Contingency plan Template

Business Continuity Plan Template

Appendix I-3

BUSINESS CONTINUITY PLAN

Version < Date submitted > Submitted to:

Submitted By:

< Facility name> name> < Facility address> address> < Facility address> address> < Facility address>

Business Continuity Plan Appendix 1-3

Table of Contents 1 #

Executie Executie Summa!y""""" Summa!y"""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""""" """""""""""""""1 """"""1 Int!oducti Int!oduction"""""" on""""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""""1 """""""1 #"1 Pu!pose""""" Pu!pose"""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """""""""""""""""""""" """"""""""""""""""""""3 """""""3 #"# Scope""""""""" Scope"""""""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""""" """"""""""""""""""""""""""""3 """""""""""""""""""3 #"3 Plan In$o!mation"""" In$o!mation""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""""""3 """"""""""3 3 Business Business Continuity Continuity Plan %e!ie&""""" %e!ie&"""""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""""""""" """""""""""""""""""""""' """""""""""' 3"1 Applicable Applicable P!oisions P!oisions and (i!ecties (i!ecties"""""" """"""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""""""""""""""" """"""""""""""""""""""""""""' """"""""""' 3"# %b)ecties"" %b)ecties"""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""""""""""""' """""""""""""""' 3"3 %!*ani+ati %!*ani+ation"""""" on"""""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""""" """"""""""""""""""""""""""", """"""""""""""""""", 3"' Contin*ency Contin*ency Pases""""""" Pases"""""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""""". """""""". 3"'"1 3"'"1 /espon /esponse se Pase"" Pase""""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """"""" """"""" """""" """"""" """"""" """""""" """""". ". 3"'"# 3"'"# /esump /esumptio tion n Pase"" Pase"""""" """"""" """""" """"""" """"""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """"""" """"""" """""" """"""" """"""" """""" """"""" """""""" """""""". """". 3"'"3 3"'"3 /ecoe! /ecoe!y y Pase"" Pase""""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """"""" """"""" """""" """"""" """""""" """"""""" """"". . 3"'"' 3"'"' /esto! /esto!ati ation on Pase"" Pase""""" """""" """""" """"""" """"""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """""" """""""0 """"0 3", Assumptions Assumptions"""""" """"""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""""""""""""""""0 """"""""""""""""""""0 3" C!itical C!itical Success Success 2acto!s 2acto!s and Issues""""" Issues"""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """"""""""""""""""""" """"""""""""""""""""0 """"""0 3" 4ission 4ission C!itical C!itical Systems5 Systems5Appli Applicatio cations5Se! ns5Se!ices"" ices""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""""16 """""""16 3". T!eats""""" T!eats"""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""""" """""""""""""""""""""16 """"""""""""16 3"."1 3"."1 P!obab P!obable le T!eat T!eats"" s"""""" """"""" """""" """"""" """"""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """"""" """""""" """"""""" """"""""" """"""""" """""""""" """"""""""1 """""11 1 ' System System (esc!ipti (esc!iption""""" on"""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""""""""""1# """"""""""""""1# '"1 Pysical Pysical Eni!onment""""" Eni!onment"""""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """"""""""""1# """""1# '"# Tecnica Tecnicall Eni!onment Eni!onment"""""" """"""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""" """"""""""""" """"""""""""""""1# """""""""1# , Plan""""""""" Plan"""""""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """""""""""""""""" """""""""""""""""""""""""""1# """"""""""""""""1# ,"1 Plan 4ana*ement"" 4ana*ement"""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""""""" """""""""""""""""""""1# """"""""""1# ,"1"1 ,"1"1 Busine Business ss Contin Continuit uity y Plan Plannin nin* * 7o! 7o!8*! 8*!oups oups"""" """"""" """""" """"""" """"""" """""" """"""" """""""" """"""""" """""""""" """""""""" """""""""1# """"1# ,"1"# ,"1"# Busine Business ss Conti Continui nuity ty Plan Plan Coo!di Coo!dinat nato!" o!"""" """""" """"""" """"""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """""""1 """"1# # ,"1"3 ,"1"3 System System Contin Contin*enc *ency y Coo!di Coo!dinat nato!s o!s"""" """"""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """""" """""""" """""""""" """""""""" """""""""" """"""""13 """13 ,"1"' ,"1"' Incide Incident nt 9oti$i 9oti$icat cation ion"""" """"""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """"""" """"""" """""" """"""" """"""" """""" """"""" """""""" """"""""" """"""""""1 """""13 3 ,"1", ,"1", Inte!n Inte!nal al Pe!sonne Pe!sonnell 9oti$ica 9oti$icatio tion""" n""""""" """"""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """"""" """"""" """"""" """"""""" """"""""13 """13 ,"1" ,"1" Exte!n Exte!nal al Contact Contact 9oti$ 9oti$ica icati tion"" on""""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """"""" """"""" """""" """"""" """"""" """"""" """"""""" """""""""" """"""""""1 """""13 3 ,"1" ,"1" 4edia 4edia /eleas /eleases" es"""" """""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """"""" """"""" """""" """"""" """"""" """""" """"""" """""""" """"""""" """""""""" """""""""" """"""""1' """1' ,"1". ,"1". Alte!n Alte!nate ate Site Site s;""" s;"""""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """"""" """"""""" """""""""" """""""""1' """"1' ,"# Teams""" Teams""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""1' """"""1' ,"#"1 ,"#"1 (ama*e (ama*e Asses Assessm sment ent Team"" eam"""""" """"""" """""" """"""" """"""" """""" """"""" """"""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """"""" """""""1' """1' ,"#"# ,"#"# %pe!at %pe!ation ionss Team"" eam""""" """"""" """"""" """""" """"""" """"""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """"""" """"""" """""" """"""" """"""""" """""""""" """"""""""1 """""1, , ,"#"3 ,"#"3 Commun Communica icati tions ons Team" Team"""" """""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """"""" """"""" """""" """"""" """"""" """""" """""""" """""""""" """""""""" """""""""" """""""""1, """"1, ,"#"' ,"#"' (ata (ata Ent!y Ent!y and and Cont!o Cont!oll Tea Team"" m""""" """"""" """"""" """""" """"""" """"""" """"""" """"""" """""" """"""" """"""" """""" """"""" """""""" """"""""" """""""""" """""""""" """"""""1, """1, ,"#", ,"#", %$$-Si %$$-Site te Sto!a*e Sto!a*e Team" Team""""" """"""" """""" """"""" """"""" """""" """"""" """"""" """"""" """"""" """""" """"""" """"""" """""" """"""" """""""" """"""""" """""""""" """""""""" """""""""" """"""""1, """1, ,"#" ,"#" Admini Administ! st!ati atie e 4ana*em 4ana*ement ent Tea Team"" m"""""" """"""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """"""" """""""" """"""""" """"""1, "1, ,"#" ,"#" P!ocu! P!ocu!eme ement nt Team"" eam"""""" """"""" """""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """"""" """"""" """""" """"""" """"""" """""" """"""" """""""" """"""""" """""""""" """""""""" """"""""1, """1, ,"#". ,"#". Con$i* Con$i*u!a u!atio tion n 4ana 4ana*em *ement ent Team" Team"""" """""" """"""" """"""" """""" """"""" """"""" """"""" """"""" """""" """"""" """"""""" """""""""" """""""""" """""""""" """"""""1 """1 ,"#"0 ,"#"0 2acili 2acilitie tiess Team" Team"""" """""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """""" """"""" """""""" """"""""" """""""""1 """"1  ,"#"16 System System So$t&a!e So$t&a!e Team"""" Team""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""""""""""""""""" """""""""""""""""""""""""""1 """"""1 ,"#"11 Inte!nal Inte!nal Audit Audit Team"""" Team""""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""""""""""""""" """""""""""""""""""""""""1 """"""1

Date

e!sion 1"6

Pa*e i

Business Continuity Plan

,"#"1# =se! Assist Assistance ance Team"""" Team""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""""""""""""""" """"""""""""""""""""""1 """"1 ,"3 (ata Communicati Communications""""" ons""""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""" """"""""""""" """"""""""""""""" """""""""""""""""""""""""1 """""""""""""""1 ,"' Bac8ups""""""" Bac8ups""""""""""""" """"""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""""""""""""" """""""""""""""""""""""""1 """"""""1 ,"'"1 ,"'"1 ital ital /eco!d /eco!ds5( s5(ocu ocumen mentat tation ion"""" """"""" """""" """"""" """"""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """""" """"""" """"""" """"""" """"""" """""""" """""""1 ""1 ,", %$$ice %$$ice Euipmen Euipment? t? 2u!nitu! 2u!nitu!ee and Supplies"""" Supplies""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""" """""""""""""""""""""10 """""""""""""""10 ," /ecommended /ecommended Tes Testin* tin* P!ocedu!es P!ocedu!es""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""10 """10  /ecommended /ecommended St!ate*ies" St!ate*ies"""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """""""""#6 """#6 "1 C!itical C!itical Issues" Issues"""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""""" """"""""""""""""""""""""""""#6 """""""""""""""""""#6 6 1 1 Po!er"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""#6 61 61" " Di#e Di#errsi$ si$icat icatiion o$ Conn Connec ectti#ity #ity""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""#6 """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""#6 6 1 3 %$$site Bac&up Stora'e""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""#1  Te!ms Te!ms And (e$initions (e$initions"""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""""#1 """"""""#1 . Appendices""" Appendices""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""""" """""""""""""""""""""""""""""" """""""""""""""""""""""""""'1 """""'1 APPE9(I@ A  B=SI9ESS C%9TI9=IT PA9 PA9 C%9TACT C%9TACT I92%/4ATI I92%/4ATI%9"" %9"" """ """'# "" "'# APPE9(I@ B  E4E/DE9C P/%CE(=/ES""""""""""""""""""""""""""""""""""""""""""""""""""" """"""""""'' APPE9(I@ C  TEA4 STA22I9D STA22I9D A9( TASI9DS"""""""""""""""""""""""""""" TASI9DS"""""""""""""""""""""""""""" """"""""""""""""" """"""""" """""""""""""" """"""' ' APPE9(I@ ( ATE/9ATE SITE P/%CE(=/ES"""""""""""""""""""""""""""""""""""""""""""""""""""""'. APPE9(I@ E  (%C=4E9TAT (%C=4E9TATI%9 IST""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" "",6 APPE9(I@ 2  S%2T7A/E S%2T7A/E I9E9T%/""""""""""""""""""""""""""""""""""""""""""""""""" I9E9T%/""""""""""""""""""""""""""""""""""""""""""""""""" """""""""""""""" """""""" """""""""",# "",# APPE9(I@ D FA/(7A/E I9E9T%/"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""",' APPE9(I@ F C%44=9ICATI%9S /EG=I/E4E9TS"""""""""""""""""""""""""""""""""""""""""""", APPE9(I@ APPE9(I@ I - E9(%/ C%9TACT C%9TACT ISTS"""""""" ISTS""""""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""""""" """"""""""""" """"""""""""" """""""""""""" """""""""",. """,. APPE9(I@ APPE9(I@ H - E@TE/9A E@TE/9A S=PP%/T S=PP%/T AD/EE4 AD/EE4E9TS"""" E9TS""""""""""" """""""""""""""""" """"""""""""""""""""""""""""""""" """""""""""""""""""""""6 "6 APPE9(I@  - (ATA (ATA CE9TE/5C%4P=TE/ /%%4 E4E/DE9C P/%CE(=/ES A9( /EG=I/E4E9TS"""""""""""""""""""""""""""""""""""""""""""""# APPE9(I@  - PA9 4AI9TE9A9CE P/%CE(=/ES""""""""""""""""""""""""""""""""""""""""""" P/%CE(=/ES"""""""""""""""""""""""""""""""""""""""""""""' ""' APPE9(I@ 4 -C%9TI9DE9C %D""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

Date

e!sion 1"6

Pa*e ii




E!ECUTIVE SUMMA"Y

7!itten upon completion o$ document" sections"

