Your Company s Business Continuity Plan

Transcription

1 Yur Cmpany s Business Cntinuity Plan Prepared by: Mike Ward, CBCP Rel. 1 Ver. 1 <Date> All rights reserved, 2013, Green Clud Technlgies CONTENTS

2 EMERGENCY NOTIFICATION CONTACTS... 2 <COMPANY> POLICY... 4 OFFICE LOCATIONS... 5 INSTRUCTIONS FOR USING THE BUSINESS CONTINUITY PLAN... 6 EXECUTING THE PLAN... 6 SBD DECLARATION... 6 EMERGENCY MANAGEMENT STANDARDS... 7 DATA BACKUP POLICY... 7 DATA BACK-UP AND RECOVERY (HARD COPY AND ELECTRONIC)... 7 SERVER RECOVERY MANAGEMENT... 7 EMERGENCY MANAGEMENT PROCEDURES... 8 ALTERNATIVE LOCATION(S) OF EMPLOYEES... 8 NATURAL DISASTER... 9 FIRE FLOOD OR WATER DAMAGE NETWORK SERVICES PROVIDER OUTAGE PLAN REVIEW AND MAINTENANCE ALERT/VERIFICATION/DECLARATION PHASE PLAN CHECKLISTS FLOW DIAGRAMS DISASTER DECLARED MOBILIZE INCIDENT RESPONSE/TECHNICAL SERVICES TEAMS/REPORT TO COMMAND CENTER CONDUCT DETAILED DAMAGE ASSESSMENT BUSINESS RECOVERY PHASE APPENDIXES APPENDIX A: <COMPANY> RECOVERY TEAMS APPENDIX B: EMERGENCY NUMBERS APPENDIX C: BUILDING EVACUATION INFORMATION APPENDIX D: INVENTORY OF PRIMARY EQUIPMENT AND NETWORK SERVICES APPENDIX E: INVENTORY OF BACKUP EQUIPMENT AND SYSTEMS APPENDIX F: FORMS APPENDIX G: DISASTER RECOVERY FROM GREEN CLOUD TECHNOLOGIES Revisins Cntrl Page 1 Rel. 1, Ver. 1 <Date>

3 Date Summary f changes made Changes made by (Name) EMERGENCY NOTIFICATION CONTACTS 2 Rel. 1, Ver. 1 <Date>

4 Each emergency cntact persn must be an assciated persn f the firm, and at least ne emergency cntact persn must be a member f senir management and a registered principal f the firm. If yur firm designates a secnd emergency cntact persn wh is nt a registered principal f yur firm, then that cntact persn must be a member f senir management wh has knwledge f the firm s business peratins. If yur firm has nly ne assciated persn, the secnd emergency cntact must be an individual, either registered with anther firm r nn-registered, wh has knwledge f yur firm s business peratins (e.g., yur firm s attrney, accuntant r clearing firm cntact persn). <Cmpany> Name Address Mbile Third-Party Cntacts Name Address Mbile *Nte: Full emergency cntact listing in Appendix A. 3 Rel. 1, Ver. 1 <Date>

5 <COMPANY> POLICY Our firm s plicy is t respnd t a Significant Business Disruptin (SBD) by safeguarding emplyees lives and firm prperty, making a financial and peratinal assessment, quickly recvering and resuming peratins, prtecting all f the firm s bks and recrds, and allwing ur custmers t transact business. The plan identifies vulnerabilities and recmmends necessary measures t prevent extended vice cmmunicatins service utages. It is a plan that encmpasses all <Cmpany> system sites and peratins facilities. SIGNIFICANT BUSINESS DISRUPTIONS (SBDS) Our plan anticipates tw kinds f SBDs, internal and external. Internal SBDs affect nly ur firm s ability t cmmunicate and d business, such as a fire in ur building. External SBDs prevent the peratin f the securities markets r a number f firms, such as a terrrist attack, a city fld, r a wide-scale, reginal disruptin. Our respnse t an external SBD relies mre heavily n ther rganizatins and systems, especially n the capabilities f ur clearing firm. APPROVAL AND EXECUTION AUTHORITY is respnsible fr apprving the plan and fr cnducting the Name Title required annual review. Name Title has the authrity t execute this BCP. PLAN LOCATION AND ACCESS Our firm will maintain cpies f its BCP plan and the annual reviews, and the changes that have been made t it fr inspectin. An electrnic cpy f ur plan is lcated: In ur Green Clud Virtual Meeting Rm: <GC Meeting Rm> 4 Rel. 1, Ver. 1 <Date>

