out the plan and the computing expertise required. 5. Identify the equipment, floor plan, procedures, and other items necessary for the recovery.
3 OVERVIEW of the Plan This plan uses a "cookbook" approach to recovery from a disaster that destroys or severely cripples the computing resources at the Technology Center at 257 Trojan Road and possibly at other critical ACPS locations. Personnel Immediately following the disaster, a planned sequence of events begins. Key personnel are notified and recovery teams are grouped to implement the plan. Key departments are listed in the plan. In a disaster it must be remembered that PEOPLE are your most valuable resource. The recovery personnel working to restore the computing systems will likely be working at great personal sacrifice, especially in the early hours and days following the disaster. They may have injuries hampering their physical abilities. The loss or injury of a loved one or coworker may affect their emotional ability. They will have physical needs for food, shelter, and sleep. The Division must take special pains to ensure that the recovery workers are provided with resources to meet their physical and emotional needs. This plan calls for the appointment of a person in the School Administration Office whose job will be to secure these resources so they can concentrate on the task at hand. Salvage Operations at Disaster Site Early efforts are targeted at protecting and preserving the computer equipment. In particular, any magnetic storage media (hard drives) and critical hardware (routers, core switches, etc.) are identified and either protected from the elements or removed to a clean, dry environment away from the disaster site. The School Board office or Amherst Education Center will work. Designate Recovery Site At the same time, a survey of the disaster scene is done by appropriate personnel to estimate the amount of time required to put the facility (in this case, the building and utilities) back into working order. A decision is then made whether to use the Cold Site, a location some distance away from the scene of the disaster where computing and networking capabilities can be temporarily restored until the primary site is ready. Work begins almost immediately at repairing or rebuilding the primary site. This may take months, the details of which are beyond the scope of this document. Purchase New Equipment The recovery process relies heavily upon vendors to quickly provide replacements for the resources that cannot be salvaged. The Division will rely upon emergency procurement procedures requested in this plan and approved by the Division s purchasing office to quickly place orders for equipment, supplies, software, and any other needs. Begin Reassembly at Recovery Site Salvaged and new components are reassembled at the recovery site according to the instructions contained in this plan. Since all plans of this type are subject to the inherent changes that occur in the
4 computer industry, it may become necessary for recovery personnel to deviate from the plan, especially if the plan has not been keep up-to-date. If vendors cannot provide a certain piece of equipment on a timely basis, it may be necessary for the recovery personnel to make last-minute substitutions. After the equipment reassembly phase is complete, the work turns to concentrate on the data recovery procedures. Restore Data from Backups Data recovery relies entirely upon the use of backups stored in locations off-site from the Technology Center. Backups can take the form of external hard drives, and other storage media. Early data recovery efforts focus on restoring the operating system(s) for each computer system. Next, first line recovery of application and user data from the backup is done. Individual application owners may need to be involved at this point, so teams are assigned for each major application area to ensure that data is restored properly. Restore Applications Data It is at this point that the disaster recovery plans for users and departments (e.g., the application owners) must merge with the completion of the Technology Support Group s plan. Since some time may have elapsed between the time that the off-site backups were made and the time of the disaster, application owners must have means for restoring each running application database to the point of the disaster. They must also take all new data collected since that point and input it into the application databases. When this process is complete, the Division s computer systems can reopen for business. Some applications may be available only to a limited few key personnel, while others may be available to anyone who can access the computer systems. Move Back to Restored Permanent Facility If the recovery process has taken place at the Cold Site, physical restoration of the Technology Center (or an alternate facility) will have begun. When that facility is ready for occupancy, the systems assembled at the Cold Site are to be moved back to their permanent home. This plan does not attempt to address the logistics of this move, which should be vastly less complicated than the work done to do the recovery at the Cold Site.
