KHA Security-Disaster Recovery Plan (DRP)

SP-5 Disaster Recovery Plan (DRP)

The Disaster Recovery Plan (DRP) is an assessment matrix and set of procedures to guide the operations actions in the midst of natural or man-made disaster. This plan is put into effect based on the conditions for activation set forth in the Continuity of Operations Plan (COOP). It is only implemented when the scope of the disaster does not cause the enterprise functions to relocate.

Purpose

Establish a complete and flexible plan for the restoration of applications and services in the event of a disaster. Identify the roles, responsibilities and personnel needed to perform to the DRP. Utilize the Impact and Recovery Assessment matrix to determine criticality of outage and impacted resources.

Principles

Enterprise functions do not relocate.

Content

The DRP document contains the following elements: Activation, Roles and Responsibilities; Disaster Impact and Recovery Assessment, and Recovery Procedures.

TOPIC	DESCRIPTION
Activation	Defined by COOP, DRP activation.
Roles and Responsibilities	This section contains a matrix of the roles and responsibilities (by position) of all personnel throughout the enterprise who are involved in DRP restorations. Alternates are provided for each position.
Disaster Impact and Recovery Assessment	This section contains matrix for assessing the type, duration, impact of the disaster.
Recovery Procedures	This section describes the procedures used to restore the business and systems functions.

1. Disaster Recovery Activation

As defined by the COOP, the DRP will be activated at the request of a person filling any of the following job positions: President, CEO, COO, CIO, VP IT Operations, KHA Security Manager, or Division Security Manager. Activating a Relocation Site requires the approval of the CEO, President, or COO.

2. Recovery Roles and Responsibilities

ROLE	RESPONSIBILITY	PRIMARY	ALTERNATE
DRP Team Leader	- Directs activities of team, receives COOPs disaster declaration - Convene/release DRP Team - Coordinates recovery efforts - Reports to Executive Committee on progress - Receives status of DRP recovery efforts - Directs public relations to DRP media interface	Robert Dumbfounded	William Uptimer
DRP Alternate Team Leader	- Substitutes for Team Leader, if Team Leader not available - Aids Team Leader in coordination efforts	Barry Missedhugh	Melissa Mealtime
Network Manager	- Coordinates activities to restore data/voice network infrastructure and devices, Email services - Gathers network damage assessment and recovery estimates, reports information to DRP Team Leader	Jack Flash	Hardly Waiting
Database Support	- Coordinates effort in support of restoration of databases - Supports damage assessment and recovery effort	Frank Access	Nedly Proficient
External Contract Support	- Coordinates all contact with external contract support - Gathers information on any resource supported by external contract and provides information to DRP Team Leader	Dewey Cheatum	Bartlet Legal
DRP media interface (Public Relations)	- Provide information to DRP Team Leader - Provide information to media	Mick Mauser	Ralph Wolff
Administrative Support	- Coordinates administrative assistant support to DRP team - Provide status to DRP Team Leader	Lila Gonzales	Myrna Harper
Purchasing Representative	- Coordinates purchase status to DRP Team Leader - Purchases/leases equipment	Lex Luthor	Kimberly Knuttsen
Transportation/Logistics	- Coordinates efforts of transportation of equipment - Coordinates logistics between groups for times and locations of deliveries	Michael McMinney	Tiara Schultze
Risk Management	- Informs DRP Team of actions and associated risks - Suggests actions to minimize risk	Kim Novak	Maxine Pearl
Facilities Representative	- Coordinates activities to restore/repair of facilities - Coordinates activities between security and subcontractors - Gather damage assessment and repair estimates - Provide restore/repair estimates to DRP Team Leader	Carol Impson	Franklin McFavor
Audit and Security	- Audits activities to ensure they follow prescribed policies and procedures - Ensure no security breaches occur - Directs physical security efforts	Amanda Kestrel	Karl Krumppe
Emergency Response	- Ensures escalation procedures are followed - Coordinates activity with emergency response team - Coordinates efforts with external organizations, power, fire, medical, etc.	Lonnie Luskowitz	Ryanne Rearson
Windows Server Manager	- Coordinates recovery of Windows servers - Provides damage assessment/recovery estimates of Window server rooms and status to DRP Team Leader	Gloria Starski	Lawrence Lombardy
Unix Server Manager	- Coordinates recovery of Unix servers - Provides damage assessment/recovery estimates for Unix server rooms and status to DRP Team Leader	Patricia Petersen	Robert Lightshade
Sales & Marketing	- Coordinates recovery of Sales and Marketing systems - Provides damage assessment/recovery estimates for Sales & Marketing system and status to DRP Team Leader	Peter Sellers	Summer Winters
HR/Payroll/Benefits Manager	- Coordinates recovery of system(s) - Provides damage assessment/recovery estimates for scheduling system and status to DRP Team Leader	Kris Kandor	David McBride
Supply Chain Manager	- Coordinates recovery of procurement system - Provides damage assessment/recovery estimates for procurement system and status to DRP Team Leader	Bob Beyer	Wendy Solar
Design and Analysis Manager	- Coordinates recovery of CAD systems - Provides damage assessment/recovery estimates for CAD systems and status to DRP Team Leader	Sara Sorenson	Dawn Bass
ERP Manager	- Coordinates recovery of ERP/MRP systems - Provides damage assessment/recovery estimates for ERP/MRP systems and status to DRP Team Leader	Windy Gale	Harold Herman
Training Systems Manager	- Coordinates recovery of Training systems - Provides damage assessment/recovery estimates for Analysis systems and status to DRP Team Leader	Goldie Pond	Bill Penn

