Connors State College

Transcription

1 Connors State College Page 1 Connors State College IT Systems Disaster Recovery Plan Connors State College Information Technology Systems

2 Connors State College Page 2 Disclaimer: The techniques for backup and recovery used in this plan do not guarantee zero data loss nor do they guarantee a level of zero downtime. The College Administration and personnel is willing to assume the risk of data loss and the possibility of operating without computing resources for a period of time after a disaster. Data recovery efforts in this plan are targeted at restoring systems to a functional level with the latest available intact backup sources. Significant effort will be made after primary system operation is restored to restore data integrity back to the point immediately prior to the disaster and also to combine that data with any new data collected from the point immediately following the disaster. This plan does not attempt to cover either of these two important aspects of data recovery. Instead, individual users and departments will need to develop their own Disaster Recovery Plans to cope with the unavailability of the computing systems during the restoration phase of this plan and to cope with the potential and unexpected loss of data and computing resources. This plan is a work in progress and is therefore a living document that is updated constantly. Please contact the CSC IT Systems department at it@connorsstate.edu to verify that you are using the most current revision. Connors State College Information Technology Systems

3 Connors State College Page 3 Introduction All Disaster Recovery Plans assume a certain amount of risk. Primarily, this refers to data lost during a disaster. There are compromises between the amount of time, effort, and money spent on the planning and preparation before, during, and after a disaster and the amount of data loss that can be sustained while still remaining operational. Many organizations simply cannot function without computers and the data required for it to be operational. Due to this, their recovery efforts may focus on quick recovery, or possibly even zero downtime, thus resulting in more expenses. Other organizations, however, may be able to accept a reasonable amount of downtime in order to save on expenses while still recovering their data and systems in a reasonable amount of time. And still yet, there are those organizations that cannot afford any type of recovery option. They are relying on their primary equipment and have no plan in place should a disaster occur. It should be noted that few organizations can successfully obtain a level of zero downtime through a disaster and few organizations want to be one that has no plan in place. A compromise of all of the above plans, that is one that provides recovery as quickly and efficiently as possible while keeping recovery costs to a minimum, is one that is desired by our institution. Background Connors State College is a two-year community college offering a variety of college-level courses. Currently Connors State College offers courses to approximately 2,000 students and employs approximately 200 faculty members and support staff. The Connors State College Information Technology Systems staff consists of three individuals: the Director of IT Systems, the Network Administrator, and the Desktop Administrator. These positions are complemented by two part-time positions as well as several student workers at any given time. Other relevant positions are located throughout the College and are very important to the overall success of the Disaster Recovery Plan. CSC Information Technology Systems manages equipment that consists of servers, switches, wireless access points, workstations, security devices, and other equipment. These devices are located across three geographically separated locations: one primary location in Warner, OK and two branch locations in Muskogee, Oklahoma. Connors State College Information Technology Systems

4 Connors State College Page 4 Focus of the Plan The primary focus of this document is to provide a plan to respond to a disaster that severely cripples or possibly destroys the Information Technology Systems infrastructure. The primary intent of this plan is to restore operations to the College as quickly and accurately as possible with the latest and most current data available. Objectives of the Plan 1. Present an orderly course of action for restoring critical computing capability to the affected CSC campus(es) within 14 days of initiation of the plan. 2. Set criteria for making the decision to recover at a cold site or repair the affected site(s). 3. Develop an organizational structure for carrying out the plan including providing information concerning personnel that will be required to carry out the plan and the computing expertise required to completely fulfill the plan. 4. Identify the equipment, floor plan, procedures, and other items necessary for the quickest and most complete data recovery process possible in the given situation. Overview of the Plan Damage Assessment This damage assessment is a preliminary step intended to establish the extent of damage to critical hardware, software, and other relative equipment as well as the facility that houses it. The primary goal is to determine where the recovery should take place and what hardware must be ordered immediately to aid in the recovery process. The recovery personnel should be liberal in their estimate of the time required to repair or replace a damaged resource. They must take into consideration cases where one repair cannot take place concurrently with another repair. This may be due to personnel limitations or perhaps chronological limitations that require one step to be completed before another step is begun. Estimates of repair time should include ordering, shipping, installation, and testing time. In considering the hardware items, we must separate items into two groups. One group will be composed of items that are missing or destroyed, thus termed unsalvageable. The second will be those that are neither missing nor destroyed but may be repaired. These "salvageable" items will have to be evaluated by hardware engineers and repaired as necessary. Based on input from Connors State College Information Technology Systems

