Homeworks academic service


A review of the possible changes to the data center recovery and business continuity plan

Data center disaster recovery plan template and guide

Manual operations; and Other considerations. When developing the continuity strategy, consideration should be given to both short-term and long-term goals and objectives. Short-term goals and objectives may include: Critical personnel, facilities, computer systems, operations, and equipment; Priorities for processing, recovery, and mitigation; Maximum downtime before recovery of operations; and Minimum resources required for recovery.

Long-term goals and objectives may include: Based on the BIA, the BCP should assign responsibilities to management, specific personnel, teams, and service providers. The planning group should comprise representatives from all departments or organizational units, and the BCP should be prepared by the individuals responsible for carrying out the assigned tasks.

In addition, the plan should specifically identify the integral personnel that are needed for successful implementation of the BCP, and succession plans should assign responsibilities to back-up personnel in the event integral employees are not available.

Additionally, vendor support needs should be identified. The BCP should address: How will management prepare employees for a disaster, reduce the overall risks, and shorten the recovery window?

What issues have you run into when planning your data center's recovery from a disaster?

How will decision-making succession be determined in the event management personnel are unavailable? How will management continue operations if employees are unable or unwilling to return to work due to personal losses, closed roads, or unavailable transportation? How will management contact employees in the event personnel are required to evacuate to another area during non-business hours?

Will the financial institution have the resources necessary to transport personnel to an offsite facility that is located a significant distance from their residence? Who will be responsible for contacting employees and directing them to their alternate locations?

  1. Who will be responsible for contacting employees and directing them to their alternate locations?
  2. Note Mobile sites are a nonmainstream alternative to traditional recovery options. The technique for writing the data across multiple drives is called striping.
  3. Backup and Restoration Backups need to be stored somewhere, and backups are needed quickly when it's time to restore.
  4. The organization must add customer data -- and often hardware and software -- after the disaster strikes.

Who will be responsible for leading the various BCP Teams e. Who will be the primary contact with critical vendors, suppliers, and service providers? Who will be responsible for security information and physical?

  • It should take into account any possible business disruption;
  • If these do not exist, proceed with the following steps:

Personnel Needs One of the first things that many financial institutions realize during a disaster is that recovery cannot take place without adequate personnel.

Recovery efforts are typically more successful when management attempts to solicit and meet the immediate needs of their employees. Ideally, advance plans should be established regarding living arrangements for displaced employees and their families, such a review of the possible changes to the data center recovery and business continuity plan securing blocks of hotel rooms or maintaining rental contracts for small homes, within and outside the local area.

If an emergency lodging program is offered by the financial institution, management should be aware of the business needs of each employee to ensure that proper communication channels and alternative telecommunications options are available, particularly if employees are required to work at their hotel or at an alternate location.

Management should plan for basic necessities and services for its staff members who have been displaced during a disaster. If possible, management should establish plans to obtain water, food, clothing, child care, medical supplies, and transportation prior to the disruptive event.

Management's efforts to maintain good employee relations will likely contribute to the commitment and loyalty of financial institution personnel and their desire to assist with the timely recovery of operations. Emergency Training Since personnel are critical to the recovery of the financial institution, business continuity training should be an integral part of the BCP. During a disaster, a well-trained staff will more likely remain calm during an emergency, realize the potential threats that may affect the financial institution, and be able to safely implement required procedures without endangering their lives or the lives of others.

A comprehensive training program should be developed for all employees, conducted at least annually, and kept up-to-date to ensure that everyone understands their current role in the overall recovery process.

In addition, an audit trail should be maintained to document management's training efforts. Cross Training and Succession Planning Cross-training of personnel and succession planning is also an important element of the business continuity planning process. Management should cross train employees throughout the organization and assign back-up personnel for key operational positions. The financial institution should also plan to shift employees to other corporate sites, branches, back-up locations, or service provider facilities outside of the disaster area and prior to the development of transportation problems, if possible.