6 OFFICE LOCATIONS OFFICE LOCATION #1 Lcatin Address: Primary Cntact: Telephne Number: Primary Functin: (i.e. call center, headquarters) OFFICE LOCATION #2 Lcatin Address: Primary Cntact: Telephne Number: Primary Functin: (i.e. call center, headquarters) OFFICE LOCATION #3 Lcatin Address: Primary Cntact: Telephne Number: Primary Functin: (i.e. call center, headquarters) 5 Rel. 1, Ver. 1 <Date>

7 INSTRUCTIONS FOR USING THE BUSINESS CONTINUITY PLAN EXECUTING THE PLAN This plan becmes effective when a SBD ccurs. Nrmal prblem management prcedures will initiate the plan, and remain in effect until peratins are resumed at the riginal lcatin r a replacement lcatin and cntrl is returned t the apprpriate functinal management. SBD DECLARATION The senir management team will be respnsible fr declaring a disaster and activating the varius recvery teams as utlined in this plan, with input frm: Emergency management Team (EMT) Disaster recvery team (DRT) IT technical services (IT) *Nte: Full cntact infrmatin listed in Appendix A. In a majr disaster situatin affecting multiple business units, the decisin t declare a disaster will be determined by <Cmpany> senir management. The EMT and DRT will respnd based n the directives specified by senir management. 6 Rel. 1, Ver. 1 <Date>

8 EMERGENCY MANAGEMENT STANDARDS DATA BACKUP POLICY Full and incremental backups preserve crprate infrmatin assets and shuld be perfrmed n a regular basis fr audit lgs and files that are irreplaceable, have a high replacement cst, r are cnsidered critical. Backup media shuld be stred in a secure, gegraphically separate lcatin frm the riginal and islated frm envirnmental hazards. Department-specific data and dcument retentin plicies specify what recrds must be retained and fr hw lng. All rganizatins are accuntable fr carrying ut the prvisins f the instructin fr recrds in their rganizatin. DATA BACK-UP AND RECOVERY (HARD COPY AND ELECTRONIC) Our firm maintains its primary hard cpy bks and recrds and its electrnic recrds at: Our IT Team (see Appendix A) is respnsible fr the maintenance f these bks and recrds. Our firm maintains the fllwing dcument types and frms that are nt transmitted t ur clearing firm: Our firm maintains its back-up hard cpy bks and electrnics recrds at: SERVER RECOVERY MANAGEMENT RECOVERY OF SERVERS MANAGED BY GREEN CLOUD TECHNOLOGIES <Cmpany> has acquired Disaster Recvery service frm Green Clud Technlgies. This service has been retained fr the servers listed in Appendix G. Refer t Appendix G fr details n server recvery. RECOVERY OF SERVERS MANAGED BY <COMPANY> Refer t Appendix D and E fr inventry f server equipment and backup equipment. Refer the Business Recvery Phase prtin f this dcument fr details n server recvery. In the event f an internal r external SBD that causes the lss f ur paper recrds, we will physically recver them frm ur back-up site. If ur primary site is inperable, we will cntinue peratins frm ur back-up site r an alternate lcatin. Fr the lss f electrnic recrds, we will either physically recver the strage media r electrnically recver data frm ur back-up site, r, if ur primary site is inperable, cntinue peratins frm ur back-up site r an alternate lcatin. 7 Rel. 1, Ver. 1 <Date>

