Adding Communications Network Support to Existing Disaster Recovery Plans Leo A. Wrobel

Size: px
Start display at page:

Download "5-04-25 Adding Communications Network Support to Existing Disaster Recovery Plans Leo A. Wrobel"

Transcription

1 Adding Communications Network Support to Existing Disaster Recovery Plans Leo A. Wrobel Payoff This article reviews the processes that must be documented in a recovery plan for a company's mission-critical communications networks. Policies and procedures help ensure network integrity and prevent disasters. The emphasis is on ensuring continuity between IS, facilities management, LAN management, and other departments, so that a plan can be executed flawlessly. Introduction A broad-based business recovery plan must address three critical components: physical space for employees, connection to data processing systems essential to the conduct of core business operations, and telecommunications facilities that turn these data processing systems into revenue generators for the company. There are several ways to dovetail communications systems into an organization's existing disaster recovery plan for its mainframe computer room. Phase 1: Business Risk Analysis What the Organization Needs to Protect and Why This first phase involves preliminary identification of mission-critical communications systems. It may be necessary to run a series of executives interviews within the company to identify core business systems as well as the communications systems that support those activities. Examples include inbound call centers, customer service lines, engineering or R departments, sales departments, and divisions involved in financial filings for the company. Management may need to be convinced that recovery planning for the communications network is an important and essential component of the overall business recovery plan. A helpful technique is to draft a white paper assessing the risks to the company and presenting them in nontechnical language that management can understand. To be most effective, a white paper to management should outline the big four areas in which communications systems disruptions cause a loss to the company. These include: Lost sales. Lost market share. Lost customer confidence. Loss of productivity. These are all things management can understand and subscribe to. Focusing on these issues will further the cause within the organization.

2 Phase 2: Updating Procedures The second phase of a successful communications systems recovery planning effort involves becoming up-to-date in disaster recovery planning methodologies for the network. IS may want to consider establishing some type of liaison with service providers geared around the disaster recovery effort. It is also time to talk to related departments within the organization, such as security personnel and facility management, which may already have disaster recovery plans that network support plans can be rolled into. Operating and Security Standards One of the most significant tasks in phase 2 is documenting a set of operating and security standards for communications systems. These standards are essentially the basic operating practices for the network, and they are designed for two reasons. The first reason is to ensure that disasters are prevented before they happen. Policies and procedures help maintain network integrity and prevent disasters. Standards that prevent disasters include policies on the management of combustibles - for example, no smoking policies, training in the use of fire extinguishers, and standards for change management when making software changes to mission-critical systems such as Private Branch exchange or multiplexers. The second reason is to ensure that the emergency procedures dovetail gracefully with the operational environment. By working together, related departments such as IS, computer operations, LAN management, facility management, and others can avoid the perception that they are trying to impose a solution on another department. This approach also ensures continuity between the departments. The following basic security standards should exist Equipment rooms lock and signin logs exist for people entering and leaving the area. PBX class-of-service indicators are backed up daily and stored off site, similar to procedures in the computer room. Passwords are changed frequently for dial-in maintenance access to critical multiplexers, PBXs, and voic systems. Trash is not permitted to accumulate in equipment room. There is a no smoking policy. Basic housekeeping procedures exist within the equipment room. If possible, the equipment room is located in an area other than the basement. Any water problems that develop anywhere within the building will ultimately end up in the basement. There are regular surveys of the cable routes between the organization and the local service provider. Infrared scanning equipment is used to pick up heat sources within computer or telecommunications rooms and thus help avert fire. Such equipment is available from fire protection contractors and other sources.

3 Power is separated from electrical cables. In addition to being a cause of noise and interference, electrical cables in telephone cable racks are also a safety hazard, sometimes leading to catastrophic fires. Fire-retardant cable is used in equipment rooms. In addition to the traditional Teflon cable that resists burning, there are also newer materials available, such as Halar, Kevlar, and Stolsis. Permanent Virtual Circuit, or polyvinylchloride cable, can burn and produce nauseous fumes. When water is poured on burning Permanent Virtual Circuit cable, it creates acid compounds that can rapidly destroy equipment. Emergency instructions are prominently posted in the PBXs room and adequate command and control exists to send messages rapidly should something go wrong. An additional checklist of standards is presented in Exhibit 1. Other standards are geared specifically toward the recovery process itself. For example, if emergency procedures call for a list of home telephone numbers for employees who need to be called back to work, something must be documented in the operational environment to ensure that list exists in the first place. Responsible people should also be assigned to keep the list up-to-date. Similar policies must be in place for equipment inventories, vendor callout lists, and other components of the emergency plan that rely on the standards to execute properly. Checklist of Communications Systems Standards * Password protection of remote maintenance port dial-in access, DISA, and DATA dial-in. * Fraud protection on DISA through use of caller ID, DISA, and other methods. * Smoking ban in effect in equipment room. * Separate power breakers for sensitive telecommunications equipment. * Instructions posted for human safety and for graceful equipment shutdown in equipment rooms. * Back-up power tested frequently. * Lightning protection where applicable. * Emergency lighting. * Equipment room: locked door, sign-in logs, posted emergency procedures. * Water pipes labeled, under-floor moisture detectors installed, plastic sheeting of drape equipment stored nearby. * Sign-off procedures for major equipment or software changes. * Policy of performing back-up before major telecommunications equipment changes. The last part of Phase 2 involves making long-term recommendations for the network. Because it is usually impossible to scrap equipment that is already installed, much of this equipment may have to be phased out over time to allow for disaster recovery plans. At minimum, specific recommendations on long-term network changes to be executed at an appropriate future date should be made. Phase 3: Documenting the Plan A solid, systematic set of disaster recovery procedures can be summed up using the seven R's of a successful recovery planning process. Recognition

