IR
Uploaded byIndeevari Ramanayake
PPTX, PDF6,962 views

Disaster Recovery Plan

The document provides a disaster recovery plan for KDU Bank. It includes: - Contact information for key IT personnel and external vendors. - Identification of critical systems and timelines for recovery within 4-24 hours including restoring backups and key services. - Risks are assessed and contingencies are outlined for various disaster scenarios affecting operations. - Backup strategies, software and physical safeguards are defined to enable recovery from disruption of computer and network services.

Embed presentation

Downloaded 394 times
Information Technology Disaster Recovery Plan
Revision History VERSION DATE APPROVED MODIFIED BY DESCRIPTION OF CHANGES MADE Original 1.0 04.10.2016 Amal Fernando First release
Introduction to KDU Bank  Kotelawala Defence University in Ratmalana - Sri Lanka, is a semi-government university, where military and civil students are being educated.  KDU Bank is created on 2015.03.01 in order to deposit the salaries of lecturers and cadets and it is integrated with Bank of Ceylon.  Over the years, KDU Bank has set up a highly computerized operational environment.  This includes the use of personal computers in offices, as well as many network and database servers and computer devices (eg:ATM Machines) that provide much of the operational support for the administrative units and the banking staff .  The network with in the bank ties these various systems together and provides communications to the entire Bank.
Objectives  Define procedures for a contingency plan for recovery from disruption of computer and/or network services.  Orderly recovery and resumption of operations that concern the critical business of running the bank, including providing support to administrative and management departments relying on computing.  Recovery within a reasonable time and within cost constraints.
Key Personnel Contact Info 1. IT Disaster Recovery Executive Management Team(REMT) MANAGER/DIRECTOR AREA OF RESPONSIBILITY CONTACT INFORMATION Ranjith Somathilaka Chief Information Officer Cell: 0714875629 Office: 0112478965 Email: ranjith.soma@kdu.ac.lk Malani Jayaweera Associate CIO Applications Cell: 0774189573 Office: 0112478966 Email: malani.jaya@kdu.ac.lk Sarath Bandara Manager Application Hosting Cell: 0777542691 Office: 0112478967 Email: sarathb@kdu.ac.lk Wasula Dissanayake Manager Client Technologies and Enterprise Operations & Monitoring Cell: 0715489623 Office: 0112478968 Email: wasula.dissa@kdu.ac.lk
Manager Group Lead IT Expert Data Center Mr. Lahiru Fernando Mrs. Kavini Abeysinghe Mrs. Shirani Dissanayaka Windows Ms. Namali Peiris Mr. Ranjith Perera Mrs. Semini Parami Storage Mr. Sumangala Mr. Madhusha Anthony Mr. Tharaka Bandara Virtualization Mr. Asitha Ranasinghe Mr. Dulanjana Alwis Mrs. Navodya Dalugama Network Mr. Abdul Hussain Mr. Supun Sanjeewa Mr. Kevin Rathnayaka Network Security Mr. Dharma Prathiraja Mr. Nuwan Tharaka Mr. Alex Pereira Oracle Platforms Mr. Asoka Silva Mr. Indika Gamage Mr. Asela Pakshaweera File & Print Servers Mrs. Malini Priyasad Mr. Kasun Pieris Mr. Suresh Gunasekara Client Technologies & Desktop Support Mrs. Jayani Fonseka Mrs. Amali Caldera Mr. Ryan Dias Backup & Recovery Mr. Bhanuka Jayasundara Mrs. Udara Basnayaka Mr. Madusara Rajapaksha 2. Disaster Recovery Team Members
Disaster Recovery Team Introduction  Recovery team leaders have been assigned in each major area and general duties given.  The team leader will make assignment of personnel in the major areas to specific tasks during the recovery stage over that area.  In case of a disaster, the emergency call list will need to be used.  The team will be contacted and assembled by the ERT.  The team's responsibilities include: • Establish facilities for an emergency level of service within 2 business hours; • Restore key services within 4 business hours of the incident; • Recover to business as usual within 8.00 to 24.00 hours after the incident; • Coordinate activities with disaster recovery team, first responders, etc. • Report to the emergency response team
Responsibilities of Disaster Recovery Coordinator The Chief Information Officer, Information Technology will serve as the Disaster Recovery Coordinator. Responsibilities: • Invoking the Disaster Recovery Plan. • Supervising the recovery activities. • Naming replacements, when needed, to fill in for any disabled or absent disaster recovery members. Any members who are out of town and are needed will be notified to return. • The VP, IT will keep users informed of the recovery activities.
Administrative Systems / Operations Recovery Team The Director of IT Operations will serve as Administrative Systems / Operations Recovery Team Leader. Responsibilities : • Coordinating hardware and software replacement with the administrative hardware and software vendors. • Supervising moving backup media and materials from the off-site safe and using these for recovery when needed. • Coordinating recovery with affected departments. • Coordinating scheduling for administrative programming, production service, and computer scheduling. • Keeping the Disaster Recovery Coordinator informed of the extent of damage and recovery procedures being implemented.
This section lists all key IT vendors who may need to be contacted following a disaster. Name, Title Contact Option Contact Number Landlord/Property Manager Work 0116258741 Mobile 0716325102 Email Address basnayakabm@gov.lk Power Company Work 0116328902 Mobile 0779521402 Email Address namalperera@ceb.lk Telecom Carrier 1 Work 0112874136 Mobile 0769854120 Email Address javidfaizer@slt.lk Telecom Carrier 2 Work 0113251420 Mobile 0716954123 Email Address yasitha123@dialog.lk 3. External / Vendor Contact List
Name, Title Contact Option Contact Number Hardware Supplier 1 Work 0113251029 Mobile 0728512302 Email Address hasithkaruna@cisco.com Server Supplier 1 Work 0114798785 Mobile 0716258746 Email Address nadeeraserv@rocketmail.com Workstation Supplier 1 Work 0117896542 Mobile 0773625148 Email Address deshan_gim@hotmail.com Office Supplies 1 Work 01155874462 Mobile 0756549871 Email Address yohannav@gmail.com Insurance – AIA Insurance Work 0116235881 Mobile 0789541230 Email Address praneeth82@aia.com
Notification Calling Tree Person Identifying the Risk Chief Executive Officer Chief Financial Officer Network Manager System Administrator Network Administrator IT Manager Bank Manager
External Contacts Calling Tree Person Identifying the Risk Bank Manager Insurance Company Emergency Services Workstation Suppliers Fire Brigade Deputy Managers Electricity Supply Company
Backup Strategy  Warm Site Strategy is used as the backup strategy.  A warm site being an alternate location with sufficient hardware, duplicated from the primary site, on which backups can be restored to have the bank system running in a minimal amount of time, but in a degraded state.  This is primarily due to the prohibitive cost factor of a hot site, duplicating the total hardware and networking infrastructure of the banking network.
Application RTO/RPO Risk Mitigation Recovery Core banking 30 minutes/ 0minutes Server failure and systems outage Clustered solution Failover to backup cluster node Corporate website 0 minutes/ 0minutes System/ application outage Scale-out virtual server design and local balancing Direct traffic to additional server capacity Accounts reporting 4 hours/ 24 hours Application/ server failure Traditional backup and recovery Restore application data and VM from backups In addition to warm site strategy, the following strategies are followed to recover from disasters.
Risk Management Risk category Risk How to Manage Risk Credit Card Browser Risk In loan policy process of a bank must be articulate, Credit rating or scooping, and quantifying financial expected and unexpected lose by following scientific basics. Industry Risk Portfolio Risk Unable to perform financial transac tion Operational Risk Increase the volume & transaction & complex support system Bank can make use analytical and judgmental technique to measure. Develop the bank Rating which is similar to bond Credit Rating. And estimate Probability of operational lose and also potential size of lose. Settlement Payment & interruption in business activity Legal & administrative risk
Risk Probability Impact Precautions Power Failures Medium High • Keeping backup generators (additional • power supply methods) • Get an idea about upcoming power failure times from CEB. Fire Hazards Low High • Using fire alarming systems • Keeping fire extinguishers • Keep contact numbers of fire brigade Technical Issues Medium High • Hire external technical supporters • Keeping spare equipment in case of a break-down
