Home > Forms and Procedures > Procedures > Disaster Recovery Planning > Introduction to DR Planning

Introduction to DR Planning

Preparing For Disaster

 

  1. GENERAL
    1. Introduction
    2. Scope
    3. Safeguards
    4. Components
  1. BUSINESS CONTINUITY ANALYSIS

University Information Technology Critical Systems

  1. RISK ASSESSMENT
    1. Levels
    2. Hazards
  2. RISK MANAGEMENT/CONTINUITY PLANNING
    1. Policies and Plans
  3. TESTING AND MAINTENANCE (separate document to be included after update)
    1. Testing
    2. Training
    3. Maintenance
  4. Appendix
    1. University Maps (Links to be added)
    2. DR Levels
    3. Contact Lists and Logs
    4. SERVER Backup List
    5. Phone Logs
    6. Data Center Information
    7. Update History

 

 

GENERAL

Introduction

The objectives of the Indiana Wesleyan University Information Technology (UIT) business continuity plans are to prepare for the maintenance of data for critical operations of the university in the event of natural disaster, technology failure, human error and terrorism. 

As an initial step in formalizing a Disaster Recovery Plan, the Vice President and Directors of Information Technology created, reviewed and prioritized a list of systems critical to the operations of the University.  Policies, procedures, business continuity plans and personnel response logs have been developed to formalize our preparations.

 

Scope

Business Continuity Plans have been created to address issues specific to the maintenance of university data.  This does not address the issue of health, life and safety.  This assumes that the following have been done:

            Police, Fire and Ambulance services have been addressed

            Access to and from the campus has been restored

            Safe handling of toxic and hazardous materials is not covered in this document.

Business Continuity Planning covers the mission critical functions.  These are processes essential to the University.

 

Safeguards

Server rooms are monitored and regulated for optimum temperature and humidity.

Server rooms are on backup generators.

All critical systems are attached to a UPS.

Testing has been done on backup generators on a scheduled basis.

 

Components

Business Continuity Analysis – each critical system has an established back up routine that has been created, documented and in many cases tested.  These include estimates of allowable maximum downtime and priorities for restoration.  Redundancy has been built-in to the plan whenever possible.  Contact lists for each critical system have been completed.  Policies and procedures have been identified and created.  They are available on the ITSA website and in written form.

Risk Assessment – identifies our levels of threat.

Testing and updating helps validate the written plans, keeps them current and helps train users regarding the optimum response.

BUSINESS CONTINUITY ANALYSIS

An analysis of key (mission critical) business procedures for the University was completed by the Directors of the University Information Technology department under direction of Vice President of Technology and Facility Services.  The critical processes generally are considered those processes that impact more than one area of the university and are basic to the recovery of all business processes.

The current critical business processes are identified below:

Process

Function

Allowable Downtime

Recovery Priority

Datatel

ERP System

12 – 24 hours

High

Exchange/@LIVE

Email systems

4 hours

High

Image Now

Document Imaging

24 hours

High

Active Directory/DNS

Domain Control

24 hours

High

Ektron

Web Functions

4 hours

High

Communite

Voicemail

 

 

VMPrint

Network printing

4 hours

High

Blackberry

Cell Phone access

24 hours

Medium

NetBackup

File Storage (SAN)

24 hours

High

NetBackup

File Storage (Servers)

24 hours

High

NetBackup

Backup System

24 hours

High

DHCP

Network configuration

2 hours

High

Network Services

Network configuration

1 hour

High

Avaya

PBX

24 hours

High

SQL Server Farm

SQL

24 hours

High

Finance Printing Templates

Source4

24 hours

High

 

RISK ASSESSMENT

 

We have determined the threats that could affect the University.  The levels of threat have been identified as:

  • Level #1           Data compromised
    • (includes file corruption)
  • Level #2           Hardware failure
    • (includes single server failure)
  • Level #3           Multiple hardware failures
    • (includes power outage, water damage, excessive heat, etc.)       
  • Level #4           Facilities damaged or destroyed
    • (includes room damage, building damage and building loss)

In addition the following hazards have been identified as possible risks/hazards:

The highest potential for Natural Disasters has been identified as:         

  • Severe Winter Storm
  • Tornado
  • Windstorm
  • Fire

The external threats have been identified as:

  • Cyber terrorism
  • Power failure
  • Loss of facilities
  • Significant hardware failure
  • Utility/telecommunications failure

The internal threats have been identified as:

  • Data corruption
  • Virus
  • Trojan horse
  • Unethical Behavior/Misconduct

            This includes fraud, plagiarism, record tampering, conflict of interest

 

RISK MANAGEMENT/CONTINUITY PLANNING

 

The University Information Technology Senior Leaders group is responsible for determining the mission critical processes that are identified within this document..  Each process will maintain a Business Continuity Plan that enables the operating unit to prepare and test for a possible disruption of service.  These plans must also take into account the possibility that a school wide interruption may occur that would affect more than one unit.

IWU’s Business Continuity unit will be responsible for creating and maintaining all unit plans.   These plans will contain up to date information regarding the process, software, backup and equipment used for each unit.  Local recovery roles, responsibilities and authority will be listed.  In addition to electronic copies of the Disaster Recovery Manual physical copies will be maintained by the Business Continuity unit.  The Vice President of Information Technology, Directory of Infrastructure, Director of Systems Administration and the Business Continuity developer will maintain these manual copies.  These will be updated when information becomes available or three times a year at the beginning of fall, spring and summer semesters.

Maintenance of the University Information Technology Incident Management Diagram is to be maintained and followed in the event of an emergency.

In addition, an alternate work site or temporary facility needs to be established.  A list of needs for the alternate backup site is being developed.  Independent Colleges of Indiana and the Council of Christian Colleges and Universities have been discussing a plan for reciprocal agreements.  John Jones has been a part of these discussions.

Identify all persons available for each impacted system including home contact.

Testing and Maintenance

At this point testing has been done over the backup generators and individual servers.

Initial testing parameters have been developed and several critical processes have begun testing with work on documentation being expanded to include training scenarios.

 Maintenance on the Business Continuity plans is done at the beginning of each semester including a review of this information by the individual stake-holders.  Updates to the information are entered when available.

 

Appendix

 


Created:

12/15/11

You must to post a comment.
Last modified
02:22, 17 Dec 2013

Tags

This page has no custom tags.

Classifications

This page has no classifications.