Disaster Recover Plan



center71518800Disaster Recovery Plan2020centerbottomSubmitted by:eQHealth Solutions8440 Jefferson Highway, Suite 101Baton Rouge, LA 7080900Submitted by:eQHealth Solutions8440 Jefferson Highway, Suite 101Baton Rouge, LA 70809In times of disaster, the business community looks to disaster recovery plans as business continuity tools. Basic elements include communication plans, risk assessment, business impact analysis, process plans, and offsite operations plans. While our computer systems are well protected against catastrophic failure and business interruptions, these disaster recovery plans guide staff, protect data, enable speedy operational recovery, and minimize customer impact.To facilitate the support role, the corporate Information Systems (IS) Team is trained in all aspects of the eQHealth Solutions disaster recovery plan. Cross training of personnel is a key part of our Information Systems Team’s mission, preparing staff to perform critical functions during times of crisis.DISASTER Recovery TeamThe Disaster Recovery Team is composed of the following eQHealth Solutions staff: Chief Executive Officer, Chief Administrative Officer, VP of IT Operations, Manager of Administrative Services, Director of Information Technology, Systems Administrator, and Chief of Staff. The eQHealth Solutions CEO is immediately notified of disaster declaration decisions.DISASTER COMMUNICATIONSThe Disaster Recovery Team declares the disaster and initiates the staff-calling tree as appropriate. Members of the disaster recovery team are responsible for their areas’ roles and responsibilities during the declared disaster, leading to the successful conduct of business. The implementation of the disaster recovery plan results from staff participation in the implementation of the disaster recovery plan. The impact to operations of a disaster is classified as minor, major and catastrophic. For each disaster, the impact to operations is determined through the Recovery Time Objectives (RTO) for these disasters. Multiple RTO take into consideration the role of external organizations, the severity of a disaster in the conduct of business service levels, and the continuity of operations.When the Disaster Recovery Team institutes the staff-calling tree, eQHealth Solutions Management directs staff where and when they need to report. All managers have a list of current staff home telephone numbers. Information Systems advises the Disaster Recovery Team related to the following risks: computer viruses, network security, WAN outages, telephone outages, and equipment breakdown.The Calling Tree works as follows:eQHealth Solutions Chief Executive Officer, or designee, contacts the Centers for Medicare and Medicaid Services. The Chief Executive Officer also calls the Project Manager, Office Administrator, Education Manager and Information Systems Manager. The Office Administrator contacts respective staff. All Managers are responsible for contacting their respective staff. In addition, Information Systems Manager contacts Director Information Systems and System Administrator.RISK ASSESSMENTDisasters are classified as minor, major and catastrophic. Classifications are determined by evaluating the likelihood of an event and its potential impact. A minor disaster can disrupt customer service for up to 24 hours. A major disaster can disrupt customer service for 24 – 48 hours. A catastrophic event can disrupt customer service for a period greater than 48 hours. If an event is possibly a minor, major and catastrophic event, the event is categorized as “All”. Risk CategoryRisk Factor EventImpact to Business OperationsImpact to Facility or EquipmentRecovery Time ObjectiveRisk Probability of Event OccurringWeatherTornadoCatastrophicCatastrophicCatastrophicMinorWeatherHurricaneCatastrophicCatastrophicCatastrophicMinorWeatherFloodMajorMinor - assuming no damage to voice/data/fax circuitsAllMinorWeatherSnowMinorMinorMinorMinorBiologicalPandemicMinorNot ApplicableMinorMinorExternal Destructive ForcesTerrorist AttackMinorMinorAllMinorPhysical PlantFacility locationMinorMinorMinorMinorPhysical PlantPower OutageMajorMinorMinorMinorInformation SystemsComputer Virus AttackMinorNot applicableMinorMinorInformation SystemsLoss of Operation of WAN Not ApplicableNot ApplicableMinorMinorInformation SystemsTelephone OutageMajorNot ApplicableMinorAllInformation SystemsComputer/Printer BreakdownMajorNot ApplicableMinorMinorSecurityFacility SecurityMajorMajorMinorMinorSecurityAccess to Network and Computer ResourcesMinorNot ApplicableMinorMinorBUSINESS IMPACT ANALYSISWeatherTornadoCentral Louisiana averages approximately 24 storms per year with confirmed tornado development. (). If a tornado directly hit the building and the facility is damaged, all information services are redirected to the Illinois location until the local facilities