Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. BARNET COLLEGE DISASTER RECOVERY POLICY AND PROCEDURE 1. Introduction 1.1 It is important that the College has a recovery policy and procedure in place in order for the business to continue in the event of a disaster or major crisis. 1.2 A disaster can take many forms but for the purposes of this Disaster Recovery Policy it is assumed that it is an event that causes the majority of any college site to be inoperable. The site will be known as the “disaster site”. The disaster will probably take the form of a fire, flood, explosion or act of terrorism. 1.3 The College has a Critical Action and Response (CARe) Plan which sets out the detailed operational actions which need to be taken should a disaster or major/minor crisis occur. This Plan gives example scenarios and step by step actions and should be read in conjunction with the Disaster Recovery Procedure and Policy. The Plan also sets out in more detail the responsibilities of individual members of the Crisis Management Team (CMT) as highlighted below. 2. Responsibility 2.1 The responsibility for initiating a disaster recovery operation rests with the Principal or a consensus of any 2 members of the Senior Management Team (SMT). 2.2 Once a “potential” disaster has been identified SMT will cascade this information to each other – following the order set out in Appendix 1, contact list. 3. Immediate Actions 3.1 An urgent meeting will be called either on site or at the designated Emergency Operations Centre (EOC) (see Section 5). This meeting will involve the SMT, and other appropriate colleagues such as the Health and Safety Manager, the IT Manager, Estates representatives, PR etc. 3.2 Purpose of the meeting: To agree action, such as those items set out in the checklist attached; Agree formation of a Crisis Management Team. The usual membership of the Crisis Management Team will be as follows: Emergency Director (Principal or appointed SMT member) Emergency Co-ordinator (Nominated Senior Management Team member) Coordination Team: Director of Finance, Estates Manager, Head of Marketing, Head of ITS, Health and Safety Manager and Security Manager but may vary depending on the nature of the disaster/crisis. The Emergency Co-ordinator will work closely with the Crisis Management Team to ensure that action points are carried out and that key information is communicated as appropriate.
  2. 2. In conjunction with the setting up of a meeting, it may be necessary for a site to be cleared of all staff and students as a matter of urgency – the Emergency Management Team will take responsibility for this. 4. Communication Networks 4.1 A key requirement in the period immediately following a disaster is the establishment of communications. Therefore priority will be given to restoring telephone and IT networks (inc Email) 4.2 Amongst other responsibilities, the Co-ordinator will arrange for the implications on PC’s, IT network and software to be assessed within 24 hrs and disseminated as appropriate. (IT Services have their own security, back up and recovery procedures which are attached at Appendix 7) and arrange for telephone calls and post for the disaster site to be redirected to another site. 5. Disaster Office and other temporary accommodation 5.1 An Emergency Operations Centre will be set up in the Principal’s office area as follows: If the disaster is at GP – Temporary Office Location – Wood Street Rm ILC201 ext 2800 If the disaster is at WS – Temporary Office Location – Grahame Park Rm T307 ext 2037 If the disaster is at NLBP – Temporary Office Location Wood Street Rm ILC 201 ext 2800 If the disaster is at SR – Temporary Office Location – NLBP If the disaster is at MR – Temporary Office Location – Grahame Park Rm T307 ext 2037 If the disaster is at Graseby House – Temp Office – Wood Street Rm ILC 201 ext 2800 5.2 The Emergency Operations Centre will be the focal point for all communications 5.3 The Co-ordinator will have the responsibility of setting up the temporary office as an Emergency Operations Centre to co-ordinate the recovery including the insurance claim. In the short term staff misplaced from the disaster site can be used to carry out roles in this office. 5.4 The Crisis Management Team will have the responsibility of finding temporary accommodation for the work displaced from the disaster site. The size and location of the accommodation will depend on the time of year, the courses and admin to re-locate etc. The Crisis Management Team will work with relevant Heads to achieve “best match”. 6. Notification 6.1 The Co-ordinator will inform the following at the next business opening time : Insurance Brokers – AoN Claims – 01737 783660 Bank – Barclays Bank via Director of Finance (see co-ordinators’ contact list). 6.2 The Crisis Management Team will arrange for all staff and residents (if applicable) and students to be informed of what is happening within 5 working days. 7. Media 7.1 It is likely that the College will need to respond to Media queries immediately. The Head of Marketing is a member of the Crisis Management Team and ask such will liaise with the Emergency Director and Co-ordinator over how to deal with this and the sending out of an appropriate press statement.