Critical Systems Identified Critical Systems include but are not limited to the following and are rated in order of priority to recovery,  Network communications / connectivity  DNS / Active Directory  Administrative System (ERP)  Email / Telephone  File / Print  Web Services  Individual PCs
Emergency Response  Alert, escalation and plan invocation  Plan Triggering Events  Key trigger issues at bank that would lead to activation of the DRP are: • Total loss of all communications • Total loss of power • Loss of the building • Lose of Data • Server failure
This disaster recovery plan for the bank will be invoked under one of the following circumstances: 1. An incident that has or may, partially or completely disable the operations of bank’s central computing for a period of 24 hours. 2. An incident, which has impaired the use of computers and networks, managed by IT, due to circumstances which fall beyond the normal processing of day-to-day operations. This includes all administrative systems under the IT management. 3. An incident, which was caused by problems with computers and / or networks, managed by IT and has resulted in the injury of one or more persons at the bank.
Assembly Points  Primary – Establish number of “Emergency Exits” inside the building.  Alternate – Parking lot of the bank across the street can be used as a temporary spot to place injured victims until help arrives.
Contingencies General situations that can destroy or interrupt operations of the bank usually occur under the following major categories: 1. Power/Air Conditioning Interruption 2. Server Failures 3. Data Centre Failures 4. System Outages 5. Security Vulnerabilities (Hacker Attacks/ Virus /Malware etc.) 6. Fraud & Mismanagement 7. Fire 8. Water 9. Weather and Natural Phenomenon 10. Chemical or Biological Disaster 11. Sabotage and Interdiction 12. Bank Note Damage 13. Legal Issues 14. Poor Backup Facilities
There are different levels of severity of these contingencies necessitating different strategies and different types and levels of recovery. This plan covers strategies for:  Partial recovery - Operating at an alternate site off bank and / or other area s on banking premises with a degraded level of service for a period of time.  Full recovery - Operating at the backup server room inside the KDU premises, possibly with a degraded level of service for a period of time.
Physical Safeguards 1. There are five entrances to the Main Building. The entrances use standard door locks on all five entrances and these doors are kept open during working hours and locked at night. 2. There is one entrance into the main IT Server Room which is located in the second floor of the Main Building. This door is protected by a smart card lock. 3. Mains Building – • Server Room Main 13 houses most of the data servers. • It is the hub for bank data networks. • There is no protection or detection against water damage. • The room is connected to the bank’s fire/smoke detection system.
4. The Equipment Room – • Connected to a UPS system, located in the server room Main building's room 13. • UPS provides approximately 15 minutes of power during a power interruption. • There is an automatic transfer switch that will start up the diesel generator to all the computer equipment in the Server Room. • The Generator is capable of powering all of the equipment, including lights and A/C in Main building.. 5. KDU Press Building – • Houses the backup hardware, data and virtual servers needed to permit limited operations from this location. • Has every type of protection data equipment needs such as: Fire, Water and Power Protection.
Software Safeguards  Full backups are performed at 10:00pm Friday to Saturday.  Incremental backups are performed at 10:00pm Monday to Thursday to secure software and data each morning for all Banking Services.  Every Sunday all Full backups are staged to Tape.  Incremental backups are staged in the same fashion every Friday morning.  Every Monday morning all staged tapes are moved to the IT safe located in the Warehouse.  The backups are done on Disk and then transferred to LTO3 tapes.  Each morning the backups are checked with an e-mail log sent to the Senior Network Administrator and the Director of IT Operations.
Types of Computer Service Disruptions 1. Normal computer system problems • For most of the major hardware vendors represented on bank, as well as some of the software vendors, remote diagnostic testing is available for routine problems. • Maintenance is scheduled when convenient to repair/resolve these problems. • Most hardware problems disrupting the total operation of the computers should be fixed within 4 to 8 hours. 2. Major computer problems • It is not feasible to keep a supply of PC’s or high-cost items to meet every emergency. • In cases where workstations are lost, these will be repurchased/leased using Repair and Replacement funds.
Preparing for a Disaster  Ensure that the off-site storage facility contains adequate and timely computer backup tapes and documentation for applications systems, operating systems, support packages, and operating procedures.  Responsibilities will be given by the Vice President, IT.
General Procedures 1. Maintaining and updating the disaster recovery plan. 2. Ensuring that all IT personnel are aware of their responsibilities in case of a disaster. 3. Ensuring that periodic scheduled rotation of backup media is being followed for the offsite storage facilities. 4. Maintaining and periodically updating disaster recovery materials, specifically documentation and systems information, stored in the off-site areas. 5. Maintaining a current status of equipment in the main equipment rooms in the Main building's Server Room. 6. Informing all technology personnel of the appropriate emergency and evacuation procedures from the Main building's Server Room.
7. Ensuring that all security warning systems and emergency lighting systems are functioning properly and are being periodically checked by operations personnel. 8. Ensuring that fire protection systems are functioning properly and that they are being checked periodically. 9. Ensuring that UPS and Generator systems are functioning properly and that they are being checked periodically. 10. Ensuring that the client community is aware of appropriate disaster recovery procedures and any potential problems and consequences that could affect their operations. 11. Ensuring that the operations procedure manual is kept current. 12. Ensuring that proper temperatures are maintained in equipment areas.
General Disaster Recovery Plan Timeline  Based upon notification that an incident has occurred at any of the computer facilities on the bank premises, the Disaster Recovery Coordinator or Senior Management staff member should notify all other senior management IT staff.  If emergency procedures have not been invoked, at the four-hour mark after initial notification of an incident in any of the computer facilities, the Disaster Recovery Plan will take effect and should follow the following timeline.
 Phase 1 –Within 4 hours of initial notification • Insure that all staff have been evacuated from the site and are accounted for. • Insure that the primary site has been secured. • Insure that safety, fire authorities, physical plant have all been notified. Decide whether to reopen the primary site or move to an alternate site. • Notify all IT staff of a disaster. • IT staff should already know their primary recovery responsibilities and report-to locations. Notify other sites of the disaster.  Phase 2 – Within 12 hours of initial notification • Confirm funding is available for recovery plan requirements. • Notify vendors of the disaster and order preliminary hardware replacement. • Initiate transportation of supplies and hardware to a recovery site. • Initiate transportation of recovery media and hardware systems to a new site.
 Phase 3 –Within 24 hours of initial notification • Restore system backups and test system integrity. • Insure sufficient supplies and needs at recovery site. • Bring up all recovery systems. • Establish backup schedules of all recovery systems. • Notify all IT staff and administration of operations at recovery site. • Inventory salvageable materials at primary site. • Reassess damages and loss at primary site.  Phase 4 –Within 48 hours of initial notification • Debrief staff on causes and result • Decision – move back or stay at recovery site. • Prepare for disaster at recovery site.  Phase 5 – Within a specified time limit designated by the VP, IT • Cleanup of primary site • Re-establish primary site