are restored.For Recovery Time Objective (RTO) – Less than 2 hours. For Recovery Point Objective (RPO) – No review data will be lost, since all data is being replicated to the SAN located in the Illinois data center. Applicable HITRUST / HIPAA requirements are maintainedHurricaneHurricanes can directly affect the current physical location. With current weather monitoring techniques and experience, the Baton Rouge office is notified in advance – transitioning necessary data operations till the weather subsides. For Recovery Time Objective (RTO) – Less than 2 hours. For Recovery Point Objective (RPO) – No review data will be lost, since all data is being replicated to the SAN located in the Illinois data center. Applicable HITRUST / HIPAA requirements are maintainedFloodeQHealth Solutions office might be affected by a water main break or natural flooding. All the servers are physically located in a secure data center located in Baton Rouge which has been designed against the threat of floods. All computers and printers are at least six (6) inches off the floor. All services are redirected to another corporate office until the local facilities are restoredFor Recovery Time Objective (RTO) – Less than 2 hours. For Recovery Point Objective (RPO) – No review data will be lost, since all data is being replicated to the SAN located in the Illinois data center. Applicable HITRUST / HIPAA requirements are maintainedSnow/IceSince the facility is located on a major street, staff commute times are possibly increased from a significant snowfall or road icing, resulting in a potential late opening.RTO/RPO - no impact to operations. Applicable HITRUST / HIPAA requirements are maintainedBiologicalPandemicThe overall likelihood of a declared pandemic is rare. However, eQHealth Solutions has taken steps to insure that employees have the ability to perform their daily functions from the personal residence.RTO/RPO - no impact to operations. Applicable HITRUST / HIPAA requirements are maintainedExternal Destructive ForcesFireThe building has a fire alarm system and fire sprinkler system installed throughout the building. The risk of fire affecting operations depends on when a fire might break out, where it might breakout, and how long it might go undetected. Operationally, the following procedures help in reducing the possibility and/or potential impact of fire:All computer equipment has been purchased new.Additional electrical equipment must be approved.All electrical equipment is plugged into surge protectors or uninterruptible power supplies.Several fire extinguishers are strategically located and available at eQHealth Solutions exits, major office space areas and the data center.A fire sprinkler system is installed throughout the office.The office suites are located on the first and second floors of the building. All offices and conference rooms have doors, telephones, and (with one exception) windows. eQHealth Solutions offices are located near one of two main building stairwells that exit in close proximity to the building’s three main exits. Operational impact from fire would be based on location: Data center fire – The data center utilizes both smoke and heat detection sensors throughout the facility along with early detection devices to eliminate the threat of a fire. The facility is equipped with a dry-fire suppression system, fire doors as well as handheld gas-based fire extinguishers to quickly contain and prevent the outbreak of a fire. The data center features a completely redundant network infrastructure with multiple data circuits from different providers. The degree of damage might require redirecting services to the Illinois data center. As soon as replacement servers are received, Information Systems staff will restore the servers from the full daily snapshots and archive logs. The only review data loss would be from those reviews that are in process. Email, network security IDs and file storage would be available through the Illinois data center. The only loss would be from the current day’s work. Applicable HITRUST / HIPAA requirements are maintainedWithin the staff work area, a potential fire would directly affect user workstations (computers and telephones). Since all computers have a standard software build, we could immediately relocate users to other machines and prioritize workflow needs with available equipment. Applicable HITRUST / HIPAA requirements are maintained.Whole building destroyed by fire - The toll-free lines would be immediately redirected to the Illinois office. Maximum down time is approximately one (1) hour to discover the issue and redirect telephone lines. The major recovery areas from a fire are paper records (work-in-progress), computer equipment, telephones, fax lines, printers and basic office supplies. Applicable HITRUST / HIPAA requirements are maintainedTerrorist