5 Disaster Risks and Prevention As important as having a disaster recovery plan is, taking measures to prevent a disaster or to mitigate its effects beforehand is even more important. This portion of the plan reviews the various threats that can lead to a disaster, where our vulnerabilities are, and steps we should take to minimize our risk. The threats covered here are both natural and human-created. FIRE The threat of fire in the Technology Center is very real and poses the highest risk factor of all the causes of disaster mentioned here. The building is filled with electrical devices and connections that could overheat or short out and cause a fire. The computers within the facility also pose a quick target for arson from anyone wishing to disrupt Division operations. Wide area fires, such as those common in recent years in California, are also a possibility in dry times. Preventive Measures Fire Extinguishers Hand-held fire extinguishers are required in visible locations throughout the building. Building Construction Monelison Middle School is built primarily of non-combustible materials. The risk to fire can be reduced when new construction is done, or when office furnishings are purchased, to acquire flame resistant products. Training and Documentation Staff are required to demonstrate proficiency in periodic, unscheduled fire drills. Recommendations The Technology Center should be equipped with a fire alarm system, with ceiling-mounted smoke detectors scattered widely throughout the building. Smoke detectors should also be placed in the server room. The server room should be protected by a Halon gas fire extinguishing system. Further, the ceilingmounted sprinklers should be removed or disconnected. Regular review of the procedures should be conducted to insure that they are up to date. Regular inspections of the fire prevention equipment are also mandated. Fire extinguishers are periodically inspected as a standard policy, but so should the Halon fire prevention system. Non-disruptive tests of the Halon system should also be conducted. Smoke detectors located in the Technology Center should be periodically inspected and tested.
6 FLOOD Per FEMA s website, Monelison is not in a flood zone. However, we are close to a boundary dividing special flood hazard areas of different base flood elevations, flood depths, or flood velocities. These factors coupled with the chance of a storm that drops large amounts of rain in the Madison Heights area create the threat of flooding. Flood waters penetrating the server room can cause a lot of damage. Not only could there be potential disruption of power caused by the water, flood waters can bring in mud and silt that can destroy sensitive electrical connections. Of course, the presence of water in a room with high voltage electrical equipment can pose a threat of electrical shock to personnel within the machine room. Preventive Measures Recommendations Install a water detection system in the server room that would alert key personnel. And periodic inspections of the water detectors are also required to ensure their proper operation. Staff in the server room should be trained in shutdown procedures. TORNADOS AND HIGH WINDS A tornado has the potential for causing the most destructive disaster we face. Preventive Measures While a fire can be as destructive as a tornado, there are very few preventative measures that we can take for tornados. Building construction makes a big difference in the ability of a structure to withstand the forces of high winds. Are any areas such as a flat roof susceptible to wind damage? Strong winds are often accompanied by heavy rain, so a double threat of wind and water damage exists if the integrity of the roof is lost. Recommendations All occupants at Monelison Middle should know where the strong points of the building are and directed to seek shelter in threatening weather. The Technology Center should have large tarpaulin or plastic sheeting available in the server room area ready to cover sensitive electronic equipment in case the building is damaged. Protective covering should also be deployed over all racks to prevent water and wind damage. Operators should be trained how to properly cover the equipment. EARTHQUAKE The threat of an earthquake in the Madison Heights area is low, but should not be ignored. According to vaemergency.gov, Virginia has had 11 earthquakes in 107 years. Buildings in our area are not built to
7 earthquake resistant standards like they are in quake-prone areas like California. So we could expect light to moderate damage from the predicted quake. An earthquake has the potential for being the most disruptive for this disaster recovery plan. If the Technology Center is damaged, it is highly probable that the cold site nearby may also be similarly affected. Restoration of computing and networking facilities following a bad earthquake could be very difficult and require an extended period of time due to the need to do wide scale building repairs. Preventive Measures The preventative measures for an earthquake can be similar to those of a tornado. Building construction makes all the difference in whether the facility will survive or not. Even if the building survives, earthquakes can interrupt power and other utilities for an extended period of time. Standby power generators could be purchased or leased to provide power while commercial utilities are restored. Recommendations The Technology Center should have large tarpaulin or plastic sheeting available in the machine room area ready to cover sensitive electronic equipment in case the building is damaged. Protective covering should also be deployed over all racks to prevent water and wind damage. Operators should be trained how to proper cover the equipment. COMPUTER CRIME Computer crime is becoming more of a threat as systems become more complex and access is more highly distributed. With the new networking technologies, more potential for improper access is present than ever before. Computer crime usually does not affect hardware in a destructive manner. It may be more insidious, and may often come from within. A disgruntled employee can build viruses or time bombs into applications and systems code. A well-intentioned employee can make coding errors that affect data integrity (not considered a crime, of course, unless the employee deliberately sabotaged programs and data). Preventive Measures All systems should have security products installed to protect against unauthorized entry. All systems should be protected by passwords, especially those permitting updates to data. All users should be required to change their passwords on a regular basis. All security systems should log invalid attempts to access data, and security administrators should review these logs on a regular basis. All systems should be backed up on a periodic basis. Those backups should be stored in an area separate from the original data. Physical security of the data storage area for backups must be implemented. Standards should be established on the number of backup cycles to retain and the length of their retention.
