IFSM 432 Phase 2 Draft Plan (Draftv1)
docx
keyboard_arrow_up
School
University of Maryland, University College *
*We aren’t endorsed by this school
Course
432
Subject
Religion
Date
Apr 3, 2024
Type
docx
Pages
24
Uploaded by tsulliv
NewOptMarketing Corporation Rel. 1, Ver. 1 16 Feb 2024
xxxMarketing Corporation Business Continuity and Disaster Recovery
Plan
By Group x
xxxx – Accounting
xxxxxxx – Human Resources
xxxxxx – Marketing
xxxxxx – Information Technology (IT)
IFSM 432
1
This template is for the educational use of this class and has been modified for that purpose.
NewOptMarketing Corporation Rel. 1, Ver. 1 16 Feb 2024
Emergency notification contacts
Name
Address
Home
Mobile phone
CEO
John Newman
410-555-
1111
443-555-1111
CFO
410-555-
2222
443-555-2222
CIO
Anita Diamond
410-555-
3333
443-555-2222
Human Resources Director
410-555-
4444
443-555-4444
Marketing Director
410-555-
5555
443-555-5555
Operations Manager
410-555-
6666
443-555-6666
2
This template is for the educational use of this class and has been modified for that purpose.
NewOptMarketing Corporation Rel. 1, Ver. 1 16 Feb 2024
Revisions control page
Date
Summary of changes made
Changes made by (Name)
12 FEB
Initial Draft
Group 3
3
This template is for the educational use of this class and has been modified for that purpose.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
NewOptMarketing Corporation Rel. 1, Ver. 1 16 Feb 2024
1.
Purpose
The aim of this business continuity and disaster recovery plan is to ensure that NewOptMarketing is prepared to respond effectively and recover from prolonged service disruption caused by unforeseen events including natural disasters or human made incidents. Our
objective is to restore services to their fullest extent as quickly as possible. To achieve this, all NewOptMarketing sites adopt preventative measures to reduce operational interruptions and accelerate the recovery process in the event of an incident.
The plan identifies vulnerabilities across all NewOptMarketing system sites and facilities, recommending measures to prevent or reduce their impact. It includes proactive strategies for maintaining business continuity during disruption and reactive measures for critical functions in a disaster. This comprehensive approach ensures NewOptMarketing is prepared to address a wide range of threats and maintain operational resilience.
2.
Scope
While this plan aims to provide comprehensive guidance for business continuity and disaster recovery, it does have limitations. It may not cover every possible scenario or account for every individual circumstance that could arise during a crisis. Additionally, it relies on assumptions about the nature and severity of potential incidents, which may evolve over time. As such, regular review and updates are necessary to ensure the plan remains relevant and effective in addressing NewOptMarketing’s evolving needs and challenges.
3.
Plan objectives.
Serves as a guide for the NewOptMarketing recovery teams.
References and points to the location of critical data.
Provides procedures and resources needed to assist in recovery.
Identifies vendors and customers that must be notified in the event of a disaster.
Assists in avoiding confusion experienced during a crisis by documenting, testing, and reviewing recovery procedures.
Identifies alternate sources for supplies, resources, and locations.
Documents storage, safeguarding, and retrieval procedures for vital records.
Additionally, the plan identifies vendors and customers that must be notified in the event of a disaster ensuring clear communication channels and reviewing recovery procedures, the plan helps avoid confusion experienced during a crisis and ensures swift and coordinated response efforts.
Moreover, the plan identifies alternate sources for supplies, resources, and locations, mitigating potential disruptions to operations. It also documents storage, safeguarding, and retrieval procedures for vital records, ensuring their protection and accessibility during and after a disaster.
4
This template is for the educational use of this class and has been modified for that purpose.
NewOptMarketing Corporation Rel. 1, Ver. 1 16 Feb 2024
4. Assumptions
Key people (team leaders or alternates) will be available following a disaster.
A national disaster such as nuclear war is beyond the scope of this plan. Each support organization will have its own plan consisting of unique recovery procedures, critical resource information and procedures.
Backup Systems availability:
It is assumed that backup systems and data storage facilities are
in place at all NewOptMarketing locations to facilitate the recovery of critical assets in the event of a disaster.
Maintenance and Regular Testing: It
is assumed that regular testing and maintenance of backup systems and recovery procedures are conducted to verify their effectiveness and reliability in real-world scenarios.
