Business Unit CONTINGENCY PLAN



Similar documents
SAMPLE IT CONTINGENCY PLAN FORMAT

Technology Recovery Plan Instructions

Disaster Recovery Plan Documentation for Agencies Instructions

How to Plan for Disaster Recovery and Business Continuity

Creating a Business Continuity Plan for your Health Center

Business Continuity Plan

Business Continuity Planning for Risk Reduction

Table of Contents... 1

Continuity of Operations Planning. A step by step guide for business

Why Should Companies Take a Closer Look at Business Continuity Planning?

Unit Guide to Business Continuity/Resumption Planning

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY

Disaster Recovery Plan

Disaster Recovery Plan

DRAFT Disaster Recovery Policy Template

State of South Carolina Policy Guidance and Training

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Desktop Scenario Self Assessment Exercise Page 1

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Business Resiliency Business Continuity Management - January 14, 2014

IT Disaster Recovery Plan Template

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

Disaster Recovery and Business Continuity Plan

Vendor Management. Outsourcing Technology Services

NCUA LETTER TO CREDIT UNIONS

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM

Documentation. Disclaimer

Western Intergovernmental Audit Forum

D2-02_01 Disaster Recovery in the modern EPU

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1

IT Contingency Planning: IT Disaster Recovery Planning

Company Management System. Business Continuity in SIA

Offsite Disaster Recovery Plan

LIMCO AIREPAIR, INC. Disaster Plan

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

BUSINESS CONTINUITY PLAN OVERVIEW

Business Continuity and Disaster Planning

Building and Maintaining a Business Continuity Program

Standard Operating Procedure Contingency Planning Guidance

IT Disaster Recovery and Business Resumption Planning Standards

Disaster Recovery Plan

Disaster Recovery Planning Process

University Information Technology Services. Information System Contingency Plan Instructions

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS

Emergency Operations California State University Los Angeles

Business Continuity Management AIRM Presentation

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

Protecting your Enterprise

Continuity of Operations Plan Template

Disaster Recovery Planning

MARQUIS DISASTER RECOVERY PLAN (DRP)

[Insert Company Logo]

CONTINUITY OF OPERATION PLAN (COOP) FOR NONPROFIT HUMAN SERVICES PROVIDERS

Business Continuity Planning and Disaster Recovery Planning

HURRICANE DISASTER PREPARATION CHECKLIST AND BUSINESS CONTINUITY PLAN

Ohio Supercomputer Center

The PNC Financial Services Group, Inc. Business Continuity Program

Emergency Response and Business Continuity Management Policy

JUMP START DISASTER RECOVERY PLAN FOR HOSPITALITY

CISM Certified Information Security Manager

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) Fax: (718)

Continuity Planning and Disaster Recovery

SECTION 15 INFORMATION TECHNOLOGY

a Disaster Recovery Plan

All-Hazard Continuity of Operations Plan. [Department/College Name] [Date]

Version Copyright Janco Associates, Inc. - Page 1

Overview of Business Continuity Planning Sally Meglathery Payoff

Massachusetts Institute of Technology. Functional Area Recovery Management Team Plan Development Template

PBSi Business Continuity Planning

Hanh Do, Director, Information System Audit Division, GAA. SUBJECT: Review of HUD s Information Technology Contingency Planning and Preparedness

Temple university. Auditing a business continuity management BCM. November, 2015

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

Business Continuity Planning for Schools, Departments & Support Units

Business Continuity Planning (800)

Disaster Preparedness & Response

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

BUSINESS CONTINUITY PLANNING GUIDELINES

Business Continuity Plan Assessment Tool v1.0

How to Prepare for an Emergency: A Disaster and Business Recovery Plan

The PNC Financial Services Group, Inc. Business Continuity Program

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

CRISIS MANAGEMENT PLAN

Business Continuity Policy and Business Continuity Management System

INFORMATION TECHNOLOGY SECURITY STANDARDS

Business Continuity and Disaster Recovery Planning

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

CIS 523/423 Disaster Recovery Business Continuity

BCP and DR. P K Patel AGM, MoF

Security Architecture. Title Disaster Planning Procedures for Information Technology

BUSINESS CONTINUITY PROGRAM (BCP) HANDBOOK FOR DEPARTMENT BCP TEAMS

Business Continuity Information Gathering Template

Transcription:

Contingency Plan Template Business Unit CONTINGENCY PLAN Version 1.0 (Date submitted) Submitted By: Business Unit Date Version 1.0 Page 1