#

Contains int!oducto!y desc!iptions $!om all

INT"O$UCTION

()is document contains t)e Business Continuity Plan $or t)e  *t is intended to ser#e as t)e centrali+ed repository $or t)e in$ormation, tas&s, and procedures t)at !ould e necessary to $acilitate t)e mana'ement.s decisionma&in' process and its timely response to any disrupti#e or extended interruption o$ t)e departments normal usiness operations and ser#ices ()is is especially important i$ t)e cause o$ t)e interruption is suc) t)at a prompt resumption o$ operations cannot e accomplis)ed y employin' only normal daily operatin' procedures *n terms o$ personnel and $inancial resources, t)e in$ormation tas&s and procedures detailed in t)is plan represent t)e mana'ement.s demonstrated commitment to response, resumption, reco#ery, and restoration plannin' ()ere$ore, it is essential t)at t)e in$ormation and action plans in t)is plan remain #iale and e maintained in a state o$ currency in order to ensure t)e accuracy o$ its contents (o t)at end, t)is introduction is intended to introduce and $amiliari+e its readers !it) t)e or'ani+ation o$ t)e plan *t is incument upon e#ery indi#idual !)o is in receipt o$ t)e Business Continuity Plan, or any parts t)ereo$, or !)o )as a role and/or responsiility $or any in$ormation or materials contained in t)e document, to ensure t)at ade0uate and su$$icient attention and resources are committed to t)e maintenance and security o$ t)e document and its contents Since t)e in$ormation contained in t)is document descries mana'ement.s plannin' assumptions and oecti#es, t)e plan s)ould e considered a sensiti#e document All o$ t)e in$ormation and material contents o$ t)is document s)ould e laeled, 2imited %$$icial use4 ()e mana'ement )as reco'ni+ed t)e potential $inancial and operational losses associated !it) ser#ice interruptions and t)e importance o$ maintainin' #iale emer'ency response, resumption, reco#ery and restoration strate'ies ()e Business Continuity Plan is intended to pro#ide a $rame!or& $or constructin' plans to ensure t)e sa$ety o$ employees and t)e resumption o$ time-sensiti#e operations and ser#ices in t)e e#ent o$ an emer'ency 5$ire, po!er or communications lac&out, tornado, )urricane, $lood, eart)0ua&e, ci#il disturance, etc Alt)ou') t)e Business Continuity Plan pro#ides 'uidance and documentation upon !)ic) to ase emer'ency response, resumption, and reco#ery plannin' e$$orts, it is not intended as a sustitute $or in$ormed decision-ma&in' Date

e!sion 1"6

Pa*e 1


Business process mana'ers and accountale executi#es must identi$y ser#ices $or !)ic) disruption !ill result in si'ni$icant $inancial and/or operational losses Plans s)ould include detailed responsiilities and speci$ic tas&s $or emer'ency response acti#ities and usiness resumption operations ased upon pre-de$ined time $rames Constructin' a plan and presentin' it to senior mana'ement may satis$y t)e immediate need o$ )a#in' a documented plan 7o!e#er, t)is is not enou') i$ t)e 'oal is to )a#e a #iale response, resumption, reco#ery, and restoration capaility *n order to estalis) t)at capaility, plans, and t)e acti#ities associated !it) t)eir maintenance 5ie trainin', re#ision, and exercisin' must ecome an inte'ral part o$ <9ame> operations A Business Continuity Plan is not a one-time commitment and is not a proect !it) an estalis)ed start and end date *nstead, a Business Continuity Plan is an on-'oin', $unded usiness acti#ity ud'eted to pro#ide resources re0uired to8 •

Per$orm acti#ities re0uired to construct plans

•

(rain and retrain employees

•

De#elop and re#ise policies and standards as t)e department c)an'es

•

9xercise strate'ies, procedures, team and resources re0uirements

•

:e-exercise unattained exercise oecti#es

•

:eport on-'oin' continuity plannin' to senior mana'ement

•

:esearc) processes and tec)nolo'ies to impro#e resumption and reco#ery e$$iciency

•

Per$orm plan maintenance acti#ities

De#elopin' a Business Continuity Plan t)at encompasses acti#ities re0uired to maintain a #iale continuity capaility ensures t)at a consistent plannin' met)odolo'y is applied to all o$ t)e  Business Continuity Plan elements necessary to create a #iale, repeatale and #eri$iale continuity capaility include8 •

*mplementin' accurate and continuous #ital records, data ac&up, and o$$-site stora'e

•

*mplementin' capailities $or rapid s!itc)in' o$ #oice and data communication circuits to alternate site5s

•

Pro#idin' alternate sites $or usiness operations

•

Constructin' a contin'ency or'ani+ation

Date

e!sion 1"6

Pa*e #


•

*mplementin' contin'ency strate'ies

#% PU"POSE

()e purpose o$ t)is plan is to enale t)e sustained execution o$ mission critical processes and in$ormation tec)nolo'y systems $or in t)e e#ent o$ an extraordinary e#ent t)at causes t)ese systems to $ail minimum production re0uirements ()e Business Continuity Plan !ill assess t)e needs and re0uirements so t)at may e prepared to respond to t)e e#ent in order to e$$iciently re'ain operation o$ t)e systems t)at are made inoperale $rom t)e e#ent #%# SCOPE

*nsert in$ormation on t)e speci$ic systems, locations, Facility di#isions, tec)nical oundaries and p)ysical oundaries o$ t)e Business Continuity Plan #%& PLAN INFO"MATION

()e Business Continuity Plan contains in$ormation in t!o parts related to t)e $re0uency o$ updates re0uired ()e $irst part contains t)e plan.s static information 5ie t)e in$ormation t)at !ill remain constant and !ill not e suect to $re0uent re#isions ()e second part contains t)e plan.s dynamic information 5ie t)e in$ormation t)at must e maintained re'ularly to ensure t)at t)e plan remains #iale and in a constant state o$ readiness ()is dynamic in$ormation is #ie!ed as t)e action plan ()e action plan s)ould e considered a li#in' document and !ill al!ays re0uire continuin' re#ie! and modi$ication in order to &eep up !it) t)e c)an 'in' <$acility/system> en#ironment ()e static in$ormation part o$ t)e Business Continuity Plan is contained in a ;S-ord $ile and printed as part o$ t)is document ()is static in$ormation s)ould e read and understood y all employees, users, and administrators o$ t)e , or at least y t)ose indi#iduals !)o are in#ol#ed in any p)ase o$ usiness response, resumption, reco#ery, or restoration ()e dynamic in$ormation resides in t)e dataase o$ t)e and !ill e printed as output $or t)e appendixes o$ t)is document By usin' t)e dataase, dynamic in$ormation t)at is #ital to t)e sur#i#al o$ t)e !ill e easy to mana'e and update ()e !e-enaled dataase is desi'ned $or maintenance o$ personnel contact lists, emer'ency procedures, and tec)nical components *t is already in operation $or <=ame> a'encies For ease o$ use and re$erence, t)e static and dynamic in$ormation is maintained separately )ile it is necessary to e $amiliar !it) t)e static in$ormation durin' resumption, it s)ould not e necessary to read t)at in$ormation at t)e time o$ t)e e#ent ()e completed action plan o$ dynamic in$ormation pro#ides all o$ t)e necessary lists, tas&s, and reports used $or response, resumption, or reco#ery Date

e!sion 1"6

Pa*e 3


&

BUSINESS CONTINUITY PLAN OVE"VIE'

&% APPLICABLE P"OVISIONS AN$ $I"ECTIVES

()e de#elopment o$ t)e Business Continuity Plan is re0uired y executi#e decisions and to meet re'ulatory mandates ()e mana'ement must maintain an in$ormation assurance in$rastructure t)at !ill ensure t)at its in$ormation resources maintain a#ailaility, con$identiality, inte'rity, and nonrepudiation o$ its data Furt)ermore, mana'ement must ensure t)eir strate'ic in$ormation resources mana'ement capailities ()ere$ore, t)e Business Continuity Plan is ein' de#eloped in accordance !it) t)e $ollo!in' executi#e decisions, re'ulatory mandates, pro#isions, and directi#es8 •

•

%$$ice o$ ;ana'ement and Bud'et Circular A13?, :e#ised 5(ransmittal ;emorandum =o @, Appendix ***, Security o$ Federal Automated *n$ormation :esources, =o#emer "??? Computer Security Act o$ 1, Pulic a! 1??-"3, Eanuary 1

•

Presidential Decision Directi#e 63, Critical *n$rastructure Protection, ;ay 1

•

Presidential Decision Directi#e 6, 9ndurin' Constitutional o#ernment and Continuity o$ o#ernment %perations, %ctoer 1

•

9xecuti#e %rder 1"66, Assi'nment o$ 9mer'ency Preparedness :esponsiilities, =o#emer 1

•

Federal *n$ormation Processin' Standards 5F*PS Pulication , uidelines $or ADP Business Continuity Plannin', ;arc) 11

•

D%E %rder "6@?"D, *n$ormation (ec)nolo'y Security, Euly 1", "??1

()e Business Continuity Plan is desi'ned to e in accordance !it) t)e strate'ic intent o$ t)e<=ame> and t)e <=ame>.s $unctional and operational mission &%# OB(ECTIVES

()e is dependent on t)e #ariety o$ systems classi$ied as eneral Support Systems 5SSs, !)ic) pro#ide mission critical $unctions o$ connecti#ity, *nternet access, and email, or ;aor Applications 5;As !)ic) are speci$ic so$t!are pro'rams !ritten to produce output to $ul$ill t)e ser#ice to its customers or enale t)e to operate *n addition t)ese systems pro#ide t)e means to o$$er electronic 'o#ernment 5e-'o#ernment Alt)ou') many t)reats and #ulnerailities can e Date

e!sion 1"6

Pa*e '


miti'ated, some o$ t)e t)reats cannot e pre#ented ()ere$ore, it is important t)at de#elop Business Continuity Plans and disaster reco#ery plans to ensure t)e uninterrupted existence o$ its usiness $unctions and continued ser#ice to t)e<=ame> and t)e pulic ()e primary $ocus o$ a Business Continuity Plan re#ol#es around t)e protection o$ t)e t!o most important assets o$ any or'ani+ation8 personnel and data All $acets o$ a Business Continuity Plan s)ould address t)e protection and sa$ety o$ personnel and t)e protection and reco#ery o$ data ()e primary oecti#e o$ t)is plan is to estalis) policies and procedures to e used $or in$ormation systems in t)e e#ent o$ a contin'ency to protect and ensure $unctionin' o$ t)ose assets ()is includes estalis)in' an operational capaility to process pre-desi'nated critical applications, reco#erin' data $rom o$$-site ac&up data sets, and restorin' t)e a$$ected systems to normal operational status ()e plan see&s to accomplis) t)e $ollo!in' additional oecti#es8 •

;inimi+e t)e numer o$ decisions !)ic) must e made durin' a contin'ency

•

*denti$y t)e resources needed to execute t)e actions de$ined y t)is plan

•

*denti$y actions to e underta&en y pre-desi'nated teams

•

*denti$y critical data in conunction !it) customers t)at !ill e reco#ered durin' t)e 7ot Site p)ase o$ reco#ery operations

•

De$ine t)e process $or testin' and maintainin' t)is plan and trainin' $or contin'ency teams

&%& O")ANI*ATION

*n t)e e#ent o$ a disaster or ot)er circumstances !)ic) rin' aout t)e need $or contin'ency operations, t)e normal or'ani+ation o$ t)e !ill s)i$t into t)at o$ t)e contin'ency or'ani+ation ()e $ocus o$ t)e !ill s)i$t $rom t)e current structure and $unction o$ 2usiness as usual4 to t)e structure and $unction o$ an !or&in' to!ards t)e resumption o$ time-sensiti#e usiness ope rations *n t)is plan, t)e contin'ency or'ani+ation !ill operate t)rou') p)ases o$ response, resumption, reco#ery, and restoration 9ac) p)ase in#ol#es exercisin' procedures o$ t)e Business Continuity Plan and t)e teams executin' t)ose plans ()e teams associated !it) t)e plan represent $unctions o$ a department or support $unctions de#eloped to respond, resume, reco#er, or restore operations or $acilities o$ t)e and its a$$ected systems 9ac) o$ t)e teams is comprised o$ indi#iduals !it) speci$ic responsiilities or tas&s, !)ic) must e completed to $ully execute t)e plan Primary and alternate team leaders, !)o are responsile to t)e plan o!ner, lead eac) team

Date

e!sion 1"6

Pa*e ,


9ac) team ecomes a su-unit o$ t)e contin'ency or'ani+ation Coordination teams may e sin'ular $or t)e , !)ereas tec)nical teams !ill li&ely e system speci$ic Fi'ure 3-1, Business Continuity Plannin' %r'ani+ational C)art, s)o!s t)e ase or'ani+ational structure ()e teams are structured to pro#ide dedicated, $ocused support in t)e areas o$ t)eir particular experience and expertise $or speci$ic response, resumption and reco#ery tas&s, responsiilities, and oecti#es A )i') de'ree o$ interaction amon' all teams !ill e re0uired to execute t)e corporate plan 9ac) team.s e#entual 'oal is t)e resumption/reco#ery and t)e return to stale and normal usiness operations and tec)nolo'y en#ironments Status and pro'ress updates !ill e reported y eac) team leader to t)e plan o!ner Close coordination must e maintained !it) and <=ame> mana'ement and eac) o$ t)e teams t)rou')out t)e resumption and reco#ery operations ()e contin'ency or'ani+ation.s primary duties are8 •

(o protect employees and in$ormation assets until normal usiness operations are resumed

•

(o ensure t)at a #iale capaility exists to respond to an incident

•

(o mana'e all response, resumption, reco#ery, and restoration acti#ities

•

(o support and communicate !it) employees, system administrators, security o$$icers, and mana'ers

•

(o accomplis) rapid and e$$icient resumption o$ time-sensiti#e usiness operations, tec)nolo'y, and $unctional support areas

•

(o ensure re'ulatory re0uirements are satis$ied

•

(o exercise resumption and reco#ery expenditure decisions

•

(o streamline t)e reportin' o$ resumption and reco#ery pro'ress et!een t)e teams and mana'ement o$ eac) system

Date

e!sion 1"6

Pa*e 


Business Continuity Plan Coo!dinato!

