Disaster recovery plan team roles

FXT Task 1 , Turnitin Originality Checking

Lecturer:

Date:

1

Presentation Summary :

The Presentation is created for University DRP ( Disaster Recovery Plan) / ECP ( Enterprise Continuity Plan) and it includes different areas of coverage.

DRP/ECP members Roles

Six resilience layers

Type of training a DRP team will need

How university should choose outside expertise

Best method for developing awareness campaign

Best way for implementing the awareness campaign

Area to improve Resilience to Catastrophic Evens

Employee awareness Campaign

Presenter Notes:

2

What The Presentation Is About?

Below are several areas which will benefit the university to be prepared for emergency and catastrophic event by applying for a national security agency’s center of academic excellence

Areas covered:

Disaster Recovery and Emergency Continuity Plan personal roles.

Area to properly address resilience to operational disturbance

DRP/ECP training

Emergency plan to improve inputs by outside vendors.

Employee awareness training and their roles in DRP/ECP Plan

Best methods of implementing the awareness campaign

Presenter Notes:

3

Q1: Roles of DRP/ECP Members

TEAMS RESPONSIBLE ARE

Below Teams are responsible for the Role of DRP/ECP members.

Damage Assessment Team

Restoration Team

Operation Team

Customer Support Team

Salvage/Reclamation Team

Administrative Support Team

Emergency Management Team (EMT)

Presenter Notes:

4

Answer: Roles of DRP/ECP Members

Emergency Management Team (EMT) : Is responsible to coordinate with series of other teams in university and make sure all Emergency Team Members know their responsibilities

EMT Leader: Should communicate with Senior management to report status , Request for Decisions and problem resolution. EMT will have to declare Emergency , Coordinate EMT activities and contact University EMT Members. They will also be responsible to maintain documentations for DRP/ECP and keep them up to date. Once documentation is in place they will have to make a Plan of Action for all new emergency situations they have faced and was new.

Operations Team: Operations Manager notifies business Continuity Team (BCP) Leaders in university that Emergency has been declared. Operations Manager will have to communicate with university BCP team leaders to request/status reports to EMT, Co-ordinate all BCP team activities and handle personnel issues.

Communication Team: University Communication Manager will have to take responsibility for Media and external communications. Communication Team will also be responsible for internal communications. Security Team: Security Team will be responsible to maintain physical security of university and make sure the property is safe during the emergency.

Presenter Notes:

5

Answer: Roles of DRP/ECP Continued

IT Infrastructure Team: IT Infrastructure team will fall in to different other teams each of the team member will be responsible based on their roles.

Infrastructure Technical Support Team: Will be responsible to maintain all information stored in university systems. The must define operational procedures to create preparedness for an emergency and make sure all information in still in right and safe place during emergency. Technical Support team will also make sure backups are working properly and they have healthy restoration point. They must also make sure that there is an alternative recovery in case if disaster happens at university Datacenter.

Infrastructure IT Security Team: Will be responsible to make sure all information is accessed in secure environment and will coordinate with all other departments to maintain physical security and safe access to all important data during their operation.

Executive Management Team: Will be responsible to prepare and coordinate procedures and processes that all employees and vendors should use during Emergency.

Presenter Notes:

6

Answer: Roles of DRP/ECP Continued

Training Team: Will be responsible to provide awareness trainings to all employees on what do they need to do in Emergency situations and what will be their role within the DRP/ECP.

Presenter Notes:

7

Q2: Resilience Layers

Resilience layers will address all area and help prepare university for emergency and catastrophic events. The Six Resilience layers includes.

Strategy

Organization

Processes

Data/Applications

Technology

Facilities and Security

Strategy: The first resilience layer is strategy. The layer will help university accomplish their goals as an entity, the objective directing its operation and the standards it must abide by. This layer, the below components will assessed and examined.

Vulnerabilities

Risks

Competitive Edge

Baseline organizational culture

Example of Strategy: Unauthorized Student tried to hack and accessed university exam papers to pass the exam with better marks.

Presenter Notes:

8

Q2: Resilience Layers Continued

University immediately took action and created a strategic plan to implement its DRP/ECP as well as maintaining the baseline objective of continuing to secure data systems.

Organization: The second resilience layers deals with the structure of university. The role of DRP/ECP is generated in this layer, for example who will be responsible for managing personnel when there is emergency. The second example is who will be responsible to take control and manage data access during a catastrophic event and role’s responsibilities. Another example in this layer will be the rules that will govern communication during an emergency, for example how each member will communicate with other employees in university and what technologies will be used for these communications; and finally what skills are required to comply with DRP/ECP defined goals.

Processes: The third layer is important to continue operating during an emergency. For example all employees will need access to vital information during emergency and this layer will help us to create plans. The emergency team management will be generating processes for ECP/DRP. There will be a need for processes update to reflect changes or new information such as changing personnel links within a department.

Presenter Notes:

9

Q2: Resilience Layers Continued

In this layer alternative process is needed so if the primary process fails there is alternative processes in place. A good example can be if university Wide Area Network connection fails satellite communication can take over university primary W.A.N connection.

Data / Application: The fourth layer is to examine data and applications for university. This layer include things such as testing emergency solutions from the initial creation to the point of post deployment reviewing. DRCP/ECP plans such as using two types of data links to ensure connectivity. Determining fault tolerance, to what degree failures may occur before operation cease. Last is Providing reliable data to emergency and executive management team members to create a consensus in DRP/ECP program.