5 Connors State College Page 5 this process, the recovery personnel can begin the process of acquiring replacements. With respect to the facility, the evaluation of the damage to the building structure, electrical system, air conditioning, and any other utilities should be conducted. If estimates from this process indicate that a recovery at the original, primary site will require more than 14 days, migration to the cold site is recommended. Personnel Immediately following a disaster, a planned sequence of events begins. Key personnel are notified and the Recovery Team is grouped to implement the plan. Personnel currently employed are listed in the plan. However, the plan has been designed to be usable even if some or all of the personnel are unavailable. In a disaster we must remember that people are our most valuable resource. The recovery personnel at the College who are working to restore the computing systems will likely be working at great personal sacrifice, especially in the early hours and days following a disaster. These personnel may have injuries hampering their physical abilities. The loss or injury of a loved one or coworker may affect their emotional ability. These individuals will most likely have physical needs such as those for food, shelter, and sleep. The College must take special pains to ensure that the recovery workers are provided with resources to meet their physical and emotional needs. This plan calls for the appointment of an individual whose job will be to secure these resources so they can concentrate on the task at hand. Appointment of Recovery Manager The first order of business is to appoint a Recovery Manager. The person most appropriate for this position is the current Director of Information Technology Systems. If, for any reason, the Director is unavailable, the appointment should be made by the Executive Vice President and/or by the President. This person must have information technology management experience and must have signature authority for the expenditures necessary during the recovery process. In any case that an appropriate person to fulfill these duties cannot be found within the institution, an appropriate third-party individual may be hired fulfill these duties. Establish the Recovery Management Site Connors State College Information Technology Systems

6 Connors State College Page 6 The Recovery Management Site is the location from which the disaster recovery process will be initially coordinated. This site may also serve as a longterm recovery coordination site. The Recovery Manager should designate where the Recovery Management Site is to be established. The recommended Recovery Management Site would be the current IT Systems offices where the current data equipment is currently located; however, in the event of a disaster this location may not be available. The next recommended location would be any available location adjacent to the designated recovery site to aid in communication. Salvage Operations at Disaster Site Early efforts of the disaster recovery are targeted at protecting and preserving the computer equipment that was affected. In particular, any sensitive devices such as magnetic storage media (hard drives, magnetic tapes, diskettes) are identified and either protected from the elements or removed to a clean, dry environment away from the Disaster Site. Designate Recovery Site During early operations of the Disaster Recovery Plan a survey of the disaster scene is done by appropriate recovery personnel to estimate the amount of time required to put the current facility and equipment (in this case, the building, utilities, and computing equipment) back into working order. A decision is then made whether to use a cold site. This site would be a location some distance away from the scene of the disaster where computing and networking capabilities can be temporarily restored until the primary site is ready. Most likely, the cold site will be at one of our alternative campus locations as long as it was not affected by the initial disaster. Regardless of whether the current site or a cold site is selected, work will begin almost immediately at repairing or rebuilding any of the damages sustained at the primary site. This repairing and rebuilding process may take months, the details of which are beyond the scope of this document. Purchase New Equipment The recovery process relies heavily upon vendors and our relationship(s) with those vendors to quickly provide replacements for the resources that cannot be salvaged. The College will rely upon emergency procurement procedures that are approved by the College's purchasing office to quickly place orders for equipment, supplies, software, and any other needs necessary for the complete recovery of the computing systems. Begin Reassembly at Recovery Site Connors State College Information Technology Systems