1 Plan Review and Updates... 3 2 Introduction... 3 2.1 Purpose... 3 2.2 Scope... 3 2.3 Plan Information... 4 3 Contingency Plan Overview... 4 3.1 Objectives... Error! Bookmark not defined. 3.2 Organization... 4 3.3 Mission Critical Systems/Applications /Services... 4 4 System Description... 4 4.1 Physical Environment... 4 4.2 Technical Environment... 4 5 Plan... 5 5.1 Plan Management... 5 5.1.1 Incident Notification... 5 5.1.2 Internal Personnel Notification... 5 5.1.3 External Contact Notification... 5 5.1.4 Plan Maintenance... 5 6 Appendices... 5 APPENDIX A CONTINGENCY PLAN CONTACT INFORMATION... 6 APPENDIX B MISSION CRITICAL APPLICATONS, PROCESSES... 7 APPENDIX C MANUAL PROCEDURES FOR MISSION CRITICAL PROCESSES. 8 APPENDIX D SOFTWARE INVENTORY... 9 APPENDIX E HARDWARE INVENTORY... 10 APPENDIX F VENDOR CONTACT LISTS... 11 Date Version 1.0 Page 2

1 PLAN REVIEW AND UPDATES Version: 1.0 (version number) Status: Approved Contact: (Business Unit System Owner) Date of review: Reviewed and updated by: (Business Unit System Owner) Next Scheduled Review: 2 INTRODUCTION This document contains the Contingency Plan for (Business Unit). It is intended to serve as the centralized repository for the information, tasks, and procedures that would be necessary to facilitate management s decision-making process and its timely response to any disruptive or extended interruption of the department's normal business operations and services. This is especially important if the cause of the interruption is such that a prompt resumption of operations cannot be accomplished by employing only normal daily operating procedures. Since the information contained in this document management s planning assumptions and objectives, the plan should be considered a sensitive document. All of the information and material contents of this document should be considered for limited official use by authorized personnel. The Contingency Plan is intended to provide a framework to facilitate the safety of employees and the resumption of time-sensitive operations and services in the event of an emergency (fire, power or communications blackout, tornado, hurricane, flood, earthquake, civil disturbance, etc.) Although the Contingency Plan provides guidance and documentation upon which to base emergency response, resumption, and recovery planning efforts, it is not intended as a substitute for informed decision-making. Business process managers and executives must identify services for which disruption will result in significant financial and/or operational losses. Plans should include detailed responsibilities and specific tasks for emergency response activities and business resumption operations based upon pre-defined time frames. 2.1 PURPOSE The purpose of this plan is to ensure continuity of mission critical processes and systems operations in the event of catastrophic loss or extraordinary circumstances. This Contingency Plan will assess the needs and requirements so that (Business Unit) may be prepared to respond to the event in order to efficiently regain operation of the systems that have been made inoperable. 2.2 SCOPE The plan will apply to the business units of SVCC as defined in the Business Impact Analysis portion of the Disaster Planning and Recovery process. Date Version 1.0 Page 3

2.3 PLAN INFORMATION The Contingency Plan should be considered a living document and will always require continuing review and modification in order to keep up with the changing environment. As such, it should be updated at least annually. The completed action plan of dynamic information provides all of the necessary lists, tasks, and reports used for response, resumption, or recovery. 3 CONTINGENCY PLAN OVERVIEW The (Business Unit) Contingency Plan is designed to be in accordance with the strategic intent of SVCC s functional and operational mission. 3.1 OBJECTIVES The primary objective of this plan is to establish procedures to be used for information systems in the event of a contingency to protect and ensure functioning of those assets. The individual business unit will define the specific procedures for updating and maintaining this plan. 3.2 ORGANIZATION In the event of a disaster or other circumstances which bring about the need for contingency operation, individuals with specific responsibilities or tasks which must be completed to fully execute the contingency plan must be identified. Additionally, orders of succession within the department should be defined here. The individuals who will support functions developed to respond, resume, recover, or restore operations or facilities of the affected systems are listed in Appendix A, Plan Contact Information. 3.3 MISSION CRITICAL SYSTEMS/APPLICATIONS/SERVICES Define essential mission critical systems/applications/services that must be recovered at the time of disaster in the following order due to critical interdependencies. (Business Unit) has identified the applications and services given in Appendix B, Mission Critical Applications, Processes, and Services, as mission critical. Define manual processes for critical services as well as technical and procedural problems and their solutions. Written procedures for each mission critical business process are located in Appendix C, Manual Procedures for Mission Critical Business Processes. 4 SYSTEM DESCRIPTION In this section include information for each system under ownership or controlling authority of the (Business Unit. For example: Business Unit Name, System Owner, Activity Owners, Data Owners, Data Custodians, and Primary Users. 4.1 PHYSICAL ENVIRONMENT Include the building location, internal facilities, entry security measures, alarms, and access control as applicable. Date Version 1.0 Page 4