9 EMERGENCY MANAGEMENT PROCEDURES The fllwing prcedures are t be fllwed by system peratins persnnel and ther designated <Cmpany> persnnel in the event f an emergency. Where uncertainty exists, the mre reactive actin shuld be fllwed t prvide maximum prtectin and persnnel safety. In the event f any situatin where access t a building husing a system is denied, persnnel shuld reprt t alternate lcatins. Primary and secndary lcatins are listed belw. ALTERNATIVE LOCATION(S) OF EMPLOYEES In the event f an SBD, we will mve ur staff frm affected ffice(s) t the clsest f ur unaffected ffice lcatin(s). If nne f ur ther ffice lcatins is available t receive thse staff, we will mve them t: ALTERNATE PHYSICAL LOCATION 1: Lcatin Name: Lcatin Address: Telephne Number: ALTERNATE PHYSICAL LOCATION 2: Lcatin Name: Lcatin Address: Telephne Number: ALTERNATE VIRTUAL LOCATION : In the event f an SBD, we can deply a virtual meeting lcatin lcated at: <GC Meeting Rm> 8 Rel. 1, Ver. 1 <Date>

10 NATURAL DISASTER In the event f a majr catastrphe affecting <Cmpany> facility, fllw the guidelines and prcedures in this sectin. STEP 1: STEP 2: Ntify EMT and DRT f pending event, if time permits. If the impending natural disaster can be tracked, begin preparatin f site within 48 hurs as needed: Deply prtable generatrs with fuel within 100 miles. Deply supprt persnnel, twer crews, and engineering within 100 miles. Deply tractr trailers with replacement wrk space, antennas, pwer, cmputers and phnes. Facilities department n standby fr replacement shelters Basic necessities are acquired by supprt persnnel when deplyed Cash fr ne week Fd and water fr ne week Gasline and ther fuels Supplies, including chainsaws, batteries, rpe, flashlights, medical supplies, etc. STEP 3: 24 hurs prir t event: Create an image f the system and files Back up critical system elements Verify backup generatr fuel status and peratin Create backups f , file servers, etc. Fuel vehicles and emergency trailers Ntify senir management 9 Rel. 1, Ver. 1 <Date>

11 FIRE If fire r smke is present in the facility, evaluate the situatin, determine the severity, categrize the fire as majr r minr and take the apprpriate actin as defined in this sectin. Call as sn as pssible if the situatin warrants it. Persnnel are t attempt t extinguish minr fires (e.g., single hardware cmpnent r paper fires) using hand-held fire extinguishers lcated thrughut the facility. Any ther fire r smke situatin will be handled by qualified building persnnel until the lcal fire department arrives. In the event f a majr fire, call and immediately evacuate the area. In the event f any emergency situatin, system security, site security and persnal safety are the majr cncerns. If pssible, the peratins supervisr shuld remain present at the facility until the fire department has arrived. In the event f a majr catastrphe affecting the facility, immediately ntify senir management. STEP 1: STEP 2: Dial t cntact the fire department. Immediately ntify all ther persnnel in the facility f the situatin and evacuate the area. STEP 3: Alert emergency persnnel. Prvide them with yur name, extensin where yu can be reached, building and rm number, and the nature f the emergency. Fllw all instructins given. STEP 4: STEP 5: STEP 6: STEP 7: Alert the EMT and DRT. Nte: During nn-staffed hurs, security persnnel will ntify the Senir Executive respnsible fr the lcatin directly. Ntify Building Security. Lcal security persnnel will establish security at the lcatin and nt allw access t the site unless ntified by the Senir Executive r his/her designated representative. Cntact apprpriate vendr persnnel t aid in the decisin regarding the prtectin f equipment if time and circumstance permit. All persnnel evacuating the facilities will meet at their assigned utside lcatin (assembly pint) and fllw instructins given by the designed authrity. Under n circumstances may any persnnel leave withut the cnsent f supervisin. 10 Rel. 1, Ver. 1 <Date>