3. Disaster Impact and Recovery Assessment

The Disaster Impact and Recovery Assessment Matrix includes the major resources and systems utilized at KHA. The impact type displays what disaster conditions may impact those resources. Impact level categorizes the urgency of restore. Enterprise affects depicts the interconnectivity to the other enterprise resources.

The plan includes "mission critical" services which are mandated to be fully restored within 24 hours and "vital" services which do not absolutely require a 24-hour restoration but cannot wait for a lengthy procurement process. Vital services will be restored within 72 hours. Both mission critical and vital services are included in this plan. Non-mission critical services are not covered and are assumed to be restored within 30 days of the disaster.

Resource / System	Impact Type							Impact Level			Enterprise Affects
	Electrical	Climate	Building damage	Room damage	Virus, Worm, Trojan Horse, Spyware, etc.	Data communications	Phone communications	Mission Critical 24 hours	Vital 72 hours	Non-mission 30 Day
Network & Infrastructure, Nortel, NIPRNET, GeoTalk	X		X	X	X	X	X	X			All systems.
Data & Information	X				X	X		X			All Systems.
Windows Servers	X	X	X	X	X	X		X			All Systems
ApacheServers	X	X	X	X	X	X		X			All Systems
Linux Servers	X	X	X	X	X	X		X			All Systems
Unix Servers	X	X	X	X	X	X		X			All Systems
Marketing Systems	X				X	X			X		PRISM, SAP

Resource / System	Impact Type							Impact Level			Enterprise Affects
	Electrical	Climate	Building damage	Room damage	Virus, Worm, Trojan Horse, Spyware, etc.	Data communications	Phone communications	Mission Critical 24 hours	Vital 72 hours	Non-mission 30 Day
Marketing Systems	X				X	X			X		PRISM, SAP
HR/Payroll/Benefits Systems	X				X	X			X		SAP HR
Supply Chain Management Systems	X				X	X			X		PRISM, SAP
Warehouse Management	X				X	X			X		KHA Warehouse Inventory System
Contracts / Legal	X				X	X			X		LEXUS/NEXUS
Design & Analysis - CAD System	X					X		X			CAD, CADCAM v7.1
Office Systems	X					X		X			Google Apps, Office 2007, Exchange 2007, NetMeeting, SharePoint2007, Adobe Acrobat
Back Office/ Support Systems	X					X		X			Pitney Bowes Shiping Center v3.5 FedEx Tracking, Intermec BarCode Reader v2.42
Financial Accounting	X					X			X		PRISM, SAP

4. Recovery Procedures

Each facility shall maintain a custom Disaster Recovery Procedure Manual in alignment with the DRP to meet their specific needs. Each DRP Manual will be marked with the specific facility and stored in both electronic and hardcopy format. Each facility manager is responsible to send an electronic copy of the most current version of their DRP Manual to the DRP Team Leaders and Alternate DRP Team Leaders, as identified in the table in Section 3 of this document. The DRP Team Leaders and Alternate DRP Team Leaders will maintain these copies only as a backup for the original that is maintained at each facility. These backup copies are only to be used in the event that the originals are unavailable during an actual disaster. The following is a guide of the items to be covered in each DRP Manual as appropriate to that particular facility:

Generalized task list for mission critical recovery of vital resources in event of disaster

Procedures for hardware verification for each server

Procedures for base file system restore for each server

Procedures for database file system restore for each server

Procedures for application file system restore for each server

Procedures for OS restart and verification for each server

Procedures for switching network identity to production server name including DNS

Procedures for network restore verification for each server

Procedures for database restart and verification for each database instance on each server

Procedures for application restart and verification for each application for each server

Procedures for application test & verification for each restored application on each server

Procedures for backup test and verification for each server

Document the facility specific recovery team members and backup personnel