8 Recommendations Implement a password change policy. Administration should support and encourage a password change policy. The amount of time required to change a password is small compared to the time required to investigate a data breach. Continue to improve security functions on all platforms. Strictly enforce policies and procedures when violations are detected. Regularly let users know the importance of keeping their passwords secret. Let users know how to choose strong passwords that are very difficult to guess. Improve network security. Implement stronger security mechanisms over the network, such as one-time passwords, data encryption, and non-shared wire media. TERRORISTIC ACTION AND SABOTAGE The Division's computer systems are always potential targets for terroristic actions, such as a bomb. The threat of kidnapping of key personnel also exists. Preventive Measures Good physical security is extremely important. However, terroristic actions can often occur regardless of in-building security, and they can be very destructive. A bomb placed next to an exterior wall of the server room will likely breach the wall and cause damage within the room. Given the freedom that we enjoy within the United States at this time, almost no one will accept the wide-scale planning, restrictions, and costs that would be necessary to protect the Technology Center from a bomb. Some commonsense measures can help, however. The building should be adequately lit at night on all sides. All doors into the server room area should be strong and have good locks. Entrances into the server room proper should be locked at all times. Only those people with proper security clearances should be permitted into the serve room area. Suspicious parties should be reported to the police (they may not be terrorists, but they may have theft of expensive computer equipment in mind). Maintain good building physical security. Doors into the server room area should be locked at all times. All visitors to the machine room should receive prior authorization and log in and out. Recommendations
9 Disaster Recovery Planning The first and most obvious thing to do is to have a plan. The overall plan of which this document is a part is that which the Technology Support Group will use in response to a disaster. The extent to which this plan can be effective, however, depends on disaster recovery plans by other departments and units within the Division. For instance, if the Administration Building were to be involved in the same disaster as the Technology Center, the functions of the Business Manager's Office, or more in particular, the Purchasing Office, could be severely affected. Without access to the appropriate procedures, documents, vendor lists, and approval processes, the Technology Support Group recovery process could be hampered by delays while Purchasing recovers. Every other business unit within the Division should develop a plan on how they will conduct business, both in the event of a disaster in their own building or a disaster at the Technology Center that removes their access to data for a period of time. Those business units need means to function while the computers and networks are down, plus they need a plan to synchronize the data that is restored on the central computers with the current state of affairs. For example, if the Payroll Office is able to produce a payroll while the central computers are down, that payroll data will have to be re-entered into the central computers when they return to service. Having a means of tracking all expenditures such as payroll while the central computers are down is extremely important. If the Technology Center is destroyed in a disaster, repair or rebuilding of that facility may take an extended period of time. In the interim it will be necessary to restore computer and network services at an alternate site. The Division has a number of options for alternate sites, each having a varying degree of up-front costs. Hot Site This is probably the most expensive option for being prepared for a disaster, and is typically most appropriate for very large organizations. A separate computer facility, possibly even located in a different city, can be built, complete with computers and other facilities ready to cut in on a moment's notice in the event the primary facility goes offline. The two facilities must be joined by high speed communications lines so that users at the primary campus can continue to access the computers from their offices and classrooms. Disaster Recovery Company A number of companies provide disaster recovery services on a subscription basis. For an annual fee (usually quite steep) you have the right to a variety of computer and other recovery services on extremely short notice in the event of a disaster. These services may reside at a centralized hot site or sites that the company operates, but it is necessary for you to pack up your backup tapes and physically relocate personnel to restore operations at the company's site. Some companies have mobile services which move the equipment to your site in specially prepared vans. These vans usually contain all of the necessary computer and networking gear already installed, with motor generators for power, ready to
10 go into service almost immediately after arrival at your site. (Note: Most disaster recovery companies that provide these types of subscription services contractually obligate themselves to their customers to not provide the services to any organization who has not subscribed, so looking to one of these companies for assistance after a disaster strikes will likely be a waste of time.) Disaster Partnerships Some organizations will team up with others in a partnership with reciprocal agreements to aid each other in the event of a disaster. These agreements can cover simple manpower sharing all the way up to full use of a computer facility. Often, however, since the assisting partner has to continue its day-to-day operations on its systems, the agreements are limited to providing access for a few key, critical applications that the disabled partner must run to stay afloat while its facilities are restored. The primary drawback to these kinds of partnerships is that it takes continual vigilance on behalf of both parties to communicate the inevitable changes that occur in computer and network systems so that the critical applications can make the necessary upfront changes to remain operational. Learning that you