Recovery Procedures 1. Central Facilities Recovery Plan  An incident that impacts IT services at the central computing / networking facilities in Main building's room 13 will place these plans into action.  The incident may be of the magnitude that the facilities are not usable and alternate site plans are required. In this case, the alternate site portions of these plans will be implemented.
2. Administrative Services Recovery Plan  Determine the extent of the damage and if additional equipment and supplies are needed.  Obtain approval for expenditure of funds to bring in any needed equipment and supplies.  Notify local vendor marketing and/or service representatives if there is a need of immediate delivery of components to bring the computer systems to an operational level even in a degraded mode.  If it is judged advisable, check with third-party vendors to see if a faster delivery schedule can be obtained.  Notify vendor hardware support personnel that a priority should be placed on assistance to add and/or replace any additional components.  Notify vendor systems support personnel that help is needed immediately to begin procedures to restore systems software.  Order any additional electrical or computer cables needed from suppliers.  Rush order any supplies, forms, or media that may be needed.
3. Degraded Operations at Central Site  It is assumed that an incident has occurred but that degraded operations can be set up in the Main building's Server Room.  In addition to the general steps that are followed in either case, special steps need to be taken. • Evaluate the extent of the damage, and if only degraded service can be obtained, determine how long it will be before full service can be restored. • Replace hardware as needed to restore service to at least a degraded service. • Perform system installation as needed to restore service. If backup files are needed and are not available from the on-site backup files, they will be transferred from the off-site storage. • Work with the various vendors, as needed, to ensure support in restoring full service. • Keep the administration and clients informed of the status, progress and problems.
4. Banking Services Recovery Plan  If the central site is destroyed, support of critical banking (computing) activities will be given from the alternate sites.  Additional computer systems will be brought in as needed. Some steps : • Determine the priorities of user’s needs • Setup for operations support. • Coordinate installing additional equipment and moving support personnel. • When additional needed equipment is available, move backup materials from the off-site storage area. • Coordinate restoring any communications. • Coordinate client-computing support with users. • As production begins, ensure that backup procedures are followed and periodic backups are stored off site. • Work with the Chief Information Officer, IT, the Chief Financial Officer, and user in coordinating long-range plans for restoring full support by the Banking Computing section.
5. Degraded Service at Central Site  If the central banking computing support can be resumed in a reasonable time from the central site, steps will need to be taken immediately to restore these services: • Determine the extent of the damage and set up procedures to bring in any needed added equipment. • Determine priorities of user needs and prepare for running at a degraded level of service. • After the hardware is functioning, perform system installation as needed. If backup files are destroyed at the central site, bring these from the off-site storage area. • If off-site files are used, replace these at the off-site storage as soon as possible. • Work with vendors as needed to ensure support is given to restore full service. • Keep the administration and users informed of the status, progress and problems.
6. Administrative Personal Computer(PC) Recovery Plan  Each department of the bank should have a disaster plan in place that will cover its actions in case of loss of their computer assets.  Employees are encouraged to use their attached network drives for data storage.  This will allow them to continue their work from any other workstation on bank or from a remote site through a VPN connection if needed.  IT will coordinate the repair or replacement of damaged computers.
7. Emergency Procedures  In case an incident has happened or is imminent that will drastically disrupt operations, the following steps should be taken to reduce the probability of personal injuries and / or limit the extent of the damage, if there is not a risk to employees. • An announcement should be made to evacuate the building, if appropriate, or move to a safe location in the building. As a preparation for a potential disaster, all IT personnel should be aware of the exits available. • If there are injured personnel, ensure their evacuations and call emergency assistance as needed. • If the computers and air conditioning have not automatically powered down, initiate procedures to orderly shutdown systems when possible. • When possible and if time is available, set up damage limiting measures. • Designate available personnel to initiate lockup procedures normal to last shift procedures.
Testing the DRP  The Disaster Recovery Coordinator is responsible for testing of the disaster recovery plan at least annually to ensure the viability of the plan.  The objectives of testing the disaster recovery plan are as follows: • Simulate the conditions of an ACTUAL Business Recovery situation. • Determine the feasibility of the recovery process. • Identify deficiencies in the existing procedures. • Test the completeness of the business recovery information stored at the Offsite Storage Location. • Train members of the disaster recovery teams.
Emergency Call List  Main Security Office number 0112354786.  From off bank, call 0112354787. For all emergencies requiring response by emergency medical personnel or sworn law enforcement call, 119.  For non-emergency matters you can contact the Bank Security office at 01187451459.  Dial 119 to report bank accidents Community Resources  Rape Crisis Center (24 hours) 0118745245  Hotline (24 hours) 0112222369  Victim Services 630-6300 Family Counseling Services 1234  Gateway Community Services 555  Mental Health Resource Center 011784569
 Members of the management team will keep a hard copy of the names and contact numbers of each employee in their departments.  In addition, management team members will have a hard copy of the company’s disaster recovery and business continuity plans on file in their homes in the event that the headquarters building is inaccessible, unusable, or destroyed. Contact with Employees  Each employee have contact detail of above DR response team and gather and discuss about quick decision that have to take (immediate plan).  Employees who cannot reach staff on their call list are advised to call the staff member’s emergency contact to relay information on the disaster. DR Procedures for Management
Backup Staff If the staff cannot contact DR team member then assign the tasks for other backup staff will perform the task. • Network Admin • Board Member • Asst. Manager • HR Manager Personnel and Family Notification  It will be necessary to notify their immediate family members quickly.  So properly analyzed every member detail
Media Strategies  Avoiding adverse publicity  Take advantage of opportunities for useful publicity.  Have answers to the following basic questions: • What happened? • How did it happen? • What are you going to do about it? Insurance  Insurance policies are • Errors and omissions • Directors & officers liability. • General liability. • Business interruption insurance.
Financial and Legal Issues Financial Assessment  The assessment should include: • Loss of financial documents • Loss of revenue • Theft of check books, credit cards, etc. • Loss of cash Financial Requirements  The immediate financial needs of the company must be addressed. These can include: • Cash flow position • Temporary borrowing capability • Upcoming payments for taxes, payroll taxes, Social Security, etc. • Availability of company credit cards to pay for supplies and services required post-disaster
Legal Actions The company legal department and HR department will jointly review  The aftermath of the incident  Decide whether there may be legal actions resulting from the event;  In particular, the possibility of claims by or against the company for regulatory violations, etc.
Damage Assessment Key Business Process Affected Description Of Problem Server Failures Server Overloading Fraud & Mismanagement Untrained Employees Improper Cash Analyzing Credit Card Issues Fire Over Heating of Equipment Improper Cooling Systems Failures of Data Centers Virus Attacks / Hacking Bank Note Damages Damage, Lost, need assessment guideline note
Thank You!