These assumptions support the effectiveness and reliability of the storage and recovery processes
outlined in the plan, ensuring that NewOptMarketing can swiftly recover and resume operations following a disaster or disruptive event.
5.
Disaster definition
Any loss of utility service such as power, water, connectivity pertaining to system site, or catastrophic event such as weather, natural disaster, vandalism that causes an interruption in the service provided by NewOptMarketing operations. The plan identifies vulnerabilities within the operational infrastructure and recommend proactive measures to prevent and mitigate the impact of extended service outages.
5.1 Business Continuity definition Business continuity refers to the proactive process of planning and implementing strategies to ensure that an organization can continue its essential functions and operations during and after disruptive events or crises. It encompasses the development of comprehensive plans, protocols, and procedures aimed at minimizing the impact of potential threats, such as natural disasters, cyberattacks, or supply chain disruptions, on the organization's ability to deliver products or services to its customers.
6.
Recovery teams
Emergency management team (EMT)
Disaster recovery team (DRT)
IT technical services (IT)
Key employees (KE)
6.1 Team member responsibilities
Each team member will designate an alternate
All the members should keep an updated calling list of their work team members’ work, home, and cell phone numbers both at home and at work.
5
This template is for the educational use of this class and has been modified for that purpose.
NewOptMarketing Corporation Rel. 1, Ver. 1 16 Feb 2024
All team members should keep this plan for reference at home in case the disaster happens after normal work hours. All team members should familiarize themselves with the contents of this plan. 6.2 Instructions for using the business continuity plan.
As a team member, it's crucial to familiarize yourself with the contents of this business continuity and disaster recovery plan to ensure readiness and effective response in the event of a crisis.
By following instructions and actively engaging with the plan, one can contribute to the organization's ability to effectively navigate through crises and maintain continuity of operations.
7.
Invoking the plan
This plan becomes effective when a disaster occurs. Normal problem management procedures will initiate the plan and remain in effect until operations are resumed at the original location or a
replacement location and control is returned to the appropriate functional management. 8.
Disaster declaration
The senior management team, with input from the EMT, DRT and IT, is responsible for declaring a disaster and activating the various recovery teams as outlined in this plan. In a major disaster situation affecting multiple business units, the decision to declare a disaster will be determined by NewOptMarketing’s senior management. NewOptMarketing’s EMT and DRT will respond based on the directives specified by senior management.
9.
Notification and Justification
Regardless of the disaster circumstances, or the identity of the person(s) first made aware of the disaster, the EMT and DRT must be activated immediately in the following cases:
One system and/or site is down concurrently for two or more hours
Two or more systems and/or sites are down concurrently for one or more hours
Any problem at any system or network facility that would cause either of the above conditions to
be present or there is certain indication that either of the conditions are about to occur. If, for any
reason, conditions have caused one system or one site down for 2 hours, the Communications plan should be enacted. One system or one site could be a minor issue caused by a down data communications line or a power outage, but redundant systems should have no issue handling this scenario. If two or more systems or sites are down for 2 hours, this could be a much more serious condition and be a major issue, caused a weather disaster or some other act of nature, or a
virus/malware that has run through the systems. The communications plan should be enacted at 6
This template is for the educational use of this class and has been modified for that purpose.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
NewOptMarketing Corporation Rel. 1, Ver. 1 16 Feb 2024
the 2-hour mark after remediation attempts have been made.
10.External communications
Corporate public relations personnel are designated as the principal contacts with the media (radio, television, and print),
Environmental Protection Agency (EPA) – for chemical or environmental issues
Federal Bureau of Investigation (FBI) – for Malware/Ransomware attacks
Federal Emergency Management Agency (FEMA) – for communication of information about disasters between Federal agencies and the public
Central Intelligence Agency (CIA) – for international emergencies such as kidnapping
Department of Energy (DOE) – for power grid issues
Nuclear Regulatory Commission (NRC) – if local power supply is nuclear based
and other external organizations following a formal disaster declaration.
11.Emergency management standards
Data backup policy
Daily Incremental and Weekly full and backups preserve corporate information assets and should
be performed for audit logs and files that are irreplaceable, have a high replacement cost, or are considered critical. Backup media should be stored in a secure, geographically separate location from the original and isolated from environmental hazards.
