AUDIT GUIDELINES FOR SCHOOL DISASTER RECOVERY PLANNING Introduction It has become increasingly common for schools to place a great deal of reliance upon PC s and computer systems to manage and operate both the schools academic and administrative functions. However, the School must also be aware of the consequence to those systems in the event of a disaster, security failure and loss of service. Each of these areas should be analysed and contingency plans developed and implemented to identify and reduce risks, limit the consequences of damaging incidents, and to ensure the timely resumption of essential academic and administrative operations. Contingency planning is necessary in all organisations (including schools) that use computers, and the auditors will look for evidence of a written contingency plan. Plans should be maintained and practised to become an integral part of other management processes. Due to this it has become critical for schools to prepare an appropriate disaster recovery plan in order to cope with the possible risk of disruptions or complete loss of computer systems. However, the role of the School in disaster recovery planning does not end at the creation of such a plan. Plans must be tested regularly at appropriate intervals to a level, which demonstrates that the school can restore to its normal state of operation within a time scale appropriate to the service it provides. It is accepted that most schools regularly take back up copies of their systems but it is possible that few actually test the back up tapes to ensure that all information has been correctly saved. Types of disaster, loss or damage to consider Theft Fire and smoke Sabotage and vandalism Flood Power failure Equipment failure Consequences of a disaster Assets stolen or destroyed have to be replaced Disruption of academic and/or administrative functions Disruption of purchasing arrangements, payments procedures and income collection. Loss of financial control and financial reporting to Governors on the financial position of the School Possible liability for losses of third parties who rely on you. Page 1 of 5
Developing a Contingency and Business Continuity Plan The process for developing and maintaining a continuity plan should bring together the following key elements: Understand the risks the School faces in terms of likelihood and impact. This should include identifying risks proportionate to the critical systems. Understand the impact that interruptions, small or large, are likely to have on the School. Formulate and document continuity strategy consistent with the Schools objectives and priorities. Formulate and document continuity plan in line with agreed strategy. Regularly test and update plan and processes. Establish ownership of the plan at an appropriate level i.e. Headteacher. Consider purchasing suitable insurance to cover eventualities. Business Continuity and Impact Analysis Business continuity should begin by identifying events that can cause interruptions to processes. This should be followed by a risk assessment to determine the impact of those interruptions (both in terms of damage scale and recovery period). Both these activities should be carried out with the full involvement of the Governing Body who own the resources and processes. The assessment considers all systems, and is not limited to the information processing facility. Depending on the risk assessment, a strategy plan should be developed to determine the overall approach to keep the school up and running. Once this plan has been created, the Governing Body should endorse it. The School should consider the following; Each system should be risk assessed and ranked in order to determine the degree of importance to the School and the knowledge of the consequences of a system being unavailable. Each system should be analysed to ensure that any other systems reliant on them are known. Each system should be evaluated in order to ensure recovery takes place within the expected time-scale. Adequate back up and retention of data off site must be maintained for use in an emergency. Recovery is based on reasonable assumptions. Evaluation of system s recovery time-scale is performed before a decision is made on the selection of re-start operations. Personnel must be trained in and understand the plan. Plan must be rehearsed. Plan includes financial support for extended operations. Page 2 of 5
If another School is chosen as a Partner, their facilities have been checked to ensure that they can perform within the desired time-scale and provide adequate facilities. Key functions should be identified by job title not by name. Analyses of current procedures to ensure all elements are included in the plan. Insurance cover should include consequential loss and cover for increased working costs. Quality checks on all plan elements. Check to ensure all key systems are represented in the plan. Frequent update and republishing of plan stored copies of the plan should be replaced when new issues are released. Summary Most of the everyday issues concerning formulating disaster and contingency arrangements circulate around three concepts; contingency arrangements require a great attention to detail, plans must always be maintained, plans must be stored where they can be readily found and must be known to those who will use them. SUGGESTED BASIC FRAMEWORK FOR A DISASTER RECOVERY PLAN Backup Procedures Detail the procedure for backup of SIMS. SIMS Administrator Detail staff who have: Full management status in SIMS; Access to certain SIMS modules State where the SYSMAN password is stored. Identify the number and locations of those PC s where SIMS can be accessed. Virus Protection SCHOOL NETWORK & SIMS DISASTER RECOVERY PLAN Backup Procedures SIMS is backed up each day. Tapes are labelled Monday Friday. Monthly tapes are kept at (1 st person & job title) home. The Administrator replaces tapes if (1 st person & job title) is away from the school. SIMS Administrator The SYSMAN password is kept in a sealed envelope in the school safe. (1 st person & job title) and (2 nd person & job title) have full Manager status in SIMS. Staff are given access to SIMS modules as required. SIMS can, in general, only be accessed from terminals located in the Head-teacher and Administrator s office. Very few terminals will run SIMSMAN. Virus Protection Page 3 of 5
Detail the virus protection software in use at school. State when and how the networks/ stand alone PC s can and should be scanned. Document the procedures to be taken when a virus is detected and the action to be taken to remedy the problem. Disaster Recovery during School Hours This should state the following: The member of staff to contact initially; The telephone/ mobile/ pager number of the member of staff identified above. A second member of staff to contact if the initial member can not be contacted. Out of School Hours This should state the following: The member of staff to contact initially; The telephone/ mobile/ pager number of the member of staff identified above; State procedures if emergency access is needed by outside contractors or North Somerset Staff. The procedures should be located in a fireproof safe with full details of passwords and contracts. The user areas on the PC are scanned regularly by Dr Solomon s virus protection software. Each PC can be selectively scanned or disinfected from the terminal of the Administrator. Disaster Recovery during School Hours Contact (1 st person & job title) either by phone or message pager. The pager number is (xx)xxx on the school phone system. If (1 st person & job title) is not in school, contact (2 nd person & job title) if action is needed quickly. Please leave a pager message for (1 st person and job title) as well. If there is a power cut effecting the servers, (person & job title) or (other person & job title) should turn off the server monitors to conserve the batteries in the UPS. If the power cut only lasts a few minutes, the system may keep running. If it lasts too long, the system will shut down and then restart when power is restored. CD-ROM and print servers will have to be restarted after the system has got going. Out of School Hours If possible, contact (contact person & job title) as above or by phoning home on (0000) 123456), or in extreme emergency contact (alternative contact person & job title) (message pager yyyyy-yyy ). If emergency access to the system by (company) or North Somerset staff, full details of passwords, procedures and contracts can be found in a sealed envelope in the school safe. Out-of-hours power cuts should not affect the servers, but print-server computers will need to be restarted about 5 minutes after power is restored. Check the screen to see that it starts properly. If in doubt, press the reset button again. Page 4 of 5
Maintenance Contracts Detail all maintenance contracts the school has with outside bodies, including North Somerset Council IT Sections. Daily SIMS Maintenance This should state the procedures in place for checking the SIMS error log in SIMSMAN. Inventory The inventory should include both hardware and software. It should be up to date and in accordance with audit requirements. Maintenance Contracts The server covers both the Administration and Academic Networks. There is basic maintenance cover available under the relevant North Somerset Contract. In addition, both servers are covered by the (name of company) care contract number 1234567 which expires xx/xx/02 Details of the contract are in the front of the Contractors event log. The school has (name of company) onsite standard support. The school customer ID is 1111. The onsite support contract number is AB4321. This runs until at least September 02. SIMS maintenance is covered by the North Somerset SIMS team. Daily SIMS Maintenance The SIMS error log in SIMSMAN is checked regularly and the error messages are checked daily. Most SIMS indexes are rebuilt weekly. The FMS6 indexes are rebuilt termly. Page 5 of 5