It Infrastructure to the Day-To-Day

¶ … it infrastructure to the day-to-day running of business operations cannot be overemphasized. Various critical business processes are controlled by the various computer systems that are tailored to meet the demands of these unique processes. However, a disruption to the it infrastructure can bring all the critical company's operations to a sudden halt. The repercussions can run into the loss of very large amount of money.

This paper describes a systematic plan that is aimed at restoring the it infrastructure of Jubilee Motor Company (JMC).The company just suffered a major breakdown of its it infrastructures as a result of an accidental fire outbreak. The paper described an emergency system implementation and a detailed it Disaster Recovery plan which must comply with the existing laws. Apart from the plan, the paper also outlines the user policies to act as a guideline for the professional use of the it infrastructure.

Introduction The importance of it Disaster Recovery plan can be seen from previous cases of disasters that paralysed the normal operations of various nations and organizations. A perfect example can be drawn from the September 11th, 2002 terrorist attack on the U.S. soil.

A disaster recovery plan can also be referred to as a Business Continuity Plan (BCP) and provides a description of all the steps that must be followed by an organization in ensuring that various specific processes continue to run in the event of any disaster, man-made or otherwise. The formulation of an it Disaster Recovery plan involves a thorough evaluation of the basic and mission critical components of an it supported and run system.

It is important to come up with a BPC that ensures that the operations of a given firm continue to flourish and are available whenever they are required. It is important to come up with an effective it Data recovery plan that would ensure that events are quickly contained to avert the possible losses in revenue and company image as a result of an unprecedented system failures and breakdown.

Part one: Disaster Overview of Data recovery timeline During the 1960s and 1980s the users of various it systems began to realize the various Single Point of Failures (SPOF) that existed in the various systems. Corporations and individuals recognized the fact that the impact of disruption of the it infrastructure resulted in significant impact upon the business continuity operations of various organizational key operations.

It was important to maintain the continuity of the business process and no amount of threat to the system was tolerable.Therefore various it infrastructure components such as the hardware, the it network infrastructure and other elements of the it system had to be designed in better manners so as to eliminate the various SPOFs. The financial implications of data loss and disruption of various mission critical components of an organization were huge.

Therefore Engineers came up with better systems that had little SPOFs.It therefore became necessary to develop various forms of data recovery plans in order to ensure that the various computer systems and the data contained within them were maintained and restored to a state of normalcy prior to various incidents that could have caused a disruption. The relationship between it Disaster Recovery plan and business continuity The it Disaster Recovery plan to be drafted for the JMC is meant to address specific business processes.

Its relationship with the various business processes cannot be overemphasized. The manufacturing processes must continue to take place in the JMC manufacturing centres. This means that all mission critical parts of the company must be maintained in perfect working condition. The relationship between the Disaster Recovery Plan and the BCP is therefore profound. In actual sense, the BCP can be viewed as an umbrella plan that has within it the elements such as Disaster Recovery Plan as one of its subcomponents.

The following are the main components of a Business Continuity Plan 1. Business Resumption Plan 2. Incident Management Plan 3. Continuity of Operations Plan 4. Occupant Emergency Plan 5. Disaster Recovery Plan It is worth noting that the Business Resumption Plan, the Continuity of Operation Plan and the Occupant Emergency Plan do not deal at any instance with the organization's Information Technology (it) infrastructure. The Data Recovery Process The JMC manufacturing processes must continue to thrive regardless of the incidents that have affected the company's it infrastructure.

It is therefore crucial to gather all the system components and the supporting staff who are to help in the carrying out of the activities related to maintaining a continuous flow of data necessary for the carrying out of JMC's manufacturing operations. The initial process of ensuring that normal operations continue in at the manufacturing facility is to assemble a team that is mandated with the running of a temporary it infrastructure command post.

The command post or control room is to be used to monitor all the vital business operations at JMC.The computers to use must be efficient and the data and software to be used in the system must be obtained from the offsite data backup system. It is important to note that the most fundamental systems to resuscitate are the ones that are mission-critical. This means that the systems that must be brought back online are the ones that are directly concerned with the running of the organization's main facilities.

