Joe Graziano – Challenge 2 Design Solution (Part 2)

1. Business Continuity Plan (BCP) After the Outbreak: Rebuilding the World Original Date: 08/18/13 Revision Date: 08/22/13 Written By: Joe Graziano Sr. Infrastructure Engineer W.R.O – World Rebuild Organization

3. Page 1 Contents BUSINESS CONTINUITY PLAN ........................................................................2 Distribution List ...............................................................................................2 References and related documents ................................................................2 SECTION 1 .........................................................................................................3 Executive Summary........................................................................................3 Objectives .......................................................................................................3 Glossary..........................................................................................................3 SECTION 2 .........................................................................................................5 Risk Management Planning ................................................................................5 Data security and backup strategy..................................................................7 SECTION 3 .........................................................................................................8 Business Impact Analysis ...................................................................................8 Business Impact Analysis .............................................................................11 SECTION 4 .......................................................................................................12 Incident Response Plan ....................................................................................12 Immediate Response Checklist.....................................................................12 Evacuation Procedures...................................Error! Bookmark not defined. Emergency kit ...............................................................................................13 Roles and Responsibilities............................................................................14 Key Contact Sheet........................................................................................15 Event Log......................................................................................................16 SECTION 5 .......................................................................................................17 Recovery...........................................................................................................17 Recovery Plan...............................................................................................18 Incident Recovery Checklist..........................................................................19 SECTION 6 .......................................................................................................21 Rehearse, Maintain and Review .......................................................................21 Training schedule..........................................................................................21 Review schedule...........................................................................................21

4. Page 2 Business Continuity Plan Date: _August, 22, 2013___________________________________ Distribution List Copy Number Name Location 001 Mr Phil N. Thropist New Metropolis Mayor’s Office 002 Joe Graziano New Metropolis Datacenter 1 003 Jonathan Frapier New Metropolis Datacenter 2 004 Akmal Waheed New Metropolis Datacenter 3 005 Josh Atwell New Metropolis Datacenter 1 006 Mike Laverick New Metropolis Datacenter 2 007 Scott Lowe New Metropolis Datacenter 3 008 Angelo Luciani New Metropolis Datacenter 1 009 Chris Wahl New Metropolis Datacenter 2 010 Eric Wright New Metropolis Datacenter 3 References and related documents Document Title RestoringTheDatacenter-ZombiesRise vDM2-Datacenter1.vsdx vDM2-Datacenter2.vsdx vDM2-Datacenter3.vsdx

5. Page 3 Section 1 Executive Summary In less than a year the world has been uprooted from what once was and the virus left chaos and disorder in its wake. So many people lost and businesses left in ruin. Society on the whole is gone. When Phil N. Thropist pulled together a small team of engineers to re-establish the internet and found untouched buildings to use as new data centers we all joined in and gave the world purpose again. As more and more people flock to this new metropolis we need to be committed to preserving our buildings, homes and lives. This BCP is designed to ensure that we prepare for any and all threats. The undead are still among us and we need to be vigilant. Objectives The objectives of this plan are to: Assess the possible risks to our new family Define and prioritize the functions of the new metropolis Detail yourimmediate response to a critical incident Detail strategies and actions to be taken to enable our society to continue operating Review and update this plan on a regular basis. Glossary This table provides a consistent and commonly agreed set of definitions for terms used in the plan. You should customise this list to suit your business. Business Continuity Planning aprocess that helps develop a plan document to manage the risks to a business, ensuring that it can operate to the extent required in the event of a crisis/disaster. Business Continuity Plan a document containing all of the information required to ensure that your business is able to resume critical business activities should a crisis/disaster occur. Business Impact Analysis the process of gathering information to determine basic recovery requirements for your key business activities in the event of a crisis/disaster. Key business activities those activities essential to deliver outputs and achievement of business objectives. Recovery Time the time from which you declare a crisis/disaster to the time

6. Page 4 Objective (RTO) that the critical business functions must be fully operational in order to avoid serious financial loss. Resources the means that support delivery of an identifiable output and/or result. Resources may be money, physical assets, or most importantly, people. Risk Management is the process of defining and analyzing risks, and then deciding on the appropriate course of action in order to minimize these risks, whilst still achieving business goals.

7. Page 5 Section 2 Risk Management Planning We need to manage the risks to our business by identifying and analyzing the things that may have an adverse effect on your business and choosing the best method of dealing with each of these identified risks. The questions we need to ask are: What could cause an impact? How serious would that impact be? What is the likelihood of this occurring? Can it be reduced or eliminated? The following table outlines some of these events.

8. Page 6 Risk Management Plan Prepared by.:………………………………………………………Date: …………………………… Reviewed by: …………………………………………………….. Date: …………………………… Key: VH = Very High H = High M = Medium L = Low Risk Description: Likelihood Impact Priority Preventative Action ContingencyPlans Interruption to production processes -breakdown of key and equipment -damage to plant and equipment (e.g. fire) H VH H Station armed sentries around perimeter to monitor zombie and renegade activity Build in redundant power and generators Equip doors with locks and security system immediate access to personal resources whilst waiting for insurance payments Zombie Invasion VH VH VH Snipers and sentries around perimeter at all times install alarm and video surveillance camera keep a list of sources for replacement property/equipment.