  3. 3. 7.2 Arrangements will be made for the Web site to be updated as soon as possible with accurate information which can be accessed by staff, students, prospective students and the media 8 Insurance and Bank Loans 8.1 The Director of Finance will previously have ensured that the College has adequate insurance cover for any disaster. This should include a Business Interruption Policy to cover additional costs such as temporary hire of premises and equipment, adverts to inform students, staff overtime, loss of funding or income (e.g. lettings) as well as a policy to cover the replacement of the premises and equipment and personal injury to staff and students. 8.2 The Director of Finance will already have got arrangements in place with the College Bank such that a temporary bank loan can be put in place quickly for additional short-term expenditure. 8.3 The other responsibilities of the Director of Finance and other members of the Crisis Management Team are set out in more detail in the CARe Plan. 9. Disaster Recovery Policy and Procedure and CARe Plan Copies of the documentation must be kept by all SMT members at their home and office addresses. Heads and Governors will also have copies and copies are to be kept by Estates, Health and Safety, Security and for the reference of Duty Principals/Reception staff. 10. The responsibility for updating the documentation is rests with the Principal’s office in conjunction with Health and Safety. Revised August 2005
  4. 4. Appendix 1 INITIAL CO-ORDINATOR CONTACT LIST Home and Mobile numbers have been deleted from MLE copy in the interests of confidentiality. Name Title Work Number Home Number Mobile Number Marilyn Hawkins Principal 020 8275 2879 Tony Alderman Chair of Not applicable Corporation Herbie Spence Director of 020 8275 2892 Corporate Planning and Resources Carolyn Davies Director, 14-19 020 8275 2801 and HE Phil Jakeman Director of 020 8 362 5050 Learning Adults and Skills for Life Dave Tabernacle Director of 020 8266 4099 Business Development Elaine Runswick Director of 020 8266 4037 Community Partnerships and Learner Services Pat Tulloch Director of Quality 020 8275 2869 (Acting) Charles Burton Senior Caretaker 020 8266 4053 (GP & MR) Gerry Dickson Senior Caretaker 020 8275 2820 (WS) Julie Bennett Health and Safety 020 8266 4055 Manager Sandie Patel IT Systems 020 8275 2873 Manager Les Bullamore Security Manager 020 7275 2877 Bernadette Wallis Corporate 020 8275 2879 Performance Manager
  5. 5. Appendix 2 Checklist for meeting of Crisis Management Team (CMT) 1. Clarify the extent of damage at site. 2. Estimate the time scale for recovery of all or part of site. 3. Establish a list of courses being held at the site and their status (e.g. exams being held, course got 6 weeks left to run). 4. Establish a list of courses due to start at the site before the site is likely to recover from the disaster. 5. Establish a list of staff based at the site. 6. If the disaster is at Graseby House establish a list of residents. 8. Agree a way forward on courses listed under 3 and 4 as follows: - suspend for an agreed period - cancel, give refund - defer start date - transfer to another site 9. Agree a way forward on staff based at the site as follows: - stay at home for an agreed period - transfer to another college site - transfer to temporary site 10. Agree a way forward on residents of Graseby House (if applicable): - find other temporary accommodation Following this the group will agree how staff and students and residents will be told within 5 working days (see 3.6).
