Overview - System Source: IT Training, Managed Services ...



Disaster Recovery Plan PolicyOverviewSince disasters happen so rarely, the disaster recovery planning process can be overlooked. It is important to realize that having a contingency plan in the event of a disaster gives <Company Name> a competitive advantage. This policy requires management to financially support and diligently attend to disaster contingency planning efforts. Disasters are not limited to adverse weather conditions. Any event that could likely cause an extended delay of service should be considered. The Disaster Recovery Plan is often part of the Business Continuity Plan.PurposeThis policy defines the requirement for a baseline disaster recovery plan to be developed and implemented by <Company Name> that will describe the process to ensure safety and recover IT Systems, Applications and Data from any type of disaster that causes a major outage. ScopeThis policy is directed to the Management Staff who is accountable to ensure the plan is developed, tested and kept up-to-date. This policy is solely to state the requirement to have a disaster recovery plan, it does not provide requirement around what goes into the plan or sub-plans. Plans for various scenarios are included in the Appendices. Policy4.1 Contingency PlansThe following contingency plans must be created:Computer Emergency Response Plan: Who is to be contacted, when, and how? What immediate actions must be taken in the event of certain occurrences?Succession Plan: Describe the flow of responsibility when normal staff is unavailable to perform their duties.Inventory Study: Detail the critical infrastructure required to continue operations in the event of a location loss. This includes everything from work space to data stored on the systems, its criticality, and its confidentiality.Criticality of Service List: List all the services provided and their order of importance.It also explains the order of recovery in both short-term and long-term timeframes.Data Backup and Restoration Plan: Detail which data is backed up, the media to which it is saved, where that media is stored, and how often the backup is done. It should also describe how that data could be recovered.Equipment Replacement Plan: Describe what equipment is required to begin to provide services, list the order in which it is necessary, and note where to purchase the equipment.Media Management: Who oversees giving information to the mass media?After creating the plans, it is important to practice them to the extent possible. Management should set aside time to test implementation of the disaster recovery plan. Table top exercises should be conducted annually. During these tests, issues that may cause the plan to fail can be discovered and corrected in an environment that has few consequences.The plan, at a minimum, should be reviewed an updated on an annual basis.Policy ComplianceExceptionsAny exception to the policy must be approved by the Management Team in advance. Non-ComplianceAn employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. Definitions and TermsThe following definition and terms can be found in the SANS Glossary located at: HistoryDate of ChangeResponsibleSummary of ChangeMarch 2017Document CreationAppendix A – Building Fire ScenarioIn the event of a building fire that results in the total loss of the <Name> location, the following plan should be used as a framework for ensuring safety of employees and beginning business continuity efforts.Situation - The fire alarm has been activated and you smell smoke.Immediate Priority is human safety.When fire is discovered:Notify the local Fire Department by calling 911.Fight the fire ONLY if:The Fire Department has been notified.The fire is small and is not spreading to other areas.Escaping the area is possible by backing up to the nearest exit.The fire extinguisher is in working condition and personnel are trained to use it.Evacuate the building:Upon being notified about the fire emergency, or hearing the siren, occupants must:Leave the building using the nearest safe exit. Designated area captains are responsible for coordinating assistance for those that need it.Receptionist should take the visitor log with them and provide to the designated area captain to include in the personnel counts.Assemble in the designated area Remain outside until the Fire Department announces that it is safe to reenter.Designated leadership should take any emergency information that is not accessible outside the building with them.Area/Department Captains must:Ensure that all employees have evacuated their area/department.Perform an accurate head count of personnel reported to the designated area.Secure or remove flammable equipment unless doing so jeopardizes his/her safety.Report any problems to the Emergency Coordinator at the assembly area.Assist all physically challenged employees in emergency evacuation.Designated Emergency Coordinator(s) must:Perform an accurate head count of personnel from Area/Department Captain’s reports including visitors from reception list.Determine a rescue method to locate missing personnel.Provide the Fire Department personnel with the necessary information about the facility.Alert appropriate parties using emergency communication mechanism.Post EvacuationDesignated leadership make decision to enact remaining phases of the emergency planAcquire space if necessary Communication plan is implemented to:Set expectations using a practiced work from home policyNotify staff of plan to work remotely and implement revised processesNotify clients and customers of current situation and steps being taken to resume operationsNotify vendors of situation and hold/route orders as neededUpdate web pageUpdate phone system to route calls and play emergency messagesDesignated staff member should contact the insurance representativeProvide inventory of possibly lossesFollowing system continuity plan using assumed RTO and RPOsUpdate IT service providersSecure offsite backups if necessaryBegin turning on cold/warm siteRevert to manual processes for operations as neededLonger Term Continuity Designated leadership meets to:Determine timeframe and capacity to continue working in temporary/remote environmentDecide on enacting further continuity effortsContinue communication updates with staff, customers, and vendors.Review manual processesUpward communication of issues with temporary/work environments/processesAppendix B – Ransomware AttackIn the event of a ransomware attack that results in the encryption of files/data and potential for loss, this plan should be used as a framework for minimizing the damage and expediting the recoveryAwarenessThe IT department or service provider needs to be immediately aware of the issue.Users should be aware that reporting any suspicious messages or activity is paramount in minimizing damage.Users should be trained and aware of the methods to report activity and understand the repercussions of not doing so.Damage ControlIsolate known machines through:Removing share permissionsRemoving network cablesAssessIdentify the extent of infectionExamine file extensionsUpdate and run scannersOnce a pattern is identified:Seek an automated method to scan network servers and workstations to determine infectionRecord which are problematic and remove from networkSecure backups from replicating problemsAlert staff and compliance officers if necessaryRestoreReview and test restore capability from backupsImplement restore processCommunicate to staff and compliance officers ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download