More Related Content

PPTX
An Introduction to Disaster Recovery Planning
byNEBizRecovery
 
PPTX
How to write an IT DR plan
byDatabarracks
 
PPT
Disaster Recovery Plan for IT
byhhuihhui
 
PDF
Disaster Recovery Planning
byJohn Wilson
 
PDF
Best Practices in Disaster Recovery Planning and Testing
byAxcient
 
PPTX
IT Disaster Recovery Readiness
byBashar Alkhatib
 
PPTX
Disaster Recovery Plan
bymhdpaknejad
 
PPTX
Disaster Recovery Plan / Enterprise Continuity Plan
byMarcelo Silva
 
An Introduction to Disaster Recovery Planning
byNEBizRecovery
 
How to write an IT DR plan
byDatabarracks
 
Disaster Recovery Plan for IT
byhhuihhui
 
Disaster Recovery Planning
byJohn Wilson
 
Best Practices in Disaster Recovery Planning and Testing
byAxcient
 
IT Disaster Recovery Readiness
byBashar Alkhatib
 
Disaster Recovery Plan
bymhdpaknejad
 
Disaster Recovery Plan / Enterprise Continuity Plan
byMarcelo Silva
 

What's hot

PPTX
Business continuity & disaster recovery planning (BCP & DRP)
byNarudom Roongsiriwong, CISSP
 
PPTX
Disaster recovery
bySameeu Imad
 
PDF
IT-Centric Disaster Recovery & Business Continuity
bySteve Susina
 
PPTX
Information Technology Disaster Planning
byguest340570
 
PPTX
Business continuity & Disaster recovery planing
byHanaysha
 
PPTX
Business Continuity & Disaster Recovery
byEC-Council
 
PPTX
Bcp
bymadunix
 
PPT
Disaster Recovery Plan
byEmilie Gray
 
PPTX
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
byJayLloyd8
 
PPTX
Disaster Recovery Planning
byKathy Pelletier
 
PPTX
Business Continuity Planning
bygcleary
 
PPTX
Disaster recovery solution
byAnton An
 
PPT
03 backup-and-recovery
byhunny garg
 
PPT
Data center disaster recovery.ppt
byomalreda
 
PPT
Disaster Recovery & Data Backup Strategies
bySpiceworks
 
PPTX
Business continuity planning and disaster recovery
byKrutiShah114
 
PPT
Business Continuity And Disaster Recovery Notes
byAlan McSweeney
 
PPTX
What is dr and bc 12-2017
byAtef Yassin
 
PPTX
Security Operation Center - Design & Build
bySameer Paradia
 
PPTX
Disaster Recovery
bySteven Cahill
 
Business continuity & disaster recovery planning (BCP & DRP)
byNarudom Roongsiriwong, CISSP
 
Disaster recovery
bySameeu Imad
 
IT-Centric Disaster Recovery & Business Continuity
bySteve Susina
 
Information Technology Disaster Planning
byguest340570
 
Business continuity & Disaster recovery planing
byHanaysha
 
Business Continuity & Disaster Recovery
byEC-Council
 
Bcp
bymadunix
 
Disaster Recovery Plan
byEmilie Gray
 
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
byJayLloyd8
 
Disaster Recovery Planning
byKathy Pelletier
 
Business Continuity Planning
bygcleary
 
Disaster recovery solution
byAnton An
 
03 backup-and-recovery
byhunny garg
 
Data center disaster recovery.ppt
byomalreda
 
Disaster Recovery & Data Backup Strategies
bySpiceworks
 
Business continuity planning and disaster recovery
byKrutiShah114
 
Business Continuity And Disaster Recovery Notes
byAlan McSweeney
 
What is dr and bc 12-2017
byAtef Yassin
 
Security Operation Center - Design & Build
bySameer Paradia
 
Disaster Recovery
bySteven Cahill
 

Viewers also liked

PPT
Disaster Recovery Presentation
byTimSchaefer
 
PPTX
MISO L008 Disaster Recovery Plan
byJan Wong
 
PPTX
Are You Afraid of Setting Goals?
byGeorge Hutton
 
PPT
Libraries Do Matter: Enhancing Traditional Services with Library 2.0
bySt. Petersburg College
 
PPTX
7 Programación Web con .NET y C#
byguidotic
 
PPTX
setting goals
byuniversity of johannesburg
 
PPTX
Beyond the Brick and Mortar - NEFLIN 2016 - Hot Topics User Experience Confer...
byJustin Denton
 
PPT
IYC12 - Setting Goals
byYsMenInternational
 
PPS
Semillas Maquel 6 05
byguest255f8a
 
PPTX
2015 Technology Trends to Watch
bySt. Petersburg College
 
PPTX
How to Insert your Library into the mobile sharing economy
byJustin Denton
 
PPT
Setting goals
byjonchung
 
PDF
Do you have a DR plan in place: so, don't let a disaster defeat your business
byVelocity Technology Solutions
 
PDF
Intro to Firetide Wireless Mesh Networking
byPaul Richards
 
PPTX
Mesh Networks
byJustin Denton
 
PPTX
Mooc libraries-pujar
byShamprasad Pujar
 
PPTX
Technology Trends for Libraries
byShamprasad Pujar
 
Disaster Recovery Presentation
byTimSchaefer
 
MISO L008 Disaster Recovery Plan
byJan Wong
 
Are You Afraid of Setting Goals?
byGeorge Hutton
 
Libraries Do Matter: Enhancing Traditional Services with Library 2.0
bySt. Petersburg College
 
7 Programación Web con .NET y C#
byguidotic
 
setting goals
byuniversity of johannesburg
 
Beyond the Brick and Mortar - NEFLIN 2016 - Hot Topics User Experience Confer...
byJustin Denton
 
IYC12 - Setting Goals
byYsMenInternational
 
Semillas Maquel 6 05
byguest255f8a
 
2015 Technology Trends to Watch
bySt. Petersburg College
 
How to Insert your Library into the mobile sharing economy
byJustin Denton
 
Setting goals
byjonchung
 
Do you have a DR plan in place: so, don't let a disaster defeat your business
byVelocity Technology Solutions
 
Intro to Firetide Wireless Mesh Networking
byPaul Richards
 
Mesh Networks
byJustin Denton
 
Mooc libraries-pujar
byShamprasad Pujar
 
Technology Trends for Libraries
byShamprasad Pujar
 

Similar to Disaster Recovery Plan

PPTX
Varrow Madness 2014 DR Presentation
byAndrew Miller
 
PDF
ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise"
byESEI
 
PPTX
Disaster Recovery Solution for common industry
byAnton An
 
PDF
Contingency Plan WAK BANKS ATM
byWajahat Ali Khan
 
PPTX
Backups and Disaster Recovery for Nonprofits
byCommunity IT Innovators
 
DOCX
Disaster Recovery Plan
byDavid Donovan
 
DOC
Disaster Recovery Policy
byContinuity Control
 
PPTX
PACE-IT, Security+2.8: Disaster Recovery Concepts
byPace IT at Edmonds Community College
 