To ensure adequate staffing at the alternate site, financial institutions may decide to locate staff at the back-up facility on a permanent basis or hire employees who live outside the primary business area and closer to the alternate facility. If employees are unable to return to work, management may use formal agreements with temporary agencies and headhunting services to provide temporary staffing solutions. BCP Team Assignments Planning should also consider human resources necessary for decision making and staffing at alternate facilities under various scenarios.

Typically, a recovery team is established to perform this function, and their primary responsibility is to recover predefined critical business functions at the alternate back-up site.

They will be responsible for retrieving materials from the off-site storage location, such as data files, supplies, equipment, and software. Once these materials have been obtained, the recovery team will install the necessary hardware, software, telecommunications equipment, and data files required for recovery.

Key personnel should also be identified to make decisions regarding the renovation or rebuilding of the primary facility after the immediate disaster has ended. These tasks usually require personnel beyond what is necessary for ongoing business continuity efforts.

Personnel responsible for returning the primary facility to normal operations are usually designated to a salvage team, which should be separate from the recovery team. The salvage team must be certain that all pending danger is over, and employees can safely return to the primary facility.

Once personal security is ascertained, the salvage team will be responsible for supervising the retrieval and cleaning of equipment, the removal of debris, and the recovery of spoiled media and reports. The salvage team is also given the authority to resume normal operations at the primary facility, which is a significant task since numerous areas must be closely reviewed to ensure that operations will function properly. Once the salvage team approves the resumption of normal operations, the recovery team is assigned the responsibility of returning production to the primary facility.

However, before restoration tasks can be performed and employees return to the primary facility, the salvage team should perform an inventory of all property and ensure that the on-site investigation is complete. The BCP should address guidelines for transferring operations from the back-up site to the primary facility with minimum disruption.

In addition, records should be maintained detailing associated costs and property valuations for documenting budgetary changes, general ledger records, and insurance claims. Finally, the business continuity planning coordinator or planning committee should be given responsibility for regularly conducting employee awareness training and performing annual tests of the BCP.

In addition, the BCP should be updated at least annually, or more frequently, after significant changes to business operations, or if training and testing reveal gaps in the policy guidelines.

  1. Personnel Needs One of the first things that many financial institutions realize during a disaster is that recovery cannot take place without adequate personnel.
  2. Therefore, documentation supporting the current network environment is crucial. Last mile protection—This is a good choice for recovery facilities; it provides a second local loop connection, and is even more redundantly capable if an alternative carrier is used.
  3. Backups will be of little use if you find out during a disaster that they have malfunctioned and no longer work. Current contact information should be maintained and should be easily accessible to facilitate conference calls and meetings between financial sector trade associations, financial authority working groups, emergency response groups, and international exchange organizations.
  4. This includes planning for workspace, telephones, workstations, network connectivity, etc. Key personnel should also be identified to make decisions regarding the renovation or rebuilding of the primary facility after the immediate disaster has ended.

Alternate telecommunications capabilities should be implemented to prevent any single point of failure that could disrupt operations. Policy guidelines should also address alternate methods of telecommunications in the event primary providers are unable to supply necessary services, and regular audits should confirm the adequacy of these diverse systems. Communicating With Employees One of the most important activities of business continuity planning involves communicating with employees. Employees should be promptly notified of a pending disaster, and specific evacuation instructions should be provided and included in the BCP.

Management must be able to communicate with personnel located in isolated areas or dispersed across multiple locations, and management should be aware of each employee's evacuation plans to ensure that they can be contacted in a timely manner during a disaster. While manually dialed telephone call trees may be a viable communication tool in some instances, emergency notification systems should be evaluated to determine their cost effectiveness.

With either method, management should ensure that contact information is current and easily accessible. Synchronization with human resource departments and company mail systems may prove helpful in maintaining the currency of contact information. Employee notification solutions may also include the following: Interfacing With External Groups Financial institutions often forget about the need to include BCP guidelines regarding their interaction with external groups such as local and state municipal employees and city officials.

Management should implement BCP guidelines addressing escalation procedures and include contact information for communicating with these various groups. Consideration should be given to the proximity of the financial institution to police, fire, and medical facilities, and the timeliness of their response should be factored into BCP recovery strategies. Given the importance of the on-going operation of the financial system, financial institutions should be able to communicate with their industry counterparts.