AttackTargets of terrorist attack could include physical damage to the capitol city’s infrastructure. The Baton Rouge Metro Airport is approximately twenty (20) miles away and would not directly affect business operations. Services would be redirected to another corporate office location until full impact of the situation is determined. Applicable HITRUST / HIPAA requirements are maintainedRTO is less than 2 hours. RPO – no data lossOther areas of attack could include the Riverbend Nuclear Power Plant located approximately 38 miles away in St. Francisville, LA and the Exxon Refinery located approximately 15 miles away in Baton Rouge, LA. Damage to either of these locations could significantly impact operations depending on the extent of the damage. Services would be redirected to another corporate office location until full impact of the situation is determined. Applicable HITRUST / HIPAA requirements are maintainedRTO is less than 2 hours. RPO – no data loss.Damage to the city’s water supply would require bottled water for staff usage, which eQHealth Solutions has readily available. Staff would not be able to use drinking fountains or the ice machine.RTO is less than 2 hours. RPO – no data loss.Chemical attacks would probably be targeted to areas with high concentrations of population gatherings i.e. downtown Baton Rouge, Louisiana State University, sports venues, or public festivities. eQHealth Solutions is located near the business center of United Plaza and an attack on the business center would severely impact or cripple operations. Files and data systems would be made available through VPN tunnels over the Internet. Applicable HITRUST / HIPAA requirements are maintainedRTO is less than 2 hours. RPO – no data loss.Physical PlantFacility LocationThe facility is located less than (1) mile from I-10 and I-12, and four (4) miles from Airline Highway. These roadways provide major access points for eQHealth Solutions staff, the destruction of these intersections could potentially result in a potential late opening.RTO/RPO - no impact to operations.Operations are also impacted by damage to city/communication services, i.e., water, power, telephone lines and T1 connectivity. In general, these types of outages are less than 24 hours.RTO less than 2 hours – Services will be redirected to the Illinois office until local facilities are restored. Applicable HITRUST / HIPAA requirements are maintained RPO – no data loss. Power Outage/SurgeUtility supplied power is interrupted. The data center is engineered with uninterruptible power system (UPS), and backup generators to deliver seamless power. In the event of a commercial power failure, the UPS will provide immediate backup power until the generators take over the load. The telephone system vendor to redirect calls to another corporate office if needed. Staff workstations are immediately shut down by a power outage. If the projected power downtime is estimated to exceed 2 hours the impacted site will cutover systems to an alternate backup site. Applicable HITRUST / HIPAA requirements are maintainedRTO is less than 2 hours. RPO – no data loss.When utility power is restored, equipment is protected from a power surge. We have surge protectors on all staff computer equipment and printers, in addition to all equipment located in the data center.RTO/RPO – no impact to rmation SystemsComputer Virus AttackCarbon Black and Palo Alto Networks firewalls serve as our protection to computer virus attacks. The Carbon Black server is updated hourly with the most recent virus protection files. Carbon Black has a mechanism for preventing all unauthorized applications from running on the computer which provides a higher level of protection. Supervisor approval is required for staff access to the Internet. The Internet and Email Policies are distributed to staff. During a computer virus attack, all Internet access and email are immediately shutdown until the virus is removed from the network. Telephonic reviews are continued. RTO – no impact on operations.RPO – no data loss.Loss of Operation of WAN – Wide Area NetworkNo impact on operations.Service Level Agreement with carrier is 4-hour turnover on repairsTelephone/Fax OutageTelephone lines - The telephone vendor currently provides the failsafe routing system on a fully redundant nationwide network. If at any time the telephone lines (toll free numbers) do not return a signal to the vendor’s main switch, the lines will be re-routed to another switch to in the vendor’s network ensure high availability. eQHealth Solutions maintains two independent circuits from different providers both through different avenues reducing the chance of both being out simultaneously. The vendor operates a redundant Network Operations Center (NOC) with 24 hours a day 7 days a week monitoring of all circuits to ensure reliabilityRTO – Less than 2 hours.RPO – No data loss.Telephone System – The telephone vendor provides redundant systems which are monitored 24 hours a day 7 days a week by their NOC to ensure no downtime.RTO – Less than 2 hours.RPO – No data loss.For a fax outage, all inbound and outbound faxes are queued until connectivity has been restored to the cloud-based service. The fax vendor maintains multiple data center locations for redundancy which reduces the risk of an outage. The Help line is updated with the current status in order to assist providers.RTO – less than 2 hours. RPO – No data lossComputer/Printer BreakdownComputers – We have the HP 3-year maintenance agreement on all workstations. We maintain extra computers to provide an immediate replacement for any failed user workstation. RTO/RPO – no impact to operations.All Xerox printers have backup printers to redirect production output. eQHealth Solutions maintains a service contract for all of our Xerox copier/printers.RTO/RPO – no impact to operations.SecurityFacility SecurityAll staff is issued security key card to access the building. With all entrances locked, the only options for entry are staffs with a key card or guests that are granted access by the receptionist. Upon entry, all staff and guests are required to sign-in to log books. All guests are escorted by a staff member while in the building.All staff are required to sign-off their computer each night. Information System policies force compliance.Data center which hosts eQHealth Solutions server infrastructure is engineered with a minimum of five levels of security to provide the utmost level of protection. Proximity cards with personal identification number, biometric fingerprint readers, hardware is secured in a locked cage fitted with a combination lock, video surveillance cameras monitored 24x7x365 and motion/vibration detectorsAccess to Network and Computer ResourcesOn their first day as an eQHealth Solutions employee, staff receives a network ID and a security badge issued by the Human Resources and Information Systems departments. Permissions for network IDs are based on Windows Active Directory security. Each account is given access levels directly related to job functions using the least privilege rule. Upon termination of employment with eQHealth Solutions, the network IDs are disabled and badges are returned and destroyed.PROCESS PLANSVoice and Fax Circuit IssueseQHealth Solutions operations depends upon our telephone system for conducting business. The telephone vendor currently provides the fail-safe routing system on a fully redundant nationwide network. If at any time the telephone lines (toll free numbers) do not return a signal to the vendor’s main switch, the lines will be re-routed to another switch to in the vendor’s network ensure high availability. eQHealth Solutions maintains two independent circuits from different providers both through different avenues reducing the chance of both being out simultaneously. The vendor operates a redundant Network Operations Center (NOC) with 24 hours a day 7 days a week monitoring of all circuits to ensure reliability. For a fax outage, all inbound and outbound faxes are queued until connectivity has been restored to the cloud-based service. The fax vendor maintains multiple data center locations for redundancy which reduces the risk of an outage.Data Circuit IssuesWide Area Network Circuit: eQHealth Solutions utilizes a private IP switched fully meshed national fiber network for the Wide Area Network connection. The service level agreement for the WAN circuit has a 4-hour turnaround on outage repairs. This redundancy reduces the possibility of corporate operations or critical data replication from going down for any length of time. Internet Circuit: eQHealth Solutions utilizes multiple circuits on a switched fully meshed national fiber network for the Internet connection. The service level agreement for the WAN circuit has a 4-hour turnaround on outage repairs. Telephone Equipment MaintenanceeQHealth Solutions utilizes a hosted telephone system for our voice communication and voice recording. The telephone vender maintains the system and provides all upgrades as part of the service.Server(s) Maintenance and Equipment Contingency PlansStorage Area Network: eQHealth Solutions utilizes two Nimble Storage Area Network (SAN) for all mission critical data which offers the latest in remote replication technology to insure the highest level of availability and business continuity. The SAN is fully redundant which has dual controllers, dual power supplies, and multiple fiber channel routes and uses triple-parity RAID to insure system uptime. If one component of the SAN unit fails, the redundant component picks up the load with no system downtime until a replacement part can be installed. If the primary SAN fails, services can be