PPT
Misd chap 12 disaster recovery
byEdiey Smile
 
PDF
A Proposed Model For IT Disaster Recovery Plan
byHeather Strinden
 
PDF
A Proposed Model for IT Disaster Recovery Plan
byHossam Al-Ansary
 
DOCX
ISOL 533 - Information Security and Risk Management DIS.docx
byvrickens
 
PPT
Cloud computing presentation explanation.ppt
byyallavulanavadeep15
 
PPTX
Manish tripathi-itim-dr
byA P
 
PPT
Apdip disaster mgmt
bysrinivasan gopalan
 
DOCX
Disaster Recovery Policy .docx
byCharliePhan
 
PPTX
DR luncheon presentation
byseishi1
 
PDF
Gillaspie Melvin 13-1 Continuity Plan
bySammie Gillaspie
 
PDF
Fundamental Concepts of Data Security _Business Continuity
bySibtainHaider13
 
PPTX
Business Continuity & Disaster Recovery, Keeping Our Bank Running at All Times
byoladayo11
 
Varrow Madness 2014 DR Presentation
byAndrew Miller
 
ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise"
byESEI
 
Disaster Recovery Solution for common industry
byAnton An
 
Contingency Plan WAK BANKS ATM
byWajahat Ali Khan
 
Backups and Disaster Recovery for Nonprofits
byCommunity IT Innovators
 
Disaster Recovery Plan
byDavid Donovan
 
Disaster Recovery Policy
byContinuity Control
 
PACE-IT, Security+2.8: Disaster Recovery Concepts
byPace IT at Edmonds Community College
 
Misd chap 12 disaster recovery
byEdiey Smile
 
A Proposed Model For IT Disaster Recovery Plan
byHeather Strinden
 
A Proposed Model for IT Disaster Recovery Plan
byHossam Al-Ansary
 
ISOL 533 - Information Security and Risk Management DIS.docx
byvrickens
 
Cloud computing presentation explanation.ppt
byyallavulanavadeep15
 
Manish tripathi-itim-dr
byA P
 
Apdip disaster mgmt
bysrinivasan gopalan
 
Disaster Recovery Policy .docx
byCharliePhan
 
DR luncheon presentation
byseishi1
 
Gillaspie Melvin 13-1 Continuity Plan
bySammie Gillaspie
 
Fundamental Concepts of Data Security _Business Continuity
bySibtainHaider13
 
Business Continuity & Disaster Recovery, Keeping Our Bank Running at All Times
byoladayo11
 

Recently uploaded

PPTX
Plant fibres used as surgical dressings & Sutures – Surgical Catgut and Ligat...
bySai Meer College of Pharmacy
 
PPTX
Types of counselling Directive, Non Directive, Eclectic Counselling
byPriya Sush
 
PPTX
S.Y. B. Pharm Medicinal Chemistry I Unit-I
byMs. Ashatai Patil
 
PDF
BP502T Industrial Pharmacy I (Theory) UNIT– I (Part 1)
byRushi Mandali
 
PPTX
ELIMINATION NEEDS Fundamentals of Nursing .pptx
bySonali Gupta
 
PDF
Holm Community Heritage at St Nicholas Kirk - 2025 AGM Minutes (30.04.2025)
byAntoine Pietri
 
PPTX
Greengnorance Toolkit Module 4 Active Mobility and Transport
byKarl Donert
 
PPT
Card repertory , Boger card , Kishore card
byDr Dhwanika Dhagat
 
PPTX
Greengnorance Toolkit Module 5 Waste Management
byKarl Donert
 
PPTX
Greengnorance Toolkit Module 2 Energy saving
byKarl Donert
 
PDF
Intellectual Property Rights I Types (IPR)
byAmit Gangwal
 
PDF
Intellectual Property Rights III Types (IPR)
byAmit Gangwal
 
PPTX
13 February 2026 - Bullying in education prevalence, impact and responses acr...
byEduSkills OECD
 
PPTX
How to Create_Generate Engineering Change Orders ECOs in Odoo 18
byCeline George
 
PPTX
Simulation Learning in Health Sciences and Human Service programs at Camosun ...
bygabitouss
 
PDF
3-ACES-Hyderabad-Vs-Municipal-Corporation-Hyderabad-on-2-Sep-1994.pdf
byssuser9d8e4e
 
PPTX
Overview of How to set priority in Odoo 19 Todo
byCeline George
 
PDF
Art, Memory, and Modernity: A Study of W. H. Auden’s In Memory of W. B. Yeats
bypriyarathod315
 
PPTX
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
 
PDF
Beyond the Absurd: A Comparative Reading of Waiting for Godot and the Bhagava...
byKruti Vyas
 
Plant fibres used as surgical dressings & Sutures – Surgical Catgut and Ligat...
bySai Meer College of Pharmacy
 
Types of counselling Directive, Non Directive, Eclectic Counselling
byPriya Sush
 
S.Y. B. Pharm Medicinal Chemistry I Unit-I
byMs. Ashatai Patil
 
BP502T Industrial Pharmacy I (Theory) UNIT– I (Part 1)
byRushi Mandali
 
ELIMINATION NEEDS Fundamentals of Nursing .pptx
bySonali Gupta
 
Holm Community Heritage at St Nicholas Kirk - 2025 AGM Minutes (30.04.2025)
byAntoine Pietri
 
Greengnorance Toolkit Module 4 Active Mobility and Transport
byKarl Donert
 
Card repertory , Boger card , Kishore card
byDr Dhwanika Dhagat
 
Greengnorance Toolkit Module 5 Waste Management
byKarl Donert
 
Greengnorance Toolkit Module 2 Energy saving
byKarl Donert
 
Intellectual Property Rights I Types (IPR)
byAmit Gangwal
 
Intellectual Property Rights III Types (IPR)
byAmit Gangwal
 
13 February 2026 - Bullying in education prevalence, impact and responses acr...
byEduSkills OECD
 
How to Create_Generate Engineering Change Orders ECOs in Odoo 18
byCeline George
 
Simulation Learning in Health Sciences and Human Service programs at Camosun ...
bygabitouss
 
3-ACES-Hyderabad-Vs-Municipal-Corporation-Hyderabad-on-2-Sep-1994.pdf
byssuser9d8e4e
 
Overview of How to set priority in Odoo 19 Todo
byCeline George
 
Art, Memory, and Modernity: A Study of W. H. Auden’s In Memory of W. B. Yeats
bypriyarathod315
 
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
 
Beyond the Absurd: A Comparative Reading of Waiting for Godot and the Bhagava...
byKruti Vyas
 