can't run a payroll, for instance, at your partner's site because they no longer use the same computer hardware or operating system that you need is a bitter pill that no one should swallow. One of the most critical issues involved in the recovery process is the availability of qualified staff to oversee and carry out the tasks involved. This is often where disaster partnerships can have their greatest benefit. Through cooperative agreement, if one partner loses key personnel in the disaster, the other partner can provide skilled workers to carry out recovery and restoration tasks until the disabled partner can hire replacements for its staff. Of course, to be completely fair to all parties involved, the disabled partner should fully compensate the assisting partners for use of their workers unless there has been prior agreement not to do so. A partnership with the County of Amherst IT would probably be our only choice. The use of reciprocal disaster agreements of this nature may work well as a low-cost alternative to hiring a disaster recovery company or building a hot site. And they can be used in conjunction with other arrangements, such as the use of a cold recovery site described below. The primary drawback to these agreements is that they usually have no provision for providing computer and network access for anything other than predefined critical applications. So users will be without facilities for a period of time until systems can be returned to operation. Cold Site A cold recovery site is an area physically separate from the primary site where space has been identified for use as the temporary home for the Technology Group while the primary site is being repaired. There are varying degrees of "coldness", ranging from an unfinished basement all the way to space where the necessary raised flooring, electrical hookups, and cooling capacity have already been installed, just waiting for the computers to arrive. The Technology Support group recommends using the cold site approach for this disaster recovery plan. The necessary agreements have been made for the Technology Support Group to utilize space in Amherst Education Center as its Cold Site or off-site location. It has adequate space to house the
11 hardware, with some office space available for operating and technical personnel. It has good connectivity to the Division's fiber optic network. A certain amount of preparation needs to be made for electrical and cooling capacity to support mainframes and network equipment. Replacement Equipment This plan contains an inventory of the components of each of the computer and network systems and their software that must be restored after a disaster. The inevitable changes that occur in the systems over time require that the plan be periodically updated to reflect the most current configuration. Where possible, agreements have been made with vendors to supply replacements on an emergency basis. To avoid problems and delays in the recovery, every attempt should be made to replicate the current system configuration. However, there will likely be cases where components are not available or the delivery timeframe is unacceptably long. The Technology Support Group will hopefully be able to work through these problems as they are recognized. Although some changes may be required to the procedures documented in the plan, using different models of equipment or equipment from a different vendor may be suitable to expediting the recovery process. Backups New hardware can be purchased. New buildings can be built. New employees can be hired. But the data that was stored on the old equipment cannot be bought at any price. It must be restored from a copy that was not affected by the disaster. There are a number of options available to us to help ensure that such a copy of your data survives a disaster at the primary facility. Remote Dual Copy This option calls for a disk subsystem located at a site away from the Technology Center and fiber optic cabling coupling the remote disk to the disk subsystem at the primary site. Data written to disk at the primary site are automatically transmitted to the remote site and written to disk there as well. This guarantees that you have the most up-to-the-second updates for the databases at the primary site in case it is destroyed. You can simplify the recovery process by locating the remote disk subsystem at the disaster recovery site. This option is somewhat expensive, but not prohibitively so. It does not require that an entire computer system be built at a hot site, just the disk subsystem. This option is typically limited to mainframe disk systems only. Automated Off-Site Tape Backup This option calls for a robotic tape subsystem located at a site away from the primary computer facility and fiber optic cabling coupling the subsystem to the primary computer facility. Copies of operating system data, application and user programs, and databases can be transmitted to the remote tape subsystem where it is stored on magnetic tape (optical writable disk media can also be used, but may be more expensive). While this option does not guarantee the up-to-the-second updates available with the remote dual copy disk option, it does provide means for conveniently taking backups and storing them off-site any time of the day or night. Another huge advantage is that backups can be made from mainframes, file servers,
12 distributed (unix-based) systems, and personal computers. Although such a system is expensive, it is not prohibitively so. Off-Site Tape Backup Storage This option calls for the transportation of backup tapes made at the primary computer facility to an offsite location. Choice of the location is important. You want to ensure survivability of the backups in a disaster, but you also need quick availability of the backups. This option has some drawbacks. First, there is a period of exposure from the time that a backup is made to the time it can be physically removed off-site. A disaster striking at the wrong time may result in the loss of all data changes that have occurred from the time of the last off-site backup. There is also the time, expense, and energy of having to transport the tapes. And there is also the risk that tapes can be physical damaged or lost while transporting them. Hybrid Off-Site Backup Storage The Technology Support Group has opted to taking periodic backups of its databases, and file servers and storing those backups at Amherst Education Center.