4 If a night security guard sees water coming under the door of the equipment room, who does this guard notify, and how, precisely, would the emergency call be routed through an organization? Instructions should be displayed prominently within the room with callout numbers for key technologists who may have to respond immediately to a disaster. Procedures might exist, for example, whereby the director of facilities would call the director of technical services in such an event and request an on-site representative. The facilities department must know what steps to take for human safety, such as shutting off power if the equipment appears wet. These and dozens of other issues have to be addressed to ensure that everyone is called quickly and can respond as quickly as possible to any type of facility disaster affecting communications systems. Response Once key personnel have been called, what exactly are they needed to do when they arrive on site? One suggested approach is to immediately open a critical-events log. A critical-events log need not be more complicated than a small notebook or a handheld voice recorder. It is important, however, because many command decisions are going to be made in rapid succession and need to be tracked. This permanent record of command decisions will be useful later, either for assessing liability or for reassessing what went right and what went wrong in the recovery plan. The name of the game in the response phase is to arrive on-site, execute a successful callout of key personnel and vendors, and make a report to management within 90 minutes or some prespecified time of the disaster, explaining how serious the disaster is, whether it will involve other departments to recover, and providing some estimate of how long it will take to recover, as well as whether a companywide recovery plan should be activated because of the communications system disaster. Recovery Getting back to business as soon as possible is the objective. This recovery process should be documented to a level where it involves technical personnel, such as LAN or mainframe personnel, to execute the plan in the event communications personnel are unavailable to effect the recovery process or are injured in the disruption itself. It is important to note that recovery does not mean restoration of the original equipment; rather, it means restoration of the business process that the equipment provides, even if it is in some type of degraded mode. For example, a large department may have 50 telephones. In a disaster, the plan may be to provide only 25 telephones, but to add a second shift. Not everyone within the organization needs to work 8 to 5. This is why an understanding of the core business is so important to create a flexible and workable recovery plan. Telecommunications personnel will also have to be dispatched at this time to commercial computer recovery or business recovery centers to which the company subscribes. Restoral Close interdepartmental coordination is important during the restoral phase of a recovery process. For example, the communications systems manager has certain responsibilities for wiring, but a LAN manager has others, and the facility manager, responsible for electrical power, for example, has still others. These responsibilities should be carefully documented and delineated to ensure the correct type of wiring is installed. Return to Normal Operations

5 When the emergency is over, it is then time to tear down any emergency configuration and go back to business as usual. If the recovery center is stable and operating, and the revenue stream of the company is firmly established, all new configurations still must be adequately tested before migrating back to the original site. This includes documenting in the recovery plan what constitutes a successful test before going back to the original network configuration. Rest and Relax Needless to say, after responding to a disaster, employees will be tired and stressed out and probably at their wit's end. Therefore, it is important to schedule compensatory timeoff so the staff can get some rest after what could have been several days or weeks of 12-hour shifts. Regroup and Reassess After any execution of the communications systems recovery plan, whether it is a test or a full-blown recovery implementation, it is important to go back and reassess how effectively the procedures worked and make adjustments within the plan. This is part of the reason for the critical-events log during the recognition phase of the recovery effort. Adjustments that are made after tests or activation of the plan strengthen the plan in the long run, so that it can be expected to execute more flawlessly the next time. Other considerations in a successful communications systems recovery plan include: Defining a meeting place to coordinate recovery activity. This could be any suitable real estate located off-site. It should also be equipped with a small contention of telephones, fax machines, and supplies, and serve as the focal point for command and control for recovery activity. It may also house the emergency management team (EMT) that coordinates the overall disaster response. Defining an emergency management team of executives for communications systems disasters, and appropriate recovery teams for both the on-site and offsite recovery processes. Teams and their designed back-ups should be defined for: Dispatch to a recovery facility. Coordination of on-site recovery activities. Retrieval of off-site magnetic media. Administrative functions. Keeping employee callout lists and home telephone numbers current. The best way to do this is to import them, perhaps over a LAN, from known reliable sources, such as human resources. Establishing procedures for maintaining human life and safety when reentering damaged facilities. These would be procedures such as immediately shutting off power and other precautions before entering a damaged facility. Keeping an inventory of all equipment that will be required for the recovery process and all equipment installed on-site. One way of doing this is to establish a liaison with the accounting department. Whenever new equipment is purchased and accounting receives a copy of the contract for the equipment purchased, accounting could be asked to update a data base with such information as the equipment's serial number, software revision

6 number, date of purchase, and number of months the equipment is amortized. In a disaster, this list can be created quickly and used as the basis for fast command decisions on whether to scrap or attempt to save damaged equipment, depending on when it was purchased and what the original price was. Lastly, be sure the plan adequately defines the roles between communications systems personnel and those from other departments, such as LAN management, operations, and facilities, to ensure coordination during a recovery implementation. Procedures on where to get cash, how to arrange travel, and how to purchase new equipment, for example, may be documented already within the organization by one of these other groups; these procedures can be adopted in the communications systems plan. Conclusion This article has reviewed the processes that must be documented in a successful communications systems recovery plan. The most important component of the plan is its ability to bring various departments within the organization together to ensure a seamless recovery process and a flawless execution of a companywide recovery plan. Whether the disaster is confined to the communications systems (in which case IS must recover on its own) or is a companywide disaster (in which case the department becomes a supporting player), the level of detail in the recovery plan directly influences how well it executes and how well protected the assets of the company are. In short, a detailed communications systems recovery plan equates to a higher level of network services and greater peace of mind to the company. Author Biographies Leo A. Wrobel Leo A. Wrobel is president of Premier Network Services Inc., in Dallas.