7 Connors State College Page 7 Any and all necessary salvaged and new components are reassembled at the Recovery Site as quickly and accurately as possible. Since all plans of this type are subject to the inherent changes that occur in the computer industry, it may become necessary for recovery personnel to deviate from the plan, especially if the plan has not been properly kept up-to-date. If vendors cannot provide a certain piece of equipment on a timely basis, it may be necessary for the recovery personnel to make last-minute equipment substitutions which may delay the recovery process. Restore Data from Backups Once the equipment reassembly phase is completed, the work turns to concentrate on the data recovery procedures. Data recovery relies entirely upon the use of backups stored in locations off-site from the primary site and possibly any up-to-date data or backups still intact from the initial site. Backups can be in the form of magnetic tape, CDROMs, disk drives, hard drives, and other storage media. Early data recovery efforts focus on restoring the operating system(s) for each computer system. Next, first line recovery of applications and user data from the backup sources or existing, intact primary site storage devices is completed. Individual application owners may need to be involved at this point, so each major application area is reviewed individually to ensure that data is restored properly and completely. Restore Applications Data At this point, the Disaster Recovery Plans for users and departments (e.g., the application owners) must merge with the completion of the Computing Services plan. Since some time may have elapsed between the last and most current off-site backup time and the time of the disaster, application owners must have a way to restore each running application database to the point of the disaster. Application owners must also be able to take all new data collected since the time of the disaster and input it into the application database for a completely up-to-date database. When this process is complete, the College Information Technology Systems division can resume normal operations. Move Back to Restored Permanent Facility If the recovery process was able to be successfully completed at the initial site, then this step may be skipped. If this is true and the process was able to take place at the initial site then it will have already ensured that the computing systems are already located at a site that will provide a long-term location for the permanent installation of the recovered systems. However, if the recovery process has taken place at a cold site, physical restoration of the initial site (or an alternate facility) will have already begun. Connors State College Information Technology Systems

8 Connors State College Page 8 When this facility is ready for occupancy, the systems assembled at the cold site are to be moved back to their permanent, long-term home. This plan does not attempt to address the logistics of this move, which should be vastly less complicated than the work done to do the recovery itself at the cold site. Only let it be said that the move should be done as the plan itself: as quickly, carefully, and accurately as possible. Connors State College Information Technology Systems

9 Connors State College Page 9 Activating the Disaster Recovery Plan The appointment of a Recovery Manager sets the plan into motion. Early steps to take are as follows: 1. The Recovery Manager is to appoint the remaining members of the Recovery Team. This should be done in consultation with remaining members of the Information Technology Systems staff as well as Physical Plant management and staff along with help and approval of the College Administration. 2. The Recovery Manager is to call a meeting of the Recovery Team. The following agenda is suggested for this meeting: a) Each member of the Recovery Team is to be given distinct areas of responsibility and must review the status of these respective areas. b) After this review, the Recovery Team makes the final decision about where the recovery will take place. c) The Recovery Manager briefly reviews the Disaster Recovery Plan with the Recovery Team. d) Any adjustments to the Disaster Recovery Plan to any accommodate special circumstances are to be discussed and decided upon by the Recovery Team. e) Each member of the Recovery Team is charged with fulfilling his/her respective role in the recovery and to begin work as scheduled in the DRP. f) Each member of the Recovery Team is to review the makeup of any jobspecific, sub-categorized Recovery Teams that may need to be created. If an individual, key to a Recovery Team is unavailable, the Recovery Manager, along with the help of the Recovery Team and College Administration, is to assist in locating an individual who has the skills and experience necessary to adequately complete the Recovery Team. This individual may be acquired from outside the College, perhaps from other area computer centers or vendors. g) The next meeting of the Recovery Team is scheduled. It is suggested that the Recovery Team meet at least once each day for the first week of the recovery process. Once the first week is completed, the future frequency of recovery meetings is to be decided by the Recovery Team upon a proper review of the recovery status at that point. 3. The Recovery Team members are to immediately begin the process of contacting any people who will be required to help them fulfill their aspect of the recovery process. Meetings with these other individuals can be scheduled in order to set in motion each sub-categorized part of the recovery. 4. The Physical Plant management representative is responsible for immediately clearing and procuring the recovery location for occupation by the Recovery Team. This includes the immediate relocation of any personnel currently occupying the location. The Physical Plant management representative should be Connors State College Information Technology Systems

