Preservation Section Disaster Planning Presentation (SAA 2010)

Beyond Backups
Lance Stuchell
Lessons Learned From Disaster Planning for a Digital Archive
2010 SAA Preservation Section Meeting

Overview
This slideshow was originally presented at the
2010 SAA Preservation Section
on Friday, August 13th 2010
(some slides have been added for clarity)
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.

Disaster Planning Case Study
Overview of ICPSR
Campus of the University of Michigan
An archive of digital social science research data
Preserves over 500,000 files of research data
Disaster planning process formalized in 2007
Gained new urgency after 2008 power outage
Lessons learned
The disaster planning process
Incorporating digital asset protection

"By failing to prepare you are preparing to fail."
-Benjamin Franklin

The Planning Process

“What Could Happen” Approach
Drawings by Rebecca Goldman

Core Functions Approach
Identify core functions of organization
Safety of employees and guests
Basic financial procedures (payroll)
Access to collections
Preservation of digital assets
Determine allowable downtime
Risk management does play a role
Identify other planning mandates

Benefits of Functions Approach
Helps frame entire disaster planning process
Identifies and prioritizes functions of organization
Allocation of resources
Resources can be used to protect and recover most important functions
Prioritize and allocate time and funding
Helps define and identify disasters
Events that threaten core functions are “disasters”
Less likely to miss the “small” events

Core Functions at ICPSR
Initial Core Function Identification and Allowable Downtime

Core Functions at ICPSR
Web access identified as vital core function
Allowable downtime is minimal
Led to development of webserver backup
Server is backed up in the cloud
Switches over in event of a primary outage
Facilitates continuity of web delivered content
Resources allocated to recover this function

Access During a Disaster
2008 Power Outage (before backup)
Power Outage
OAIS Function Model

Access During a Disaster
2009 Power Outage (after backup)
Power Outage
Amazon Cloud
Access
DIP
OAIS Function Model

“The Plan”

Planning Components
“Ultimately, an organization would use a suite of plans to properly prepare response, recovery, and continuity activities for disruptions affecting the organization’s IT systems, business processes, and the facility.”
From NIST Contingency Planning Guide for Information Technology Systems, pg.7.

Advantages of the Planning Suite
Implementation at appropriate levels
Administration approves and guides overall policy
Finance manages emergency funds or agreements
IT handles technical recovery plans
Improves the updating process
By the people who have ownership of the process
Can be scheduled at different times
Plans are shareable and modular

First Steps at ICPSR
Crisis Communication
Plan
Disaster Training
Plan
Disaster Planning
Policy

First Steps at ICPSR
Initial policies and plans guided process
Disaster Planning Policy
Created standing disaster planning committee
Identified stakeholders and subordinate plans
Disaster Training Plan
Identified process for promulgating awareness
Crisis Communication Plan
Identified communication process which will be utilized during and after a disaster

Digital Asset Protection

Physical Asset Protection

Research for Guidance
Archive and library community
Guidance and importance of managed backups
Stresses continued access and public services
Government and educational communities
Digital content as organizational assets
Guidance on the incorporation of IT
Sharing results, high-level polices and procedures
Private and for-profit sector
Often based on legal requirements
Very difficult to find details and examples

Planning Components
Business Continuity
Plan (BCP)
Business Recovery
Plan (BRP)
Cyber Incident Response Plan
Continuity of Operations Plan
(COOP)
Disaster Recovery Plan (DRP)
Occupant Emergency Plan (OEP)
IT Contingency
Plan
From NIST Contingency Planning Guide for Information Technology Systems, pg. 10.

Digital Centered Components
Business Continuity
Plan (BCP)
Business Recovery
Plan (BRP)
Continuity of Operations Plan
(COOP)
Occupant Emergency Plan (OEP)
IT Contingency
Plan

Plans for Digital Assets
IT Contingency Plan
Provide procedures and capabilities for recovering a major application or general support system
Addresses IT interruptions
At ICPSR: CNS (IT) is currently documenting and sharing specific system recovery procedures
At ICPSR: Many plans already existed, but needed further documentation and sharing

Provide strategies to detect, respond to, and limit consequences of malicious cyber incident
Focuses on information security responses to incidents affecting systems and/or networks
At ICPSR: Existing plan incorporated into suite

Provide detailed procedures to facilitate recovery of capabilities at an alternate site
Limited to major disruptions with long-tem effects
At ICPSR: Web Continuity Plan (cloud backup)
At ICPSR: Archival backups stored at different locations and documenting recovery procedures

Implementation and Maintenance
Standing Disaster Planning Committee
Headed by Assistant Director for Administration
Web Continuity Plan
Tested in controlled environment several times
Provided access to content during 1 power outage in May 2009
To Do List
Have a tabletop exercise centered around IT assets
Get a better hold of in-house digital assets

Promulgate Results
From http://www.icpsr.umich.edu/icpsrweb/ICPSR/curation/disaster/index.jsp

Takeaways
Disaster Planning Process
Core functions provide framework for process
Disaster plan is composed of a suite of plans, procedures, and policies
Planning for digital assets
Some plans are suited to cover digital content
Recommend using NIST Guide for guidance
Archive community needs more accessible guidance on planning for digital asset protection

Acknowledgements
Nancy McGovern, Digital Preservation Officer, ICPSR
Content for this presentation was initially developed for the
Digital Preservation Management Workshops
http://www.icpsr.umich.edu/dpm/workshops/fiveday.html
Rebecca Hatcher and the SAA Preservation Section
Slides 1 and 32: “and you thought you had computer problems”
by mandyxclearhttp://www.flickr.com/photos/mandyxclear/3461234232/
Slide 4: “Benjamin Franklin - 270/365, 6/24/10” by vpickeringhttp://www.flickr.com/photos/vpickering/4783819450/
Slide 5: “ServerBurn2” by Topato
http://www.flickr.com/photos/roadhunter/68017721/
Slide 6: Drawings by Rebecca Goldman
http://derangementanddescription.wordpress.com/2010/08/12/dangers-and-
derangers/
Slide 19: “Motherboard flame” by Alfo23http://www.flickr.com/photos/alfo23/1809728501/

Questions?
Please contact Lance Stuchell
lstuch@umich.edu

Preservation Section Disaster Planning Presentation (SAA 2010)

by Lance Stuchell on Aug 16, 2010

Accessibility

Upload Details

Usage Rights

Statistics

Preservation Section Disaster Planning Presentation (SAA 2010) — Presentation Transcript