Phoenix Bank:

Introductory Disaster Recovery & Business Continuity Plan

 

Overview

Plan Introduction

            This Disaster Recovery & Business Continuity plan is a work in progress that will continue to evolve over time and never truly be “finished” but will eventually be functional and continue to be as it changes.

Scope and Objectives

            The plan, once completed, is to serve as the instructions for all IT related incidents that keep the company, partly or as a whole, from functioning as normal. The objective is that when such an event occurs, those who are eventually assigned the roles listed in this document will be able to implement the Business Continuity plans quickly allowing business to continue as others begin the process of Disaster Recovery.

Assumptions used in Planning

            Though our company has offices in multiple geographical locations, and individualized location plans will take that into account, this introductory plan assumes the same possible disaster scenarios for each location and in the same order.

Current Emergency Response Team

            Currently the Emergency Response Team is not broken up into separate groups (i.e. Management Team, Damage Assessment, etc…), this is due to the stage at which this plan currently exists and eventually we expect these teams to be formed as the plan matures.


Team Roles Overview

While we expect these roles to change over the course of the plans development, these are the roles that exist in the plan as it stands today. Also, there are currently only two team

  • ERT Manager – This role serves as both a manager of the team’s employees (supervisory function) and also as the incident manager responsible for overseeing the team members as they perform their individual functions and for the direction of their work and investigations.
  • Duty Officer – When an incident occurs, the role of this individual is to gather all the information needed by the analysts to begin an investigation. This individual is also responsible for the documentation of the results found during the investigation.
  • Analysts – This member(s) will take the gathered data and begin an investigation of a particular incident. If multiple analysts are on the team they may be broken up into areas of specialty if needed.
  • Legal – This member of the team will oversee the legal issues raised during an investigation as well as submit any briefs, legal reports, or submit paperwork for any criminal charges that are the result of the investigation.
  • Public Relations – This team member may not be needed in all instances and as such will likely not be a permanent part of the team. However, this role will be to minimize the damage to reputation, brand, or customer confidence.
  • Human Resources – As with the Public Relations member, this position is also not likely to be needed in every incident. If the incident was caused by an employee either through malice or other actions then this member of the team will deal with that portion of the investigation.
  • Continuity IT Lead – This team member is responsible for the implementation of the business continuity portion of the plans. Any movement of IT operations to the secondary locations (instead of repairing the primaries within the acceptable downtimes) is a decision made in conjunction with the recovery IT lead.
  • Recovery IT Lead – This team member is responsible for the implementation of the disaster recovery portion of the plans. Repairs, replacements, and an estimate of downtime is part of this responsibility. This member will coordinate with the Continuity IT Lead if the downtime is longer than allowable.

 

Vulnerability Overview

Natural Vulnerabilites:

  • Flooding
  • Tornado
  • Earthquake
  • Fire

Human Vulnerabilities:

  • Hacking of Web Portals or Central Database
  • Theft of Data by Employee
  • Terrorist Event

Infrastructure Vulnerabilities:

  • Loss of Internet Connectivity
  • Loss of VPN Connectivity (WAN Capability)
  • Localized or Area Wide Power Loss

Equipment Related Vulnerabilities:

  • Loss of Central Database access
  • Web server or Database server hardware failure
  • Loss of Customer Data Integrity

 

Business Impact Analysis

            The above chart is a list of the critical services that will need to be kept running in order for the company to continue to function. The units listed will need to be broken down into their respective components before the finalized version of this plan is submitted. Also, the above components are ranked on a scale of 1 to 3, with 1 being the worst and 3 being the best.

 Mitigation Strategies For Natural and Human Vulnerabilities

Flooding:

Because of Nashville’s proximity to the Tennessee river and the region’s potential for heavy rains the city has flooded in the past. If this occurs during the business day evacuations of the sites affected need to take place as soon as the threat is evident. Servers and other critical equipment are not on levels likely to be affected by even heavy flooding, it is incredibly likely that power and WAN networking for the site would be disrupted. If flooding becomes inevitable, all critical processes will be moved to the secondary site.

 

Tornado:

Tornados in the heart of Nashville are not unprecedented. Because of the nature of tornados there will likely be no advanced warning and all personnel is to relocate to the basement levels immediately. Implementation of BC & DR plans will begin after the threat has passed. If the primary site is damaged to a point that it cannot function, all business critical functions will be shifted to the secondary site.

 

Earthquake: 

A fault line does exist in the area, though it has not resulted in any large earthquakes in some time. Should one occur, all employees should be accounted for and the sift of business critical functions shifted over to the secondary site should take place only if the tornado has rendered the primary inoperable.

 

Fire –

Fire is unlikely, but should it occur, all employees should be accounted for and the sift of business critical functions shifted over to the secondary site should take place only if the tornado has rendered the primary inoperable.

 

Hacking of Web Portals or Central Database –

The central database holds not only business sensitive data but also sensitive client data. Should it become compromised, its outside connectivity is severed and the database functions moved to the secondary site. It may be necessary to backup the primary server while it is offline in order to get the secondary to the current updated state.

 

Theft of Customer Information by Employee –

Due to the sensitive financial information being handled by employees it is possible that an employee may use it to steal from customers. Should this be discovered a full internal audit of the database should take place. Also, members of the Human Resources, Customer Relations, and Legal teams should be contacted for an investigation.

 

Terrorist Incident –

An incident involving terrorism is unlikely, however, should one occur in the Nashville area that threatens the safety of the employees, critical systems will be moved to the secondary site and all employees evacuated safely

 

Infrastructure Vulnerabilities –

Infrastructure vulnerabilities lie outside the control of the company, and as such are assessed on a case by case basis. The building is equipped with a backup generator that will allow for regular business functions for a limited amount of time. Should connectivity be lost and it be determined that it cannot be restored within a half hour, critical systems will shift to the second site.

 

Equipment Vulnerabilities –

While these vulnerabilities lie within the company’s control they are likely to cause immediate issues. As with the infrastructure vulnerabilities, they will vary so they are taken on a case by case basis. Should it become obvious that restoring normal operations within acceptable downtimes is impossible critical systems will shift to the second site.

Conclusion

This disaster recovery plan is the result of a single individual researching and compiling data for a preliminary report. In order for this recovery plan to be successful, a team needs to be selected and this plan revised, updated, and expanded. However, since a plan did not exist at all previously, this at least articulates the basic policies needed should a disaster occur before a more final plan is completed.