10 Connors State College Page 10 given any assistance that is needed in locating basic facilities and equipment for the recovery location. These may include, but are not limited to: a) Office desks, chairs, filing cabinets, etc. b) Telephones, cellular phones, and other communication devices. c) Personal computers. (Pentium 4, 512MB memory, 80.0GB hard drive, 128MB video card, SVGA 17-inch monitor, 56.6K modem, Ethernet card, CDROM drive, 3.5-inch diskette drive, keyboard, mouse, etc.) d) Printers. e) Fax machines. f) Copiers. 5. Communications are critical in the recovery process. As mentioned in section 4 above, these can include analog telephones, cellular phones, or any other type of communication device. Of all communication types, mobile communications will be, perhaps, the most important communication method during the early, if not all, phases of the recovery process. This will provide constant communication between Recovery Team members that can only be obtained through mobile equipment. This equipment requirement can be satisfied through the use of cellular telephones, two-way radios, or other portable electronic communication devices. Physical Plant has two-way radio units available as does the IT Systems department. 6. Once, the Recovery Team is composed, the Recovery Site is ready, and communication between members is intact, the Recovery Team may begin carrying out the Disaster Recovery Plan. Connors State College Information Technology Systems

11 Connors State College Page 11 Disaster Recovery Scenarios Equipment Failure Equipment failures are always a possibility. Having access to equipment replacements in a short amount of time is crucial. Fire There is always a possibility for fire. Usually, this type of disaster results in total devastation. Quick response from the local fire department is crucial. Flood There is always the possibility of a flood. However, in our service areas floods seldom occur. Human Error Human error is always a possibility. Whether this is referring to a software-based or hardware-based error, steps can be made prior to the discovery of an error by re-checking settings and configurations. Lightning The potential for lightning is always high, especially in an area where thunderstorms are prevalent. Lightning not only presents the potential for damaging single pieces of equipment but can also start fires. Power Outage Power outages may occur alone or in combination with any of the scenarios listed here and usually shut the entire campus down. Terrorist Attack Although unlikely, a terrorist attack is still a situation that can occur. This type of scenario can result in many of the other scenarios listed here such as equipment failures, fire, power outage, or theft. Theft This may be the most difficult scenario to plan for but steps can be made to prevent thefts. Tornado Tornados are also rampant in Oklahoma but one has never set down near the College. However, as unlikely as it may seem, a tornado is always perceived as a legitimate threat. However, the devastation involved with a tornado would most likely ensure the total loss of hardware, software, and data on the campus. Malicious Software Any kind of malicious software is always a threat, especially to software installations. Other As always, there are unknown problems that can occur that may disrupt availability of resources. Because of this, we cannot configure a proper step-by-step guide. In this case user discretion will take precedence. Connors State College Information Technology Systems

12 Connors State College Page 12 Disaster Recovery A Step-By-Step Guide Depending on the number of IT Systems employees readily available, multiple steps can be accomplished at the same time. If only one employee is available, however, the steps should be followed in order. If additional employees are available, then each employee moves to the next step and so on until the entire process is completed in order. Note: Do not skip any steps. Throughout all of these scenarios, data and equipment are deemed top priority due to the nature of the recovery process. However, the respect for human life should not be ignored and should be the foremost concern in every individual s mind while completing this process. Data can eventually be replaced but a human life can never be replaced. We do not recommend anyone risking their life or the lives of others to save any data through any of these scenarios. Please use your own judgment while completing these scenarios and protect yourself and others around you from harm. Equipment Failure Fire 1. Contact all IT Systems staff. 2. Determine the significance of the failure and how detrimental it is towards the College. 3. Gather the needed equipment replacements, if available on campus. 4. If equipment is not readily available on campus, check with local vendors to see if the desired equipment is available. 5. If steps 3 and 4 do not gain the equipment needed, check with vendors to obtain equipment and possibly use overnight or same-day shipping service to expedite the order. 6. Contact administration to update them on the incident status and also in order to gain approval to purchase the required equipment. 7. Prepare the site for implementation so equipment can be enabled as soon as possible after arrival. 8. Obtain equipment once it arrives and begin installation procedures. 9. Monitor equipment to ensure successful implementation and avoidance of identical failure. 10. Notify administration of equipment implementation and current incident status. 1. Once fire begins, efforts should be made to contain the fire if possible (i.e. Fire Extinguisher, Fire Blanket, etc. if available). If fire is too large, EVACUATE THE BUILDING. 2. Call local Fire Department to notify them of fire: 1. Muskogee Fire Department Warner Fire Department Connors State College Information Technology Systems