Department-specific data and document retention policies specify what records must be retained and for how long. All organizations are accountable for carrying out the provisions of the instruction for records in their organization.
IT follows these standards for its data backup and archiving:
Tape retention policy
Tape Backups are currently utilizing at NewOptMarketing, Backup media is stored at locations that are secure, isolated from environmental hazards, and geographically separate from the location housing the system.
Tape Retention Policy is Daily Backups for 31 days, monthly for 13 months then yearly for 10 years, off-site.
Billing tapes 7
This template is for the educational use of this class and has been modified for that purpose.
NewOptMarketing Corporation Rel. 1, Ver. 1 16 Feb 2024
Full Back up Tapes are run once a week and stored on-site
End of the Month Full Backups are stored off-site at Iron Mountain for 13 Months
Daily Incremental Back up Tapes are stored on-site in locked cabinet
Daily Incremental Back up Tapes greater than 31 days are recycled at the end of the month
Full Back up Tapes greater than 10 years old are destroyed every six months by Iron Mountain.
The system supervisor is responsible for the transition cycle of tapes.
System image tapes
A copy of the most current image files must be made at least weekly and verified prior to any
System updates.
This backup must be stored offsite.
The system supervisor is responsible for this activity.
Off-site storage procedures
Tapes and disks, and other suitable media are stored in environmentally secure facilities.
Tape or disk rotation occurs on a regular schedule coordinated with the storage vendor.
Access to backup databases and other data is tested annually.
Emergency management procedures
The following procedures are to be followed by system operations personnel and other designated NewOptMarketing personnel in the event of an emergency. Where uncertainty exists, the more reactive action should be followed to provide maximum protection and personnel safety.
Note:
Anyone not recognized by the NewOptMarketing IT staff as normally having business in the area must be challenged by the staff and then notify security personnel. NewOptMarketing personnel should also be verified by NewOptMarketing IT staff in order to ascertain that they have relevant business in that area to discourage disgruntled employee activity. Any non-
NewOptMarketing employees must be verified to deter social engineering and illegal intelligence gathering.
These procedures are furnished to NewOptMarketing management personnel to take home for reference. Several pages have been included to supply emergency contacts.
In the event of any situation where access to a building housing a system is denied, personnel
should report to alternate locations. Primary and secondary locations are listed below.
Alternate locations Workplace: Philadelphia, Pennsylvania
Attempt to contact your immediate supervisor or management via telephone. Home and cell phone numbers are included in this document
Remote Access will be provided by Company provided laptop with secure VPN tools to gain authenticated access
8
This template is for the educational use of this class and has been modified for that purpose.
NewOptMarketing Corporation Rel. 1, Ver. 1 16 Feb 2024
Workplace: Baltimore, Maryland
Attempt to contact your immediate supervisor or management via telephone. Home and cell phone numbers are included in this document
Remote Access will be provided by Company provided laptop with secure VPN tools to gain authenticated access
Workplace: Cincinnati, Ohio
Attempt to contact your immediate supervisor or management via telephone. Home and cell phone numbers are included in this document
Remote Access will be provided by Company provided laptop with secure VPN tools to gain authenticated access
9
This template is for the educational use of this class and has been modified for that purpose.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
NewOptMarketing Corporation Rel. 1, Ver. 1 16 Feb 2024
12.Response Scenarios
In the event of a security breach such as a ransomware attack impacting the Philadelphia location
and its ability to process accounts payroll and receivables, notify Jason Harris (Accounting
Manager)
In the event of a security breach to any location, the guidelines and procedures in this
section are to be followed.
Procedure
STEP
ACTION
1
Take the impacted system(s) offline as quickly as possible.
2
Notify the Chief Information Security Officer (CISO) of the
breach and include all impacted systems.
3
Mobilize the EMT to prevent additional loss.
4
Freeze any accounting assets that might’ve been compromised.
5
Conduct damage assessment. 6
Notify appropriate parties to include law enforcement if applicable. In the event of unauthorized access to sensitive Human Resources data due to a disgruntled
employee potentially compromising the data for all NewOptMarketing Corp locations,
notify Luis Gomez (Human Resources Manager) AND Tim Sullivan (IT Manager).
In the event of unauthorized access at any location, the guidelines and procedures in this section are to be followed.