9. Page 7 Data security and backup strategy How have you protected your data and your network (e.g. virus protection, secure networks and firewalls, secure passwords and data backup procedures)? Detail your backup procedures in the table below. Data for backup Frequency of backup Backup media/ service Person responsible Backup procedure steps SQL Databases Daily Replication to alternate datacentre DataCenter admin Backup is scheduled and runs automatically DataCenter admin monitors report for sucess Exchange Mailboxes Daily Replication to alternate datacentre DataCenter admin Backup is scheduled and runs automatically DataCenter admin monitors report for success Sharepoint Environment Daily Replication to alternate datacentre DataCenter admin Backup is scheduled and runs automatically DataCenter admin monitors report for success

10. Page 8 Section 3 Business Impact Analysis As part of the Business Continuity Plan business owners should undertake a Business Impact Analysiswhich will use the information in your Risk Management Plan to assess the identified risks and impacts in relation to critical activities of your business and determine basic recovery requirements. Critical activities may be defined as primary business functions that must continue in order to support your business. You need to identify: your critical business activities what the impact to your business would be in the event of a disruption how long could your business survive without performing this activity. In our Business Impact Analysis we assign Recovery Time Objectives (RTO) to each function. The RTO is the time from which you declare a crisis/disaster to the time that the critical business function must be fully operational in order to avoid serious financial loss.

11. Page 9 1. In the following table, lists the business activitiesthat must be performed ourensure your business continues to operate effectively 1 Sharepoint Servers 2 Exchange Servers 3 SQL Servers 4 Remote Access VPN 5 MPLS 2. Detailed Business Activity: Business Activity Name: Sharepoint Servers Business Activity Description:Servers responsible for the file sharing, collaboration and intranet/internet presence for the W.R.O. a) What are the losses if this business activity could not be provided? Loss of Revenue: N/A Increased Costs: N/A Staffing: Reduced as people will leave, no longer trusting we can protect them Loss of good will, public image: Without the servers/presence the organization will not be able to grow and find other survivors and the zombies will win. Comments: b) For what maximum amount of time could this business activitybe unavailable (either 100% or partial) before the losses would occur? _______________________ hrs _______________________days ____________1__________ weeks _______________________months Comments: On a scale of 1 to 5 (1 being the Most Important, 5 being the Least Important), where would this business activityfall in terms of being important to the operation of your department or business?

12. Page 10  - 1  - 2  - 3  - 4  - 5 Completed By:__________________________ Date: ______________

13. Page 11 Business Impact Analysis Critical Business Activity Description Priority Impact of loss (describe losses in terms of financial, staffing, loss of reputation etc) RTO (critical period before business losses occur) Sharepoint Servers Servers responsible for the file sharing, collaboration and intranet/internet presence for the W.R.O. High Survivors will leave, not trusting our organization Lack of survivors will mean the Zombies win. 2 days Exchange Servers Servers to handle email communication for the W.R.O. High Survivors will leave, not trusting our organization Lack of survivors will mean the Zombies win. 2 days SQL Servers Databases servers to support the Exchange and Sharepoint environments High Survivors will leave, not trusting our organization Lack of survivors will mean the Zombies win 2 days Remote Access / VPN Communication mechanism for survivors to connect and collaborate with the W.R.O. Medium Survivors will leave, not trusting our organization Lack of survivors will mean the Zombies win 1 week

14. Page 12 Section 4 Incident ResponsePlan It is important to have a plan to prepare for a timely response to critical incidents and reduce the impact of those incidents on your previously identified business operations. It also prepares key personnel to provide an effective response to ensure minimal disruption to operations in theevent of emergency. Immediate ResponseChecklist INCIDENT RESPONSE ACTIONS TAKEN Have you: assessed the severity of the incident?  evacuated the site if necessary?  accounted for everyone?  identified any injuries to persons?  contacted Emergency Services?  implemented your Incident Response Plan?  started an Event Log?  activated staff members and resources?  appointed a spokesperson?  gained more information as a priority?  briefed team members on incident?  allocated specific roles and responsibilities?  identified any damage?  identified critical activities that have been disrupted?  kept staff informed?  contacted key stakeholders?  understood and complied with any regulatory/compliance requirements?  initiated media/public relations response? 