redirected to the backup SAN. If both storage area network units fail, services are redirected to the Illinois data center. Installation of the failed part can be installed HOT, meaning there is also no system downtime for repair. We maintain a service contract on the SAN unit with a 4-hour response time.File, Database and Email Server: eQHealth Solutions utilizes Cisco UCS equipment for our server infrastructure. We maintain a maintenance agreement with Cisco for a 4-hour response time on all of our servers.eQHealth Solutions uses the latest in virtualization technology, VMware vSphere for our virtualization platform. The virtual infrastructure is configured in a clustered mode meaning the platform is hosted on multiple servers. This allows for the high availability for all mission critical servers. If one of the servers of the virtual platform fails the servers can be moved to the other platform with no system downtime. Another key component is the use of a dynamic resource pool to ensure that all mission critical servers will always have sufficient memory and processors to operate with maximum efficiency.Potential problems include disk drive failure, damaged files, and server failure.If a disk drive failure occurs, eQHealth Solutions protects operations from loss of data by using Nimble triple-parity RAID configuration with a no single point of failure Storage Area Network unit. In the event of a drive failure, the system automatically accesses the failover drives without system down time. The damaged drive is replaced HOT within 4 hours. Complete snapshots of the data on the volumes of these servers are created several times a day to facilitate retrieval of damaged files. eQHealth Solutions incorporates the latest in data replication technology which allows for asynchronous replication of mission critical data to a remote location. If the file, database or email server(s) goes down completely, a virtual instance or copy of the server can be put into production with little downtime. If one of the VMware host platforms, on which the file, database and email server resides on fails, the servers are automatically moved to a redundant host until repairs are made. If the entire host platform completely fails, backup instances of the servers can be brought online in the Illinois data center which maintains a current copy of the data. The servers in Illinois data center stay in active mode until the unit host platforms are repaired. Network Switch: If a switch fails, all network traffic will automatically route over a redundant switch until the failed unit is repaired.Workstation Maintenance and Contingency PlanseQHealth Solutions uses HP workstations with a three-year warranty period. HP’s maintenance agreement provides for next business day response on workstations. eQHealth Solutions budgets several extra workstations to be used as immediate replacements. If a user’s workstation, monitor, or mouse fails, it will be swapped with a replacement while awaiting the repair. Our complete inventory includes HP Service tags. All HP Service Tags have complete information on the machine configuration sold to eQHealth Solutions in order to facilitate repair service.Printer Maintenance and Contingency PlanseQHealth Solutions uses Xerox printers for the day to day operations and maintains service contracts with Xerox.Database Issues Maintenance and Contingency PlanseQHealth Solutions uses Microsoft SQL 2016, the industry standard relational database software. eQHealth Solutions maintains a universal subscription through Microsoft which includes support for immediate assistance with database issues.If the database is down due to a SQL problem, the Database Administrator will work with Microsoft until the issue is resolved. If extended downtime is anticipated, database operations will be transferred to the failover server until the issue can be resolved.Backups: eQHealth Solutions performs hourly automated system snapshots of the database. We maintain a one week set of snapshots. SQL transaction log files are also enabled and replicated to the Illinois location for full redundancy. If eQHealth Solutions experiences any data corruption, data will be reloaded from a snapshot residing on the SAN and log file transactions will be applied to the database where possible. By adhering to a weekly rotation, and replicating critical database information, eQHealth Solutions ensures systems can either be re-directed to other servers if necessary or restored to functionality in the least amount of time possible. eQHealth Solutions utilizes the latest in data replication technology. All data from critical systems resides on the SAN. The data is constantly monitored for changes. Any changes that occur are then replicated to a SAN in the Illinois data center asynchronouslyINFORMATION SYSTEMS MAJOR RESPONSIBILITIESThe following