  6. 6. Appendix 3 Key Target Dates Immediately Inform key staff Immediately Set up meeting Immediately Agree Crisis Management Team/Coordinator Within 12 hours Appropriate statement to Media sent out Within 24 hours Meeting of SMT/Heads Within 24 hours Co-ordinator to establish implications on IT Within 24 hours Site cleared of students and staff sent home Within 48 hours Emergency Operations Centre (EOC) set up Within 48 hours Telephone calls and post redirected Within 48 hours Bank and Insurance Brokers informed Within 5 working days Staff and students informed of what is happening Within 4 weeks Temporary accommodation set up Within 4 weeks Have detailed plans regarding recovery including A time scale for return to full working on the site
  7. 7. Appendix 4 Key Contacts List All Governors/Associate Governors (see Appendix 5) Insurance - AON Tel: 01737 783660 Bank - Barclays Tel: 020 8273 4151 External Audit - Robson Rhodes Tel: 01442 260200 Internal Audit - Pritchard Woods Tel: 01727 884660 Solicitors -Eversheds Tel: 01223 443771 (John Hall – Cambridge Office) Catering - Scolarest Tel: 01582 600222 LB Barnet - Chief Executive Tel: 020 8359 2000 Middlesex University - Margaret House Tel: 020 8362 5000 Prospects Careers - Peter Stevens Tel: 07711 032506 Association of Colleges Tel: 020 7827 4600 London North Learning & Skills Council Tel: 0845 019 4158 Barnet Borough Police – Chief Superintendent Tel: 0208 733 4003 Staff Officer 0208 733 4022
  8. 8. Appendix 5 Governors and Associate Governors Telephone Number Tony Alderman Marguerite Argles Trevor Berry Jude Hay Mahomed Ladha Cllr Victor Lyons Lesley Meagher Clynton Morris Noel Murphy Margaret Murphy John Northam Parmodh Sharma Jill Stansfield Robin Somerville David Thomas Governors mobile numbers, where applicable, are held by the Clerk/Clerk’s support within the College.
  9. 9. Appendix 6 Suggested Objectives:-  Continue to operate in all teaching and support units directly affected by the disaster  Support the individuals affected as well as possible  Identify the cause of the disaster and take action to minimise its re-occurrence  Minimise media induced fallout and turn to advantage where possible The Crisis Management Team should also look at setting up small working group(s) to take issues forward for example:- IT Recovery Premises restoration Procurement Media management Support and co-ordination
  10. 10. APPENDIX 7 I.T. Services Disaster Recovery & Service Continuity Plan (Summary – full document plus appendices is held by IT Services/copy also held centrally in College with Contracts Information). Approvals This document in its initial form has received the following approval from Barnet College Senior Management Team.
  11. 11. Introduction IT Services has responsibility for maintaining the integrity of computer systems, communications media and data that comprise the Barnet College IT network and for ensuring that the network is reliable, secure and not misused. In order to carry out these responsibilities IT Services are provided with privileged access to the computer network. They have a duty to use such privilege at all times in a professional manner and within the interest of the college. In the event of any service disruption or large scale disaster destroying all or part of the college computing facilities. I T Services will ensure that the necessary procedures and resources to permit the timely restoration of Barnet College computing and network facilities are available. The document containing these procedures is the IT Services Disaster Recovery and System Continuity Plan. Primary Objectives of the Plan. ♦To analyse the risks to the IT System and implement where possible preventative measures to reduce all identified risks which may lead to business disruption. ♦To present an orderly course of action for minimising any disruptions of service and restoring all computing capability in the shortest time possible. ♦To maintain accuracy of procedures by recording all changes to the computer system and infrastructure and carrying out regular testing of the plan to ensure its validity. ♦To make available all information required to minimise disruption, including technical data - such as configuration of servers, IP addresses and location of back up data to all relevant personnel. ♦To identify the equipment and any other items necessary to minimise any business disruption or disaster recovery. Location of Plan Copies of this plan will be held by the IT Services Systems Manager, User Support Manager and Helpdesk Co-ordinator. A copy will also be stored in each of the IT Services back up server rooms at Wood Street, North London Business Park, and Grahame Park. Additional copies will also be held by the Principal, the Deputy Principal, other SMT members and also with the Recovery Plan Project Manager, the Head of Estates and the college Health and Safety Manager. Abridged copies will also be held at Reception areas on all five sites. Further copies can be distributed any other location as identified by the Senior Management Team. Training All members of the IT Services team receive training as to what actions need to be taken in order that any disruptions of service can be rectified. However in the event of a large scale disruption the responsibility for resumption of service lies within the remit of the IT Services Systems team. Therefore Senior IT Systems team members (minimum of 2) will receive training on the technical implementation of the IT Services Disaster Recovery and Service Continuity Plan on an annual basis or more frequently in the event of there being any modifications made to either the IT or the central College Disaster Recovery Plan procedures.