1-01-80 Organizing for Disaster Recovery Leo A. Wrobel

1-01-80 Organizing for Disaster Recovery Leo A. Wrobel 1-01-80 Organizing for Disaster Recovery Leo A. Wrobel Payoff Consumed by daily network or computer operations, the IS technical staff often has little time for long-term planning pursuits such as disaster

More information

5-04-26 Testing Disaster Recovery Plans Leo A. Wrobel

5-04-26 Testing Disaster Recovery Plans Leo A. Wrobel 5-04-26 Testing Disaster Recovery Plans Leo A. Wrobel Payoff The true test of a disaster recovery plan is whether it can uncover failure points. Companies should consistently tighten testing criteria and

More information

COMPONENTS OF A SUCCESSFUL LAN DISASTER RECOVERY PLAN

COMPONENTS OF A SUCCESSFUL LAN DISASTER RECOVERY PLAN COMPONENTS OF A SUCCESSFUL LAN DISASTER RECOVERY PLAN By Leo A. Wrobel Technologists often exhibit an unexpected response when asked by management to produce a disaster recovery plan for an automated system.

More information

5-04-45 Operating Standards and Practices for LANs Leo Wrobel

5-04-45 Operating Standards and Practices for LANs Leo Wrobel 5-04-45 Operating Standards and Practices for LANs Leo Wrobel Payoff Operating standards for LANs offer certain advantages for keeping expenses for procurement, maintenance, and support under control At

More information

DISASTER RECOVERY PLANNING FOR CLIENT/SERVER SYSTEMS

DISASTER RECOVERY PLANNING FOR CLIENT/SERVER SYSTEMS 4-04-45 INFORMATION MANAGEMENT: STRATEGY, SYSTEMS, AND TECHNOLOGIES DISASTER RECOVERY PLANNING FOR CLIENT/SERVER SYSTEMS Leo A. Wrobel PROBLEMS ADDRESSED It is no secret that modes of operation in the

More information

IT Disaster Recovery Plan Template

IT Disaster Recovery Plan Template HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned

More information

IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement

More information

DISASTER RECOVERY PLAN

DISASTER RECOVERY PLAN DISASTER RECOVERY PLAN Section 1. Goals of a Disaster Recovery Plan The major goals of a disaster recovery plan are: To minimize interruptions to normal operations. To limit the extent of disruption and

More information

Offsite Disaster Recovery Plan

Offsite Disaster Recovery Plan 1 Offsite Disaster Recovery Plan Offsite Disaster Recovery Plan Presented By: Natan Verkhovsky President Disty Portal Inc. 2 Offsite Disaster Recovery Plan Introduction This document is a comprehensive

More information

Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan

Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan Revision History REVISION DATE NAME DESCRIPTION Draft 1.0 Eric Wimbish IT Backup Disaster Table of Contents Information

More information

DISASTER RECOVERY. Omniture Disaster Plan. June 2, 2008 Version 2.0

DISASTER RECOVERY. Omniture Disaster Plan. June 2, 2008 Version 2.0 DISASTER RECOVERY Omniture Disaster Plan June 2, 2008 Version 2.0 CHAPTER 1 1 Disaster Recovery Plan Overview In the event that one of our data collection environments are unavailable due to an event,

More information

The Commonwealth of Massachusetts

The Commonwealth of Massachusetts A. JOSEPH DeNUCCI AUDITOR The Commonwealth of Massachusetts AUDITOR OF THE COMMONWEALTH ONE ASHBURTON PLACE, ROOM 1819 BOSTON, MASSACHUSETTS 02108 TEL. (617) 727-6200 No. 2008-1308-4T OFFICE OF THE STATE

More information

Disaster Recovery Plan

Disaster Recovery Plan Disaster Recovery Plan This guide sets forth items to consider in the review of the firm s disaster recovery plan. You should form a committee to assess the plan and should assign activities under the

More information

FLA S FIRE SAFETY INITIATIVE

FLA S FIRE SAFETY INITIATIVE Improving Workers Lives Worldwide FLA S FIRE SAFETY INITIATIVE Preventing fires and saving lives by empowering workers and factory managers SCENARIO 1 OCCURS AT FACTORY ABC, WHICH HAS NOT IMPLEMENTED NECESSARY

More information

How to Build a Disaster Recovery Plan

How to Build a Disaster Recovery Plan How to Build a Disaster Recovery Plan Best Practices, Templates & Tools E-BOOK EXECUTIVE SUMMARY How do you start building a DR plan? While there are lots of tools from vendors, it s hard to find a practical

More information

Disaster Recovery Plan Documentation for Agencies Instructions

Disaster Recovery Plan Documentation for Agencies Instructions California Office of Information Security Disaster Recovery Plan Documentation for Agencies Instructions () November 2009 SCOPE AND PURPOSE The requirements included in this document are applicable to

More information

Business Continuity Planning (BCP) / Disaster Recovery (DR)

Business Continuity Planning (BCP) / Disaster Recovery (DR) Business Continuity Planning (BCP) / Disaster Recovery (DR) Introduction Interruptions to business functions can result from major natural disasters such as earthquakes, floods, and fires, or from man-made