(ama*e Assessment Team

Administ!atie 4ana*ement Team

System Contin*ency Coo!dinato!

2acilities Team

%pe!ations Team

Communications Team

Con$i*u!ation 4ana*ement Team

(ata Ent!y  Cont!ol Team

System So$t&a!e Team

=se! Assistance Team

Inte!nal Audit Team

%$$-Site Sto!a *e Team

P!oc u!em ent Tea m

Fi+,re &- B,siness Contin,it. Plannin+ Or+aniational C0art

Date

e!sion 1"6

Pa*e 


&%1 CONTIN)ENCY P2ASES

Te < Facility/System> Business Continuity Plan Coo!dinato!? in con)unction &it < Facility/System> and <=ame> mana'ement !ill determine !)ic) (eams/(eam memers are responsile $or eac) $unction durin' eac) p)ase As tas&in' is assi'ned, additional responsiilities, teams, and tas& lists need to e created to address speci$ic $unctions durin' a speci$ic p)ase &%1%

"ESPONSE P2ASE •

(o estalis) an immediate and controlled presence at t)e incident site

•

(o conduct a preliminary assessment o$ incident impact, &no!n inuries, extent o$ dama'e, and disruption to t)e ser#ices and usiness operations

•

•

&%1%#

(o pro#ide mana'ement !it) t)e $acts necessary to ma&e in$ormed decisions re'ardin' suse0uent resumption and reco#ery acti#ity"

"ESUMPTION P2ASE

&%1%&

•

(o estalis) and or'ani+e a mana'ement control center and )ead0uarters $or t)e resumption operations

•

(o moili+e and acti#ate t)e support teams necessary to $acilitate and support t)e resumption process

•

(o noti$y and appraise time-sensiti#e usiness operation resumption team leaders o$ t)e situation

•

(o alert employees, #endors and ot)er internal and external indi#iduals and or'ani+ations

"ECOVE"Y P2ASE •

Date

(o $ind and disseminate in$ormation on i$ or !)en access to t)e $acility !ill e allo!ed

(o prepare and implement procedures necessary to $acilitate and support t)e reco#ery o$ time-sensiti#e usiness operations

e!sion 1"6

Pa*e .


•

•

&%1%1

(o coordinate !it) )i')er )ead0uarters to discern responsiilities t)at !ill $all upon Business %perations :eco#ery (eams and (ec)nolo'y :eco#ery (eams (o coordinate !it) employees, #endors, and ot)er internal and external indi#iduals and or'ani+ations

"ESTO"ATION P2ASE •

(o prepare procedures necessary to $acilitate t)e relocation and mi'ration o$ usiness operations to t)e ne! or repaired $acility

•

*mplement procedures necessary to moili+e operations, support and tec)nolo'y department relocation or mi'ration

•

;ana'e t)e relocation/mi'ration e$$ort as !ell as per$orm employee, #endor, and customer noti$ication e$ore, durin', and a$ter relocation or mi'ration

&%3 ASSUMPTIONS

*nclude any assumptions t)at t)e Business Continuity Plan !ill )in'e on ()is could ran'e $rom asolutely necessary conditions to )elp$ul in$ormation in support o$ t)e Business Continuity Plan p)ases •

(elecommunications connecti#ity and $ier optic calin' !ill e intact and pro#ided y eneral Ser#ices Administration 5SA

•

()at all necessary ;emorandums o$ A'reement 5;%As and ;emorandums o$ Gnderstandin' 5;%Gs )a#e een executed

&%4 C"ITICAL SUCCESS FACTO"S AN$ ISSUES

()is section addresses t)e $actors and issues t)at speci$ically apply to t)e <2acility5System> Business Continuity Plan proect t)at )a#e een identi$ied to e critical to t)e success$ul implementation o$ t)e Business Continuity Plan ()ese $actors are as $ollo!s8 •

Asolute commitment y senior mana'ement to Business Continuity Plannin' and Disaster :eco#ery

•

Bud'etary commitment to Disaster :eco#ery

•

;odi$ications and impro#ements to t)e current sc)edulin' procedures $or t)e retention and transportation o$ ac& up $iles to t)e o$$site stora'e $acility

Date

e!sion 1"6

Pa*e 0


•

•

De#elopment and execution o$ t)e necessary ;emorandums o$ A'reement 5;%As, ;emorandums o$ Gnderstandin' 5;%Gs, and Ser#ice e#el A'reements 5SAs Completion o$ re0uirement assessment $or, and t)en completion o$ t)e procurement o$ a diesel 'enerated alternate po!er source

&%5 MISSION C"ITICAL SYSTEMS/APPLICATIONS/SE"VICES

()e $ollo!in' essential mission critical systems/applications/ser#ices t)at must e reco#ered at t)e time o$ disaster in t)e $ollo!in' order due to critical interdependencies8

)as identi$ied t)e applications and ser#ices s)o!n in Fi'ure 1" as mission critical8 SYSTEMS AC"ONYM 9xc)an'e ;ail *nternet Connecti#ity

SYSTEM NAME ;icroso$t 9-mail system GG=et

Fi+,re &-# Mission Criti6al S.ste7s

&%8 T2"EATS

)en de#elopin' strate'ies $or a Business Continuity Plan, it is )elp$ul to consider t)e entire ran'e o$ proale and possile t)reats t)at present a ris& to an or'ani+ation From t)at ran'e o$ t)reats, li&ely scenarios can e de#eloped and appropriate strate'ies applied A disaster reco#ery plan s)ould e desi'ned to e $lexile enou') to respond to extended usiness interruptions, as !ell as maor disasters ()e est !ay to ac)ie#e t)is 'oal is to desi'n a Business Continuity Plan t)at could e used to address a maor disaster, ut is di#ided into sections t)at can e used to address extended usiness interruptions )ile eac) o$ t)e identi$ied t)reats could result in a disaster y itsel$, in a maor disaster se#eral o$ t)e t)reats mi')t e present concurrently or occur se0uentially, dependin' on t)e circumstances

Date

e!sion 1"6

Pa*e 16


As a result, it is ad#isale to de#elop se#eral le#els o$ strate'ies t)at can e applied as needed For example, a locali+ed $ire in t)e computin' center may render some o$ t)at space unusale An appropriate strate'y $or t)at e#ent may e temporary relocation o$ personnel to anot)er o$$ice !it)in <=ame> )ead0uarters or in ot)er suitale local o$$ice space in anot)er o$$ice uildin' or )otel An e#ent t)at re0uired temporary e#acuation o$ t)e computer center, suc) as a truc& accident in t)e tunnel and a c)emical spill t)at may re0uire se#eral days to resol#e, may necessitate s!itc)o#er capailities and possile re'ional mirrored redundancy capailities t)at !ould e transparent to t)e users An e#ent o$ 'reater ma'nitude, suc) as an explosion, may render t)e <=ame o$ )ead0uarters or national o$$ice> unusale $or an extended duration o$ time and mi')t necessitate a strate'y ased on mirrored redundancy as !ell as a secondary strate'y in#ol#in' a commercial )ot site (ime sensiti#ity and mission criticality in conunction !it) ud'etary limitations, le#el o$ t)reat and de'ree o$ ris& !ill e maor $actors in t)e de#elopment o$ recommended strate'ies 5See H 6 $or :ecommended Strate'ies &%8%

P"OBABLE T2"EATS

()e tale depicts t)e t)reats most li&ely to impact t)e and components o$ and t)eir mana'ement ()e speci$ic t)reats t)at are represented y 5II are considered t)e most li&ely to occur !it)in t)e en#ironment P"OBABILITY OF T2"EATS Probabilit. of O66,rren6e9 2i+0 Me:i,7 X Air Con:itionin+ Fail,re Air6raft A66i:ent Bla67ail X Bo7b T0reats X X C0e7i6al S=ills / 2aMat Col: / Frost / Sno; Co77,ni6ations Loss X $ata $estr,6tion X Eart0,aes Fire XX Floo:in+ / 'ater $a7a+e N,6lear Mis0a=s XX Po;er Loss / O,ta+e Sabota+e / Terroris7 X Stor7s / 2,rri6anes Van:alis7 / "iotin+ X

Lo; X

X

X X X

X

Fi+,re &-& < System>9 "is Anal.sis Matri?

Date

e!sion 1"6

Pa*e 11


1

SYSTEM $ESC"IPTION

In tis section include in$o!mation $o! eac system unde! o&ne!sip o! cont!ollin* auto!ity o$ te <2acility5System>" Controlling authority assumes that a function or mission element of a Facility/System has been contracted to an outside entity that provides the facilities, hardware, and software and personnel required to perform that task and the Facility retain the oversight of that operation and therefore are the controlling activity for that system 1% P2YSICAL ENVI"ONMENT

Include te buildin* location? inte!nal $acilities? ent!y secu!ity measu!es? ala!ms? and access cont!ol" 1%# TEC2NICAL ENVI"ONMENT

Include accu!ate desc!iption o$ a!d&a!e p!ocesso!s? memo!y? media sto!a*e; and system so$t&a!e ope!atin* system? applications;" Include numbe! o$ use!s? inte!connected systems? and ope!ational const!aints" Put speci$ic so$t&a!e and a!d&a!e inento!ies? SAs? endo! contacts in appendixes"

3

PLAN

3% PLAN MANA)EMENT 3%%

BUSINESS CONTINUITY PLANNIN) 'O"@)"OUPS

()e de#elopment o$ reco#ery strate'ies and !or&-arounds re0uire tec)nical input, creati#ity, and pra'matism ()e est !ay to create !or&ale strate'ies and co)esi#e teams t)at le#era'e out-o$-t)e-ox t)in&in' is to in#ol#e mana'ement and in$ormation resource mana'ement personnel in an on'oin' in$ormati#e dialo'ue ()e mana'ement )as de#eloped and is $acilitatin' Business Continuity Plannin' !or&'roups to assist in t)e de#elopment and re#ie! o$ strate'ies, teams, and tas&s 3%%#

BUSINESS CONTINUITY PLAN COO"$INATO"

A coordinator and an alternate s)ould e appointed y mana'ement and system o!ners to monitor and coordinate t)e Business Continuity Plan, trainin' and a!areness, exercises, and testin' Additionally, t)is person !ill coordinate strate'y de#elopment !it) Business Continuity Plannin' or&'roups, System Contin'ency Coordinator, (eam eaders, Business Process %!ners, and ;ana'ement ()e Business Continuity Plannin' Coordinator s)ould !or& closely !it) system tec)nical mana'ers to ensure t)e #iaility o$ t)e Business Continuity Plan ()e Business Continuity Plan Coordinator !ill mana'e contin'ency teams t)at are not system speci$ic 5see section " *t is recommended t)at t)e indi#idual5s appointment5s Date

e!sion 1"6

Pa*e 1#


e documented in !ritin', and t)at speci$ic responsiilities e identi$ied and included in t)eir o descriptions 3%%&