table highlights the major responsibilities of the Information Systems Team in supporting the Louisiana contract requirements. Information Systems TasksLead Accountability - LocationCross-Trained Backup PersonnelDatabase MgmtDatabase Administrator - LouisianaDirector of IT Ops – IllinoisSystems Engineer – LouisianaUser SupportSystem Support Specialist – Louisiana #1System Support Specialist – Louisiana #2Corp. Systems Support Manager – MississippiSystem Backups and ReplicationSystems Engineer – IllinoisDirector of IT Ops – IllinoisSystems Engineer – LouisianaHardware TroubleshootingSystems Engineer - LouisianaDirector of IT Ops – IllinoisSystems Engineer – IllinoisHardware Installs and FixesSystems Engineer - LouisianaDirector of IT Ops – IllinoisSystems Engineer – IllinoisSystem Security and AccessSystems Engineer – IllinoisDirector of IT Ops – IllinoisSystems Engineer - LouisianaTechnical Engineering DesignDirector of IT Ops – IllinoisCIO – LouisianaVP of IT Ops - LouisianaInternet Services Admin and SecurityDirector of IT Ops – IllinoisDirector of IT Ops – IllinoisSystems Engineer - LouisianaWeb Server AdministrationSystems Engineer - LouisianaDirector of IT Ops – IllinoisSystems Engineer – IllinoisInformation Systems Components and Recovery Plans TableIS COMPONENTS AND RECOVERY PLANSSection 1InfrastructureSection 2Database ServerSection 3Server Backups and ReplicationSection 4File and Application ServersSection 5Exchange Email ServerSection 6Storage Area NetworkSection 7User AccessSection 8Web ServerSection 9Data Circuits Section 10Printers and SwitchesSection 11FirewallSection 12Anti-Virus ServerSummary of Information Systems Components and Recovery PlansInfrastructure All eQHealth Solutions servers and workstations were purchased new for the contract. For server hardware failures, the company has Cisco UCS servers with the 4-hour replacement warranty. For workstation hardware failures, eQHealth Solutions maintains an inventory of extra workstations to immediately replace any failing workstations. HP is contacted for service on any defective workstation.For SAN component, eQHealth Solutions has service agreements with the vendors for 4-hour replacement warranty.For other equipment hardware failures, eQHealth Solutions maintains backup printers, switches, firewall, router, and telephones for immediate replacement of the failed equipment. Vendors are contacted for servicing or replacing the defective equipment.eQHealth Solutions has developed a recovery procedure for each Information Systems Component. A copy of the Disaster Recovery Plan, in addition to the recovery procedure documents is located in the Information Systems Departments at Florida, Louisiana, Illinois, and Mississippi. Database Server Recovery MethodologyPhysical Server:Hardware Failure – The virtual instance of the server moved to backup host platform with little to no downtime. File corruption – Restore and recover from previous backup\snapshot. Catastrophic Loss (including Fire or Weather damage) – Bring database services up on backup server in the Illinois office and connect to the replicated database and apply log file transactions where possible.SQL Database:Data Corruption – Restore and recover data from previous hourly snapshot and apply log file transactions where possible. Server Backups and ReplicationData Backup:All mission-critical data is backed up hourly. Mission-essential data is backed up daily. Hourly asynchronous replication of mission critical data. Nightly asynchronous replication of mission essential data. Backups and replication are verified to ensure the process has been completed successfully. If they did not, a manual backup will be done at that time.Server Backup:All servers are backed up daily.Server backups are asynchronously replicated to the IL data center weekly.Backups and replication are verified to ensure the process has been completed successfully. If they did not, a manual backup will be done at that time.File, Application and WebServersRecovery MethodologyHardware Failure – The virtual instance of the server moved to backup host platform with little to no downtime.File corruption – Restore and recover from previous backup\snapshot. Catastrophic loss (including Fire or Weather damage) – Redirect services to a replicated server in the Illinois data center.Exchange Email ServerRecovery MethodologyHardware Failure – The Exchange environment is on a hosted platform which the vendor maintains in multiple data centers. No downtimeFile corruption – The vendor maintains the Exchange platform. Catastrophic Loss (including Fire or Weather damage) – The vendor is configured for high availability and all data is replicated to multiple data centers in their environment. Storage Area NetworkRecovery MethodologyPhysical Server:Hardware Failure – The Storage Area Network has dual controllers, dual