15. Page 13 Emergency kit If there is damage to the building or if it must be evacuated and operations need to be moved to an alternative location, the emergency kit can be picked-up and quickly and easily carried off-site oralternatively stored safely and securely off-site. Documents: Business Continuity Plan – your plan to recover your business or organisation in the event of a critical incident. List of employees with contact details – include home and mobile numbers, and even e-mail addresses. You may also wish to include next-of-kin contact details. Lists of customer and supplier details. Contact details for emergency services. Contact details for utility companies. Building site plan (this could help in a salvage effort), including location of gas, electricity and water shut off points. Evacuation plan. Latest stock and equipment inventory. Insurance company details. Financial and banking information. Engineering plans and drawings. Product lists and specifications. Formulas and trade secrets. Local authority contact details. Headed stationery and company seals and documents. Equipment: Computer back-up tapes/disks/USB memory sticks or flash drives. Spare keys/security codes. Torch and spare batteries. Hazard and cordon tape. Marker pens (for temporary signs). General stationery (pens, paper, etc). Mobile telephone with credit available, plus charger. Dust and toxic fume masks. Shotguns Hand Guns Ammunition Flame thrower Tank

16. Page 14 Roles and Responsibilities This table allows you to assign responsibility for completion of each task to one of your designated roles. You will then assign each role, or multiple roles, to one or more staff members and assign back-up staff as appropriate. The staff members involved should then be given this table in order to understand their roles and as a task assignment list for completion of pre- emergency planning and emergency tasks. You should customise this table to suit your business’s needs and structure. ROLE DESIGNATED EMPLOYEES ALTERNATE Team Leader Name: Joe Graziano Contact Information: 555-123-4567 Name: Eric Wright Contact Information: 555-123-4567 Emergency Responsibilities: ensure the Business Continuity Plan has been activated oversee smooth implementation of the response and recovery section of the plan determine the need for and activate the use of an alternate operation site and other continuity tasks communicate with key stakeholdersas needed provide important information to the Communication Officer for distribution keep key staff apprised of any changes to situation. ROLE DESIGNATED EMPLOYEES ALTERNATE Title Name: Contact Information: Name: Contact Information: ROLE DESIGNATED EMPLOYEES ALTERNATE Title Name: Contact Information: Name: Contact Information:

17. Page 15 Key Contact Sheet Contact List – Internal Use this table to document your staff emergency contact details. Each business will have different positions identified in its contact list. Person Contact number/s Email Responsibilities - Joe Graziano 555-123- 4567 JoeG@wro.net Team Leader - Eric Wright 555-123- 4567 EricW@wro.net Alternate Team Leader Contact List – External Use this table to document external services (including Emergency Services) contact details. Each business will have different external suppliers and stakeholders. Key contacts Contact number/s Sherrif Rick Grimes / 555-123-4432 Crossbow Specialist Daryl Dixon / 555-321-3848 Amunition Expert Glen Rhee / 555-098-1234 Hacker Dade Murphy / 555-987-1357 Electronics Expert Luther Strickell / 555-567-9753 Buy More Specialist Charles Bartowski / 555-1234-9876 Cereal Specialist Emanuel Goldstein / 555-123-3456

18. Page 16 Event Log Use the Event Log to record information, decision and actions in the period immediately following the critical event or incident. Date Time Information / Decisions / Actions Initials

19. Page 17 Section 5 Recovery After a disaster is declared recovery is the phase where we perform our critical activities as soon as possible to return operations to a normal functioning state. The table below outlines critical events and tasks and processes to be handled in order to restore systems and services.

20. Page 18 Recovery Plan Critical Business Activities Preventative/Recovery Actions Resource Requirements/ Outcomes Recovery Time Objective Responsibility Completed Datacenter compromised by Zombies Site recovery manager fail over to secondary and tertiary datacenter Research new warehouses and scrap yards Identify alternative production site. 1 week Business owner/ operator

21. Page 19 Incident Recovery Checklist You will need to customise this list to include information specific to your business. INCIDENT RESPONSE ACTIONS Now that the crisis is over have you: refocused efforts towards recovery?  deactivated staff members and resources as necessary?  continued to gather information about the situation as if effects you?  assessed your current financial position?  reviewed cash requirements to restore operations?  contacted your insurance broker/company?  developed financial goals and timeframes for recovery?  kept staff informed?  kept key stakeholders informed?  identified information requirements and sourced the information?  set priorities and recovery options?  updated the Recovery Plan?  captured lessons learnt from your individual, team and business recovery? 

22. Page 20

23. Page 21 Section 6 Rehearse, Maintain and Review It is critical that we rehearse our plan to ensure that it remains relevant and useful. This will be done as part of a training exercise and is a key factor in the successful implementation of the plan during an emergency. Training schedule Record details of your training schedule in the table below: Training Date Training type Comments 0/0/0 Evacuation drill All personnel evacuated and accounted for within acceptable timeframe. Review schedule Record details of your review schedule in the table below: Review date Reason for review Changes made 0/0/0 New personnel in new roles Plan updated to reflect changes to roles and responsibilities

Joe Graziano – Challenge 2 Design Solution (Part 2)

Joe Graziano – Challenge 2 Design Solution (Part 2)

Joe Graziano – Challenge 2 Design Solution (Part 2)

Recommended

More Related Content

Similar to Joe Graziano – Challenge 2 Design Solution (Part 2)

Similar to Joe Graziano – Challenge 2 Design Solution (Part 2)(20)

More from tovmug

More from tovmug(19)

Recently uploaded

Recently uploaded(20)

Joe Graziano – Challenge 2 Design Solution (Part 2)