SYSTEM CONTIN)ENCY COO"$INATO"S

A coordinator and an alternate s)ould e appointed $or 9AC7 SJS(9; under o!ners)ip or controllin' aut)ority o$ t)e y mana'ement and system o!ners ()eir primary tas& !ill e to monitor and coordinate t)e Business Continuity Plannin', trainin' and a!areness, exercises, and testin' Additionally, t)is person !ill mana'e contin'ency teams 5see Section " t)at are assi'ned speci$ically to t)eir system and report directly to t)e Business Continuity Plan Coordinator *t is recommended t)at t)e indi#idual5s appointment5s e documented in !ritin', and t)at speci$ic responsiilities e identi$ied and included in t)eir o descriptions 3%%1

INCI$ENT NOTIFICATION

()e $acilities mana'ers $or t)e locations !)ere t)e critical components o$ t)e systems are located s)ould e pro#ided !it) t)e telep)one numers o$ 9mer'ency :esponse (eam memers Gpon noti$ication, t)e team !ill meet in 5(BD $or t)e purpose o$ conductin' initial incident assessment and issuin' ad#isory reports o$ status to t)e and <=ame> mana'ement *$ t)e $acilities mana'er, emer'ency response personnel, or 9mer'ency :esponse (eam eader )as determined t)at t)e uildin' cannot e entered, t)e alternate meetin' place !ill e t)e 5(BD 3%%3

INTE"NAL PE"SONNEL NOTIFICATION

()e 29mer'ency =oti$ication4 procedure, or a modi$ied #ersion t)ereo$, s)ould e de#eloped and used $or noti$ication o$ t)e Crisis ;ana'ement (eam and ot)er Disaster :eco#ery (eams re'ardin' speci$ic response actions ta&en durin' response operations it)in t)e 2personal contact4 dataase, a sin'le source personal in$ormation tale s)ould readily a#ailale t)at includes )ome addresses, contact telep)one p)one numers, and emer'ency contact in$ormation *n t)e e#ent o$ a disaster, a lac& o$ speci$ic personal data, includin' )ome addresses, cell p)one numers, pa'er numers, and alternate contact in$ormation, could result in t)e inaility to locate and contact &ey personnel and team memers ()is automated personnel dataase s)ould e maintained and updated continuously ()is dataase may e maintained internally or some!)ere else !it)in t)e department, as lon' as t)e in$ormation contained t)erein remains current and accessile 3%%4

E!TE"NAL CONTACT NOTIFICATION

()e 29mer'ency =oti$ication4 procedure, or a modi$ied #ersion t)ereo$, s)ould e de#eloped and used $or noti$ication o$ its Business Continuity Plan ser#ice pro#iders, <=ame> a'encies, external contacts, #endors, suppliers, etc

Date

e!sion 1"6

Pa*e 13


3%%5

ME$IA " ELEASES

All incident related in$ormation 5printed or spo&en, concernin' t)e <9ame> !ill e coordinated and issued t)rou') t)e Department or Component %$$ice o$ Pulic A$$airs 5%PA 3%%8

ALTE"NATE SITE S

*nclude location o$ pre-positioned *n$ormation (ec)nolo'y Assets $or acti#ation in a contin'ency operation mode *t is su''ested t)at local sites $or $acility-/system-speci$ic contin'encies e maintained, suc) as a 2(ec) 7otel,4 !)ere t)e Business Continuity Planner rents space and in$ormation tec)nolo'y e0uipment Additional local alte!naties could be in te $o!m o$ !ecip!ocatin* 4%As and5o! 4%=s &it <=ame> o! ote! 2ede!al a*encies $o! te utili+ation o$ space $o! te installation o$ euipment? connectiity in$!ast!uctu!e and pe!sonnel accommodations sould te need a!ise" An alternate site !it) a distance o$ at least 1?? miles s)ould e considered S)ould a re'ional e#ent ta&e place t)at renders Facility systems ine$$ecti#e and t)e inaility $or p)ysical access, a relocation site !ould ser#e t)e needs $or contin'ency operations 3%# TEAMS

()e $ollo!in' are su''ested teams t)at !ill e assi'ned to execute t)e Business Continuity Plan8 Some teams may not be necessary depending on the system "f this is the case you should simply remove the heading and table Certain teams will be replicated for each system and placed under the System Contingency Coordinator given the vast differences in hardware, software, and e#ternal communications for each system $ach team will have a roster and task list of actions and responsibilities generated by the "%S database to be included in an appendi# 3%#%

$AMA)E ASSESSMENT TEAM

()e Dama'e Assessment (eam is a tec)nical 'roup responsile $or assessin' dama'e to t)e Facility/System and its components *t is composed o$ personnel !it) a t)orou') understandin' o$ )ard!are and e0uipment and t)e aut)ority to ma&e decisions re'ardin' t)e procurement and disposition o$ )ard!are and ot)er assets ()is team is primarily responsile $or initial dama'e assessment, accountin' o$ dama'e assessment, loss minimi+ation, sal#a'e and procurement o$ necessary replacement e0uipment and inter$aces ()is team s)ould include #endor representati#es ()e Dama'e Assessment (eam !ill enter t)e $acility as soon as t)ey )a#e recei#ed permission to do so $rom emer'ency ser#ices A !ritten detailed account s)ould e made o$ t)e 'eneral status o$ t)e !or& area, !it) speci$ic attention to t)e condition o$ )ard!are, so$t!are, $urnis)in's, and $ixtures :ecommendations s)ould e made t)at all dama'ed e0uipment, media, and documentation e routed immediately to disaster Date

e!sion 1"6

Pa*e 1'


reco#ery and restoration experts $or a determination as to its aility to e sal#a'ed or restored 3%#%#

OPE"ATIONS TEAM

()e %perations (eam consists o$ operators responsile $or runnin' emer'ency production $or critical systems, coordinatin' !it) Bac&up (eam to ensure t)at applications system data and operatin' instructions are correct, and !it) t)e iaison (eam to ad#ise o$ t)e production status and any unusual prolems re0uirin' assistance Data *nput/Control (eams could e separate 'roups or su'roups o$ t)e %perations (eam Also, t)e PC Support (eam under t)e %perations :eco#ery (eam is responsile $or re-estalis)in' microcomputer operations at t)e ac&up site or remote sites and $or assistin' !it) reinstatin' PC applications 3%#%&

COMMUNICATIONS TEAM

()e Communications (eam is composed o$ communications specialists responsile $or restorin' #oice, data, and #ideo communications lin&s et!een users and t)e computers, re'ardless o$ location in t)e e#ent o$ a loss or outa'e Communication #endor 5carrier input in desi'nin' and implementin' t)e reco#ery plan is #ery important *n$luential $actors in de#elopin' reco#ery procedures $or t)is team include8 t)e type o$ net!or&, t)e time re0uirement $or restoration, percenta'e o$ t)e net!or& to e reco#ered, and ud'et considerations 3%#%1

$ATA ENT"Y AN$ CONT"OL TEAM

()e Data 9ntry and Control (eam is responsile $or enterin' data as it is restored ()ey ensure t)at t)e data is t)e est a#ailale ac&up and meets #alidation $or t)e system 3%#%3

OFF-SITE STO"A)E TEAM

()e %$$-site Stora'e (eam is responsile $or retrie#in' ac&up copies o$ operatin' systems applications, systems, applications data, and ensurin' security o$ t)e data, ac&up $acilities, and ori'inal $acilities ()e team is composed o$ memers o$ $amiliar !it) #ital records arc)i#al and retrie#al 3%#%4

A$MINIST"ATIVE MANA)EMENT TEAM

()e Administrati#e ;ana'ement (eam coordinates Primary and Alternate Site security and speciali+ed clerical and administrati#e support $or t)e Business Continuity Plan Coordinator and all ot)er teams durin' disaster contin'ency proceedin's ()e Administrati#e (eam may also assist 'roups outside t)e in$ormation resources area as needed ()e Administrati#e (eam is responsile $or reassemlin' all documentation $or standards, procedures, applications, pro'rams, systems, and $orms, as re0uired at t)e ac&up site ()e Administrati#e (eam is responsile $or arran'in' $or transportation o$ sta$$, e0uipment, supplies, and ot)er necessary items et!een sites 3%#%5

P"OCU"EMENT TEAM

()e Procurement (eam consists o$ persons &no!led'eale o$ t)e in$ormation resources and supplies in#entory and t)e ud'etary, $undin', and ac0uisition processes responsile $or expeditin' ac0uisition o$ necessary resources Date

e!sion 1"6

Pa*e 1,


3%#%8

CONFI)U"ATION MANA)EMENT TEAM

()e Con$i'uration ;ana'ement (eam is composed o$ indi#iduals !it) teleprocessin' s&ills ()ey !or& closely !it) t)e Communications (eams in estalis)in' #oice and data communication capailities 3%#%

FACILITIES TEAM

()e Facilities (eam is responsile $or arran'in' $or t)e primary and ac&up $acilities and all components 3%#%D SYSTEM SOFT'A"E TEAM

()e System So$t!are (eam consists o$ system so$t!are pro'rammers responsile $or pro#idin' t)e system so$t!are support necessary $or production o$ critical applications systems durin' reco#ery 3%#% INTE"NAL AU$IT TEAM

()e *nternal Audit (eam is responsile $or oser#ation and o#ersi')t participation in t)e reco#ery e$$ort 3%#%# USE" ASSISTANCE TEAM

()e Gser Assistance team is composed o$ indi#iduals !it) application use &no!led'e ()e team is made up o$ maor user area mana'ers, production control, and applications lead analysts responsile $or coordination and liaison, !it) t)e in$ormation resources sta$$ $or applications reco#ery and restoration o$ data $iles and dataases Gnder t)e 'eneral leaders)ip o$ t)e Gser Assistance (eam, tec)nical applications specialist and dataase administration su-teams per$orm necessary application restoration acti#ities Settin' priorities $or applications reco#ery is a primary in$luence on procedures $or t)is team and its su'roups 3%& $ATA COMMUNICATIONS

Dependin' on t)e location o$ t)e calin', a cale cut y a ac&)oe could render an and associated uildin's !it)out connecti#ity %$tentimes, 2redundant calin'4 can mean t!o $ier optic cales laid in t)e same trenc) $or $ailo#er connecti#ity )ile t)is may e ade0uate $or routine telecommunication interruptions, it represents a sin'le point o$ $ailure $or communications and connecti#ity ()e le#el o$ data connecti#ity re0uired !ill e determined pendin' t)e $inal decision re'ardin' t)e disaster declaration Data communications speci$ications s)ould e documented in APP9=D*I <7> , Communication :e0uirements, in t)is plan and s)ould e stored in t)e secure o$$site stora'e location or <=ame> , in t)e e#ent t)at a permanent replacement $acility is re0uired 3%1 BAC@UPS

()e most important p)ysical asset in any Facility/System is its data and in$ormation Data and in$ormation processin' are a maor reason $or t)e existence o$ <=ame> ;oreo#er, all o$ t)e <=ame> systems are dependent on t)e preser#ation o$ data, Date

e!sion 1"6

Pa*e 1


includin' so$t!are manuals and documentation *n order to minimi+e t)e impact o$ a disaster, it is extremely important to protect t)e sensiti#ity or con$identiality o$ dataK to preser#e t)e aut)enticity and accuracy o$ data, and to maintain t)e a#ailaility o$ data ()ese t)ree 'oals are commonly de$ined as 2Con$identiality, *nte'rity, and A#ailaility4 ()e protection o$ t)e con$identiality, inte'rity, and a#ailaility o$ data is o$ sin'ular importance in in$ormation security and disaster reco#ery plannin' Con$identiality, inte'rity, and a#ailaility o$ data are intrinsic to disaster reco#ery plannin' 9$$ecti#e procedures to per$orm $ull data ac& ups on a re'ular !ee&ly asis must e implemented A copy o$ t)e !ee&ly ac& ups s)ould e securely transported on a !ee&ly asis and stored o$$ site in an en#ironmentally controlled stora'e $acility, pre$eraly outside t)e immediate re'ional area Fre0uent ac&ups s)ould e implemented to ensure t)e reco#ery o$ t)e most current data #ersion and to increase t)e li&eli)ood o$ usale media in a post-e#ent scenario 3%1%