12 FLOOD OR WATER DAMAGE In the event f a fld r brken water pipe within any cmputing facilities, fllw the guidelines and prcedures in this sectin. STEP 1: STEP 2: STEP 3: Assess the situatin and determine if utside assistance is needed; if this is the case, dial immediately. Immediately ntify all ther persnnel in the facility f the situatin and be prepared t cease vice peratins accrdingly. Water detected belw the raised flr may have different causes: If water is slwly dripping frm an air cnditining unit and nt endangering equipment, cntact repair persnnel immediately. If water is f a majr quantity and flding beneath the flr (water main break), immediately implement pwer-dwn prcedures. While pwer-dwn prcedures are in prgress, evacuate the area and fllw management s instructins. NETWORK SERVICES PROVIDER OUTAGE In the event f a netwrk service prvider utage t any lcatin, fllw the guidelines and prcedures in this sectin. STEP 1: STEP 2: Ntify senir management f utage. Determine cause f utage and timeframe fr its recvery. If utage will be greater than ne hur, rute all calls via alternate services. If it is a majr utage and all carriers are dwn and dwntime will be greater than 12 hurs, deply alternate cmmunicatins plan, if available. 11 Rel. 1, Ver. 1 <Date>

13 PLAN REVIEW AND MAINTENANCE This plan must be reviewed semiannually and exercised n an annual basis. The test may be in the frm f a walk-thrugh, mck disaster, r cmpnent testing. Additinally, with the dynamic envirnment present within <Cmpany>, it is imprtant t review the listing f persnnel and phne numbers cntained within the plan regularly. The hard-cpy versin f the plan will be stred in a cmmn lcatin where it can be viewed by site persnnel and the EMT and DRT. Electrnic versins will be available via <Cmpany> netwrk resurces as prvided by IT. Each recvery team will have its wn directry with change management limited t the recvery plan crdinatr. GREEN CLOUD ANNUAL CHECK-UP & ONGOING RESTORAL TESTING Green Clud will schedule an annual check-up f yur virtual server envirnment including a mck server restratin exercise. Changes r updates discvered in ur test restratin will be dcumented in this Plan. 12 Rel. 1, Ver. 1 <Date>

14 ALERT/VERIFICATION/DECLARATION PHASE PLAN CHECKLISTS Respnse and recvery checklists and plan flw diagrams are presented in the fllwing tw sectins. The checklists and flw diagrams may be used by IT members as "quick references" when implementing the plan r fr training purpses. Initials Task t be cmpleted 13 Rel. 1, Ver. 1 <Date>

15 FLOW DIAGRAMS 1. PROVIDE STATUS TO EMT AND DRT Cntact EMT and/r DRT and prvide the fllwing infrmatin when any f the fllwing cnditins exist: (See Appendix A fr cntact list.) Tw r mre facilities are dwn cncurrently fr three r mre hurs. Any prblem at any system r lcatin that wuld cause the abve cnditin t be present r there is certain indicatin that the abve cnditin is abut t ccur. The EMT will prvide the fllwing infrmatin: Lcatin f disaster Type f disaster (e.g., fire, hurricane, fld) Summarize the damage (e.g., minimal, heavy, ttal destructin) Meeting lcatin that is a safe distance frm the disaster scene An estimated timeframe f when a damage assessment grup can enter the facility (if pssible) 14 Rel. 1, Ver. 1 <Date>

16 The EMT will cntact the respective market team leader and reprt that a disaster invlving vice cmmunicatins has taken place. The EMT and/r DRT will cntact the respective <Cmpany> team leader and reprt that a disaster has taken place. 2. DECIDE COURSE OF ACTION Based n the infrmatin btained, the EMT and/r DRT need t decide hw t respnd t the event: mbilize IT, repair/rebuild existing site (s) with lcatin staff, r relcate t a new facility. 3. INFORM TEAM MEMBERS OF DECISION a) If a disaster is nt declared, the lcatin respnse team will cntinue t address and manage the situatin thrugh its reslutin and prvide peridic status updates t the EMT/DRT. b) If a disaster is declared, the EMT and/r DRT will ntify IT Tech Services immediately fr deplyment. c) Declare a disaster if the situatin is nt likely t be reslved within predefined time frames. The persn wh is authrized t declare a disaster must als have at least ne backup persn wh is als authrized t declare a disaster in the event the primary persn is unavailable. 4. CONTACT GENERAL VENDORS (SEE APPENDIX B) 15 Rel. 1, Ver. 1 <Date>