Disaster Recovery Plan

  • 1.
  • 2.
    Revision History VERSION DATEAPPROVED MODIFIED BY DESCRIPTION OF CHANGES MADE Original 1.0 04.10.2016 Amal Fernando First release
  • 3.
    Introduction to KDUBank  Kotelawala Defence University in Ratmalana - Sri Lanka, is a semi-government university, where military and civil students are being educated.  KDU Bank is created on 2015.03.01 in order to deposit the salaries of lecturers and cadets and it is integrated with Bank of Ceylon.  Over the years, KDU Bank has set up a highly computerized operational environment.  This includes the use of personal computers in offices, as well as many network and database servers and computer devices (eg:ATM Machines) that provide much of the operational support for the administrative units and the banking staff .  The network with in the bank ties these various systems together and provides communications to the entire Bank.
  • 4.
    Objectives  Define proceduresfor a contingency plan for recovery from disruption of computer and/or network services.  Orderly recovery and resumption of operations that concern the critical business of running the bank, including providing support to administrative and management departments relying on computing.  Recovery within a reasonable time and within cost constraints.
  • 5.
    Key Personnel ContactInfo 1. IT Disaster Recovery Executive Management Team(REMT) MANAGER/DIRECTOR AREA OF RESPONSIBILITY CONTACT INFORMATION Ranjith Somathilaka Chief Information Officer Cell: 0714875629 Office: 0112478965 Email: ranjith.soma@kdu.ac.lk Malani Jayaweera Associate CIO Applications Cell: 0774189573 Office: 0112478966 Email: malani.jaya@kdu.ac.lk Sarath Bandara Manager Application Hosting Cell: 0777542691 Office: 0112478967 Email: sarathb@kdu.ac.lk Wasula Dissanayake Manager Client Technologies and Enterprise Operations & Monitoring Cell: 0715489623 Office: 0112478968 Email: wasula.dissa@kdu.ac.lk
  • 6.
    Manager Group LeadIT Expert Data Center Mr. Lahiru Fernando Mrs. Kavini Abeysinghe Mrs. Shirani Dissanayaka Windows Ms. Namali Peiris Mr. Ranjith Perera Mrs. Semini Parami Storage Mr. Sumangala Mr. Madhusha Anthony Mr. Tharaka Bandara Virtualization Mr. Asitha Ranasinghe Mr. Dulanjana Alwis Mrs. Navodya Dalugama Network Mr. Abdul Hussain Mr. Supun Sanjeewa Mr. Kevin Rathnayaka Network Security Mr. Dharma Prathiraja Mr. Nuwan Tharaka Mr. Alex Pereira Oracle Platforms Mr. Asoka Silva Mr. Indika Gamage Mr. Asela Pakshaweera File & Print Servers Mrs. Malini Priyasad Mr. Kasun Pieris Mr. Suresh Gunasekara Client Technologies & Desktop Support Mrs. Jayani Fonseka Mrs. Amali Caldera Mr. Ryan Dias Backup & Recovery Mr. Bhanuka Jayasundara Mrs. Udara Basnayaka Mr. Madusara Rajapaksha 2. Disaster Recovery Team Members
  • 7.
    Disaster Recovery TeamIntroduction  Recovery team leaders have been assigned in each major area and general duties given.  The team leader will make assignment of personnel in the major areas to specific tasks during the recovery stage over that area.  In case of a disaster, the emergency call list will need to be used.  The team will be contacted and assembled by the ERT.  The team's responsibilities include: • Establish facilities for an emergency level of service within 2 business hours; • Restore key services within 4 business hours of the incident; • Recover to business as usual within 8.00 to 24.00 hours after the incident; • Coordinate activities with disaster recovery team, first responders, etc. • Report to the emergency response team
  • 8.
    Responsibilities of DisasterRecovery Coordinator The Chief Information Officer, Information Technology will serve as the Disaster Recovery Coordinator. Responsibilities: • Invoking the Disaster Recovery Plan. • Supervising the recovery activities. • Naming replacements, when needed, to fill in for any disabled or absent disaster recovery members. Any members who are out of town and are needed will be notified to return. • The VP, IT will keep users informed of the recovery activities.
  • 9.
    Administrative Systems /Operations Recovery Team The Director of IT Operations will serve as Administrative Systems / Operations Recovery Team Leader. Responsibilities : • Coordinating hardware and software replacement with the administrative hardware and software vendors. • Supervising moving backup media and materials from the off-site safe and using these for recovery when needed. • Coordinating recovery with affected departments. • Coordinating scheduling for administrative programming, production service, and computer scheduling. • Keeping the Disaster Recovery Coordinator informed of the extent of damage and recovery procedures being implemented.
  • 10.
    This section listsall key IT vendors who may need to be contacted following a disaster. Name, Title Contact Option Contact Number Landlord/Property Manager Work 0116258741 Mobile 0716325102 Email Address basnayakabm@gov.lk Power Company Work 0116328902 Mobile 0779521402 Email Address namalperera@ceb.lk Telecom Carrier 1 Work 0112874136 Mobile 0769854120 Email Address javidfaizer@slt.lk Telecom Carrier 2 Work 0113251420 Mobile 0716954123 Email Address yasitha123@dialog.lk 3. External / Vendor Contact List
  • 11.
    Name, Title ContactOption Contact Number Hardware Supplier 1 Work 0113251029 Mobile 0728512302 Email Address hasithkaruna@cisco.com Server Supplier 1 Work 0114798785 Mobile 0716258746 Email Address nadeeraserv@rocketmail.com Workstation Supplier 1 Work 0117896542 Mobile 0773625148 Email Address deshan_gim@hotmail.com Office Supplies 1 Work 01155874462 Mobile 0756549871 Email Address yohannav@gmail.com Insurance – AIA Insurance Work 0116235881 Mobile 0789541230 Email Address praneeth82@aia.com
  • 12.
    Notification Calling Tree PersonIdentifying the Risk Chief Executive Officer Chief Financial Officer Network Manager System Administrator Network Administrator IT Manager Bank Manager
  • 13.
    External Contacts CallingTree Person Identifying the Risk Bank Manager Insurance Company Emergency Services Workstation Suppliers Fire Brigade Deputy Managers Electricity Supply Company
  • 14.
    Backup Strategy  WarmSite Strategy is used as the backup strategy.  A warm site being an alternate location with sufficient hardware, duplicated from the primary site, on which backups can be restored to have the bank system running in a minimal amount of time, but in a degraded state.  This is primarily due to the prohibitive cost factor of a hot site, duplicating the total hardware and networking infrastructure of the banking network.
  • 15.
    Application RTO/RPO RiskMitigation Recovery Core banking 30 minutes/ 0minutes Server failure and systems outage Clustered solution Failover to backup cluster node Corporate website 0 minutes/ 0minutes System/ application outage Scale-out virtual server design and local balancing Direct traffic to additional server capacity Accounts reporting 4 hours/ 24 hours Application/ server failure Traditional backup and recovery Restore application data and VM from backups In addition to warm site strategy, the following strategies are followed to recover from disasters.
  • 16.
    Risk Management Risk categoryRisk How to Manage Risk Credit Card Browser Risk In loan policy process of a bank must be articulate, Credit rating or scooping, and quantifying financial expected and unexpected lose by following scientific basics. Industry Risk Portfolio Risk Unable to perform financial transac tion Operational Risk Increase the volume & transaction & complex support system Bank can make use analytical and judgmental technique to measure. Develop the bank Rating which is similar to bond Credit Rating. And estimate Probability of operational lose and also potential size of lose. Settlement Payment & interruption in business activity Legal & administrative risk
  • 17.
    Risk Probability ImpactPrecautions Power Failures Medium High • Keeping backup generators (additional • power supply methods) • Get an idea about upcoming power failure times from CEB. Fire Hazards Low High • Using fire alarming systems • Keeping fire extinguishers • Keep contact numbers of fire brigade Technical Issues Medium High • Hire external technical supporters • Keeping spare equipment in case of a break-down
  • 18.
    Critical Systems Identified CriticalSystems include but are not limited to the following and are rated in order of priority to recovery,  Network communications / connectivity  DNS / Active Directory  Administrative System (ERP)  Email / Telephone  File / Print  Web Services  Individual PCs
  • 19.
    Emergency Response  Alert,escalation and plan invocation  Plan Triggering Events  Key trigger issues at bank that would lead to activation of the DRP are: • Total loss of all communications • Total loss of power • Loss of the building • Lose of Data • Server failure