  12. 12. This training will also be an intrinsic component of the Induction provided for new members of the Senior IT Systems team. Staffing structures of the IT Services team can be found in Appendices 1a, 1b and 1c Maintenance The Systems Manager will ensure that this Disaster Recovery Plan will reflect ongoing changes to resources. All revisions will be approved by SMT and distributed to all relevant personnel. An annual comprehensive review of the Plan will also be carried out by the IT Services managers. Testing Testing is an essential element of preparedness. Partial testing of individual components and recovery plans of specific servers will be carried out on a regular basis by the Senior Network Technicians and assisted by other Senior System Technicians when necessary. The Directory Service (used for logging users onto the system), is distributed across multiple servers and multiple sites. Therefore it is not seen as necessary or assistive to the continuity of the business of the college to test complete college system failure. This also precludes any need (other than that identified in the central College Disaster Recovery Plan) to identify alternative or hot site locations. Risk Assessment and Analysis IT Services carries out a formal Risk Assessment annually as part of the Strategic Planning Process conducted by SMT in conjunction with relevant managers. This is held in the College Risk Management Register and is monitored by the Deputy Principal each term. The current section is attached (Appendix 2). Additional risk analysis has identified several servers being given the following risk status. Those hosting functions where failure could cause a major impact to the business of the college have been given the Risk Status of Critical (C). Examples include servers hosting the college’s Financial, Management Information and Personnel and Payroll services Servers given the Risk Status of Essential (E) include servers storing administrative and academic staff user areas. All other servers have been given the Risk status Low Risk. (LR) This category includes servers hosting all other college functions such as Library Management Systems and student home areas. A listing of all servers in the college (excluding spares) detailing their location and risk status is attached. (Appendix 3) Also included are Risk Analysis, Impact and Service Continuity Plans indicating possible risks and services affected. This document also indicates anticipated disruption times and steps that need to be taken in order for interim and full recovery of services. (Appendix 4) Existing Good Practices As a result of Risk Analysis carried out in previous years the following measures are already in place in order to minimise the risk of any service disruption. ♦All IT equipment is purchased through an approved SUPC tendered supplier. The majority of hardware is purchased with a 3 year on site warranty. In order to minimise any disruptions to the system a supply of spare parts and equipment is kept in the support tech areas at each site. In order to quickly restore services and minimise system disruption the exact location of these spare servers are listed in (Appendix 5)
  13. 13. Therefore in the event of a serious physical disaster on one site (fire, flood, etc) the essential parts of the academic and general admin systems could be recreated (using our own resources) on another site. In the event of any disaster situation requiring additional replacement equipment, the IT Systems Manager is responsible for ensuring immediate reordering via the relevant supplier. (Appendix 6) ♦The majority of file servers are sited within the secure areas within enclosed rooms protected by locks with restricted access to ITS staff. Other servers are housed in locked cupboards/cages sited in specific areas where there is restricted access by ITS staff only. ♦Main wiring cabinets, routers, switches etc are housed within the servers or in rooms with restricted access and subject to the same security protection. Individual switches are sited throughout the College in locked wall mounted cabinets. These are mostly sited within offices. ♦Protection of data is ensured by access security and additional physical security of the file servers. Existing Good Practices Cont. ♦All user work areas are backed up onto tape according to a schedule detailed in. (Appendix 7). This schedule specifies backup procedures whereby tapes are kept in daily, weekly, monthly and yearly cycles. Tapes are kept in secure areas and specific tapes are locked in secure, fireproof safes in dispersed locations on different sites or remote buildings as appropriate. Annual backups are made and kept as archives. The overnight backup processes are scheduled to commence at specified times so that the process is completed between the hours of 22.00 hours and 07.00 hours. This overnight tape backup procedure allows data recovery ‘as-of-yesterday’. This would require data re-entry to recreate the data lost between yesterday and the time of breakdown ‘today’ The log of the location of back up tapes is securely stored in a fire proof safe on each site. The Senior Network Technicians are responsible for ensuring that systematic testing of all back ups is carried out on tri monthly basis and is verified by the Systems Manager. ♦ Sophos anti virus software is installed on all servers and workstations. ♦The network tree structure is set up by IT Services so that user accounts for students, admin and academic staff are sited in different containers with controlled access. In addition a VLAN structure and additional access controls are in place to restrict access to Admin facilities. ♦All PC’s, Mac’s and printers are connected to the network infrastructure. All applications software for PCs is loaded from networked file-servers – no software is held on the local PC. ♦The local hard discs are locked logically to prevent access by local users. There are restrictions on workstations to prevent misuse of access. ♦Access to all user areas or accounts is controlled by a user ID and password. The format of staff user IDs is STabcd where a is the first initial and bcd are the first three letters of the surname. Members of staff are forced to change their password every 60 days. The IT Services team change every 40 days. The HR Department inform IT Services Helpdesk of the leaving date for members of staff. On notification, the account for a member of staff is disabled but the account is