More information

DETAIL AUDIT PROGRAM Information Systems General Controls Review

DETAIL AUDIT PROGRAM Information Systems General Controls Review Contributed 4/23/99 by Steve_Parker/TBE/Teledyne@teledyne.com DETAIL AUDIT PROGRAM Information Systems General Controls Review 1.0 Introduction The objectives of this audit are to review policies, procedures,

More information

Todd & Cue Ltd Your Business Continuity Partner

Todd & Cue Ltd Your Business Continuity Partner Todd & Cue Ltd Your Business Continuity Partner Preparation and Planning We provide strategies, tools and resources to help you prepare for a business interruption whether it is caused by fire, water,

More information

OFFICE OF THE STATE AUDITOR General Controls Review Questionnaire

OFFICE OF THE STATE AUDITOR General Controls Review Questionnaire OFFICE OF THE STATE AUDITOR Agency: * University Please answer all of the following questions. Where we ask for copies of policies and procedures and other documentation, we would prefer this in electronic

More information

Auditing in an Automated Environment: Appendix C: Computer Operations

Auditing in an Automated Environment: Appendix C: Computer Operations Agency Prepared By Initials Date Reviewed By Audit Program - Computer Operations W/P Ref Page 1 of 1 Procedures Initials Date Reference/Comments OBJECTIVE - To document the review of the computer operations

More information

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

BNA FEDERAL CREDIT UNION DISASTER RECOVERY PLAN

BNA FEDERAL CREDIT UNION DISASTER RECOVERY PLAN BNA FEDERAL CREDIT UNION DISASTER RECOVERY PLAN INTRODUCTION The need for a contingency plan for business interruptions is vital to the operations of the BNA Federal Credit Union. Without such a plan,

More information

MARULENG LOCAL MUNICIPALITY

MARULENG LOCAL MUNICIPALITY MARULENG LOCAL MUNICIPALITY Data Centre Physical Access and Environmental Control Policy Draft: Data Centre Access Control and Environmental Policy Page 1 Version Control Version Date Author(s) Details

More information

Draft ICT Disaster Recovery Plan

Draft ICT Disaster Recovery Plan Draft ICT Disaster Recovery Plan Version 3.0 Draft Date June 2014 Status Draft Approved By: Table of Contents 1.0 Introduction...3 1.1 Objectives of the Disaster Recovery Policy/plan... 3 2. 0 Disaster

More information

Disaster Recovery Plan Checklist

Disaster Recovery Plan Checklist Disaster Recovery Plan Checklist Your guide for setting up or updating a Disaster Recovery Plan for your business. ArcSource Disaster Recovery Plan Checklist 1. Compile Your Internal Contacts Information

More information

Precautions (Annexes 1 + 2) < Deployment of the resources of the Heritage Protection Service > < Specialists >

Precautions (Annexes 1 + 2) < Deployment of the resources of the Heritage Protection Service > < Specialists > FEDERAL OFFICE FOR CIVIL PROTECTION June 1999 PROTECTION FOR HISTORIC ITEMS AT TIMES OF DISASTER Hazard Analysis Precautions (Annexes 1 + 2) Emergency action (Annex 3) Restoration / Reconstruction Identify

More information

Which Backup Option is Best?

Which Backup Option is Best? Which Backup Option is Best? Which Backup Option is Best? Why Protect Your Data? Data loss disasters happen more frequently than you would think, for many different reasons: Human error and accidental

More information

BUSINESS CONTINUITY PLAN OVERVIEW

BUSINESS CONTINUITY PLAN OVERVIEW BUSINESS CONTINUITY PLAN OVERVIEW INTRODUCTION The purpose of this document is to provide Loomis customers with an overview of the company s Business Continuity Plan (BCP). Because of the specific and

More information

Voice Mail. Objectives. When you finish this module, you will be able to:

Voice Mail. Objectives. When you finish this module, you will be able to: Voice Mail 23 Objectives When you finish this module, you will be able to: Verify that the Embedded Voice Mail (EVM) application can record and play messages. Check the EVM health. Maintain the EVM system.

More information

The terms hazard and risk are often used, which we define as the following:

The terms hazard and risk are often used, which we define as the following: Fire Safety Last updated in October 2010 This information sheet aims to give safety reps a basic understanding of fire safety and fire risk assessments under the current law. More detailed information

More information

NEW WEB BROWSER-BASED APPLIANCE ADDS TO DATA CENTER SECURITY

NEW WEB BROWSER-BASED APPLIANCE ADDS TO DATA CENTER SECURITY CASE STUDY Standby Generation for Data Centers NEW WEB BROWSER-BASED APPLIANCE ADDS TO DATA CENTER SECURITY Taking the Next Step to Protect Critical Data If you live or work there, you understand that

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

Communication systems must be readily available, reliable and properly maintained to support an emergency or disaster.