17 DISASTER DECLARED MOBILIZE INCIDENT RESPONSE/TECHNICAL SERVICES TEAMS/REPORT TO COMMAND CENTER Once a disaster is declared, the DRT is mbilized. This team will initiate and crdinate the apprpriate recvery actins. Members assemble at the designated lcatin as quickly as pssible. See Emergency Management Standards fr emergency lcatins. CONDUCT DETAILED DAMAGE ASSESSMENT 1. Under the directin f lcal authrities and/r EMT/DRT, assess the damage t the affected lcatin and/r assets. Include vendrs/prviders f installed equipment t ensure that their expert pinin regarding the cnditin f the equipment is determined ASAP. A. Participate in a briefing n assessment requirements, reviewing: (1) Assessment prcedures (2) Gather requirements (3) Safety and security issues B. Cnduct an n-site inspectin f affected areas t assess damage t essential hardcpy recrds (files, manuals, cntracts, dcumentatin, etc.) and electrnic data. C. Obtain infrmatin regarding damage t the facility (s) (e.g., envirnmental cnditins, physical structure integrity, furniture, and fixtures) frm the DRT. D. Dcument assessment results 2. Develp a restratin pririty list, identifying facilities, vital recrds and equipment needed fr resumptin activities that culd be peratinally restred and retrieved quickly. 3. Recmmendatins fr required resurces. 16 Rel. 1, Ver. 1 <Date>

18 BUSINESS RECOVERY PHASE This sectin dcuments the steps necessary t activate business recvery plans t supprt full restratin f systems r facility functinality at an alternate/recvery site that wuld be used fr an extended perid f time. Crdinate resurces t recnstruct business peratins at the temprary/permanent system lcatin, and t deactivate recvery teams upn return t nrmal business peratins. 1. <COMPANY> SYSTEM AND FACILITY OPERATION REQUIREMENTS The system and facility cnfiguratins fr each lcatin are imprtant t re-establish nrmal peratins. 2. NOTIFY IT STAFF/COORDINATE RELOCATION TO NEW FACILITY See Appendix A fr IT staff assciated with a new lcatin being set up as a permanent lcatin (replacement fr site). 3. SECURE FUNDING FOR RELOCATION Make arrangements in advance with suitable backup lcatin resurces. Make arrangements in advance with lcal banks, credit card cmpanies, htels, ffice suppliers, fd suppliers and thers fr emergency supprt. 4. NOTIFY EMT AND CORPORATE BUSINESS UNITS OF RECOVERY STARTUP Using the call list in Appendix A, ntify the apprpriate cmpany persnnel. Infrm them f any changes t prcesses r prcedures, cntact infrmatin, hurs f peratin, etc. (This may be used fr media infrmatin.) 5. OPERATIONS RECOVERED Assuming all relevant peratins have been recvered t an alternate site, and emplyees are in place t supprt peratins, the cmpany can declare that it is functining in a nrmal manner at the recvery lcatin. 17 Rel. 1, Ver. 1 <Date>

19 APPENDIXES APPENDIX A: <COMPANY> RECOVERY TEAMS EMERGENCY MANAGEMENT TEAM (EMT) Respnsible fr verall crdinatin f the disaster recvery effrt; evaluatin and determining disaster declaratin; and cmmunicatins with senir management. Suggested members t include: senir management, human resurces, crprate public relatins, legal, IT services, risk management and peratins. Name Address Hme Mbile/Cell Phne DISASTER RECOVERY TEAM (DRT) Respnsible fr verall crdinatin f the disaster recvery effrt; establishment f the emergency cmmand area; and cmmunicatins with senir management and the EMT. Name Address Hme Mbile/Cell Phne 18 Rel. 1, Ver. 1 <Date>

20 IT TECHNICAL SERVICES (IT) Respnsible fr IT will facilitate technlgy restratin activities. Name Address Hme Mbile/Cell Phne Green Clud Technlgies Supprt 115 N. Brwn Street. Greenville, SC Rel. 1, Ver. 1 <Date>

21 APPENDIX B: EMERGENCY NUMBERS FIRST RESPONDERS, PUBLIC UTILITY COMPANIES, OTHERS Cmpany Name Cntact Wrk Mbile/Cell Phne SERVER AND COMPUTER EQUIPMENT SUPPLIERS Cmpany Name Cntact Wrk Mbile/Cell Phne Green Clud Technlgies Supprt 115 N. Brwn Street. Greenville, SC COMMUNICATIONS AND NETWORK SERVICES SUPPLIERS Cmpany Name Cntact Wrk Mbile/Cell Phne 20 Rel. 1, Ver. 1 <Date>