  14. 14. retained for one year before being removed from the system. In addition the Senior Network Technician (admin) is responsible for ensuring that any Admin system users IDs not used for 3 months are disabled. ♦Student accounts are created in bulk for all pre-identified groups during the summer. All students’ accounts are initially disabled. Details are issued to students by tutors during class induction. Student IDs are grouped by class identity. Passwords are constructed with six characters that are a random mixture of letters and digits to improve security. Students receive a copy of the annually reviewed Codes of Practice Document, which they acknowledge by signature before the individual account is activated. Student accounts are disabled every year during August for courses that are identified as terminated. Contents of user areas are retained so that returning students can have their files returned or former students progressing to university can obtain any required folders. ♦All users are required to sign and return an Internet Agreement Form before access is activated. The system maintains a log of all Web sites accessed by user, which can be used to help identify misuse. IDs are not enabled until students indicate their acceptance of Internet Agreement. I T Services Response to Non – Major Service Disruptions First line technical and helpdesk support is provided by the User Support team, organised under the User Support Manager responsible to the Deputy Principal. The Helpdesk should receive all initial reports and will deal with all localised and non-major disruptions affecting academic and administrative staff. Classroom faults are reported in the first instance to the User Support Technicians located on each of the main sites If the reported problem cannot be resolved by IT Support staff then the Systems team, organised under the Systems Manager and also responsible to the Deputy Principal, will be notified. The Systems team are responsible for second line technical support and for the development and advanced maintenance of the College computer network system and services. The Senior Network Technicians will assess and rectify wherever possible any disruptive situation affecting the performance of the college computer system. I T Services Response to Major Service Disruptions If the assessment of the problem by the Senior Network Technicians with responsibility for the Academic and Administrative network is such, that the scale of the problem means that the disruption can not be quickly rectified, or it is apparent that the computer network system has been seriously affected by fire, flood, theft of systems equipment or any other potential disaster, then they will notify the IT Services Systems Manager regarding the nature of the disruption, the impact that the disruption is having upon the college business, and an anticipated recovery time. The IT Services Systems Manager will then monitor the evolving situation, determine the prognosis for recovery of the damaged area through consultation with the Senior Network technicians. The IT Services User Support Manager will also be notified, together with the Helpdesk Co- ordinator and they will notify those listed on the Key Contact List (Appendix 8) not already aware of the severity of the situation, together with contacts from any areas affected by the disruption as identified by the contact list attached to each sites service restoration plan. Initiation and Implementation of Disaster Recovery Process In the event of a major breakdown of the network the Disaster Recovery aspect of the IT Services System Continuity and Disaster Recovery Plan will be initiated. This is the specific responsibility of
  15. 15. the IT Systems Manager acting upon the advice of the Senior Systems Technicians responsible for the academic and administrative network facilities. Under these circumstances the key point of contact is the IT Systems Manager who will be responsible for directly contacting the necessary external support contractors (Appendix Network Infrastructure) and suppliers as listed in (Appendix. 6) The Senior Network Technicians will be responsible for ensuring that all services are restored. The network restoration is as per the Disaster Recovery and Service Continuity – Network Infrastructure Appendix. Details of specific actions for each site can be found under the appropriate site Disaster Recovery and Service Continuity appendices for each site. Within these appendices details of departments affected and their contact numbers, details of the prioritisation of key systems and restoration order and configuration details for key systems and servers. IP Telephony Disaster Recovery Plan Separate disaster recovery procedures are in place. (See appendix 9) MIS Disaster Recovery Separate disaster recovery procedures are in place for the EBS and eFinancials systems. (See Appendix 10) The agent tests the viability of the tapes bi-annually.