Title: DISASTER RECOVERY/ MAJOR OUTAGE COMMUNICATION PLAN

Transcription

1 POLICY: This policy is intended to address organizational wide communication executed during a or major IS service outage. When a disaster occurs or when any critical system/infrastructure component is unavailable for more than two hours the following procedure should be followed to ensure the appropriate contact occurs with management and end users. Examples of events or Major Outage are but not limited to Catastrophic loss of a Data Center Enterprise wide intrusion by hackers or a Computer virus/worm/trojan Horse Any complete outage of a critical system for more than 2 hours SCOPE: This policy applies without exception to all, and OCIO staff s. DEFINITIONS: I. Critical System Any application listed in the attached Critical Application List PROCEDURE: This section describes the detailed steps to be executed when this policy is activated ACTION 1. When any staff suspects may be experiencing a or Major Outage event follow the Identification. 2. Does the Identification indicate a or Major Outage a) If yes, refer to Policy # X.X.X: Problem Management Call Referral and Escalation / Notification b) If no, call the Help Desk to ensure the issue has been logged and assigned appropriately. End RESPONSIBLE PARTY DR-006 Recovery Communication Plan 9/8/2015 Page 1 of 5

2 ACTION 3. Is this a full scale expected to last more than 24 hours ( to be confirmed )? If yes, refer to Policy # X.X.X: DR Team Activation and go to step 4 If no, continue to step 6 4. Initiate Damage Assessment to determine the extent of the refer to Policy # X.X.X: Damage Assessment RESPONSIBLE PARTY 5. Does the DR Hot Site need to activated? Notify Executive Leadership of intent to declare. Contact Hot Site Vendor to activate the DR Hot Site. If yes, refer to Policy # X.X.X: Recovery Declaration If no, continue to 6 6. Is the / Major outage expected to last more than 8 hours (to be confirmed)? If yes, refer to Policy # X.X.X: Command Center Activation If no, continue to step 7 7. Ensure accurate and timely notifications and updates are distributed throughout management and user community. Refer to Policy # X.X.X Recovery / Major Outage Communication OCIO/ / Management Team 8. Refer to Policy # X.X.X / Major Outage Recovery Steps 9. Refer to Policy # X.X.X Post / Major Outage Analysis RELATED PROCEDURES: Identification. Problem Management Call Referral and Escalation / Notification DR Team Activation Damage Assessment Recovery Declaration Command Center Activation Recovery / Major Outage Communication / Major Outage Recovery Steps DR-006 Recovery Communication Plan 9/8/2015 Page 2 of 5

3 Post / Major outage Analysis ATTACHMENTS: A. Critical Application List B. Communication Scripts C. Management Notification Sheet D. Root Cause Analysis Report Template E. End User Contact Listings POLICY EXCEPTIONS: Date # Description Justification Signature None at this time DR-006 Recovery Communication Plan 9/8/2015 Page 3 of 5

4 PROCEDURAL PROCESS FLOW DIAGRAM: This Process flow represents the major steps to be taken in the event of a or Major Outage Staff Member identifies a or Major Outage / Major Outage Event Step1: Qualify / Quantify the extent of the Outage / 1 / Major Outage Identification No Notify Help Desk to ensure event has been resolved End Step 2: Ensure all, and staff are alerted to the severity of the situation 2 Call Escalation / Notification Step 4: Mobilize Damage Assessment Team to determine the full extent of the outage. Step3: Is the Outage / expected to last more than 24 hours. Initial Assessment Estimate Outage Duration < > hours Damage Assessment Declaration? < 24 hours Step 6: If the Outage / Is expected to last more than 8 hours the Command Center should be established Outage Duration to last more than 8 hours > 8 hours Command Center Activation Recovery Declaration procedure Step 5: Notify hot site vendor of intent to declare. Notify senior management of intent to declare disaster No Step 7: Ensure Management and users are fully informed during the Outage to facilitate patient safety and business continuity. Recovery Major OutageCommunication Step 8: This step outlines some guiding principles that should be observed throughout the recovery process. / Major Outage Recovery Post Major Outage Analysis Recovery / Outage Report and Action Plan Step 9: This procedure describes the analysis required to determine the root cause of the event and creation of a future avoidance plan DR-006 Recovery Communication Plan 9/8/2015 Page 4 of 5

5 POLICY IDENTIFICATION: Policy Title: Recovery/ Major Outage Communication Plan Category: Recovery Original Date: Author: Approved By: Title Signature Stakeholder Representatives Executive Executive REVIEW/REVISION HISTORY: Version Review Date Next Review Date Changes (Y or N) Description of Change (section and description) Review/Revision by Revision(s) approved by Title Signature Title Signature 1.0 Original Initial draft DR-006 Recovery Communication Plan 9/8/2015 Page 5 of 5