13 The actual backup and cycling procedures vary somewhat depending on the computer platform. Details of these procedures are contained in below: ACPS Website 1 Active Directory 2 AS400 3 Destiny 1 Fitness Gram 4 Helpdesk 1 Lab Registration Websites 1 Moodle 1 Network Configurations 5 Papervision 6 Phone System 7 Point of Sale 8 PowerSchool 9 Ren Place 4 School Level Files 10 School Websites 1 SharePoint 11 Sign In 4 TEAS 1 TransFinder 10 VMWare 12 ZIS 9 (1) OS backups are taken where necessary and stored on attached external USB drives. Databases are backed up using MySQL DUMP and stored on attached external USB drives. The critical OS backups are moved from the USB drives to the off-site storage location. All database backups are moved to the offsite storage location. The backups run anywhere between nightly and weekly depending on the database. (2) Backups are taken by hand every month and included in the Windows Server Backup that is saved to the external USB hard drive. Drives are swapped out by hand and transported to the off-site location. (3) Operated by the County of Amherst IT (4) OS backups are taken where necessary and stored on attached external USB drives. Databases are located on the MSSQL server named, Warehouse. Warehouse saves all databases to an USB drive that are later moved to the off-site storage location. (5) Backups are taken by hand every 6 months and saved to the file server named, Chewie. Backups are taken and stored on attached external USB drives that are later copied to the off-site location.
14 (6) Database backups are taken and stored on attached external USB drives that are later copied to the off-site location. (7) Databases are copied to the off-site location via SFTP. (8) OS and database backups are taken and stored on attached external USB drives that are later copied to the off-site location. (9) OS and database backups are taken and stored on attached external USB drives that are later moved to the off-site location. (10) OS and file backups are taken and stored on attached external USB drives. No off-site location. Principals have been informed to request special hardware if this is a concern. (11) OS and database backups are taken and stored on attached external USB drives that are later copied to the off-site location. Due to the free version of SharePoint, we can only do a full restore in the case of emergency. (12) No backups are taken. Critical Applications ACPS has identified the following applications as critical. This means that delaying the processing of this application could cause much hardship on faculty, staff, students, and others that depend on it. ACPS Website Active Directory AS400 Destiny Internet Access/WAN Access Moodle Phone System Point of Sale PowerSchool Ren Place School Level Files School Websites SharePoint TransFinder
15 Supported Computer Platform Recovery Procedures Webservers Backups are stored at the off-site location. Windows backups will be used when necessary. If a bare metal restore is not necessary, the Windows backup may be needed for Apache, PHP, etc configurations. When not necessary, WAMP will be setup and configured and database(s) will be restored. Teachers will need to be involved in the synchronization of data after a restore as close to the date of the disaster as possible. Active Directory Before an AD restore is done, the best course of action would be to use meta data cleanup to remove the failed DC, rebuild a new Windows server and dcpromo it. However, a backup of AD can be found at the off-site location. AS400 Coordination with Amherst IT needs to be done. Destiny The OS and database backups can be found at the off-site location. Database lives on the server: Destiny2. Librarians will need to be involved in the synchronization of data after a restore as close to the date of the disaster as possible. Internet Access/WAN Access Depending on the issue, the service provider (as of writing this it is Verizon and ntelos) may need to be contacted or failed ACPS equipment will need to be repaired or replaced. Moodle Backups are stored at the off-site location. Windows backups will be used when necessary. If a bare metal restore is not necessary, the Windows backup may be needed for Apache, PHP, etc configurations. When not necessary, WAMP will be setup and configured and database(s) will be restored. Teachers will need to be involved in the synchronization of data after a restore as close to the date of the disaster as possible. Phone System Backups are stored at the off-site location. Due to the nature of Call Manager and Unity 9.1 running on VMWare, we will need the assistance of Cisco and or ABS to do a restore. A restore should not be attempted with no outside help.
16 Point of Sale The OS and database backups can be found at the off-site location. Child Nutrition will need to be involved in the synchronization of data after a restore as close to the date of the disaster as possible. PowerSchool The OS and database backups can be found at the off-site location. Lavonne and school level personnel such as principals and or secretaries will need to be involved in the synchronization of data after a restore as close to the date of the disaster as possible. Ren Place The OS and database backups can be found at the off-site location. Database lives on the server: Warehouse. Librarians will need to be involved in the synchronization of data after a restore as close to the date of the disaster as possible. School Level Files Kept on-site only, if off-site is needed, coordination must be done at the school level. Recommendations If off-site is needed, an Enterprise level automated disk system and appropriate backup software is requested. A disaster proof external hard drive system would suffice. SharePoint The OS and database backups can be found at the off-site location. All staff will need to be involved in the synchronization of data after a restore as close to the date of the disaster as possible. TransFinder Kept on-site only, if off-site is needed, coordination must be done at the building level. Transportation will need to be involved in the synchronization of data after a restore as close to the date of the disaster as possible.