Communication systems must be readily available, reliable and properly maintained to support an emergency or disaster. Approved By: Dr. Mark Peters, President & CEO, 2/07 POLICY: Communication systems must be readily available, reliable and properly maintained to support an emergency or disaster. PROCEDURE: 1. Phone System:

More information

IT - General Controls Questionnaire

IT - General Controls Questionnaire IT - General Controls Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks G1. ACCESS CONTROLS Access controls are comprised of those policies and procedures that are designed to allow

More information

APPENDIX 7. ICT Disaster Recovery Plan

APPENDIX 7. ICT Disaster Recovery Plan APPENDIX 7 ICT Disaster Recovery Plan This policy was approved and ratified by the Governing Body of Cox Green School on 15 th October 2013 Signed: Chair of Governors Date: Ratified: Oct 2013 Review: Sep

More information

Contact us for a free consultation today! 630-936-4045 officemove@aie195.com

Contact us for a free consultation today! 630-936-4045 officemove@aie195.com IT Relocation Schedule Moving offices? Often, relocating your IT infrastructure can be one of the most daunting aspects of the move, and it s also the most critical to business continuity. Servers, PCs,

More information

Office Voice User Guide. User Guide

Office Voice User Guide. User Guide Office Voice User Guide User Guide Contents Anonymous Call Rejection 3 Call Block 3 Call Forward 4 Call Return 5 Call Waiting 5 Caller ID 6 Do Not Disturb 7 Find Me 7 Last Number Redial 8 Selective Call

More information

Flood Preparedness Checklist

Flood Preparedness Checklist Appendix A: Preparedness Checklists 1 Flood Preparedness Checklist The following checklist will help you prepare for how a flood could impact your business and your business continuity and disaster recovery

More information

Disaster Recovery: Protect Your Business & Prepare Your Digital Prepress Operations

Disaster Recovery: Protect Your Business & Prepare Your Digital Prepress Operations Eastman Kodak Company 343 State Street Rochester, NY 14650-0238 USA Revision date: March 2014 White Paper Contact Name Robyn Lundstrom PSSG Specialist, KODAK Unified Workflow Solutions robyn.lundstrom@kodak.com

More information

ISO IEC 27002 2005 (17799 2005) INFORMATION SECURITY AUDIT TOOL

ISO IEC 27002 2005 (17799 2005) INFORMATION SECURITY AUDIT TOOL 9.1 USE SECURITY AREAS TO PROTECT FACILITIES 1 GOAL Do you use physical methods to prevent unauthorized access to your organization s information and premises? 2 GOAL Do you use physical methods to prevent

More information

Secure, Remote Access for IT Infrastructure Management

Secure, Remote Access for IT Infrastructure Management Infrastructure Management & Monitoring for Business-Critical Continuity TM Secure, Remote Access for IT Infrastructure Management ACS Advanced Console Server Secure, Remote Access for IT Infrastructure

More information

OIG. Improvements Are Needed for Information Technology Controls at the Las Vegas Finance Center. Audit Report OFFICE OF INSPECTOR GENERAL

OIG. Improvements Are Needed for Information Technology Controls at the Las Vegas Finance Center. Audit Report OFFICE OF INSPECTOR GENERAL OIG OFFICE OF INSPECTOR GENERAL Catalyst for Improving the Environment Audit Report Improvements Are Needed for Information Technology Controls at the Las Vegas Finance Center Report No. 2003-P-00011 May

More information

5-04-20 Business Recovery Planning for Communications Leo A. Wrobel

5-04-20 Business Recovery Planning for Communications Leo A. Wrobel 5-04-20 Business Recovery Planning for Communications Leo A. Wrobel Payoff Most businesses depend on their telephone networks to keep customer communications open. Lost service spells lost revenue. This

More information

U.S. SECURITIES & EXCHANGE COMMISSION

U.S. SECURITIES & EXCHANGE COMMISSION PBX and Analog Lines Security Assessment U.S. SECURITIES & EXCHANGE COMMISSION March 31, 2000 Prepared by Deloitte & Touche LLP Enterprise Risk Services - 1 - 1 Executive Summary 1.1 Overview Deloitte

More information

The Commonwealth of Massachusetts

The Commonwealth of Massachusetts The Commonwealth of Massachusetts AUDITOR OF THE COMMONWEALTH ONE ASHBURTON PLACE, ROOM 1819 Boston, MASSACHUSETTS 02108 TEL. (617) 727-6200 A. JOSEPH DeNUCCI AUDITOR No. 2008-0243-4T OFFICE OF THE STATE

More information

SPRINT MANAGED SECURITY SERVICES PRODUCT ANNEX

SPRINT MANAGED SECURITY SERVICES PRODUCT ANNEX SPRINT MANAGED SECURITY SERVICES PRODUCT ANNEX The following terms and conditions, together with the Sprint Master or Custom Services Agreement or Domestic Sprint Services Sales Application Form ("Agreement"),

More information

Getting Your Practice Ahead

Getting Your Practice Ahead Volume 4: Data Backup Essentials For Physicians Edited By : Vinod Venugopal Disclaimer: The following document was created for free distribution by Technical Doctor Inc. The document contains reference

More information

Information Resources Security Guidelines

Information Resources Security Guidelines Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive

More information

Technology Recovery Plan Instructions

Technology Recovery Plan Instructions State of California California Information Security Office Technology Recovery Plan Instructions SIMM 5325-A (Formerly SIMM 65A) September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF

More information

secure Agent Secure Enterprise Solutions Remote Recovery from a Data Center Outage SecureAgent Software www.secureagent.com

secure Agent Secure Enterprise Solutions Remote Recovery from a Data Center Outage SecureAgent Software www.secureagent.com secure Agent Secure Enterprise Solutions SecureAgent Software Disaster Recovery Remote Recovery from a Data Center Outage SecureAgent Software 2448 E. 81 st St., Ste. 2000 Tulsa OK 74137-4271 USA Tel:

More information

Contract # 04-06. Accepted on: March 29, 2005. Starling Systems. 711 S. Capitol Way, Suite 301 Olympia, WA 98501