22 APPENDIX C: BUILDING EVACUATION INFORMATION Attach cpy f evacuatin plan here. 21 Rel. 1, Ver. 1 <Date>

23 APPENDIX D: INVENTORY OF PRIMARY EQUIPMENT AND NETWORK SERVICES Equipment Type Lcatin Equipment Purpse Persn(s) Respnsible Cntact # Vendr Infrmatin 22 Rel. 1, Ver. 1 <Date>

24 APPENDIX E: INVENTORY OF BACKUP EQUIPMENT AND SYSTEMS Equipment Type Lcatin Equipment Purpse Persn(s) Respnsible Cntact # Vendr Infrmatin 23 Rel. 1, Ver. 1 <Date>

25 APPENDIX F: FORMS INCIDENT/DISASTER FORM Upn ntificatin f an incident/disaster situatin the n-duty persnnel will make the initial entries int this frm. It will then be frwarded t the ECC, where it will be cntinually updated. This dcument will be the running lg until the incident/disaster has ended and nrmal business has resumed. TIME AND DATE: TYPE OF SBD: BUILDING ACCESS ISSUES: PROJECTED IMPACT TO OPERATIONS: RUNNING LOG (nging events) 24 Rel. 1, Ver. 1 <Date>

26 CRITICAL EQUIPMENT STATUS FORM Recvery team: 1. Equipment Cnditin Salvage Cmments Legend Cnditin: OK - Undamaged DBU - Damaged, but usable DS - Damaged, requires salvage befre use D - Destryed, requires recnstructin 25 Rel. 1, Ver. 1 <Date>

27 APPENDIX G: DISASTER RECOVERY FROM GREEN CLOUD TECHNOLOGIES This appendix dcuments the restral prcess prvided by Green Clud Technlgies and the prcedures t initiate a server recvery. COMMUNICATION Custmer will cntact Green Clud Operatins via telephne t ntify that a server recvery is needed. The Operatins team is accessible at , ptin 1. Green Clud Operatins is staffed 7am-7pm Mnday thrugh Friday, with 24/7 n-call supprt Saturday, Sunday and after hurs Upn cntact, Green Clud Operatins will refer pints f cntact t designated cnference bridge fr exchange f dcumentatin, transfer f infrmatin, and status updates SERVERS The fllwing servers are cvered (included) in the Green Clud Disaster Recvery plan. Any additinal machines r devices nt listed are implicitly excluded frm the plan. Per discvery, it s understd that the servers are t be restred in the fllwing rder, each within the prvided timeframes: DOMAIN CONTROLLER 2 hurs TERMINAL SERVICES 2 hurs EXCHANGE 2 hurs WEB 2 hurs NOTE: During the restral prcess, the fllwing services/applicatins will be disabled t speed up the recvery: Third party virus prtectin Lcal backup services CUSTOMER REQUIREMENTS Per discvery, the custmer will need t fulfill the fllwing requirements t assist in the speed t recvery in the event f a disaster: Prvide lcal user accunts fr each member server f the dmain Prvide new netwrk infrmatin in the event that a VPN cnnectin is required t the restred VM infrastructure NETWORK During the cmmunicatin f the disaster event, it shuld be relayed t Green Clud if there need t be accmmdatins fr lng term access t the Virtual Machine envirnment (e.g. virtual private netwrking). By default, the abve servers will be made accessible via Remte Desktp Prtcl (RDP) nly. 26 Rel. 1, Ver. 1 <Date>

28 RESTORAL As part f the Disaster Recvery service, the restred Virtual Machine(s) will be available in the Green Clud infrastructure fr a perid f 10 business days, after which Virtual Server services will cmmence and becme billable. During this time, shuld the custmer wish t migrate the restred Virtual Machine(s), a VMDK image file will be prvided fr each server requested. 27 Rel. 1, Ver. 1 <Date>