Technology: The fifth resilience layer is technology which addresses several points. First the university databases administration team will determine which hardware and software are critical to DRP/ECP. An example would be a server that must be constantly powered to provide access to the company’s database. The next thing to consider is alternative site which will help include site selection, preparation and arranging for maintenance. Once the plan is in place then emergency management team would identify single point of failure that could cause DRP/ECP.

Presenter Notes:

10

Q2: Resilience Layers Continued

Failures in this layer is both technical resources such a server to personnel such as a member of upper management needed to provide consents for emergency deployments. The other steps will be that Information Technology team members must evaluate and align I.T investments to the objective outlined within the DRP/ECP to optimize the use of financial resources. Technology with in the DRP/ECP must be flexible in providing more then one function or service helping to create failsafe solution. At last upper management and emergency team members should agree to standards of resiliency.

Physical Layer: The last layer is Physical layer where university will have to build a plan to secure all areas and limit access. Anyone entering university should have ID or should have permission to enter and in order to access company servers they should be authorized and have access permission. One other important concern is to ensure adequate heating/cooling as well as steady power source for equipment. Then a testing of all systems at the operating location is performed to ensure readiness. Keeping precautionary measures in mind such as arranging alternative backup power should with the DRP/ECP is started within documentation.

Presenter Notes:

11

Q2(a): Provide one example for each of the six resilience layers related to this enterprise.

Six resilience layers Example:

Strategy: The university is going to define protocols that will allow it to continue during the catastrophic event.

Organization: The university created roles for all personnel and defines the responsibilities of each role with in ERP/DRP program.

Rules that will govern emergency communication once ERP/DRP deploys is also defined.

Processes: the university defines processes within DRP/ECP and steps to consider when reflecting future conditions during the event.

Data/Application: The university provides data access stored on server rack through satellite communication. The university also design a secondary means of accessing the data if primary link is down.

Presenter Notes:

12

Q2(a): Provide one example for each of the six resilience layers related to this enterprise Continued.

Technology: The university defines technologies/equipment required during DRP/ECP. It then selects a recovery site for operations in case of failure according to DRP/ECP outline.

Physical Security: University limits the access permission physically when entering to site thru the control of gates and doors and restrict permission to access racked servers and also making sure cooling and heating system is on correct temperature.

Q3. Outline the type of training a DRP team will need.

The first step is to determine and evaluate skills that Information Technology department have which will help emergency team for the selection and roles to be assigned to each employee. The best way is going to take an online training through test engine which will save time rather then interviewing or taking tests on paper. There will be a testing score 300 to 1000. The personnel who score in the higher will then be given more prominent role with in the ECP/DRP.

Presenter Notes:

13

Q3. Outline the type of a typical DRP team will need continued.

IT databases team are trained for emergency steps to ensure safety, security and functionality or company servers. As the database are more important to university the training for database team completes through classes, training materials and hand on labs. All personnel receive training on ECP/DRP regarding infrastructure such as location of emergency. Personnel receive training when they are hired through live mentor or training application with animated examples. Later, once individual team assignment are complete, each person will train via online simulation software tailored to their team responsibilities.

Q4. Outline how the university should go about choosing outside expertise to assist with the development of a DRP.

There are chances where university may use outside expertise if Internal staffs are not capable to full fill ECP/DRP requirements.

A consultant that would create long lasting solution, act as a facilitator when needed, act to further university missions and help train personnel where appropriate.

Presenter Notes:

14

Q4. Outline how the university should go about choosing outside expertise to assist with the development of a DRP continued.

The outside vendors are experts and have experience to deal with such situations. They are familiar with the scope of DRP/ECP project from initial design to final implementation. Vendors will receive evaluation score during the phase of determination. Vendors with more experience in DRP/ECP are assigned. As a next step then the vendor is assigned based on cost estimates.

The university must be careful when choosing vendor and weigh cost benefits to return on investment with DRP/ECP. It should not exceed 10 percent of their select budget for DRP/ECP.

Qualification for outside vendor includes familiarity with complex databases, experience with database security and server environment, deploying systems during emergency events, experience with project budget and timeline and awareness campaign.

Presenter Notes:

15

Q5.Best method for developing a DRP/ECP awareness campaign.

The best method would be to collect, develop and use experience of all personnel to contribute to a rough DRP/ECP outline. This way the emergency response team will be able to develop strong DRP/ECP. Once the DRP/ECP is in place testing it thru real life simulations of the solution proposed. The tested solution that are successful when executed made a part of the final ECP/DRP.

Q5(a). Evaluate one best method for implementing a DRP/ECP awareness campaign.

Best method that will help all employees and students understand their role with DRP/ECP is fire drill where it will bring stark attention to the DRP/ECP plan by creating a situation in which every one should perform their roles learned via ECP/DRP training.

Presenter Notes:

16

References

17

Disaster Recovery / Business Continuity - Resilient Infrastructure. (n.d) Retrieved Jan 12, 2016 from

http://campconferences.com/events/2015/disaster.htm

Risk Management and Business Continuity: Improving Business Resiliency . (n.d) Retrieved Jan

12, 2016 from http://www.riskmanagementmonitor.com/risk -management-and-business-

continuity-improving-business-resiliency/