VITAL " ECO"$S/$OCUMENTATION

Lital records and important documentation s)ould e ac&ed up and stored o$$ site Lital records are any documents or documentation t)at is essential to t)e operations o$ an or'ani+ation, suc) as personnel records, so$t!are documentation, le'al documentation, le'islati#e documentation, ene$its documentation, etc Documentation o$ all aspects o$ computer support and operations is important to ensure continuity and consistency Formali+in' operational practices and procedures in detail )elps to eliminate security lapses and o#ersi')ts, 'i#es ne! personnel detailed instructions on )o! to operate e0uipment or do a particular tas&, and pro#ides a 0uality assurance $unction to )elp ensure t)at operations !ill e per$ormed correctly and e$$iciently e#ery time Security documentation s)ould e de#eloped to $ul$ill t)e needs o$ t)ose !)o use it For t)is reason, many or'ani+ations separate documentation into policy and procedures $or eac) user le#el For example, a $unctional security procedures manual s)ould e !ritten to in$orm end users )o! to do t)eir os securely !)ile a tec)nical and operational security procedures manual s)ould e !ritten $or systems operations and support sta$$ $ocusin' on system administrations concerns in considerale detail ()ere s)ould e at least t!o copies o$ current system security documentation %ne copy s)ould e stored on site and e immediately accessile A ac& up copy must e stored o$$ site and s)ould include documents suc) as system security plans 5SSP, Business Continuity Plans, ris& analyses, and security policies and procedures Additional copies may e necessary $or some documentation, suc) as Business Continuity Plans, !)ic) s)ould e easily accessile in t)e e#ent o$ a disaster *t is recommended t)at copies o$ t)e Business Continuity Plan e distriuted to t)e Business Continuity Plan Coordinator, 9xecuti#e ;ana'ement, and (eam eaders $or sa$e&eepin'

Date

e!sion 1"6

Pa*e 1


Documentation s)ould e duplicated eit)er in )ard copy or compatile media $ormat and stored at t)e o$$-site stora'e or t)e 5reco#ery site location ()e ori'inal primary on-site unit retains t)e ori'inal copies o$ all in$ormation Gpdates to documentation s)ould e rotated on an as-re0uired asis, under t)e control o$ t)e responsile team %$$-site documentation s)ould include tec)nical and operational documentation %any of the below listed documents may be found in the completed certification and accreditation package &the System Security 'uthori(ation 'greement &SS'') and 'ppendices) "f the information is in the SS'', keep it current and maintain a copy off* site

()e $ollo!in' documentation s)ould e maintained o$$ site8 •

Security related *n$ormation (ec)nolo'y 5*( policy M procedure memorandum, circulars, pulications

•

Department or component mission statement

•

etters o$ dele'ation $or &ey *n$ormation System security personnel

•

Complete )ard!are and so$t!are listin's

•

*nternal security, *n$ormation System audits

•

Detailed *( arc)itecture sc)ematics 5lo'ical/p)ysical, net!or&, de#ices

•

=et!or& cale routin' sc)ematics 5on $loor o#erlay

•

•

•

•

•

•

•

•

System testin' plans/procedures :e#ie! and appro#al o$ plans/procedures System Con$i'uration :e#ie! and appro#al o$ proposed con$i'uration C)an'es made to t)e system con$i'uration 9#aluation o$ c)an'es $or security implications (ec)nical standards $or system desi'n, testin' and maintenance to re$lect security oecti#es Business Continuity Plans $or incident response procedures and ac&up operations

Date

e!sion 1"6

Pa*e 1.


•

Data ac&up/restoration procedures and procedures $or stora'e, transportation and )andlin' o$ ac&up tapes

•

:eports o$ security related incidents

•

•

•

Sensiti#ity and criticality determination Baseline security c)ec&list $or eac) system So$t!are licensin' in$ormation

Additionally, it is recommended t)at mana'ement personnel de#elop detailed procedural manuals speci$yin' )o! t)eir $unctional responsiilities are to e disc)ar'ed in t)e e#ent o$ t)eir una#ailaility ()is is especially important $or &ey personnel Copies o$ t)ese manuals s)ould e &ept o$$-site !it) ot)er documentation 3%3 OFFICE EUIPMENT FU"NITU"E AN$ SUPPLIES

Alt)ou') t)e current strate'y is $or o$$ice e0uipment, $urniture, and supplies to e ordered on an 2emer'ency as re0uired4 asis at t)e time o$ t)e disaster, it is recommended t)at mana'ement re#ie! supply needs and coordinate !it) t)e local procurement o$$ice to de#elop a re#ol#in' emer'ency in#entory o$ !or&space and sur#i#al supplies $or immediate use in t)e e#ent o$ a disaster ()e re#ol#in' in#entory o$ !or&space supplies s)ould include not only asic essential !or&space supplies li&e pens, pencils, note pads, and paper, ut also speci$ic $orms and templates Additionally, a re#ol#in' in#entory o$ sur#i#al supplies s)ould e maintained, includin' ottled drin&in' !ater, personal products, and $ood rations, in t)e e#ent personnel cannot e e#acuated or are temporarily pre#ented $rom lea#in' t)e con$ines o$ t)e uildin' due to !eat)er conditions 3%4 "ECOMMEN$E$ TESTIN) P"OCE$U"ES

()e Business Continuity Plan s)ould e maintained routinely and exercised/tested at least annually Contin'ency procedures must e tested periodically to ensure t)e e$$ecti#eness o$ t)e plan ()e scope, oecti#e, and measurement criteria o$ eac) exercise !ill e determined and coordinated y t)e Business Continuity Plan Coordinator on a 2per e#ent4 asis ()e purpose o$ exercisin' and testin' t)e plan is to continually re$ine resumption and reco#ery procedures to reduce t)e potential $or $ailure ()ere are t!o cate'ories o$ testin'8 announced and unannounced *n an announced test, personnel are instructed !)en testin' !ill occur, !)at t)e oecti#es o$ t)e test are, and !)at t)e scenario !ill e $or t)e test Announced testin' is )elp$ul $or t)e initial test o$ procedures *t 'i#es teams t)e time to prepare $or t)e test and allo!s t)em to practice t)eir s&ills %nce t)e team )as )ad an opportunity to run t)rou') t)e procedures, practice, and coordinate t)eir s&ills, unannounced testin' may e used to test t)e Date

e!sion 1"6

Pa*e 10


completeness o$ t)e procedures and s)arpen t)e team.s ailities Gnannounced testin' consists o$ testin' !it)out prior noti$ication ()e use o$ unannounced testin' is extremely )elp$ul in preparin' a team $or disaster preparation ecause it $ocuses on t)e ade0uacy o$ in-place procedures and t)e readiness o$ t)e team Gnannounced testin', comined !it) closely monitored restrictions, !ill )elp to create a simulated scenario t)at mi')t exist in a disaster ()is more closely measures t)e teams. aility to $unction under t)e pressure and limitations o$ a disaster %nce it )as een determined !)et)er a test !ill e announced or unannounced, t)e actual oecti#e5s o$ t)e test must e determined ()ere are se#eral di$$erent types o$ tests t)at are use$ul $or measurin' di$$erent oecti#es A recommended sc)edule $or testin' is as $ollo!s8 •

Des&top testin' on a 0uarterly asis

•

%ne structured !al&-t)rou') per year

•

%ne inte'rated usiness operations/in$ormation systems exercise per year

()e Business Continuity Plan Coordinator, Contin'ency System Coordinators, and (eam eaders, to'et)er !it) t)e %$$ice ;ana'ement and , !ill determine end-user participation

4

"ECOMMEN$E$ ST"ATE)IES

()e $ollo!in' in$ormation represents potential recommendations to t)e Director, and ot)er tec)nical mana'ement positions as appropriate ()ese s)ould e considered as solutions t)at potentially may assist in t)e continued de#elopment o$ t)eir reco#ery capailities in a post-disaster situation 4% C"ITICAL ISSUES 6.1.1

POWER

()e tec)nolo'y director s)ould !or& to de#elop po!er re0uirements necessary to pro#ide uninterrupted ser#ice $or t)e data center A$ter t)e determination o$ po!er re0uirements )as een de#eloped $or t)e continuous operaility o$ t)e t)e s)ould $ollo! t)e standard procurement process to otain, install, test, and maintain suc) a system *t s)ould e noted t)at t)e standard li$e cycle $or t)e amorti+ation o$ a diesel po!ered ac&up 'enerator is "? years 6.1.2

D IVERSIFI!"IO# OF  O##E"IVI"$

As it stands, t)e current connecti#ity con$i'uration represents a sin'le point o$ $ailure to t)e entire  ()e dedicated connecti#ity $rom all t)e re'ional o$$ices con#er'es Date

e!sion 1"6

Pa*e #6


in t)e data center A sin'le occurrence o$ $ire, po!er $ailure, terrorist act, or ci#il unrest could completely disrupt email and *nternet ased connecti#ity et!een t)e uildin' and t)e re'ions Additionally, users rely upon *nternet connecti#ity to pro#ide outside email a#ailaility to t)e Department and t)e re'ions t)ere$ore, ased upon any o$ t)e a$orementioned scenarios t)at $unction, !ould also cease to $unction 6.1.%

OFFSI"E & !'(P S "OR!)E

()e current sc)edule implemented $or t)e trans$er o$ ac&up tapes to t)e o$$site stora'e $acility is inconsistent !it) t)e oecti#es o$ Business Continuity Plannin' ()e sc)edule )as t)e sta$$ maintainin' t)e most current ac&up tapes onsite in t)e uildin' $or a 3? day period prior to trans$er to t)e o$$site stora'e $acility ()us, all data extracted $rom o$$ice ac&up tapes !ill e more t)an 3? days old *n today.s data intensi#e en#ironment t)is pro#ides stale in$ormation to t)e end users ()is is especially critical in #ie! o$ t)e $act t)at t)e only time a sta$$ must rely on t)e o$$site ac&up media is !)en t)e system )as $ailed and any incremental ac&ups are ine$$ecti#e and/or ine$$icient to resol#e t)e situation ()e loss o$ t)irty 53? days o$ !or& and data ased on t)e impact o$ a disaster is not acceptale ()e sc)edule controllin' t)is process s)ould e re-#isited and modi$ied to re$lect a more $re0uent trans$er timeline ()e accepted standard is t)e trans$er o$ ac&up media to t)e o$$site stora'e on a !ee&ly asis to estalis) a co ntinuously current $lo! o$ data into t)e ac&up copies ()is !ill allo! t)e sta$$ to execute restorations utili+in' t)e most updated in$ormation a#ailale ()is is particularly true re'ardin' t)e e-mail systems