4.2 TECHNICAL ENVIRONMENT Identify specific software applications and hardware inventories, Service Level Agreements, and vendor contacts. These are given in Appendixes D, E and F. 5 PLAN 5.1 PLAN MANAGEMENT 5.1.1 INCIDENT NOTIFICATION The System Owner for the (Business Unit) will be responsible for incident notification to all applicable parties. 5.1.2 INTERNAL PERSONNEL NOTIFICATION The System Owner for the (Business Unit) will be provided with the contact information of applicable employees. This information may be found in Appendix A, Plan Contact Information. Multiple copies of this information may be maintained internally within the department, provided the information contained therein remains current and accessible. 5.1.3 EXTERNAL CONTACT NOTIFICATION Contact information for Contingency Plan service providers, agencies, external contacts, vendors, suppliers, etc. will be provided in Appendixes A, Plan Contact Information and F, Vendor Contact List. 5.1.4 PLAN MAINTENANCE There should be at least two copies of current system security documentation. Documentation should be duplicated either in hard copy or compatible media format. Because confidential and sensitive information may be contained in the plan, all team members should be instructed to house copies the plan in a secure manner. The Business Unit System Owner should maintain a list of all employees who have copies of the plan and the specific physical location of the same. One copy should be stored on site and be immediately accessible (give location), while a backup copy should be stored off site. It is recommended that copies of the Contingency Plan be distributed to the SVCC Contingency Plan Coordinator, and Business Unit System Owner. Updates to documentation should be performed at least annually and on an as-required basis by the individual Business Unit. 6 APPENDICES All the items in this section should receive a separate appendix. Updates and reviews should be made for this data at least annually. A printed copy should be made for inclusion in the Business Unit s Contingency Plan. Access to the Contingency Plan should be available from outside the College s normal operation location. A means to access this data from alternate locations should be in place and tested annually. Date Version 1.0 Page 5

APPENDIX A PLAN CONTACT INFORMATION This appendix should include all points of contact of positions described in the Contingency Plan and key organizational personnel. Include home and mobile telephone numbers. Include emergency location assignments. Include a telephone tree, which lists the order of contact when a contingency situation or disaster is declared. The contact list should indicate the system each individual is associated with. A reference list of emergency services and public utilities should be included. Date Version 1.0 Page 6

APPENDIX B MISSION CRITICAL APPLICATIONS, PROCESSES AND SERVICES The following essential mission critical systems/applications/services that must be recovered at the time of disaster: Business units may use sheet 3 (Application Profile) of the BIA Template to populate this appendix. Date Version 1.0 Page 7

APPENDIX C MANUAL PROCEDURES FOR MISSION CRITICAL BUSINESS PROCESSES Include a list of all documentation pertinent to the operation and maintenance of each system. This list should include but is not limited to system architecture, manual procedures for mission critical processes, and standard operating procedures. Documentation must be developed, updated and/or modified to reflect the most current information as it applies to mission critical business functions. This data should be reviewed and modified as changes occur within the environment and / or at least annually as part of the DRP and Continuity of Operations testing requirements. Date Version 1.0 Page 8

APPENDIX D SOFTWARE INVENTORY This appendix should be populated with the most current data that directly reflects the current software implemented in production and deployed by the individual Business Unit. This should include the licensing agreements for any software which is not part of the SVCC standard software deployment. Date Version 1.0 Page 9

APPENDIX E HARDWARE INVENTORY This appendix should be populated with the most accurate data reflective of the hardware assets currently owned and deployed by the individual Business Unit. Date Version 1.0 Page 10

APPENDIX F VENDOR CONTACT LIST This appendix should be populated with the listing of all vendors and contractors that currently provide support or will provide support in a post-disaster environment. Additionally, any Service Level Agreements (SLAs) that have been executed and all subsequent modifications should be included with accurate Points of Contact (POCs) and emergency contact information. Date Version 1.0 Page 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information