Factoring business continuity/disaster recovery into data center relocation plans: A tutorial

Current contact information should be maintained and should be easily accessible to facilitate conference calls and meetings between financial sector trade associations, financial authority working groups, emergency response groups, and international exchange organizations. These groups should assess the potential impact of major operational disruptions, coordinate recovery efforts, and promptly respond to failures in critical communication systems.

Media Relations A significant part of any BCP and related test plan should involve dealing with the media. When a disruptive event occurs that could affect the financial institution's ability to continue operations, the public must be informed.

Before a disaster strikes, management should prepare a response that has been approved by the board and the shareholders. In addition, employees should be instructed to refer any questions to the financial institution's media contact.

The chosen spokesperson should be adequately informed, credible, have strong communication skills, and be accessible to the media so that inaccurate information is not broadcast to the public, which could potentially harm the reputation of the financial institution.

There was a problem providing the content you requested

Only confirmed information should be provided, and the spokesperson should discuss what the financial institution is doing to mitigate any potential threats.

In order to ease customer's concerns regarding the security of their deposit funds, it is a good idea to conduct regular media briefings until the emergency has ended. Hardware - mainframe, mid-range, servers, network, end-user; Software - applications, operating systems, utilities; Communications network and telecommunications ; Data files and vital records; Operations processing equipment; and Office equipment. These technology issues play a critical role in the recovery process; therefore, comprehensive inventories should be maintained to ensure that all applicable components are considered during plan development.

Planning should include identifying critical business unit data that may only reside on individual workstations, which may or may not adhere to proper back-up schedules. Additionally, the plan should address vital records, necessary back-up methods, and appropriate back-up schedules for these records.

The BCP team or coordinator should also identify and document end-user requirements. For example, employees may be able to work on a stand-alone personal computer PC to complete most of their daily tasks, but they may require a network connection to fulfill other critical duties. Consequently, management should consider providing employees with laptops and remote access capabilities using software or a VPN connection. When developing the BCP, institutions should exercise caution when identifying non-critical assets.

An institution's telephone banking, Internet banking, or automated teller machine ATM systems may not seem mission critical when systems are operating normally. However, these systems may play a critical role in the BCP and be a primary delivery channel to service customers during a disruption. Similarly, an institution's electronic mail system may not appear to be mission critical, but may be the only system available for employee or external communication in the event of a disruption.

The type of recovery alternative selected will vary depending on the criticality of the processes being recovered and the recovery time objectives RTOs. For example, financial industry participants whose operations are critical to the functioning of the overall financial system and other financial industry participants should establish high recovery objectives, such as same-day business resumption.

Conversely, less stringent recovery objectives may be acceptable for other entities. Considerations such as the increased risk of failed transactions, liquidity concerns, solvency, and reputation risks should be factored into the decision making process.

The scope of the recovery plan should address alternate measures for core operations, facilities, infrastructure systems, suppliers, utilities, interdependent business partners, and key personnel. A legal contract or agreement should evidence recovery arrangements with a third-party vendor.

However, institutions will be expected to describe their reasons for choosing a review of the possible changes to the data center recovery and business continuity plan particular alternative and why it is adequate based on their size and complexity.

Financial institutions may rely on a service provider for back-up facilities. This model also requires data files to be transferred off-site on at least a daily basis.

Disaster Recovery and Business Continuity Management

Large institutions that operate critical real-time processing operations or critical high-volume processing activities should consider mirroring or vaulting their data to the alternate site on a continuous basis using either synchronous or asynchronous data replication. If an institution is relying on a third party to provide the hot site, there remains a risk that the capacity at the service provider may not be able to support their operations in the event of a regional or large-scale event.

In addition, there are also security concerns when using a hot site since the applications may contain production data. Consequently, management should ensure that the same security controls that are required at the primary site are also replicated at the hot site. Smaller, less complex institutions may contract for a "mobile hot site," i. Each site has the capacity to absorb some or all of the work of the other site for an extended period of time.