13 Connors State College Page 13 Flood 3. Once the fire has been contained and permission is granted from the Fire Department, visit the location to determine the severity of the fire and the effected equipment. 4. If the fire affected the IT Systems offices, check that the fire-proof safe is intact and able to be retrieved. 5. If step 4 results in the ability to retrieve the safe, verify that the backups are good and verifiable. 6. If step 4 does not result in the ability to retrieve the safe or the fire-proof safe is not intact or available for retrieval, immediately send one member of the IT Systems staff to go to Muskogee to obtain a copy of the required software and paperwork from the safe located in the IT Systems office at the Muskogee Downtown Haskell Building. 7. If any servers or other significant equipment sustained damage and are unrecoverable, utilize the backups present from steps 4 and Backups are contained in the Warner fire-proof safe & also in the Muskogee Downtown Campus safe. 2. Backups are archived every week on Thursday Morning. This archive contains all the daily backups of the week from Thursday, Friday, Saturday, Monday, Tuesday, and Wednesday. 8. Gather the needed equipment replacements, if available on campus. 9. If equipment is not readily available on campus, check with local vendors to see if the desired equipment is available. 10. If steps 3 and 4 do not gain the equipment needed, check with vendors to obtain equipment and possibly use overnight or same-day shipping service to expedite the order. 11. Contact administration to update them on the incident status and also in order to gain approval to purchase the required equipment. 12. Prepare the site for implementation so equipment can be enabled as soon as possible after arrival. 13. Obtain equipment once it arrives and begin installation procedures. 14. Monitor equipment to ensure successful implementation and avoidance of identical failure. 15. Notify administration of equipment implementation and current incident status. 16. If the fire existed in the IT Systems offices and a temporary location has been used to setup the existing equipment, begin making plans to move the equipment to its new, eventual permanent location. 1. In the event of a potential flood, monitor the weather (flood warnings, flash flood warnings, etc.) and notify all IT Systems staff of the potential for flood. 2. Since our internet connection enters the campus through the library and our data storage is located in our IT Systems offices, determine if the library or IT offices are vulnerable to the flood. These two buildings are Connors State College Information Technology Systems

14 Connors State College Page 14 top priority. Gatlin Hall is secondary priority with other buildings following thereafter. 3. If any building, other than the priority buildings are in danger, and the priority buildings themselves are safe, steps should be made to protect the equipment on these buildings as noted in steps 4 through If any of these buildings are found to be vulnerable then steps must be made to preempt the flood and shut power down to the endangered equipment or possibly to the entire building before the water comes into contact with any electrical connections. 5. If step four results in the necessity to shut down power to the IT Systems offices or the library equipment, please see the Power Outage section below for detailed instructions. 6. If the water is in danger of reaching any equipment on the first floors of the library or IT Systems offices, the endangered equipment must be moved onto desks at least feet above the ground. 7. If there is any evidence that the water may overtake a building or any endangered equipment, evacuation of the equipment is a priority, however, if evacuation cannot take place, move the equipment to the highest safe point in the building. 8. Once the equipment is safe in all affected buildings, monitor the weather to verify when the water will recede. 9. Once the water recedes, work with cleaning crews to ascertain the steps needed to move the equipment back to its original location and restore power to the buildings affected. If the original location cannot be used, determine the new location where the equipment will reside. Human Error 1. Contact all IT Systems staff and notify them of the extent of the error. 2. Determine the significance of the failure and how detrimental it is towards the College. 3. Determine if any equipment replacements are required. If so, go to step 4. If not, go to step Gather the needed equipment replacements, if available on campus. 5. If equipment is not readily available on campus, check with local vendors to see if the desired equipment is available. 6. If steps 3 and 4 do not gain the equipment needed, check with vendors to obtain equipment and possibly use overnight or same-day shipping service to expedite the order. 7. Contact administration to update them on the incident status and also in order to gain approval to purchase the required equipment. 8. Prepare the site for implementation so equipment can be enabled as soon as possible after arrival. 9. Obtain equipment once it arrives and begin installation procedures. 10. Monitor equipment to ensure successful implementation and avoidance of identical failure. Go to step 13. Connors State College Information Technology Systems