power supplies, and multiple fiber channel routes and uses triple-parity RAID to insure system uptime. If one component of the SAN unit fails, the sister component picks up the load with no system downtime until a replacement part can be installed. Installation of the failed part can be installs HOT, meaning there is also no system downtime for repair.File corruption – Restore and recover from previous backup\snapshot. Catastrophic Loss (including Fire or Weather damage) – All mission critical and mission essential data is asynchronously replicated to the Illinois data center.Data:Data Corruption – Restore and recover data from previous snapshot. User AccessRecovery MethodologyFile Corruption – Transfer the Active Directory roles to a backup domain controller until the failed domain controller can be repaired.Hardware Failure or Catastrophic Loss - Transfer the Active Directory roles to a backup domain controller until the failed domain controller can be restored from a snapshot.Data CircuitsRecovery MethodologyHardware Failure for Data Circuits – Internet service at the data center consists of a multi-carrier redundant configuration with no single point of failure. If the circuits are down for greater than 4-hours, the web services are redirected to the Illinois office until the circuits are restored.Catastrophic Loss (including Fire or Weather damage) – Services are redirected to the Illinois office until services are restored.Printers and SwitchesRecovery MethodologyPrinter Failure – Redirect to an alternate printer. Contact Xerox for repair. Switch Failure - If a switch fails, all network traffic will automatically route over a redundant switch until the failed unit is repaired. Firewall Recovery MethodologyHardware Failure – Traffic will automatically be redirected through the redundant firewall. Repair or replace defective unitCatastrophic Loss (including Fire or Weather damage) – Redirect services to the Illinois location.Antivirus ServerRecovery MethodologyHardware Failure – The virtual instance of the server moved to backup host platform with little to no downtime.File corruption – Restore and recover from previous backup\snapshot. Catastrophic loss (including Fire or Weather damage) – Redirect services to a replicated server in the Illinois office.Disaster Recovery Plan Reviews and UpdateseQHealth Solutions will reevaluate the Disaster Recovery Plan annually to verify that the following targets have been tested. After Disaster Recovery Plan updates, copies of the Plan are sent to the Louisiana, Illinois and Mississippi offices.Disaster Recovery Plan Testing MatrixTest TargetTesting ProcessFrequencySQL Database ServerBring a virtual copy of the server online, in an isolated environment, to verify access to database.DailyData Snapshots and ReplicationAll mission critical data is being replicated to the SAN in the Illinois data center. In addition, snapshots of the same data are taken frequently throughout the day. Business days check error log for process issues.Server RecoveryBring a virtual copy of the server online, in an isolated environment, to verify access.QuarterlyWeb ServerTested daily by staff and providers. Troubleshoot all connectivity issues. Business days check error log for process issues. Data circuitsVendor automated backup processes.Designed as part of vendor relationship.Antivirus SoftwareCarbon Black servers are updated.Check alerts as they are generated.Security – NetworkProcess set up to activate new employees, and deactivate terminated employees.Process followed as employee statuses changed.Update Workstation ImagesCreate image with new system updates and test functionality.Within 6 months of major system updates, at a minimum test annually.Equipment inventoryVerify the following replacement equipment is available: printer, network switch, workstation, and laptop.Add equipment as needed. Complete formal inventory for DR Plan Annual Review.Temporary Office Space VendorsContact to validate features and availability.AnnuallyVerify, Test, and Update DR PlanReview plan for validity. Gather test data. Update as needed and redistribute to Louisiana, Illinois and Mississippi offices.Annually (or sooner if major infrastructure changes occur)VoIP SLA ReviewReview provider contingency plans to ensure that the plans meet organizational contingency requirementsAnnuallyReview/Revision History:Wayne Wallace – Corp. IT Director. – 5/6/2016Eric Gorczynski – Corp. Infrastructure Manager. – 6/20/2017Wayne Wallace – Corp. IT Director – 6/20/2017 Eric Gorczynski – Corp. Infrastructure Manager. – 8/9/2018Eric Gorczynski – Corp. Infrastructure Manager. – 8/30/2018Eric Gorczynski – Director of IT Operations – 9/4/2019Eric Gorczynski – Director of IT Operations – 3/2/2020Allen Dixon – Service Delivery Manager – 3/16/2020 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download