17 Personnel and Organizational Chart Who is effected and who is responsible for synchronization of data after a restore as close to the date of disaster as possible. ACPS Website All Staff, Technology Support Group Active Directory All Staff, Technology Support Group AS400 Business, Finance, Payroll, Technology Support Group Destiny Librarian, Technology Support Group Internet Access/WAN Access All Staff, Technology Support Group Moodle All Staff, Technology Support Group Phone System All Staff, Technology Support Group Point of Sale Child Nutrition, Technology Support Group PowerSchool All Staff, Technology Support Group Ren Place All Staff, Technology Support Group School Level Files All Staff, Technology Support Group School Websites All Staff, Technology Support Group SharePoint All Staff, Technology Support Group TransFinder Transportation, Technology Support Group
Business Continuity Planning (BCP) / Disaster Recovery (DR) Introduction Interruptions to business functions can result from major natural disasters such as earthquakes, floods, and fires, or from man-made
Southwestern Oregon Community College Integrated Technology Services Disaster Recovery Plan Last update: November 10, 2014 Introduction This document is the disaster recovery plan for Southwestern Oregon
Business Continuity Planning (BCP) / Disaster Recovery (DR) Introduction Interruptions to business functions can result from major natural disasters such as earthquakes, floods, and fires, or from man-made
Draft ICT Disaster Recovery Plan Version 3.0 Draft Date June 2014 Status Draft Approved By: Table of Contents 1.0 Introduction...3 1.1 Objectives of the Disaster Recovery Policy/plan... 3 2. 0 Disaster
Appendix L DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS I. GETTING READY A. Obtain written commitment from top management of support for contingency planning objectives. B. Assemble
Why cloud backup? Top 10 reasons HP Autonomy solutions Table of contents 3 Achieve disaster recovery with secure offsite cloud backup 4 Free yourself from manual and complex tape backup tasks 4 Get predictable
By: Katie Tucker, Sales Representative, Rolyn Companies, Inc Are you and your facility disaster ready? As reported by the Red Cross, as many as 40 percent of small businesses do not reopen after a major
Disasters natural and man-made and weather patterns all have the potential to damage or destroy records. Basic precautions and the formation of a disaster plan will help prevent the unnecessary loss of
Workforce Solutions Business Continuity Plan May 2014 Contents 1. Purpose... 3 2. Declaration of Emergency... 4 3. Critical Operations... 4 3.1 Communication... 4 3.1.1 Internal Communication During Emergencies...
Connors State College Page 1 Connors State College IT Systems Disaster Recovery Plan Connors State College - 1 - Information Technology Systems Connors State College Page 2 Disclaimer: The techniques for
NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities
Disaster Recovery Planning Process By Geoffrey H. Wold Part I of III This is the first of a three-part series that describes the planning process related to disaster recovery. Based on the various considerations
Cloud Computing Chapter 10 Disaster Recovery and Business Continuity and the Cloud Learning Objectives Define and describe business continuity. Define and describe disaster recovery. Describe the benefits
Disaster Recovery & Business Continuity James Adamson Library Systems Office Library Management Information Data Services Financial Procurement Cataloging Inventory/searching Circulation Central Library
ADVISORY Top 10 Reasons for Using Disk-based Online Server Backup and Recovery INTRODUCTION Backup of vital company information is critical to a company s survival, no matter what size the company. Recent
NETWORK SERVICES WITH SOME CREDIT UNIONS PROCESSING 800,000 TRANSACTIONS ANNUALLY AND MOVING OVER 500 MILLION, SYSTEM UPTIME IS CRITICAL. Your Credit Union information is irreplaceable. Data loss can result
7 Appendix A ICT Disaster Recovery Plan Definition of a Disaster A computer disaster is the occurrence of any computer system or associated event which causes the interruption of business, leading in the
White Paper LIVEVAULT Top 10 Reasons for Using Online Server Backup and Recovery Introduction Backup of vital company information is critical to a company s survival, no matter what size the company. Recent
Disaster Recovery Plan Starling Systems Deliverable #15 - Draft I Contract # 04-06 Accepted on: March 29, 2005 Starling Systems 711 S. Capitol Way, Suite 301 Olympia, WA 98501 DISASTER RECOVERY PLAN TABLE
INFORMATION TECHNOLOGY & MANAGEMENT IT Checklist INTRODUCTION A small business is unlikely to have a dedicated IT Department or Help Desk. But all the tasks that a large organization requires of its IT
BACKUP ESSENTIALS FOR PROTECTING YOUR DATA AND YOUR BUSINESS Disasters happen. Don t wait until it s too late. OVERVIEW It s inevitable. At some point, your business will experience data loss. It could
How to Build a Comprehensive Business Continuity Plan Business continuity planning is essential for any business. A business continuity plan carried out effectively will enable any business to continue
Internal Audit Report 2009-08 Introduction. The Municipality depends heavily on technology and automated information systems, and their disruption for even a few days could have a severe impact on critical
Clinic Business Continuity Plan Guidelines Published: January 2015 Table of Contents Emergency Notification Contacts Primary... 2 Emergency Notification Contacts Backups (in case primary is unavailable)...