Contract # 04-06. Accepted on: March 29, 2005. Starling Systems. 711 S. Capitol Way, Suite 301 Olympia, WA 98501 Disaster Recovery Plan Starling Systems Deliverable #15 - Draft I Contract # 04-06 Accepted on: March 29, 2005 Starling Systems 711 S. Capitol Way, Suite 301 Olympia, WA 98501 DISASTER RECOVERY PLAN TABLE

More information

Business Continuity Planning (BCP) / Disaster Recovery (DR)

Business Continuity Planning (BCP) / Disaster Recovery (DR) Business Continuity Planning (BCP) / Disaster Recovery (DR) Introduction Interruptions to business functions can result from major natural disasters such as earthquakes, floods, and fires, or from man-made

More information

A Best Practices Point of View from. Data Backup and Disaster Recovery Planning

A Best Practices Point of View from. Data Backup and Disaster Recovery Planning A Best Practices Point of View from Data Backup and Disaster Recovery Planning Security Protect Your Data Expertise Support Patient Privacy Business Continuity Plan and Restore Peace of Mind Backup and

More information

E9-1-1 SOLUTIONS OVERVIEW. Enabling Superior Management of 9-1-1 Calls

E9-1-1 SOLUTIONS OVERVIEW. Enabling Superior Management of 9-1-1 Calls SM E9-1-1 SOLUTIONS OVERVIEW Enabling Superior Management of 9-1-1 Calls ENABLING SUPERIOR MANAGEMENT OF 9-1-1 CALLS SAFETY IS YOUR RESPONSIBILITY. ENHANCED 9-1-1 IS OUR BUSINESS. Providing a safe and

More information

The Practice of Internal Controls. Cornell Municipal Clerks School July 16, 2014

The Practice of Internal Controls. Cornell Municipal Clerks School July 16, 2014 The Practice of Internal Controls Cornell Municipal Clerks School July 16, 2014 Page 1 July 18, 2014 Cash Receipts (Collection procedures) Centralize cash collections within a department or for the local

More information

Business Continuity Requires the Best Cloud Storage Options

Business Continuity Requires the Best Cloud Storage Options Requires the Best Cloud Storage Options www.gr e xo.co m Requires the Best Cloud Storage Options Only about 38% of small to medium sized businesses have an IT business continuity plan in place. If you

More information

Facilitated By: Ken M. Shaurette, CISSP, CISA, CISM, CRISC FIPCO Director IT Services

Facilitated By: Ken M. Shaurette, CISSP, CISA, CISM, CRISC FIPCO Director IT Services Facilitated By: Ken M. Shaurette, CISSP, CISA, CISM, CRISC FIPCO Director IT Services 1 Today s Agenda Structure of Today s Discussion Set Objectives General overview of DR/BCP Exercise Assumptions Scenarios

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General INFORMATION TECHNOLOGY: Final Obstacles Removed To Eliminate Customs Disaster Recovery Material Weakness Office of Information Technology OIG-IT-03-01

More information

Cloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud

Cloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud Cloud Computing Chapter 10 Disaster Recovery and Business Continuity and the Cloud Learning Objectives Define and describe business continuity. Define and describe disaster recovery. Describe the benefits

More information

Molecular Collections Disaster Planning Checklist

Molecular Collections Disaster Planning Checklist Molecular Collections Disaster Planning Checklist This checklist is intended as an addition to standard checklists for disaster planning in natural history collections; many of the basic requirements of

More information

OFFICE OF THE CITY AUDITOR

OFFICE OF THE CITY AUDITOR OFFICE OF THE CITY AUDITOR AUDIT OF THE VITAL STATISTICS BIRTH AND DEATH CERTIFICATE IMAGING SYSTEM Paul T. Garner Assistant City Auditor Prepared by: Tony Aguilar, CISA Sr. IT Auditor Bill Steer, CPA,

More information

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS Appendix L DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS I. GETTING READY A. Obtain written commitment from top management of support for contingency planning objectives. B. Assemble

More information

NETWORK SERVICES WITH SOME CREDIT UNIONS PROCESSING 800,000 TRANSACTIONS ANNUALLY AND MOVING OVER 500 MILLION, SYSTEM UPTIME IS CRITICAL.

NETWORK SERVICES WITH SOME CREDIT UNIONS PROCESSING 800,000 TRANSACTIONS ANNUALLY AND MOVING OVER 500 MILLION, SYSTEM UPTIME IS CRITICAL. NETWORK SERVICES WITH SOME CREDIT UNIONS PROCESSING 800,000 TRANSACTIONS ANNUALLY AND MOVING OVER 500 MILLION, SYSTEM UPTIME IS CRITICAL. Your Credit Union information is irreplaceable. Data loss can result

More information

MCR Checklist for Automated Information Systems (Major Applications and General Support Systems)

MCR Checklist for Automated Information Systems (Major Applications and General Support Systems) MCR Checklist for Automated Information Systems (Major Applications and General Support Systems) Name of GSS or MA being reviewed: Region/Office of GSS or MA being reviewed: System Owner: System Manager:

More information

HURRICANE PLAN CAN HELP BUSINESSES WEATHER A STORM. By Gerald Dunlop USA Small Business Development Center

HURRICANE PLAN CAN HELP BUSINESSES WEATHER A STORM. By Gerald Dunlop USA Small Business Development Center CAN HELP BUSINESSES WEATHER A STORM By Gerald Dunlop USA Small Business Development Center If we learned anything from Katrina, it is the importance of planning and what can result from the lack of it.