15 Connors State College Page Resolve the human error as quickly as possible, using any available resources. 12. Notify administration of equipment implementation and current incident status. Lightning 1. Determine the location that the lightning struck. 2. Determine if any PCs at this location have suffered a surge and if any equipment failures are present. 3. If there is affected equipment present and they have possible hardware failures, see Equipment Failure scenario. 4. If there is a fire present please see the Fire scenario. 5. If everything at the affected location is in working order, begin checking (and possibly replacing) the surge protectors near the affected area. 6. Scan the remainder of the campus to verify that no other areas were affected by the lightning. Malicious Software 1. Contact all IT Systems staff. 2. Determine the significance of the infection and how detrimental it is towards the College. 3. Quarantine the affected equipment to prevent spreading the malicious software. 4. If multiple machines are found to be affected then quarantine them, if possible. 5. If quarantine is not possible, then ascertain what kind of malicious software is present. 6. If the software is being used to harm another entity outside of the College, then internet access may be shut off to the affected equipment, or even the entire campus prevent the attack from happening to the outside entity. 7. If the software is being used to harm equipment within the College, then internet access may also need to be shut off to the affected equipment, or even the entire campus to prevent the attack from continuing. 8. Once the affected equipment is essentially quarantined, clean the affected equipment. 9. Continually scan the network for traces of the malicious software. 10. Once the network is found to be clean, allow the affected equipment to be added back to the network. 11. Monitor the network closely for the next 24 hours and if any other traces are found of the malicious software, repeat this scenario again. 12. If, at any point, a data server is compromised, affected, or attacked, internet access to the College will be immediately severed and cleaning procedures will begin to rid the data server of the malicious software. 13. If a data server is compromised beyond repair, the equipment will be Connors State College Information Technology Systems

16 Connors State College Page 16 wiped and a new install will be made from a clean backup which will be verified by scanning this backup before implementing it. 14. Notify administration of the current incident status. Power Outage 1. Notify any and all IT Systems employees of the power outage. 2. All IT Systems employees must report to the first floor of our office building to begin the power outage shutdown process. Each employee receives a flashlight for working in the dark. 3. Power down equipment in the IT Systems offices. 1. Power down the data servers individually in the IT Systems offices. 2. Power down the phone system servers in the IT Systems offices. 3. Power down the core switch downstairs from the IT Systems offices. 4. Power down equipment in the Library. 1. Power down the CSC equipment in the OneNet room. 2. Do not turn off the OneNet equipment. 5. Power down equipment in Gatlin Hall. 1. Power down the switches linking the core offices in the IT Helpdesk room. 6. Contact Administration, Maintenance, and other departments if necessary to notify them of the power outage and its effect on the campus computing environment. 7. Once power is restored, restore power to the equipment in reverse order. 8. Power up equipment in the Library. 1. Power up the CSC equipment in the OneNet room. 2. Verify that the OneNet equipment is operational. 9. Power up equipment in the IT Systems offices. 1. Power up the core switch downstairs from the IT Systems offices. 2. Power up the data servers individually in the IT Systems offices. 3. Power up the phone system servers in the IT Systems offices. 10. Power up equipment in Gatlin Hall. 1. Power up the switches linking the core offices in the IT Helpdesk room. 11. Verify connectivity across campus. Terrorist Attack 1. At any point through a potential terrorist attack, abiding by the rules and advice of local law enforcement is crucial and should be regarded as top priority. This guide should only be followed if recommended by law enforcement and as long as the process does not endanger any lives. 2. In the event of a potential terrorist attack, report the incident to local police and College administration and notify all IT Systems staff of the current status of the College. 3. Continually monitor the local news for updates. Connors State College Information Technology Systems