Procedure
STEP
ACTION
1
Take impacted system(s) offline.
2
Contact IT Department and local law enforcement
3
IT Department should incorporate role and user-based level permissions. 4
IT Dept deletes all accounts for employees leaving company.
10
This template is for the educational use of this class and has been modified for that purpose.
NewOptMarketing Corporation Rel. 1, Ver. 1 16 Feb 2024
In the event of a system bug that could disrupt the human resources employee training platform potentially delaying on-boarding, notify Luis Gomez (Human Resources Manager) AND Tim Sullivan (IT Manager).
In the event of any software bugs to any location, the guidelines and procedures in this section are to be followed.
Procedure
STEP
ACTION
1
Contact the IT Department. 2
IT Department will ensure system is up-to-date.
3
Prior to updating system, ensure that no other services will
be impacted.
4
Update system
5
Test system functionality and release to live environment.
In the event of unauthorized access to a system due to poor password management
potentially compromising the data for all NewOptMarketing Corp locations, notify Tim
Sullivan (IT Manager).
In the event of unauthorized access at any location, the guidelines and procedures in this section are to be followed.
Procedure
STEP
ACTION
1
Take impacted system(s) offline.
2
Contact IT Department
3
IT Department should disable the affected account from Active Directory.
4
Implement complex password security rules.
5
Enable rule to ensure all users are required to change their passwords with the new complex standard upon login. 11
This template is for the educational use of this class and has been modified for that purpose.
NewOptMarketing Corporation Rel. 1, Ver. 1 16 Feb 2024
In the event of a fire impacting the main facility’s data center and their ability to conduct their Marketing operations, notify Lydia Hardy (Marketing Manager) AND Tim Sullivan (IT
Manager).
In the event of a fire impacting any facility, the guidelines and procedures in this section are to be followed.
Procedure
STEP
ACTION
1
Immediately notify all facility personnel of the situation and evacuate and Dial 9-1-1 to contact the fire department.
2
Alert the EMT and DRT.
3
Notify Building Security.
4
Contact appropriate vendor personnel to aid in the decision
regarding the protection of equipment
5
All personnel evacuating the facilities will meet at their assigned rally point
In the event of a system failure such as the marketing database server due to HVAC issues causing the server room operating at a high temperature, notify Lydia Hardy (Marketing Manager) AND Tim Sullivan (IT Manager).
In the event of an HVAC failure within any computing facilities, the guidelines and procedures in this section are to be followed.
Procedure
STEP
ACTION
1
Mobilize IT department and Facilities manager.
2
Ensure HVAC technician is dispatched to location as an EXPEDITED request.
3
Mobilize EMT to assist IT department on alternate cooling
methods such as portable AC units and/or fans. 4
Gracefully shut-down any non-essential system.
5
Continue to monitor room temperatures until issue is resolved.
12
This template is for the educational use of this class and has been modified for that purpose.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
NewOptMarketing Corporation Rel. 1, Ver. 1 16 Feb 2024
13.Plan review and maintenance
This plan must be reviewed semiannually and exercised on an annual basis. The test may be in the form of a walk-through, mock disaster, or component testing. Additionally, with the dynamic
environment present within NewOptMarketing Corp it is important to review the listing of personnel and phone numbers contained within the plan regularly. The following exercise methods are to be used, Tabletop, Limited-Scale, and Full-Scale Exercises
. The process owner for the exercise will be determined based on the business process that will be tested (
ex: IT manager will be the Exercise Manager for any IT system exercise
). Furthermore, Exercise Manager must determine the appropriate exercise method for the given scenario keeping in mind resources and personnel. No exercise should be deemed more important than live or real-world events. In such event, the exercise will be immediately terminated and documented for future reference/lessons learned.
Tabletop Exercise -
a discussion-based exercise in which team members and leaders review and define roles in response to a simulated event. This type of exercises allows members to understand their role and responsibilities when executing on a said or similar scenario. It is also a good opportunity to implement any lessons learned into the planning process.
Limited-Scale Exercise
- a type of exercise that focuses on a targeted business process or system. During this simulation, only team members who are responsible for that particular system or process are included in the planning and execution of the exercise. This is a great way to ensure members are following their roles and responsibilities.
Full-Scale Exercise
- this exercise involves the full use of all available resources to include personnel and systems. The end goal is to determine the overall organization's effectiveness and response for a specific event such as loss of primary facility.