More information

CHEEKTOWAGA CENTRAL SCHOOL DISTRICT TECHNOLOGY SERVICES DISASTER RECOVERY PLAN. Rev. 3/15/2012

CHEEKTOWAGA CENTRAL SCHOOL DISTRICT TECHNOLOGY SERVICES DISASTER RECOVERY PLAN. Rev. 3/15/2012 CHEEKTOWAGA CENTRAL SCHOOL DISTRICT TECHNOLOGY SERVICES DISASTER RECOVERY PLAN Rev. 3/15/2012 TABLE OF CONTENTS PART I. INTRODUCTION INTRODUCTION PLAN DISTRIBUTION PART II. DESIGN OF THE PLAN OVERVIEW

More information

APPENDIX 7. ICT Disaster Recovery Plan

APPENDIX 7. ICT Disaster Recovery Plan APPENDIX 7 ICT Disaster Recovery Plan This policy was approved and ratified by the Governing Body of Cox Green School on 20 th October 2015 Signed: Chair of Governors Date: Version Authorisation Approval

More information

Tiburon Master Support Agreement Exhibit 6 Back Up Schedule & Procedures. General Notes on Backups

Tiburon Master Support Agreement Exhibit 6 Back Up Schedule & Procedures. General Notes on Backups General Notes on Backups This document describes the procedures to backup the minimum set of files required to recover application and/or data files in the event of a hardware failure or data loss. These

More information

Documentation for data centre migrations

Documentation for data centre migrations Documentation for data centre migrations Data centre migrations are part of the normal life cycle of a typical enterprise. As organisations expand, many reach a point where maintaining multiple, distributed

More information

Aljex Software, Inc. Business Continuity & Disaster Recovery Plan. Last Updated: June 16, 2009

Aljex Software, Inc. Business Continuity & Disaster Recovery Plan. Last Updated: June 16, 2009 Business Continuity & Disaster Recovery Plan Last Updated: June 16, 2009 Business Continuity & Disaster Recovery Plan Page 2 of 6 Table of Contents Introduction... 3 Business Continuity... 3 Employee Structure...

More information

Preparing Your Business for a Flood

Preparing Your Business for a Flood CHECKLISTS Before a Flood Stay in touch with what s happening and listen for warnings and advisories through the media or through local community messaging. A flood watch means flooding is possible. A

More information

MARQUIS DISASTER RECOVERY PLAN (DRP)

MARQUIS DISASTER RECOVERY PLAN (DRP) MARQUIS DISASTER RECOVERY PLAN (DRP) Disaster Recovery is an ongoing process to plan, develop, test and implement changes, processes and procedures supporting the recovery of the critical functions in

More information

Local Government Cyber Security:

Local Government Cyber Security: Local Government Cyber Security: Guidelines for Backing Up Information A Non-Technical Guide Essential for Elected Officials Administrative Officials Business Managers Multi-State Information Sharing and

More information

SIP Trunking: A new voice in communications service

SIP Trunking: A new voice in communications service Charter Business : White paper SIP Trunking: A new voice in communications service WHITE PAPER With the rise of next-generation technology, business customers have more options than ever from providers

More information

B U S I N E S S C O N T I N U I T Y P L A N

B U S I N E S S C O N T I N U I T Y P L A N B U S I N E S S C O N T I N U I T Y P L A N 1 Last Review / Update: December 9, 2015 Table of Contents Purpose...3 Background...3 Books and Records Back-up and Recovery...4 Mission Critical Systems...

More information

SAMPLE IT CONTINGENCY PLAN FORMAT

SAMPLE IT CONTINGENCY PLAN FORMAT SAMPLE IT CONTINGENCY PLAN FORMAT This sample format provides a template for preparing an information technology (IT) contingency plan. The template is intended to be used as a guide, and the Contingency

More information

HOW TO CREATE A VITAL RECORDS PROTECTION PLAN. New York State Unified Court System Division of Court Operations Office of Records Management

HOW TO CREATE A VITAL RECORDS PROTECTION PLAN. New York State Unified Court System Division of Court Operations Office of Records Management HOW TO CREATE A VITAL RECORDS PROTECTION PLAN New York State Unified Court System Division of Court Operations Office of Records Management June 2003 TABLE OF CONTENTS Purpose of a Vital Records Protection

More information

Continuity of Operations in the Clinical Laboratory

Continuity of Operations in the Clinical Laboratory Continuity of Operations in the Clinical Laboratory Nathan Kendrick, MS, M(ASCP) State Training Coordinator Emergency Preparedness & Response Unit Paula M. (Snippes) Vagnone, MT(ASCP) Microbiology Supervisor

More information

Birkenhead Sixth Form College IT Disaster Recovery Plan

Birkenhead Sixth Form College IT Disaster Recovery Plan Author: Role: Mal Blackburne College Learning Manager Page 1 of 14 Introduction...3 Objectives/Constraints...3 Assumptions...4 Incidents Requiring Action...4 Physical Safeguards...5 Types of Computer Service

More information

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1 JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us

More information

REVIEWED ICT DATA CENTRE PHYSICAL ACCESS AND ENVIROMENTAL CONTROL POLICY

REVIEWED ICT DATA CENTRE PHYSICAL ACCESS AND ENVIROMENTAL CONTROL POLICY LI_M_POPO PROVINCIAL GOVERNMENT :;:ED.JBl-C ()F SO"';-H AFR;IC. ':.,. DEPARTMENT OF CO-OPERATIVE GOVERNANCE, HUMAN SETTLEMENTS & TRADITIONAL AFFAIRS REVIEWED ICT DATA CENTRE PHYSICAL ACCESS AND ENVIROMENTAL