5

TE"MS AN$ $EFINITIONS

Te $ollo&in* is a comp!eensie list o$ te!ms tat a!e impo!tant in Business Continuity Plannin* and !ecoe!y ope!ations" Add any 2acility speci$ic and system speci$ic te!ms &it de$initions !eleant to te Business Continuity Plan in te app!op!iate alpabetical positions" ABC Fire E?tin+,is0er - Cemically based deices used to eliminate o!dina!y combustible? $lammable liuid? and elect!ical $i!es" A66e=table LeGel of "is - typically !e$e!s to te point at &ic te leel o$ !is8 is mo!e acceptable tan te cost to miti*ate te !is8 in dolla!s o! a$$ect on compute! system $unction;" A66ess - te ability to do sometin* &it a compute! !esou!ce" Tis usually !e$e!s to a tecnical ability e"*"? !ead? c!eate? modi$y? o! delete a $ile? execute a p!o*!am? o! use an exte!nal connection;J admissionJ ent!ance" A66ess 6ontrol - te p!ocess o$ limitin* access to te !esou!ces o$ an IT system only to auto!i+ed use!s? p!o*!ams? p!ocesses? o! ote! IT systems" A66o,ntabilit. - te p!ope!ty tat enables actiities on a system to be t!aced to indiiduals? &o may ten be eld !esponsible $o! tei! actions" Date

e!sion 1"6

Pa*e #1


A6t,ator - A mecanical assembly tat positions te !ead5&!ite ead assembly oe! te app!op!iate t!ac8s" A6tiGation - 7en all o! a po!tion o$ te !ecoe!y plan as been put into motion" A:e,ate se6,rit. - secu!ity commensu!ate &it te !is8 and ma*nitude o$ te a!m !esultin* $!om te loss? misuse? o! unauto!i+ed access to? o! modi$ication o$ in$o!mation" Tis includes assu!in* tat systems and applications used by <=ame> ope!ate e$$ectiely and p!oide app!op!iate con$identiality? inte*!ity? and aailability? t!ou* te use o$ coste$$ectie mana*ement? pe!sonnel? ope!ational? and tecnical cont!ols" Alert - 9oti$ication tat a disaste! situation as occu!!ed - stand by $o! possible actiation o$ disaste! !ecoe!y plan" Alternate Site - A location? ote! tan te no!mal $acility? used to p!ocess data and5o! conduct c!itical business $unctions in te eent o$ a disaste!" Similar (erms8 Alternate Processin' Facility, Alternate %$$ice Facility, Alternate Communication Facility A==li6ation - te use o$ in$o!mation !esou!ces in$o!mation and in$o!mation tecnolo*y; to satis$y speci$ic set o$ use! !eui!ements" A==li6ation =ro+ra7 - A so$t&a!e p!o*!am comp!isin* a set o$ statements? de$inin* ce!tain tas8s" A==li6ation "e6oGer. - Te component o$ (isaste! /ecoe!y tat deals speci$ically &it te !esto!ation o$ business system so$t&a!e and data? a$te! te p!ocessin* plat$o!m as been !esto!ed o! !eplaced" Simila! Te!ms: Business System /ecoe!y" Arra. - An a!!an*ement o$ t&o o! mo!e dis8 d!ies: may be in /edundant A!!ay o$ Inexpensie (is8s /AI(; o! daisy-cain $asion" Asset  a alue placed on *oods o&ned by an o!*ani+ation Ass,7=tions - Basic unde!standin*s about un8no&n disaste! situations tat te disaste! !ecoe!y plan is based on" Ass,ran6e - a measu!e o$ con$idence tat te secu!ity $eatu!es and a!citectu!e o$ an automated in$o!mation system accu!ately mediate and en$o!ce te secu!ity policy" As.n60rono,s Transfer Mo:e ATM - A net&o!8 a!citectu!e tat diides messa*es into $ixed-si+e units cells; and establises a s&itced connection bet&een te o!i*inatin* and !eceiin* stationsJ enables t!ansmission o$ a!ious types o$ data ideo? audio? etc"; oe! te same line &itout one data type dominatin* te t!ansmission A,:it s.ste7 - an independent !eie&? examination o$ te !eco!ds? and actiities to access te adeuacy o$ system cont!olsJ to ensu!e compliance &it establised policies and ope!ational p!ocedu!es" Te audit system is an essential tool $o! te dete!mination and !ecommendation o$ necessa!y can*es in cont!ols? policies? o! p!ocedu!es" A,:it trail - a se!ies o$ !eco!ds o$ compute! eents about an ope!atin* system? an application? o! use! actiities" A,:itin+ - te !eie& and analysis o$ mana*ement? ope!ational? and tecnical cont!ols" A,t0enti6ation - p!oin* to some !easonable de*!ee; a use!Ks identity" It can also be a measu!e desi*ned to p!oide p!otection a*ainst $!audulent t!ansmission by establisin* te alidity o$ a t!ansmission? messa*e? station? o! o!i*inato!" A,t0oriation - te pe!mission to use a compute! !esou!ce" Pe!mission is *!anted? di!ectly o! indi!ectly? by te application o! system o&ne!" A,to7ate:  means compute!i+ed $o! te pu!pose o$ tis document" AGailabilit. - te p!ope!ty o$ bein* accessible and usable? upon demand by an auto!i+ed entity? to complete a $unction" Te in$o!mation tecnolo*y system o! installation Date

e!sion 1"6

Pa*e ##


contains in$o!mation o! p!oides se!ices tat must be aailable on a timely basis? to meet mission !eui!ements o! to aoid substantial losses" Cont!ols to p!otect te aailability o$ in$o!mation a!e !eui!ed? i$ te in$o!mation is c!itical to te <=ame>Ks actiityKs $unctions" Access to some in$o!mation !eui!es <=ame> to ensu!e te aailability o$ tat in$o!mation &itin a so!t pe!iod o$ time" Ba6 Offi6e Lo6ation - An o$$ice o! buildin*? used by te o!*ani+ation to conduct suppo!t actiities? tat is not located &itin an o!*ani+ationLs eadua!te!s o! main location" Ba6bone - te unde!lyin* net&o!8 communication conduit o! line by &ic all main se!e!s and deices a!e connectedJ bac8bone deices a!e typically se!e!s? !oute!s? ubs? and b!id*esJ client compute!s a!e not connected di!ectly to te bac8bone" Ba6,= - means eite! p!ocedu!es o! standby euipment tat a!e aailable $o! use in te eent o$ a $ailu!e o! inaccessibility o$ no!mally used euipment o! p!ocedu!es o! to ma8e a copy o$ data o! a p!o*!am in case te o!i*inal is lost? dama*ed? o! ote!&ise unaailable" Ba6,= A+ree7ent - A cont!act to p!oide a se!ice tat includes te metod o$ pe!$o!mance? te $ees? te du!ation? te se!ices p!oided? and te extent o$ secu!ity and con$identiality maintained" Ba6,= Position Listin+ - A list o$ alte!natie pe!sonnel &o can $ill a !ecoe!y team position &en te p!ima!y pe!son is not aailable" Ba6,= Strate+ies "e6oGer. Strate+ies - Alte!natie ope!atin* metod i"e"? plat$o!m? location? etc"; $o! $acilities and system ope!ations in te eent o$ a disaste!" Ban:;i:t0 - te amount o$ data tat can be t!ansmitted ia a *ien communications cannel e"*"? bet&een a a!d d!ie and te ost PC; in a *ien unit o$ time" Blo6 - a po!tion o$ a olume usually ,1# bytes in si+eJ o$ten !e$e!!ed to as a Mlo*ical bloc8"M B,rst 7o:e - a tempo!a!y? i*-speed data t!ans$e! mode tat can t!ans$e! data at si*ni$icantly i*e! !ates tan &ould no!mally be acieed &it non-bu!st tecnolo*yJ te maximum t!ou*put a deice is capable o$ t!ans$e!!in* data" B,s - te main communication aenue in a compute!J an elect!ical pat&ay alon* &ic si*nals a!e sent $!om one pa!t o$ te compute! to anote!" B,siness Contin,it. Plannin+ BCP9 An all encompassin*? Mumb!ellaM te!m coe!in* bot disaste! !ecoe!y plannin* and business !esumption plannin*" Also see disaster reco#ery plannin' and usiness resumption plannin' B,siness I7=a6t Anal.sis BIA - Te p!ocess o$ analy+in* all business $unctions and te e$$ect tat a speci$ic disaste! may ae upo n tem" B,siness Interr,=tion - Any eent? &ete! anticipated i"e"? public se!ice st!i8e; o! unanticipated i"e"? blac8out; &ic dis!upts te no!mal cou!se o$ business ope!ations at a co!po!ate location" B,siness Interr,=tion Costs - Te costs o! lost !eenue associated &it an inte!!uption in no!mal business ope!ations" B,siness "e6oGer. Coor:inator - See Disaster :eco#ery Coordinator B,siness "e6oGer. Pro6ess - Te common c!itical pat tat all companies $ollo& du!in* a !ecoe!y e$$o!t" Te!e a!e ma)o! nodes alon* te pat tat a!e $ollo&ed !e*a!dless o$ te o!*ani+ation" Te p!ocess as seen sta*es: 1; Immediate !esponse? #; Eni!onmental

Date

e!sion 1"6

Pa*e #3


!esto!ation? 3; 2unctional !esto!ation? '; (ata sync!oni+ation? ,; /esto!e business $unctions? ; Inte!im site? and ; /etu!n ome" B,siness "e6oGer. Tea7 - A *!oup o$ indiiduals !esponsible $o! maintainin* and coo!dinatin* te !ecoe!y p!ocess" Similar (erms8 :eco#ery (eam B,siness "es,7=tion Plannin+ B"P9 Te ope!ations piece o$ business continuity plannin*" Also see8 Disaster :eco#ery Plannin' B,siness Unit "e6oGer. - Te component o$ (isaste! /ecoe!y &ic deals speci$ically &it te !elocation o$ 8ey o!*ani+ation pe!sonnel in te eent o$ a disaste!? and te p!oision o$ essential !eco!ds? euipment supplies? &o!8 space? communication $acilities? compute! p!ocessin* capability? etc" Similar (erms8 or& roup :eco#ery B.te - Te $undamental data unit $o! pe!sonal compute!s? comp!isin* . conti*uous bits" Ca60e - A la!*e ban8 o$ !andom access memo!y used $o! tempo!a!y sto!a*e o$ in$o!mation" Co7=,ter-Ai:e: $esi+n CA$ - J te use o$ a compute! in indust!ial desi*n applications suc as a!citectu!e? en*inee!in*? and manu$actu!in*" Call ba6 - a p!ocedu!e $o! identi$yin* a !emote te!minal" In a call bac8? te ost system disconnects te calle! and ten dials te auto!i+ed telepone numbe! o$ te !emote te!minal to !eestablis te connection" Synonymous &it dial bac8" Central Offi6e - a secu!e? sel$-contained telecommunications euipment buildin* tat ouses se!e!s? sto!a*e systems? s&itcin* euipment? eme!*ency po&e! systems? and !elated deices tat a!e used to !un telepone systems" Certifie: $isaster "e6oGer. Planner C$"P9 C(/PLs a!e ce!ti$ied by te (isaste! /ecoe!y Institute? a not-$o!-p!o$it co!po!ation? &ic p!omotes te c!edibility and p!o$essionalism in te (/ indust!y" C0e6list Test - A metod used to test a completed disaste! !ecoe!y plan" Tis test is used to dete!mine i$ te in$o!mation suc as pone numbe!s? manuals? euipment? etc" in te plan is accu!ate and cu!!ent" Cl,stere: serGers - Te concept o$ combinin* multiple ost compute!s to*ete! t!ou* a p!iate communication line? suc as Ete!net bac8bone? to $o!m a !in* o$ ost compute!sJ tis !in* o$ ost compute!s act as a sin*le entity? capable o$ pe!$o!min* multiple complex inst!uctions by dist!ibutin* te &o!8load ac!oss all membe!s o$ te !in*" Cl,stere: stora+e - te concept o$ combinin* multiple sto!a*e se!e!s to*ete! to $o!m a !edundant !in* o$ sto!a*e deicesJ cluste!ed sto!a*e systems typically pe!$o!m multiple !ead and &!ite !euests t!ou* pa!allel access lines to te !euestin* compute!" Col: Site - An alte!nate $acility tat is oid o$ any !esou!ces o! euipment except ai!conditionin* and !aised $loo!in*" Euipment and !esou!ces must be installed in suc a $acility to duplicate te c!itical business $unctions o$ an o!*ani+ation" Cold-sites ae many a!iations dependin* on tei! communication $acilities? =ninte!!uptible Po&e! Sou!ce =PS; systems? o! mobility /elocatable-Sell;" Similar (erms8 S)ell-siteK Bac&up siteK :eco#ery siteK Alternati#e site Co77an: An:/Or Control Center CAC/CNC/CCC - A cent!ally located $acility ain* adeuate pone lines to be*in !ecoe!y ope!ations" Typically it is a tempo!a!y $acility used by te mana*ement team to be*in coo!dinatin* te !ecoe!y p!ocess and used until te alte!nate sites a!e $unctional"

Date

e!sion 1"6

Pa*e #'