In this case all the it infrastructure components that are directly involved with the manufacturing processes are the ones to be brought back online. Others that are involved with various transactions and monitoring systems are to be worked on at a later time. In order to ensure that it infrastructure is not interfered with in the future, it is important to ensure that a solid plan is drawn and put in place. The plan must be able to be initiated and implemented within the shortest time possible. The Table 1.

below gives a rough guideline on how to chose and implement the disaster recovery plans. A disaster can be termed as a sudden and an unprecedented catastrophe that has the potential of rendering the various mission-critical components and critical processes of an organization ineffective. The result is a total disruption of the normal business processes and hence the inability of an organization to carry on with its key operation and hence huge financial losses and even possible legal actions against the company.

The it disaster recovery process is made up of a series of definite rules and processes that are put in place in order to ensure that the various critical business operations continue uninterrupted. The following is the guideline for it disaster recovery process. In order to ensure that the JMC it infrastructure is brought back to normality, it is important to ensure that a sequence of events takes place. This sequence is important in ensuring that the various mission-critical processes are maintained in their normal working conditions.

The initial step in the it disaster recovery process is the establishment of a planning group. This planning group is to be mandated with the identification of all the mission-critical component of the JMC manufacturing processes. It is important to include all the mission-critical elements so as to come up with an effective it infrastructure. Due to the limited time frame, it is important to assemble the planning group within the shortest time possible.

The planning group then is to embark on the next activity that involves the performance of risk assessment and audits. This is to ensure that all the mission critical elements of the firm are ball captured. The emergency centre is then to be setup with the requirement that are dictated by the result of the risk assessment and audit results.

After this has been carried out, the firm is then to carry out an establishment of priorities for the various applications that support the JMC manufacturing activities and the supporting network infrastructure. After this has been carried out, then the data recovery strategies are drawn in order to support the appropriate components of the manufacturing system. It is important then to prepare an efficient inventory and a documentation of the prescribed plan. This is important for future reference and for troubleshooting the system.

The drawn plan is then to be verified according to a verification criterion that is also to be developed. The verification criteria involves a series of standard steps that are aimed at coming up with the best system for undertaking the data recovery operation. The final step is to implement the drawn it data recovery plan.

Time scales It is important to understand that the it data recovery planning group should be made up of individuals who are conversant with all the business processes and the technology behind the various network architecture. This is crucial for the formulation of a viable DRP. It is important that the following table be used in classifying the company's applications.

Classification Description 1 Mission Critical Mission Critical to completing the mission of the organization Can only be performed by computers There is no alternative manual processing capability that exists The restoration must be done within 36 hours 2 Critical Critical in completing the work of the organization Primarily accomplished using computers Can be carried out manually for a limited time period Must be restored from 36 hours to about 5 days 3 Essential Essential in completing the work of the organization Carried out by computers Can be carried out manually for an extended period of time Can be restored within 5 days, there is a possibility of the restoration period being longer 4 Non-Critical Non-Critical to completing the mission of the organization These be delayed until damaged site is completely restored and a new computer system is brought in This can be performed manually.

Table 1 Since the manufacturing activities at JMC should be brought back online in a period of 12 hours, it is evident from the above table that the classification of the disaster recovery plan is mission critical.The whole focus of Disaster recovery Plan is to try and restore the operation of various system components that are termed as mission critical. The process of restoring the system does not have to be totally reliant on technology. Some elements of the process could be manual.

It is important to ensure that some aspects of the data recovery process are manually accomplished in order to minimize on the cost of the whole recovery operations.

Having a Disaster Recovery Plan in place reduces the risk associated with the period of time that a disruption in a critical business process does not proceed beyond what has been deemed acceptable by company's management During the recovery process, the focus is on establishment of controls over occurring events in the company in order to limit the risk of any further lose. The development of a technical disaster recovery strategy is just a single step in the overall it Disaster Recovery Planning process.

This process is common to all it systems. It makes use of the following procedures 1. Developing the Business Contingency Planning Policy and identifying Business Process Priorities 2. Conducting a Risk Assessment of the entire facility 3. Conducting the Business Impact Analysis (BIA) of the entire facility 4. Developing a Business Continuity and Recovery Strategies 5. Developing Business Continuity Plans 6. Conducting awareness of the system, testing it components, and training the staff of the DRP elements 7.