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
. White Paper Disaster Recovery Remote off-site Storage for single server environment When it comes to protecting your data there is no second chance January 1, 200 Prepared by: Bill Schmidley CompassPoint
Contents Yale Business Continuity Program Emergency Response Guide March 2016 Introduction Immediate Actions Assess the Damage Determining Business Disruption Determining Plan of Action Relocation Checklist
Leveraging Virtualization for Disaster Recovery in Your Growing Business Contents What is Disaster Recovery?..................................... 2 Leveraging Virtualization to Significantly Improve Disaster
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
Clinic Business Continuity Plan Guidelines Emergency notification contacts: Primary Role Name Address Home phone Mobile/Cell phone Business Continuity Plan Coordinator QSP Business Continuity Plan Coordinator
IT Service Management Service Continuity Methods (Disaster Recovery Planning) White Paper Prepared by: Rick Leopoldi May 25, 2002 Copyright 2001. All rights reserved. Duplication of this document or extraction
Assisted Living Facilities & Adult Care Comprehensive Emergency Management Plans STATUTORY REFERENCE GUIDANCE CRITERIA The Henrico County Division of Fire s Office of Emergency Management provides this
HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned
1 This document contains the text of Secretary of the State regulations concerning Emergency Contingency Model Plan for Elections (Sections 9-174a-1 to 9-174a-34) This document was created by the Office
Eastman Kodak Company 343 State Street Rochester, NY 14650-0238 USA Revision date: March 2014 White Paper Contact Name Robyn Lundstrom PSSG Specialist, KODAK Unified Workflow Solutions email@example.com
1 Offsite Disaster Recovery Plan Offsite Disaster Recovery Plan Presented By: Natan Verkhovsky President Disty Portal Inc. 2 Offsite Disaster Recovery Plan Introduction This document is a comprehensive
Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions
IT Relocation Schedule Moving offices? Often, relocating your IT infrastructure can be one of the most daunting aspects of the move, and it s also the most critical to business continuity. Servers, PCs,
Backup Strategies for Small Business StarTech Group, Inc. Jim Scalise 11.15.2014 1 StarTech Group, Inc. 2771-29 Monument Rd. PMB 232 Jacksonville, FL 32225 CONTENTS BACKUP STRATEGIES.. 1 CLOUD BACKUP 2
Company Name Address Telephone Contact Name Title Last Revision Date Policy and Organizational Statements Identify the goals and objectives for the emergency response plan. Define what your emergency response
MEDITECH Disaster Recovery Real-World Disasters and Key Lessons Learned Prepared for MUSE Education Where Did I Find Today s Real- World Examples? All real-world All from my first-hand experiences Names
Disaster Recovery Tips for business survival A Guide for businesses looking for disaster recovery November 2005 Page 1 of 9 Introduction The aim of this paper is to highlight the importance of having a
WHY DO I NEED DATA PROTECTION SERVICES? Data processing operations have evolved with breathtaking speed over the past few years, expanding from very large mainframe operations to small business networks.