Co77er6e serGi6e =roGi:er CSP - A company tat p!oides e-comme!ce solutions $o! !etaile!s" Co7=etitiGe lo6al e?60an+e 6arrier CLEC - a lon* distance ca!!ie!? cable company? o! small sta!tup local excan*e ca!!ie! tat competes $o! business in a local telepone ma!8etJ many CECs also o$$e! Inte!net se!ices" Co7=,ter Gir,s - A p!o*!am tat Nin$ectsO compute! systems in muc te same &ay? as a biolo*ical i!us in$ects umans" Te typical i!us N!ep!oducesO by ma8in* copies o$ itsel$ and inse!tin* tem into te code o$ ote! p!o*!amseite! in systems so$t&a!e o! in application p!o*!ams" Co77,ni6ations Fail,re - An unplanned inte!!uption in elect!onic communication bet&een a te!minal and a compute! p!ocesso!? o! bet&een p!ocesso!s? as a !esult o$ a $ailu!e o$ any o$ te a!d&a!e? so$t&a!e? o! telecommunications components comp!isin* te lin8" Also !e$e! to 9et&o!8 %uta*e"; Co77,ni6ations "e6oGer. - Te component o$ (isaste! /ecoe!y &ic deals &it te !esto!ation o! !e!outin* o$ an o!*ani+ationLs telecommunication net&o!8? o! its components? in te eent o$ loss" Similar (erms8 5(elecommunication :eco#ery, Data Communications :eco#ery Co7=,ter "e6oGer. Tea7 C"T - A *!oup o$ indiiduals !esponsible $o! assessin* dama*e to te o!i*inal system? p!ocessin* data in te inte!im? and settin* up te ne& system" Confi:entialit. - te assu!ance tat in$o!mation is not disclosed to unauto!i+ed entities o! p!ocesses" Te in$o!mation tecnolo*y system o! installation contains in$o!mation tat !eui!es p!otection $!om unauto!i+ed o! inapp!op!iate disclosu!e" Some in$o!mation must be p!otected $!om unauto!i+ed o! accidental disclosu!e" <=ame> is !eui!ed to p!eent some in$o!mation $!om !elease to pe!sons &itout te p!ope! uali$ications" In$o!mation !eui!in* p!otection $!om unauto!i+ed disclosu!e includes classi$ied in$o!mation? in$o!mation !elated to milita!y ope!ations and euipment? con$idential comme!cial business in$o!mation? con$idential <=ame> business in$o!mation? P!iacy Act in$o!mation? la& en$o!cement con$idential in$o!mation? p!ocu!ement-sensitie in$o!mation? bud*eta!y in$o!mation p!io! to %4B !elease? and in$o!mation exempt $!om disclosu!e unde! te 2!eedom o$ In$o!mation Act 2%IA;" Confi+,ration 6ontrol - te p!ocess o$ cont!ollin* modi$ications to te systemKs a!d&a!e? so$t&a!e? and documentation tat p!oide su$$icient assu!ance tat te system is p!otected a*ainst te int!oduction o$ imp!ope! modi$ications be$o!e? du!in*? and a$te! system implementation" Confi+,ration 7ana+e7ent CM - Te mana*ement o$ can*es made to a systemKs a!d&a!e? so$t&a!e? $i!m&a!e? documentation? tests? test $ixtu!es? and test documentation t!ou*out te deelopment and ope!ational li$e o$ te system" Consorti,7 A+ree7ent - An a*!eement made by a *!oup o$ o!*ani+ations to sa!e p!ocessin* $acilities and5o! o$$ice $acilities? i$ one membe! o$ te *!oup su$$e!s a disaste!" Similar (erms8 :eciprocal A'reement B,siness Contin,it. Plan - a plan $o! eme!*ency !esponse? bac8-up ope!ations? and post-disaste! !ecoe!y $o! in$o!mation tecnolo*y systems and installations in te eent no!mal ope!ations a!e inte!!upted" Te Business Continuity Plan sould ensu!e minimal impact upon data p!ocessin* ope!ations in te eent te in$o!mation tecnolo*y system o! $acility is dama*ed o! dest!oyed" Date

e!sion 1"6

Pa*e #,


B,siness Contin,it. Plannin+ - a plan tat add!esses o& to 8eep an o!*ani+ationKs c!itical $unctions ope!atin* in te eent o$ any 8ind o$ dis!uptions" See Disaster :eco#ery Plan B,siness Contin,it. Plannin+ - See also Disaster :eco#ery Plannin' Controller - a unit o! ci!cuit!y tat mana*es te in$o!mation $lo& bet&een sto!a*e dis8s and te compute!" Coo=eratiGe 2ot sites - A ot site o&ned by a *!oup o$ o!*ani+ations aailable to a *!oup membe! sould a disaste! st!i8e" Also See 7ot-Site Cost Benefit Anal.sis - te assessment o$ te costs o$ p!oidin* data p!otection $o! a system e!sus te cost o$ losin* o! comp!omisin* a system" Cost of o;ners0i= - te pu!case p!ice o$ euipment plus te cost o$ ope!atin* tis euipment oe! its p!o)ected li$e span" Co77er6ial Off-t0e-S0elf COTS - J Comme!cially aailable p!oducts tat can be pu!cased and inte*!ated &it little o! no customi+ation? tus $acilitatin* custome! in$!ast!uctu!e expansion and !educin* costs" Co,nter7eas,re - any action? deice? p!ocedu!e? tecniue? o! ote! measu!e tat !educes te ulne!ability o$? o! t!eat to a system" Crate H S0i= - A st!ate*y $o! p!oidin* alte!nate p!ocessin* capability in a disaste!? ia cont!actual a!!an*ements &it an euipment supplie! to sip !eplacement a!d&a!e &itin a speci$ied time pe!iod" Similar (erms8 uaranteed :eplacement, Nuic& S)ip Crisis - A c!itical eent? &ic? i$ not andled in an app!op!iate manne!? may d!amatically impact an o!*ani+ationLs p!o$itability? !eputation? o! ability to ope!ate" Crisis Mana+e7ent - Te oe!all coo!dination o$ an o!*ani+ationLs !esponse to a c!isis? in an e$$ectie? timely manne!? &it te *oal o$ aoidin* o! minimi+in* dama*e to te o!*ani+ationLs p!o$itability? !eputation? o! ability to ope!ate" Crisis Si7,lation - Te p!ocess o$ testin* an o!*ani+ationLs ability to !espond to a c!isis in a coo!dinated? timely? and e$$ectie manne!? by simulatin* te occu!!ence o$ a speci$ic c!isis" Criti6al F,n6tions - Business actiities o! in$o!mation? &ic could not be inte!!upted o! unaailable $o! see!al business days &itout si*ni$icantly )eopa!di+in* ope!ation o$ te o!*ani+ation" Criti6al "e6or:s - /eco!ds o! documents? &ic? i$ dama*ed o! dest!oyed? &ould cause conside!able inconenience and5o! !eui!e !eplacement o! !ec!eation at conside!able expense" Cr.=to+ra=0. - te p!inciples? means? and metods $o! !ende!in* in$o!mation unintelli*ible and $o! !esto!in* enc!ypted in$o!mation to intelli*ible $o!m" Co7=,ter Tele=0on. Inte+ration CTI - P!oidin* a lin8 bet&een telepone systems and compute!s to $acilitate incomin* and out*oin* call andlin* and cont!olJ te pysical lin8 bet&een a telepone and se!e!" $i+ital A,:io Ta=e $AT ; - A di*ital ma*netic tape $o!mat o!i*inally deeloped $o! audio !eco!din* and no& used $o! compute! bac8up tapeJ te latest (AT sto!a*e $o!mat is ((S (i*ital (ata Sto!a*e;" $a7a+e Assess7ent - Te p!ocess o$ assessin* dama*e? $ollo&in* a disaste!? to compute! a!d&a!e? ital !eco!ds? o$$ice $acilities? etc" and dete!minin* &at can be sala*ed o! !esto!ed and &at must be !eplaced" $ata Center "e6oGer. - Te component o$ (isaste! /ecoe!y tat deals &it te Date

e!sion 1"6

Pa*e #


!esto!ation? at an alte!nate location? o$ data cente!s se!ices and compute! p!ocessin* capabilities" Similar (erms8 ;ain$rame :eco#ery $ata Center "elo6ation - Te !elocation o$ an o!*ani+ationLs enti!e data p!ocessin* ope!ation" $e6laration Fee - A one-time $ee? ca!*ed by an Alte!nate 2acility p!oide!? to a custome! &o decla!es a disaste!" Similar (erms8 =oti$ication Fee =%(98 Some reco#ery #endors apply t)e declaration $ee a'ainst t)e $irst $e! days o$ reco#ery $e6r.=tion - te p!ocess o$ ta8in* an enc!ypted $ile and !econst!uctin* te o!i*inal $ile" Tis is te opposite o$ enc!yption" $e:i6ate: Line - A p!e-establised point-to-point communication lin8 bet&een compute! te!minals and a compute! p!ocesso!? o! bet&een dist!ibuted p!ocesso!s? tat does not !eui!e dial-up access" $e=art7ental "e6oGer. Tea7 - A *!oup o$ indiiduals !esponsible $o! pe!$o!min* !ecoe!y p!ocedu!es speci$ic to tei! depa!tment" $.na7i6 )ro;t0 an: "e6onfi+,ration $)" - A (ot Fill tecnolo*y tat allo&s te system administ!ato! to uic8ly and easily add capacity o! can*e /AI( leels &ile te system is in use" $ial Ba6,= - Te use o$ dial-up communication lines as a bac8up to dedicated lines" $ial-U= Line - A communication lin8 bet&een compute! te!minals and a compute! p!ocesso!? &ic is establised on demand by dialin* a speci$ic telepone numbe!" $isaster - Any eent tat c!eates an inability on an o!*ani+ations pa!t to p!oide c!itical business $unctions $o! some p!edete!mined pe!iod o$ time" Similar (erms8 Business *nterruptionK %uta'eK Catastrop)e $isaster PreGention - 4easu!es employed to p!eent? detect? o! contain incidents tat? i$ uncec8ed? could !esult in disaste!" $isaster PreGention C0e6list - A uestionnai!e used to assess p!eentatie measu!es in a!eas o$ ope!ations suc as oe!all secu!ity? so$t&a!e? data $iles? data ent!y !epo!ts? mic!ocompute!s? and pe!sonnel" $isaster "e6oGer. - Te ability to !espond to an inte!!uption in se!ices by implementin* a disaste! !ecoe!y plan to !esto!e an o!*ani+ationLs c!itical business $unctions" $isaster "e6oGer. A:7inistrator - Te indiidual !esponsible $o! documentin* !ecoe!y actiities and t!ac8in* !ecoe!y p!o*!ess" $isaster "e6oGer. Coor:inator - Te (isaste! /ecoe!y Coo!dinato! may be !esponsible $o! oe!all !ecoe!y o$ an o!*ani+ation o! units;" Similar (erms8 Business :eco#ery Coordinator $isaster "e6oGer. Perio: - Te time pe!iod bet&een a disaste! and a !etu!n to no!mal $unctions? du!in* &ic te disaste! !ecoe!y plan is employed" $isaster "e6oGer. Plan $"P - Te document tat de$ines te !esou!ces? actions? tas8s and data !eui!ed to mana*e te business !ecoe!y p!ocess in te eent o$ a business inte!!uption" Te plan is desi*ned to assist in !esto!in* te business p!ocess &itin te stated disaste! !ecoe!y *oals" $isaster "e6oGer. Plannin+ - Te tecnolo*ical aspect o$ business continuity plannin*" Te adance plannin* and p!epa!ations tat a!e necessa!y to minimi+e loss and ensu!e continuity o$ te c!itical business $unctions o$ an o!*ani+ation in te eent o$ disaste!"