Conducting a Disaster Recovery Plan maintenance and its related exercises Identify Data Currency for the Applications It is vital that the Operational activity which supports the application RPO takes place before the disruption of business or a disaster occurs. Once a disaster takes place, applications and data will be unavailable for the execution of the DRP. Therefore it is important to copy application and data offsite from the production centre to a storage facility.

The location of the storage facility can be situated at the recovery computing centre or a small distance from it. Depending on how critical the recovery is, application and data can be copied from the production centre to the recovery centre using one of two ways or procedures. One of the ways is electronic copying of data over a wide area Network (WAN) from the production center to the recovery centre.

This process will initially consist of copying of entire applications and data to be subsequently followed by a time scheduled copying of files. The other method is to copy data on physical media such as a disk which can be carried away from the production centre to an offsite storage centre. Moreover copies of data and production applications have to leave the production center at certain allocated RPO timeframe In order to meet business RPO requirements. This is more so with physical storage media such as tapes.

After backing up into the physical media the data and applications has to be removed from the production center but within the RPO Identify Critical Personnel and Recovery Teams Personnel and manpower with the necessary skills and knowledge are required for systems and application that support a critical business process. Identifying staff with this the know how to recover the data and applications that support a business process is essential to a DRP.

In order to ensure that the organization has enough staff available to execute a DRP should a disaster occur, the personnel have to be dispersed geographically in an organization. In addition the skills of the personnel should be recorder and added into the DRP with updates at the same frequency as the DRP. Part Two: Planning This section gives a well-structured approach to be used in responding to future unplanned incidents that may threaten the JMC it infrastructure.

The threats may include cases of hardware failures, software malfunction or destruction, network interference and a disruption of processes and persons who monitor the various processes. It is crucial to protect the company's investment in technological infrastructure in order to guard its capability to conduct business normally. These reasons are the main ones for ensuring that a comprehensive it disaster recovery plan is put in place.

Below is the full plan The Jubilee Motor Company it Disaster recovery Plan This document outlines the basic policies and procedures to be initiated in the event of an it disaster incident at JMC.The plan is also tailored to be used in taking care of process-level plans for the recovery of various critical technology platforms and the accompanying telecommunications infrastructure. This document is a summary of the recommended procedures.

The mission is to ensure that information system has a maintained uptime, quality data integrity and availability in order to ensure and business continuity. Policy Statement The company must develop a workable it disaster recovery plan. A formal risk assessment must be carried out to determine the requirements for the disaster recovery plan. The disaster recovery plan must cover all essential and critical company infrastructure components, it systems and networks in accordance with various key business activities.

The disaster recovery plan must be tested periodically in a simulated environment so as to ensure that it can be easily implemented in emergency situations. It is also imperative that both the management and staff fathom how it works All the staff must know of the disaster recovery plan and they must have their own respective roles. The disaster recovery plan is to update frequently so as to take into account the various changing circumstances.

Objectives The main objective of the disaster recovery program is to develop come up with, test and provide a document that is a well-structured and easily understood which will then aid the company in recovering quickly from certain unforeseen disaster or emergency situations which interrupts information systems and accompanying business operations.

Other objectives include The necessity of ensuring that all the staff fully comprehend their duties in implementation such a plan The necessity to ensure that the various operational policies are completely adhered to within all pre-planned list of activities The need to ensure that proposed plans are cost-effective in their execution The need to consider the various implications on all the company sites The disaster recovery operation as applicable to all the key customers, and vendors Plan must have an elaborate calling and reporting mechanism Project Timescales - Hard Milestones Milestone Reason for Milestone Date being considered Hard Financial Year Breakdown of Project Stages/Deliverables by Year 2009-10 Development of the required definition.

Procure as necessary 2010-11 The implementation of the procured solution 2011-12 Key Personnel Contact Info Name and Title Contact Information Number Work phone Alternate phone Mobile phone Home phone Email Address Alternate Email Work phone Alternate phone Mobile phone Home phone Email Address Alternate Email Work phone Alternate phone Mobile phone Home phone Email Address Alternate Email Work phone Alternate phone Mobile phone Home phone Email Address Alternate Email Work phone Alternate phone Mobile phone Home phone Email Address Alternate Email Work phone Alternate phone Mobile phone Home phone Email Address Alternate Email Emergency Response This section contains the various forms of alert and the plans to be invoked in case of an incident Risk scenarios The major risk scenarios at JMC that would lead to activation of the set down DRP are: Complete loss of all communications Total power loss Flooding Complete destruction of the buildings at JMC Assembly Points In case the premises need to be completely evacuated, the section of DRP must be invoked which identifies two major evacuation assembly points: Activation of Emergency Response Team Whenever an incident occurs the Emergency Response Team (ERT) is to be activated.