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

Rockwell Financial Group Business Continuity Plan. Emergency Contact Persons Rockwell Financial Group has two emergency contact persons:

Rockwell Financial Group Business Continuity Plan. Emergency Contact Persons Rockwell Financial Group has two emergency contact persons: Rockwell Financial Group Business Continuity Plan Emergency Contact Persons Rockwell Financial Group has two emergency contact persons: Michael Halkitis, President/ Finop Primary Contact Information: Phone

More information

GAO INFORMATION SECURITY. Weak Controls Place Interior s Financial and Other Data at Risk. Report to the Secretary of the Interior

GAO INFORMATION SECURITY. Weak Controls Place Interior s Financial and Other Data at Risk. Report to the Secretary of the Interior GAO United States General Accounting Office Report to the Secretary of the Interior July 2001 INFORMATION SECURITY Weak Controls Place Interior s Financial and Other Data at Risk GAO-01-615 United States

More information

The question is what kind of VoIP do you want? What are the tradeoffs today?

The question is what kind of VoIP do you want? What are the tradeoffs today? Selecting a Voice Solution Hosted VoIP vs. PBX VoIP Contents Introduction The Traditional Solution Why VoIP? The Primary Tradeoffs Today Hosted VoIP Today s PBX Latest Features of VoIP Managing Costs What

More information

Massachusetts Institute of Technology. Functional Area Recovery Management Team Plan Development Template

Massachusetts Institute of Technology. Functional Area Recovery Management Team Plan Development Template Massachusetts Institute of Technology Functional Area Recovery Management Team Plan Development Template Public Distribution Version For further information, contact: Jerry Isaacson MIT Information Security

More information

Why cloud backup? Top 10 reasons

Why cloud backup? Top 10 reasons Why cloud backup? Top 10 reasons HP Autonomy solutions Table of contents 3 Achieve disaster recovery with secure offsite cloud backup 4 Free yourself from manual and complex tape backup tasks 4 Get predictable

More information

ReadyNAS OS 6 Desktop Storage Systems

ReadyNAS OS 6 Desktop Storage Systems ReadyNAS OS 6 Desktop Storage Systems Hardware Manual Models: ReadyNAS 102 ReadyNAS 104 ReadyNAS 312 ReadyNAS 314 ReadyNAS 316 ReadyNAS 516 ReadyNAS 716X EDA 500 October 2013 202-11206-04 350 East Plumeria

More information

Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member

Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member City of Gainesville Inter-Office Communication April 3, 2012 TO: FROM: SUBJECT: Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member Brent

More information

Assuring Business Communications Continuity

Assuring Business Communications Continuity Assuring Business Communications Continuity An ebrief about Wireless Business Continuity When your business communications network is down, or when weather or other disasters keep your employees from getting

More information

Protection of Computer Data and Software

Protection of Computer Data and Software April 2011 Country of Origin: United Kingdom Protection of Computer Data and Software Introduction... 1 Responsibilities...2 User Control... 2 Storage of Data and Software... 3 Printed Data... 4 Personal

More information

Availability and Disaster Recovery: Basic Principles

Availability and Disaster Recovery: Basic Principles Availability and Disaster Recovery: Basic Principles by Chuck Petch, WVS Senior Technical Writer At first glance availability and recovery may seem like opposites. Availability involves designing computer

More information

The Second National HIPAA Summit

The Second National HIPAA Summit HIPAA Security Regulations: Documentation and Procedures The Second National HIPAA Summit Healthcare Computing Strategies, Inc. John Parmigiani Practice Director, Compliance Programs Tom Walsh, CISSP Practice

More information

DigiDial- VoIP SSMM Service Overview No Boundaries outside the box of traditional telephony P er ver OecioV

DigiDial- VoIP SSMM Service Overview     No Boundaries outside the box of traditional telephony      P er ver OecioV DigiDial-VoIP is a business-grade Voice over IP service that is hosted on DigiLink s IP network and provides a robust, low-cost enterprise voice solution, replacing costly PBX or Centrex service with the

More information

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006 Department of Information Technology Data Center Disaster Recovery Audit Report Final Report September 2006 promoting efficient & effective local government Executive Summary Our audit found that a comprehensive

More information

Memorandum. ACTION: Report on Computer Security Controls of Financial Management System, FTA FE-2000-098. May 23, 2000.

Memorandum. ACTION: Report on Computer Security Controls of Financial Management System, FTA FE-2000-098. May 23, 2000. U.S. Department of Transportation Office of the Secretary of Transportation Office of Inspector General Memorandum ACTION: Report on Computer Security Controls of Financial Management System, FTA FE-2000-098

More information

FORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS. Date(s) Completed. Workpaper Reference

FORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS. Date(s) Completed. Workpaper Reference FORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS Workpaper Reference Date(s) Completed Organization and Staffing procedures used to define the organization of the IT Department. 2. Review the organization

More information

Preparing Your Business for a Flood

Preparing Your Business for a Flood This document was generated in part from the excellent work done by EPICC (Emergency Preparedness for Industry and Commerce Council). Please refer to EPICC s website http://www.epicc.org/ to learn more

More information

business continuity plan for:

business continuity plan for: business continuity plan for: Insert your company name here Our statement of Business Continuity is: > To ensure all employees are competent to do their tasks, and to provide adequate training > To review

More information