The hard-copy version of the plan will be stored in a common location where it can be viewed by
site personnel and the EMT and DRT. Electronic versions will be available via NewOptMarketing Corp network resources as provided by IT. Each recovery team will have its own directory with change management limited to the recovery plan coordinator. 13
This template is for the educational use of this class and has been modified for that purpose.
NewOptMarketing Corporation Rel. 1, Ver. 1 16 Feb 2024
14.Alert/Verification/Declaration phase (0-24 hours)
Flow Diagrams
Create a workflow diagram for each risk area based on the identified steps in your procedures and based on what needs to be done within the first 0-4 hours, include decision points in the workflow.
In the event of a security breach to any location, the guidelines and procedures in this section are to be followed.
In the event of unauthorized access at any location, the guidelines and procedures in this section are to be followed.
14
This template is for the educational use of this class and has been modified for that purpose.
NewOptMarketing Corporation Rel. 1, Ver. 1 16 Feb 2024
In the event of any software bugs to any location, the guidelines and procedures in this section are to be followed.
In the event of unauthorized access at any location, the guidelines and procedures in this section are to be followed.
15
This template is for the educational use of this class and has been modified for that purpose.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
NewOptMarketing Corporation Rel. 1, Ver. 1 16 Feb 2024
In the event of a fire impacting any facility, the guidelines and procedures in this section are to be followed.
In the event of HVAC within any computing facilities, the guidelines and procedures in this section are to be followed.
16
This template is for the educational use of this class and has been modified for that purpose.
NewOptMarketing Corporation Rel. 1, Ver. 1 16 Feb 2024
Plan checklists
In the event of a security breach to any location, the checklist in this section is to be followed:
Step
Required data, forms, or other tools or information
1
Access to system management database.
2
Call-roster/email for each section
3
EMT contact information and On-call roster for off-duty hours.
4
Account information; vendor information 5
Server diagram, vendor and customer accounts
6
Call-roster/customer information.
In the event of unauthorized access at any location, the checklist in this section is to be followed:
Step
Required data, forms, or other tools or information
1
Access to system management database
2
Call-roster/email for each section
3
Access to Active Directory server; Appropriate admin accounts
4
Access to Active Directory server; Appropriate admin accounts; off-
boarding list
In the event of any software bugs at any location, the checklist in this section is to be followed:
Step
Required data, forms, or other tools or information
1
Call-roster/email for IT dept.
2
Vendor specific knowledge articles with latest software updates.
3
Server role list; server maintenance schedule
4
Admin account; IT standard operating procedures
5
Admin account; IT standard operating procedures
In the event of unauthorized access at any location, the checklist in this section is to be followed:
Step
Required data, forms, or other tools or information
1
Access to system management database
2
Call-roster/email for each section
3
Access to Active Directory server; Appropriate admin accounts
4
Access to Active Directory server; Appropriate admin accounts
5
Access to Active Directory server; Appropriate admin accounts; Server roles
17
This template is for the educational use of this class and has been modified for that purpose.
NewOptMarketing Corporation Rel. 1, Ver. 1 16 Feb 2024
In the event of a fire impacting any facility, the checklist in this section is to be followed:
Step
Required data, forms, or other tools or information
1
Mass-reporting system (ex: voice reporting, fire alarm, etc.)
2
Call-roster/email for each section
3
Call-roster/email for each section
4
Vendor contact information
5
Floor diagrams; rally point maps; emergency exit signs
In the event of an HVAC failure within any computing facility, the checklist in this section is to be followed:
Step
Required data, forms, or other tools or information
1
Call-roster/email for each section
2
Vendor information; HVAC contract memo; floor diagram
3
Floor diagram; cooling units (fans, AC units, etc.)
4
Admin accounts; access to systems
5
Temperature monitoring tool
15.Notification of incident affecting the site
On-duty personnel responsibilities
If in-hours:
Upon observation or notification of a potentially serious situation during working hours at a system/facility, ensure that personnel on site have enacted standard emergency and evacuation procedures if appropriate and notify the EMT, DRT, IT Services, and Key Employees (ex. Accounting, HR, Marketing, and IT Managers)
If outside hours:
IT personnel should contact the EMT, DRT and Key Employees (ex. Accounting, HR, Marketing, and IT Managers
Provide status to EMT and DRT
Contact EMT and/or DRT and provide the following information when any of the following conditions exist:
Any potential hazards that could impact any system or location such as a projected inclement
weather, natural event, manmade event, etc.