  • 20.
    This disaster recoveryplan for the bank will be invoked under one of the following circumstances: 1. An incident that has or may, partially or completely disable the operations of bank’s central computing for a period of 24 hours. 2. An incident, which has impaired the use of computers and networks, managed by IT, due to circumstances which fall beyond the normal processing of day-to-day operations. This includes all administrative systems under the IT management. 3. An incident, which was caused by problems with computers and / or networks, managed by IT and has resulted in the injury of one or more persons at the bank.
  • 21.
    Assembly Points  Primary– Establish number of “Emergency Exits” inside the building.  Alternate – Parking lot of the bank across the street can be used as a temporary spot to place injured victims until help arrives.
  • 22.
    Contingencies General situations thatcan destroy or interrupt operations of the bank usually occur under the following major categories: 1. Power/Air Conditioning Interruption 2. Server Failures 3. Data Centre Failures 4. System Outages 5. Security Vulnerabilities (Hacker Attacks/ Virus /Malware etc.) 6. Fraud & Mismanagement 7. Fire 8. Water 9. Weather and Natural Phenomenon 10. Chemical or Biological Disaster 11. Sabotage and Interdiction 12. Bank Note Damage 13. Legal Issues 14. Poor Backup Facilities
  • 23.
    There are differentlevels of severity of these contingencies necessitating different strategies and different types and levels of recovery. This plan covers strategies for:  Partial recovery - Operating at an alternate site off bank and / or other area s on banking premises with a degraded level of service for a period of time.  Full recovery - Operating at the backup server room inside the KDU premises, possibly with a degraded level of service for a period of time.
  • 24.
    Physical Safeguards 1. Thereare five entrances to the Main Building. The entrances use standard door locks on all five entrances and these doors are kept open during working hours and locked at night. 2. There is one entrance into the main IT Server Room which is located in the second floor of the Main Building. This door is protected by a smart card lock. 3. Mains Building – • Server Room Main 13 houses most of the data servers. • It is the hub for bank data networks. • There is no protection or detection against water damage. • The room is connected to the bank’s fire/smoke detection system.
  • 25.
    4. The EquipmentRoom – • Connected to a UPS system, located in the server room Main building's room 13. • UPS provides approximately 15 minutes of power during a power interruption. • There is an automatic transfer switch that will start up the diesel generator to all the computer equipment in the Server Room. • The Generator is capable of powering all of the equipment, including lights and A/C in Main building.. 5. KDU Press Building – • Houses the backup hardware, data and virtual servers needed to permit limited operations from this location. • Has every type of protection data equipment needs such as: Fire, Water and Power Protection.
  • 26.
    Software Safeguards  Fullbackups are performed at 10:00pm Friday to Saturday.  Incremental backups are performed at 10:00pm Monday to Thursday to secure software and data each morning for all Banking Services.  Every Sunday all Full backups are staged to Tape.  Incremental backups are staged in the same fashion every Friday morning.  Every Monday morning all staged tapes are moved to the IT safe located in the Warehouse.  The backups are done on Disk and then transferred to LTO3 tapes.  Each morning the backups are checked with an e-mail log sent to the Senior Network Administrator and the Director of IT Operations.
  • 27.
    Types of ComputerService Disruptions 1. Normal computer system problems • For most of the major hardware vendors represented on bank, as well as some of the software vendors, remote diagnostic testing is available for routine problems. • Maintenance is scheduled when convenient to repair/resolve these problems. • Most hardware problems disrupting the total operation of the computers should be fixed within 4 to 8 hours. 2. Major computer problems • It is not feasible to keep a supply of PC’s or high-cost items to meet every emergency. • In cases where workstations are lost, these will be repurchased/leased using Repair and Replacement funds.
  • 28.
    Preparing for aDisaster  Ensure that the off-site storage facility contains adequate and timely computer backup tapes and documentation for applications systems, operating systems, support packages, and operating procedures.  Responsibilities will be given by the Vice President, IT.
  • 29.
    General Procedures 1. Maintainingand updating the disaster recovery plan. 2. Ensuring that all IT personnel are aware of their responsibilities in case of a disaster. 3. Ensuring that periodic scheduled rotation of backup media is being followed for the offsite storage facilities. 4. Maintaining and periodically updating disaster recovery materials, specifically documentation and systems information, stored in the off-site areas. 5. Maintaining a current status of equipment in the main equipment rooms in the Main building's Server Room. 6. Informing all technology personnel of the appropriate emergency and evacuation procedures from the Main building's Server Room.
  • 30.
    7. Ensuring thatall security warning systems and emergency lighting systems are functioning properly and are being periodically checked by operations personnel. 8. Ensuring that fire protection systems are functioning properly and that they are being checked periodically. 9. Ensuring that UPS and Generator systems are functioning properly and that they are being checked periodically. 10. Ensuring that the client community is aware of appropriate disaster recovery procedures and any potential problems and consequences that could affect their operations. 11. Ensuring that the operations procedure manual is kept current. 12. Ensuring that proper temperatures are maintained in equipment areas.
  • 31.
    General Disaster RecoveryPlan Timeline  Based upon notification that an incident has occurred at any of the computer facilities on the bank premises, the Disaster Recovery Coordinator or Senior Management staff member should notify all other senior management IT staff.  If emergency procedures have not been invoked, at the four-hour mark after initial notification of an incident in any of the computer facilities, the Disaster Recovery Plan will take effect and should follow the following timeline.
  • 32.
     Phase 1–Within 4 hours of initial notification • Insure that all staff have been evacuated from the site and are accounted for. • Insure that the primary site has been secured. • Insure that safety, fire authorities, physical plant have all been notified. Decide whether to reopen the primary site or move to an alternate site. • Notify all IT staff of a disaster. • IT staff should already know their primary recovery responsibilities and report-to locations. Notify other sites of the disaster.  Phase 2 – Within 12 hours of initial notification • Confirm funding is available for recovery plan requirements. • Notify vendors of the disaster and order preliminary hardware replacement. • Initiate transportation of supplies and hardware to a recovery site. • Initiate transportation of recovery media and hardware systems to a new site.
  • 33.
     Phase 3–Within 24 hours of initial notification • Restore system backups and test system integrity. • Insure sufficient supplies and needs at recovery site. • Bring up all recovery systems. • Establish backup schedules of all recovery systems. • Notify all IT staff and administration of operations at recovery site. • Inventory salvageable materials at primary site. • Reassess damages and loss at primary site.  Phase 4 –Within 48 hours of initial notification • Debrief staff on causes and result • Decision – move back or stay at recovery site. • Prepare for disaster at recovery site.  Phase 5 – Within a specified time limit designated by the VP, IT • Cleanup of primary site • Re-establish primary site
  • 34.
    Recovery Procedures 1. CentralFacilities Recovery Plan  An incident that impacts IT services at the central computing / networking facilities in Main building's room 13 will place these plans into action.  The incident may be of the magnitude that the facilities are not usable and alternate site plans are required. In this case, the alternate site portions of these plans will be implemented.