Availability and Disaster Recovery: Basic Principles by Chuck Petch, WVS Senior Technical Writer At first glance availability and recovery may seem like opposites. Availability involves designing computer
IT - General Controls Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks G1. ACCESS CONTROLS Access controls are comprised of those policies and procedures that are designed to allow
EXIN Information Security Foundation based on ISO/IEC 27002 Sample Exam Edition June 2016 Copyright 2016 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored
Disaster Recovery Review FREE Promotional Offer Our Colorado region is offering a FREE Disaster Recovery Review promotional through June 30, 2009! This review is designed to help the small business better
GAO United States General Accounting Office Report to the Secretary of the Interior July 2001 INFORMATION SECURITY Weak Controls Place Interior s Financial and Other Data at Risk GAO-01-615 United States
Appendix E: DEM Record Recovery Plan From DEM Records Management Policy: A Report of the Records Management Policy Working Group, June 9, 2003. Appendix H - Elements of a Record Recovery Plan This material
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
Business Continuity Planning and Disaster Recovery Planning Ed Crowley IAM/IEM 1 Goals Compare and contrast aspects of business continuity Execute disaster recovery plans and procedures 2 Topics Business
DISASTER RECOVERY PLANNING GUIDE AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING FOR JD EDWARDS SOFTWARE CUSTOMERS www.wts.com WTS Disaster Recovery Planning Guide Page 1 Introduction This guide will provide
University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October
1900 Disaster Recovery Plan for Center Moriches School District Information Technology Operations I. Plan Overview II. Plan Approval III. Disaster Declaration IV. Plan Activation V. Plan Overview, Objectives
Business Continuity Planning for Schools, Departments & Support Units 1 What is Business Continuity Planning? Examples Planning for an adverse, major or catastrophic event that would cause a disruption
RPI Employee s Federal Credit Union Business Continuity/Disaster Recovery Plan January 23, 2012 Purpose and Objectives 2 Disaster Recovery Organizational Structure 3 Appendices: Disaster Recovery Emergency
NASA IV & V ANNUAL WORKSHOP 202 The 4th International Workshop on Independent Verification & Validation of Software Disaster Recovery Planning Divya Krishnamoorthy Mailam Engineering College, Mailam. (Affiliated
EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic
Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
Vermont Division of Emergency Management and Homeland Security Business Disaster Preparedness Workbook Con nuity of Business Planning Each year thousands of businesses and organizations are affected by
Key Steps to a Secure Remote Workforce Telecommuting benefits the employee and the company, the community and the environment. With the right security measures in place, there s no need to delay in creating
Appendix A: Preparedness Checklists 1 Flood Preparedness Checklist The following checklist will help you prepare for how a flood could impact your business and your business continuity and disaster recovery
5-04-25 Adding Communications Network Support to Existing Disaster Recovery Plans Leo A. Wrobel Payoff This article reviews the processes that must be documented in a recovery plan for a company's mission-critical
Local Government Cyber Security: Guidelines for Backing Up Information A Non-Technical Guide Essential for Elected Officials Administrative Officials Business Managers Multi-State Information Sharing and
Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the
Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October
The Optimal Reference Guide: Disaster Prevention and Recovery for School System Technology Extraordinary insight into today s education topics Glynn D. Ligon, Ph.D., ESP Solutions Group Evangelina Mangino,
5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS 1 Introduction As small and mid-sized companies rely more heavily on their computer networks to
Las Vegas Datacenter Overview Product Overview and Data Sheet Product Data Sheet Maintaining a Software as a Service (SaaS) environment with market leading availability and security is something that Active
Essential Records Webinar Session 1 Potential Candidates for Essential Records Status Handout 1.3 Handout 1.3 Potential Candidates for Essential Records Status Table 1: Potential Candidates for Essential
DISASTER RECOVERY PLAN Section 1. Goals of a Disaster Recovery Plan The major goals of a disaster recovery plan are: To minimize interruptions to normal operations. To limit the extent of disruption and
One Stop Data & Networking Solutions PREVENT DATA LOSS WITH REMOTE ONLINE BACKUP SERVICE Prevent Data Loss with Remote Online Backup Service The U.S. National Archives & Records Administration states that
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
HIPAA RISK ASSESSMENT PRACTICE INFORMATION (FILL OUT ONE OF THESE FORMS FOR EACH LOCATION) Practice Name: Address: City, State, Zip: Phone: E-mail: We anticipate that your Meaningful Use training and implementation
Sierra College ADMINISTRATIVE PROCEDURE No. AP 3721 Electronic Information Security and Data Backup Procedures Date Adopted: 4/13/2012 Date Revised: Date Reviewed: References: Health Insurance Portability
OFFICE OF THE STATE AUDITOR Agency: * University Please answer all of the following questions. Where we ask for copies of policies and procedures and other documentation, we would prefer this in electronic
Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions
Financial Services Need More than Just Backup... But they don t need to spend more! axcient.com Introduction Financial institutions need to keep their businesses up and running more than ever now. Considering
10 DATA SECURITY THREATS Your Business Can t Afford to Ignore Your business depends on intelligence, but can you count on your technology? Today, technology plays a vital role in the way you service and
Developed In Conjuction with Business Continuity Glossary ACTIVATION: The implementation of business continuity capabilities, procedures, activities, and plans in response to an emergency or disaster declaration;