Any information that could facilitate their mission planning (5Ws)
Any special access that might be required
18
This template is for the educational use of this class and has been modified for that purpose.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
NewOptMarketing Corporation Rel. 1, Ver. 1 16 Feb 2024
Any clearance that might be required specifically for contractors or other third-party entities
Any problem at any system or location that would cause the above condition to be present or there is certain indication that the above condition is about to occur.
The EMT will provide the following information:
Location of disaster
Type of disaster (e.g., fire, hurricane, flood)
Summarize the damage (e.g., minimal, heavy, total destruction)
Meeting location that is a safe distance from the disaster scene
An estimated timeframe of when a damage assessment group can enter the facility (if possible)
The EMT will contact the respective market team leader and report that a disaster involving voice communications has taken place.
The EMT and/or DRT will contact the respective NewOptMarketing Corp team leader and report
that a disaster has taken place.
16.
Decide course of action
Based on the information obtained, the EMT and/or DRT need to decide how to respond to the event: mobilize IT, repair/rebuild existing site (s) with location staff or relocate to a new facility.
Any hazardous conditions that pose an immediate danger to the health, or physical safety, of employees are justifiable grounds for relocation of personnel. When first responders authorize re-entry into the affected spaces, disaster recovery operations will commence. Only essential personnel will be allowed to return to the premises to perform an initial assessment of what equipment is salvageable, document current conditions, identify needs for protective equipment. Once the initial assessment has been performed, CIO is authorized to develop and implement an appropriate plan of retrieval for equipment that is essential for continuity of operations, or sensitive in nature. CEO retains final approval authority for any external support requests. 17.
Inform team members of decision
If a disaster is not declared
, the location response team will continue to address and manage the
situation through its resolution and provide periodic status updates to the EMT/DRT.
If a disaster is declared
, the EMT and/or DRT will notify IT Tech Services immediately for deployment.
Declare a disaster
if the situation is not likely to be resolved within predefined time frames. The person who is authorized to declare a disaster must also have at least one backup person who
is also authorized to declare a disaster in the event the primary person is unavailable.
19
This template is for the educational use of this class and has been modified for that purpose.
NewOptMarketing Corporation Rel. 1, Ver. 1 16 Feb 2024
Contact General Vendors
VENDOR/DEPARTMENT
SERVICES
POINT-OF-CONTACT
Verizon Commercial Accounts
Voice Service Provider
Refer to local contact list
Spectrum Commercial Internet
Internet Service Provider
Refer to local contact list
Fujitsu
Printer Service/Warranty
Refer to local contact list
Office Depot
Stationery Materials Supplier
Refer to local contact list
Dell Computers
End-User Suites
Refer to local contact list
Cisco Network Components
Refer to local contact list
18.
Disaster declared: Mobilize incident response/Technical services
teams/Report to command center
Once a disaster is declared, the DRT is mobilized. This team will initiate and coordinate the appropriate recovery actions. Members assemble at the designated location as quickly as possible.
NewOptMarketing Command Center Locations: Philadelphia
- 1 Citizens Bank Way, Philadelphia, Pennsylvania 19148
Baltimore
- 333 West Camden Street Baltimore, MD 21201
Cincinnati
- 100 Joe Nuxhall Way Cincinnati, OH 45202
19.
Conduct detailed damage assessment (This may also be performed prior to
declaring a disaster.) 1.
Under the direction of local authorities and/or EMT/DRT, assess the damage to the affected location and/or assets. Include vendors/providers of installed equipment to ensure that their expert opinion regarding the condition of the equipment is determined ASAP.
A.
Participate in a briefing on assessment requirements, reviewing:
(1)
Assessment procedures
(2)
Gather requirements
(3)
Safety and security issues
NOTE: Access to the facility following a fire or potential chemical contamination will likely be denied for 24 hours or longer.
A.
Document assessment results using assessment and evaluation form contained in Appendix TBS. 20
This template is for the educational use of this class and has been modified for that purpose.