  • 35.
    2. Administrative ServicesRecovery Plan  Determine the extent of the damage and if additional equipment and supplies are needed.  Obtain approval for expenditure of funds to bring in any needed equipment and supplies.  Notify local vendor marketing and/or service representatives if there is a need of immediate delivery of components to bring the computer systems to an operational level even in a degraded mode.  If it is judged advisable, check with third-party vendors to see if a faster delivery schedule can be obtained.  Notify vendor hardware support personnel that a priority should be placed on assistance to add and/or replace any additional components.  Notify vendor systems support personnel that help is needed immediately to begin procedures to restore systems software.  Order any additional electrical or computer cables needed from suppliers.  Rush order any supplies, forms, or media that may be needed.
  • 36.
    3. Degraded Operationsat Central Site  It is assumed that an incident has occurred but that degraded operations can be set up in the Main building's Server Room.  In addition to the general steps that are followed in either case, special steps need to be taken. • Evaluate the extent of the damage, and if only degraded service can be obtained, determine how long it will be before full service can be restored. • Replace hardware as needed to restore service to at least a degraded service. • Perform system installation as needed to restore service. If backup files are needed and are not available from the on-site backup files, they will be transferred from the off-site storage. • Work with the various vendors, as needed, to ensure support in restoring full service. • Keep the administration and clients informed of the status, progress and problems.
  • 37.
    4. Banking ServicesRecovery Plan  If the central site is destroyed, support of critical banking (computing) activities will be given from the alternate sites.  Additional computer systems will be brought in as needed. Some steps : • Determine the priorities of user’s needs • Setup for operations support. • Coordinate installing additional equipment and moving support personnel. • When additional needed equipment is available, move backup materials from the off-site storage area. • Coordinate restoring any communications. • Coordinate client-computing support with users. • As production begins, ensure that backup procedures are followed and periodic backups are stored off site. • Work with the Chief Information Officer, IT, the Chief Financial Officer, and user in coordinating long-range plans for restoring full support by the Banking Computing section.
  • 38.
    5. Degraded Serviceat Central Site  If the central banking computing support can be resumed in a reasonable time from the central site, steps will need to be taken immediately to restore these services: • Determine the extent of the damage and set up procedures to bring in any needed added equipment. • Determine priorities of user needs and prepare for running at a degraded level of service. • After the hardware is functioning, perform system installation as needed. If backup files are destroyed at the central site, bring these from the off-site storage area. • If off-site files are used, replace these at the off-site storage as soon as possible. • Work with vendors as needed to ensure support is given to restore full service. • Keep the administration and users informed of the status, progress and problems.
  • 39.
    6. Administrative PersonalComputer(PC) Recovery Plan  Each department of the bank should have a disaster plan in place that will cover its actions in case of loss of their computer assets.  Employees are encouraged to use their attached network drives for data storage.  This will allow them to continue their work from any other workstation on bank or from a remote site through a VPN connection if needed.  IT will coordinate the repair or replacement of damaged computers.
  • 40.
    7. Emergency Procedures In case an incident has happened or is imminent that will drastically disrupt operations, the following steps should be taken to reduce the probability of personal injuries and / or limit the extent of the damage, if there is not a risk to employees. • An announcement should be made to evacuate the building, if appropriate, or move to a safe location in the building. As a preparation for a potential disaster, all IT personnel should be aware of the exits available. • If there are injured personnel, ensure their evacuations and call emergency assistance as needed. • If the computers and air conditioning have not automatically powered down, initiate procedures to orderly shutdown systems when possible. • When possible and if time is available, set up damage limiting measures. • Designate available personnel to initiate lockup procedures normal to last shift procedures.
  • 41.
    Testing the DRP The Disaster Recovery Coordinator is responsible for testing of the disaster recovery plan at least annually to ensure the viability of the plan.  The objectives of testing the disaster recovery plan are as follows: • Simulate the conditions of an ACTUAL Business Recovery situation. • Determine the feasibility of the recovery process. • Identify deficiencies in the existing procedures. • Test the completeness of the business recovery information stored at the Offsite Storage Location. • Train members of the disaster recovery teams.
  • 42.
    Emergency Call List Main Security Office number 0112354786.  From off bank, call 0112354787. For all emergencies requiring response by emergency medical personnel or sworn law enforcement call, 119.  For non-emergency matters you can contact the Bank Security office at 01187451459.  Dial 119 to report bank accidents Community Resources  Rape Crisis Center (24 hours) 0118745245  Hotline (24 hours) 0112222369  Victim Services 630-6300 Family Counseling Services 1234  Gateway Community Services 555  Mental Health Resource Center 011784569
  • 43.
     Members ofthe management team will keep a hard copy of the names and contact numbers of each employee in their departments.  In addition, management team members will have a hard copy of the company’s disaster recovery and business continuity plans on file in their homes in the event that the headquarters building is inaccessible, unusable, or destroyed. Contact with Employees  Each employee have contact detail of above DR response team and gather and discuss about quick decision that have to take (immediate plan).  Employees who cannot reach staff on their call list are advised to call the staff member’s emergency contact to relay information on the disaster. DR Procedures for Management
  • 44.
    Backup Staff If thestaff cannot contact DR team member then assign the tasks for other backup staff will perform the task. • Network Admin • Board Member • Asst. Manager • HR Manager Personnel and Family Notification  It will be necessary to notify their immediate family members quickly.  So properly analyzed every member detail
  • 45.
    Media Strategies  Avoidingadverse publicity  Take advantage of opportunities for useful publicity.  Have answers to the following basic questions: • What happened? • How did it happen? • What are you going to do about it? Insurance  Insurance policies are • Errors and omissions • Directors & officers liability. • General liability. • Business interruption insurance.
  • 46.
    Financial and LegalIssues Financial Assessment  The assessment should include: • Loss of financial documents • Loss of revenue • Theft of check books, credit cards, etc. • Loss of cash Financial Requirements  The immediate financial needs of the company must be addressed. These can include: • Cash flow position • Temporary borrowing capability • Upcoming payments for taxes, payroll taxes, Social Security, etc. • Availability of company credit cards to pay for supplies and services required post-disaster
  • 47.
    Legal Actions The companylegal department and HR department will jointly review  The aftermath of the incident  Decide whether there may be legal actions resulting from the event;  In particular, the possibility of claims by or against the company for regulatory violations, etc.
  • 48.
    Damage Assessment Key Business ProcessAffected Description Of Problem Server Failures Server Overloading Fraud & Mismanagement Untrained Employees Improper Cash Analyzing Credit Card Issues Fire Over Heating of Equipment Improper Cooling Systems Failures of Data Centers Virus Attacks / Hacking Bank Note Damages Damage, Lost, need assessment guideline note
  • 49.

Editor's Notes

  • #16 Recovery Point Objective (RPO) and Recovery Time Objective (RTO)