The ERT is mandated to decide the extent of invocation of the DRP.

Roles of the ERT are: Responding immediately to the various potential disaster and the initiation of emergency services through calling; Assessment of the extent of the specific disaster and its impact on various business, data center, etc.; The making of decision on which elements of the DR Plan to be activated; Establishment and management of disaster recovery team to maintain the various vital services and returning of JMC operations to normalcy; Strategy for Data Backup Major JMC business processes that must be protected and the corresponding backup strategy are tabulated below.

The chosen strategy is for recovery site which is fully mirrored at the company's offsite facilities. This strategy involves the maintenance of the duplicate sites that are fully mirrored so as to enable the instantaneous switching of manufacturing activities between the live site and the corresponding backup site.

KEY Business PROCESS STRATEGY for BACKUP IT Operations Recovery site which is fully mirrored Technical Support - Hardware Recovery site which is fully mirrored Technical Support - Software Recovery site which is fully mirrored Management of facilities Recovery site which is fully mirrored Email functions Recovery site which is fully mirrored Purchasing Recovery site which is fully mirrored Disaster Recovery Plan Recovery site which is fully mirrored Finance system Recovery site which is fully mirrored Contracts Admin Recovery site which is fully mirrored Warehousing & Inventory Recovery site which is fully mirrored Sales of Product Recovery site which is fully mirrored Maintenance Sales Recovery site which is fully mirrored Human Resource Management Recovery site which is fully mirrored Testing of the Fully Mirrored Recovery site Recovery site which is fully mirrored Workshop Fully Mirrored Recovery site Recovery site which is fully mirrored Call Center Support Recovery site which is fully mirrored Web Site development Recovery site which is fully mirrored Risk Management There are various potential disruptive threats that can happen at any time and therefore adversely affecting the normal business process.

In this plan a consideration of a wide range of possible threats and their corresponding results on the normal operations at JMC are considered in this section. Every potential environmental disaster and corresponding emergency situation is to be considered. The focus in this section is however on the amount of business disruption which can result from the various types of disasters.

Potential disasters have been categorized as follows: Potential Disaster Disaster's Probability Rating Rating of Impact A Brief Description of the Potential Consequences & Possible Remedial Actions Flooding 4 4 All of the critical equipment is located on Primary site Fire outbreak 4 4 An installation of the FM200 suppression system installed in the main computer workshops. Fire and smoke detectors are also to be in all installed on all floors.

Tornado strike 5 Electrical storms 5 Terrorism Attack 5 Act of sabotage 5 Electrical power failures 4 4 Installation of edundant UPS array wired to an auto standby generator that is subjected to weekly testing & remotely monitored 24/7. The UPSs are also to be also remotely monitored. Total loss of communications network services 4 4 Installation of two diversely routed T1 trunks into working site building.

There should be WAN redundancy and very high voice network resilience Probability: 1=Very High, 5=Very Low Impact: 1=Total destruction, 5=Minor annoyance Backup Staff If a manager or any other employee who is mandated to contact other employees is unavailable or incapacitated, a designated backup staff member must perform the process of disaster notification Recorded Messages / Updates For the most current information on the disaster and the company's response, the staff members can make a toll-free hotline call that is listed in the special DRP wallet card.

The messages to be included will be the data on the nature of the disaster, the various assembly sites and the approximated updates on work resumption. Alternate Recovery Facilities / Hot Site If needed, the hot site will be initiated and notification be made through recorded messages or through the various communication channels. Hot site staffing is to comprise of members of the disaster recovery team only during the initial 24 hours, other staff members are to join the hot site later if necessary.

Personnel and Family Notification If the unprecedented incident has resulted in a situation which is a major cause concern to an employee's immediate family for example the hospitalization of injured individuals, it will be necessary to make due notify their immediate family members as soon as possible Media Media Contact Mandated staff will be responsible for coordinating with the media, while working in according to set guidelines that have been approved by the.