NewOptMarketing Corporation Rel. 1, Ver. 1 16 Feb 2024
Building access permitting:
Conduct an on-site inspection of affected areas to assess damage to
essential hardcopy records (files, manuals, contracts, documentation, etc.) and electronic data.
Obtain information regarding damage to the facility (s) (e.g., environmental conditions, physical structure integrity, furniture, and fixtures) from the DRT.
Develop a restoration priority list, identifying facilities, vital records and equipment needed for resumption activities that could be operationally restored and retrieved quickly.
Recommendations for required resources.
20.Contact DRT: Decide whether to continue to business recovery phase
The EMT and DRT gather information regarding the event; contacts senior management and provides them with detailed information on status. Based on the information obtained, senior management decides whether to continue to the business recovery phase of this plan. If the situation does not warrant this action, continue to address the situation at the affected site(s).
21.Business recovery phase (24 hours - full recovery)
This section documents the steps necessary to activate business recovery plans to support full restoration of systems or facility functionality at an alternate/recovery site that would be used for
an extended period of time. Coordinate resources to reconstruct business operations at the temporary/permanent system location, and to deactivate recovery teams upon return to normal business operations. NewOptMarketing Corp system and facility operation requirements
The system and facility configurations for each location are important to re-establish normal operations. A list for each location will be included in Section 11: Emergency Management Standards.
21
This template is for the educational use of this class and has been modified for that purpose.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
NewOptMarketing Corporation Rel. 1, Ver. 1 16 Feb 2024
Notify IT staff/Coordinate relocation to new facility
See Appendix A for IT staff associated with a new location being set up as a permanent location (replacement for site). Secure funding for relocation
Make arrangements in advance with suitable backup location resources. Make arrangements in advance with local banks, credit card companies, hotels, office suppliers, and others for emergency support. Ensure all applicable guides and standard operating procedures are updated accordingly to reflect any information that could be specific for the given location. Ensure addresses and contact information for each Facility Manager is updated and that said information
is made available to EMT, DRT, IT services, Key Employees and anyone with the need to know.
Notify EMT and corporate business units of recovery startup
Notify the appropriate company personnel. Inform them of any changes to processes or procedures, contact information, hours of operation, etc. (This may be used for media information.)
Operations recovered
Assuming all relevant operations have been recovered to an alternate site, and employees are in place to support operations, the company can declare that it is functioning in a normal manner at the recovery location. 22
This template is for the educational use of this class and has been modified for that purpose.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
NewOptMarketing Corporation Rel. 1, Ver. 1 16 Feb 2024
Appendix A: NewOptMarketing Corp recovery teams
Emergency management team (EMT)
Charter:
Responsible for overall coordination of the disaster recovery effort; evaluation and determining disaster declaration; and communications with senior management.
Support activities: The EMT:
Evaluate which recovery actions should be invoked and activate the recovery teams
Evaluate damage assessment findings
Set restoration priority based on the damage assessment reports
Provide senior management with ongoing status information
Act as a communication channel to corporate teams and major customers
Work with vendors and IRT to develop a rebuild/repair schedule
Team Members include:
EMT
IT Technical Services
Key Employees (KE)
Disaster recovery team Charter:
Responsible for overall coordination of the disaster recovery effort; establishment of the emergency command area; and communications with senior management and the EMT.
Support activities:
Coordinate with EMT and senior management
Determine recovery needs
Establish command center and assembly areas
Notify all company department heads and advise them to activate their plan(s) if applicable, based upon the disaster situation
If no disaster is declared, take appropriate action to return to normal operations using regular staff
Determine if vendors or other teams are needed to assist with detailed damage assessment
Prepare post-disaster debriefing report
Coordinate the development of site-specific recovery plans and ensure they are updated semi-
annually
23
This template is for the educational use of this class and has been modified for that purpose.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
NewOptMarketing Corporation Rel. 1, Ver. 1 16 Feb 2024
Team Members include:
EMT
DRT
Key employees (KE)
IT technical services (IT)
Charter
IT will facilitate technology restoration activities.
Support activities
Upon notification of disaster declaration, review and provide support as follows:
1.
Facilitate technology recovery and restoration activities, providing guidance on replacement equipment and systems, as required
2.
Coordinate removal of salvageable equipment at disaster site that may be used for alternate site operations
Team Members include:
Key Employees (KE)
24
This template is for the educational use of this class and has been modified for that purpose.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help