17 Connors State College Page 17 Theft 4. Since our internet connection enters the campus through the library and our data storage is located in our IT Systems offices, determine if the library or IT Systems offices are vulnerable. These two buildings are top priority. Gatlin Hall is secondary priority with other buildings following thereafter. 5. If any building, other than the priority buildings are in danger, and the priority buildings themselves are safe, steps should be made to protect the equipment in these buildings as noted in steps 4 through If any of these buildings are found to be vulnerable then steps must be made to preempt the attack and lock down the endangered equipment or possibly shut down power to the entire building. 7. If a building must be locked down, we shall do so remotely and cycle all passwords to a value agreed upon by a majority of the members of the disaster recovery group at that time. 8. If any of the priority buildings are in danger, the buildings are to be immediately locked down locally, if possible, or remotely. 9. Once the equipment is safe in all affected buildings, monitor the current status of the situation. 10. Once the incident is resolved, work with local law enforcement to ascertain the steps needed to return all equipment back on and powered up to its original status. 1. Report theft of equipment to local police and College administration. 1. Muskogee Police Department Warner Police Department Place an incident report with Oklahoma OSF (Office of State Finance) on their Cyber Security Portal. 3. Inventory all details of the equipment, specifically, where the equipment was last located, the last person to use the equipment, and any specific identifying information (S/N, CSC#, Make, Model, etc.). 4. Maintain contact with local law enforcement and CSC administration to provide more information if needed. Tornado 1. In the event of a potential tornado, monitor the weather and notify all IT Systems staff of the potential for a tornado. 2. Secure all data backups in the safe. 3. Take cover in the lowest, interior area of the building you are in. 4. Once tornado has passed, assess damages to the campus buildings. 5. Since our internet connection enters the campus through the library and our data storage is located in our IT Systems offices, determine if the library or IT Systems offices and equipment are intact. These two buildings are top priority. Gatlin Hall is secondary priority with other Connors State College Information Technology Systems

18 Connors State College Page 18 buildings following thereafter. 6. If any building, other than the priority buildings are affected, and the priority buildings themselves are intact, steps should be made to begin the recovery process for these buildings. 7. If the priority buildings are affected, 8. Once the tornados dissipate, work with cleaning crews to ascertain the steps needed to move the equipment back to its original location and restore power to the buildings affected. Connors State College Information Technology Systems

19 Connors State College Page 19 Other Important Information: A copy of this plan will be located in the following areas: o Warner Campus, IT Systems Director s Office, Floor Safe o Warner Campus, President s Office o Warner Campus, Maintenance Office o Muskogee Campus, IT Systems Office, Floor Safe CSC IT Systems Full-Time Staff: o Heath Hodges, Director of IT Systems heathah@connorsstate.edu o Kevin Isom, Network Administrator kevinwi@connorsstate.edu o Neil Myers, Desktop Administrator cecilnm@connorsstate.edu CSC Maintenance: o Dale Berry, Director of Physical Plant kberry@connorsstate.edu o Larry Todd, Supervisor Custodians, Maintenance ltodd@connorsstate.edu CSC Administration: o Dr. Donnie Nero, President ndonnie@connorsstate.edu o Dr. JoLynn Digranes, Executive Vice President jdigran@connorsstate.edu Connors State College Information Technology Systems

20 Connors State College Page 20 Other Important Information (Continued): Connors State College, Warner Campus RR 1 Box 1000 Warner, OK Connors State College, Muskogee Downtown Campus 201 Court St. Muskogee, OK Connors State College, Muskogee Three Rivers Port Campus 2501 N. 41 st St. East Muskogee, OK Connors State College Information Technology Systems

21 Connors State College Page 21 Resources: NIST Special Publication SANS Institute Disaster Recovery: Survivability and Security Oklahoma State University Policies and procedures University of Arkansas Policies and Procedures Connors State College Information Technology Systems

22 Connors State College Page 22 The CSC IT Systems department strives to serve the Connors State College faculty, staff, and students by modifying this Disaster Recovery Plan as often as possible and also as quickly as possible when significant information within the plan changes. We apologize for any incorrect data that may have been inadvertently provided. Suggestions for improvement and notifications of incorrect data are always welcome and encouraged. These can be sent to our staff via Thank you. CSC IT Systems Connors State College Information Technology Systems