Date

e!sion 1"6

Pa*e #


Similar (erms8 Business Continuity Plannin'K usiness resumption plannin'K corporate Business Continuity Plannin'K usiness interruption plannin'K disaster preparedness $isaster "e6oGer. Soft;are - An application p!o*!am deeloped to assist an o!*ani+ation in &!itin* a comp!eensie disaste! !ecoe!y plan" $isaster "e6oGer. Tea7s B,siness "e6oGer. Tea7s9 A st!uctu!ed *!oup o$ teams !eady to ta8e cont!ol o$ te !ecoe!y ope!ations i$ a disaste! sould occu!" $is arra. see arra. - an a!!an*ement o$ t&o o! mo!e a!d dis8s? in /AI( o! daisycain con$i*u!ation? o!*ani+ed to imp!oe speed and p!oide p!otection o$ data a*ainst loss" $istrib,te: 6o7=,tin+ enGiron7ent - A set o$ middle&a!e standa!ds tat de$ines te metod o$ communication bet&een clients and se!e!s in a c!oss-plat$o!m computin* eni!onmentJ enables a client p!o*!am to initiate a !euest tat can be p!ocessed by a p!o*!am &!itten in a di$$e!ent compute! lan*ua*e and oused on a di$$e!ent compute! plat$o!m" $i+ital Linear Ta=e $LT - A se!pentine tecnolo*y $i!st int!oduced by (i*ital Euipment Co!po!ation and late! deeloped by Guantum $o! tape bac8up5a!cie o$ net&o!8s and se!e!sJ (T tecnolo*y add!esses mid!an*e to i*-end tape bac8up !eui!ements" Ele6troni6 In:,stries Asso6iation EIA - A t!ade association tat establises elect!ical and elect!onics-o!iented standa!ds" Ele6troni6 Va,ltin+ - T!ans$e! o$ data to an o$$site sto!a*e $acility ia a communication lin8 !ate! tan ia po!table media" Typically used $o! batc5)ou!naled updates to c!itical $iles to supplement $ull bac8ups ta8en pe!iodically" E7er+en6. - A sudden? unexpected eent !eui!in* immediate action due to potential t!eat to ealt and sa$ety? te eni!onment? o! p!ope!ty" E7er+en6. Pre=are:ness - Te discipline &ic ensu!es an o!*ani+ation? o! communityLs !eadiness to !espond to an eme!*ency in a coo!dinated? timely? and e$$ectie manne!" E7er+en6. Pro6e:,res - A plan o$ action to commence immediately to p!eent te loss o$ li$e and minimi+e in)u!y and p!ope!ty dama*e" Ele6tro Ma+neti6 Interferen6e EMI  J 7at occu!s &en elect!oma*netic $ields $!om one deice inte!$e!e &it te ope!ation o$ some ote! deice" E7=lo.ee "elief Center E"C - A p!edete!mined location $o! employees and tei! $amilies to obtain $ood? supplies? $inancial assistance? etc"? in te eent o$ a catast!opic disaste!" En6r.=tion - Te p!ocess o$ codin* a messa*e to ma8e it unintelli*ible" Enter=rise stora+e net;or ESN - an inte*!ated suite o$ p!oducts and se!ices desi*ned to maximi+e ete!o*eneous connectiity and mana*ement o$ ente!p!ise sto!a*e deices and se!e!sJ a dedicated? i*-speed net&o!8 connected to te ente!p!iseLs sto!a*e systems? enablin* $iles and data to be t!ans$e!!ed bet&een sto!a*e deices and client main$!ames and se!e!s" EnGiron7ent - te a**!e*ate o$ exte!nal p!ocedu!es? conditions? and ob)ects tat a$$ect te deelopment? ope!ation? and maintenance o$ a system" Et0ernet - a local a!ea net&o!8 standa!d $o! a!d&a!e? communication? and cablin*" E?ten:e: O,ta+e - A len*ty? unplanned inte!!uption in system aailability due to compute! a!d&a!e o! so$t&a!e p!oblems? o! communication $ailu!es" Date

e!sion 1"6

Pa*e #.


E?tra E?=ense CoGera+e - Insu!ance coe!a*e $o! disaste! !elated expenses tat may be incu!!ed until ope!ations a!e $ully !ecoe!ed a$te! a disaste!" Fa6ilities - A location containin* te euipment? supplies? oice and data communication lines? to conduct t!ansactions !eui!ed to conduct business unde! no!mal conditions" Similar (erms8 Primary Site, Primary Processin' Facility, Primary %$$ice Facility FailoGer - te t!ans$e! o$ ope!ation $!om a $ailed component e"*"? cont!olle!? dis8 d!ie; to a simila!? !edundant component to ensu!e uninte!!upted data $lo& and ope!ability" Fa,lt toleran6e - te ability o$ a system to cope &it inte!nal a!d&a!e p!oblems e"*"? a dis8 d!ie $ailu!e; and still continue to ope!ate &it minimal impact? suc as by b!in*in* a bac8up system online" Fiber C0annel-Arbitrate: Loo= FC-AL - A $ast se!ial bus inte!$ace standa!d intended to !eplace SCSI on i*-end se!e!s" A 2ib!e Cannel implementation in &ic use!s a!e attaced to a net&o!8 ia a one-&ay !in* loop; cablin* sceme" Fiber C0annel Co77,nit. FCC - J An inte!national non-p!o$it o!*ani+ation &ose membe!s include manu$actu!e!s o$ se!e!s? dis8 d!ies? /AI( sto!a*e systems? s&itces? ubs? adapte! ca!ds? test euipment? cables and connecto!s? and so$t&a!e solutions" Fiber C0annel - A i*-speed sto!a*e5net&o!8in* inte!$ace tat o$$e!s i*e! pe!$o!mance? *!eate! capacity and cablin* distance? inc!eased system con$i*u!ation $lexibility and scalability? and simpli$ied cablin*" Fiber $istrib,te: $ata Interfa6e F$$I - A 166 4bit5s A9SI standa!d A9 a!citectu!e? de$ined in @3T0"," Te unde!lyin* medium is optical $ibe! tou* it can be coppe! cable? in &ic case it may be called C((I; and te topolo*y is a dual-attaced? counte!-!otatin* to8en !in*" File Ba6,= - Te p!actice o$ dumpin* copyin*; a $ile sto!ed on dis8 o! tape to anote! dis8 o! tape" Tis is done $o! p!otection case te actie $ile *ets dama*ed" File "e6oGer. - Te !esto!ation o$ compute! $iles usin* bac8up copies" File SerGer - Te cent!al !eposito!y o$ sa!ed $iles and applications in a compute! net&o!8 A9;" Foot=rint - te amount o$ $loo! space tat a piece o$ euipment e"*"? a !ac8mount enclosu!e; occupies" For7 fa6tor - te pysical si+e and sape o$ a deiceJ o$ten used to desc!ibe te si+e o$ dis8 a!!ays in a !ac8 mount enclosu!e" For;ar: "e6oGer. - Te p!ocess o$ !ecoe!in* a data base to te point o$ $ailu!e by applyin* actie )ou!nal o! lo* data to te cu!!ent bac8up $iles o$ te database" F,ll "e6oGer. Test An exe!cise in &ic all !ecoe!y p!ocedu!es and st!ate*ies a!e tested as opposed to a Pa!tial /ecoe!y Test"; )enerator - An independent sou!ce o$ po&e! usually $ueled by diesel o! natu!al *as" )i+ab.te - app!oximately one billion bytes? 1?6#' me*abytes" 2ost B,s A:a=ter 2BA - J a a!d&a!e ca!d tat !esides on te PC bus and p!oides an inte!$ace connection bet&een a SCSI deice suc as a a!d d!ie; and te ost PC" 2alon - A *as used to extin*uis $i!es e$$ectie only in closed a!eas" 2i+0 Priorit. Tass - Actiities ital to te ope!ation o$ te o!*ani+ation" Cu!!ently bein* pased out due to eni!onmental conce!ns" Similar (erms8 Critical Functions 2o7e =a+e - Te main pa*e on a 7eb site tat se!es as te p!ima!y point o$ ent!y to !elated pa*es &itin te site and may ae lin8s to ote! sites as &ell"

Date

e!sion 1"6

Pa*e #0


2ost-atta60e: stora+e - A sto!a*e system tat is connected di!ectly to te net&o!8 se!e!J also !e$e!!ed to as se!e!-attaced sto!a*e" 2ot site -An alte!nate $acility tat as te euipment and !esou!ces to !ecoe! te business $unctions a$$ected by te occu!!ence o$ a disaste!" Fot-sites may a!y in type o$ $acilities o$$e!ed suc as data p!ocessin*? communication? o! any ote! c!itical business $unctions needin* duplication;" ocation and si+e o$ te ot-site &ill be p!opo!tional to te euipment and !esou!ces needed" Similar (erms8 Bac&up siteK :eco#ery siteK :eco#ery CenterK Alternate processin' site 2ot s=are - a bac8up component e"*"? dis8 o! cont!olle!; tat is online and aailable sould te p!ima!y component *o do&n" 2ot s;a==able - te ability to !eplace a component e"*"? dis8 d!ie? cont!olle!? $an? po&e! sou!ce; &ile te system is on line? &itout ain* to po&e! do&nJ also !e$e!!ed to as ot-plu* !emoable" 2ierar60i6al Stora+e Mana+e7ent 2SM - J a sto!a*e system in &ic ne&? $!euently used data is sto!ed on te $astest? most accessible and *ene!ally mo!e expensie; media e"*"? /AI(; and olde!? less $!euently used data is sto!ed on slo&e! less expensie; media e"*"? tape;" 2,b - A deice tat splits one net&o!8 cable into a set o$ sepa!ate cables? eac connectin* to a di$$e!ent compute!J used in a local a!ea net&o!8 to c!eate a small-scale net&o!8 by connectin* see!al compute!s to*ete!" 2,7an T0reats - Possible dis!uptions in ope!ations !esultin* $!om uman actions i"e"? dis*!untled employee? te!!o!ism? etc";" 2eat Ventilation an: Air Con:itionin+ 2VAC  Te system tat p!oides and maintains a cont!olled eni!onment &it conditions conducie to continuous and uninte!!upted compute! ope!ations" I:entifi6ation - Te p!ocess tat enables? *ene!ally by te use o$ uniue macine!eadable names? !eco*nition o$ use!s o! !esou!ces? as indistin*uisable? to tose p!eiously desc!ibed to te automated in$o!mation system" Instit,te of Ele6tri6al an: Ele6troni6s En+ineers IEEE - Te la!*est tecnical society in te &o!ld? consistin* o$ en*inee!s? scientists? and studentsJ as decla!ed standa!ds $o! compute!s and communications" Initiator- A Small Compute! System Inte!$ace SCSI; deice tat !euests anote! SCSI deice a ta!*et; to pe!$o!m an ope!ationJ usually a ost compute! acts as an initiato! and a pe!ipe!al deice acts as a ta!*et" Infor7ation s.ste7 - Te o!*ani+ed collection? p!ocessin*? t!ansmission? and dissemination o$ in$o!mation in acco!dance &it de$ined p!ocedu!es? &ete! automated o! manual" Infor7ation te60nolo+. s.ste7 - an in$o!mation system tat is automated o! is an assembly o$ compute! a!d&a!e and so$t&a!e con$i*u!ed $o! te pu!pose o$ classi$yin*? so!tin*? calculatin*? computin*? summa!i+in*? t!ansmittin* and !eceiin*? sto!in* and !et!iein* data &it a minimum o$ uman inte!ention" Te te!m includes sin*le application p!o*!ams? &ic ope!ate independently o$ ote! p!o*!am applications" A Nsensitie in$o!mation tecnolo*y systemO means an in$o!mation tecnolo*y system tat contains sensitie in$o!mation" Infor7ation te60nolo+. installation - one o! mo!e compute! o! o$$ice automation systems? includin* !elated telecommunications? pe!ipe!al and sto!a*e units? cent!al Date

e!sion 1"6

Pa*e 36


p!ocessin* units? and ope!atin* and suppo!t system so$t&a!e" In$o!mation tecnolo*y installations may !an*e $!om in$o!mation tecnolo*y installations? suc as la!*e cent!ali+ed compute! cente!s? to indiidual stand-alone mic!op!ocesso!s? suc as pe!sonal compute!s" A Nsensitie in$o!mation tecnolo*y installationO means an in$o!mation tecnolo*y installation? &ic contains o! p!oides p!ocessin* $o! a sensitie in$o!mation tecnolo*y system" Infrastr,6t,re  1; te pysical euipment compute!s? cases? !ac8s? cablin*? etc"; tat comp!ises a compute! systemJ #; te $oundational basis tat suppo!ts te in$o!mation mana*ement capabilities? includin* te telecommunications and net&o!8 connectiity" Inte+rit. :ata - Tat att!ibute o$ data !elatin* to te p!ese!ation o$ 1; its meanin* and completeness? #; te consistency o$ its !ep!esentations;? and 3; its co!!espondence to &at it !ep!esents" Te in$o!mation tecnolo*y system o! installation contains in$o!mation tat must be p!otected $!om unauto!i+ed? unanticipated? o! unintentional modi$ication o! dest!uction? includin* detection o$ suc actiities" Inte*!ity is impo!tant to all in$o!mation because inaccu!acy comp!omises te alue o$ te in$o!mation system" a& en$o!cement? mission and li$e c!itical? and $inancial in$o!mation a!e examples o$ in$o!mation !eui!in* p!otection to p!ese!e inte*!ity" Inte+rit. s.ste7 - Tat att!ibute o$ a system &en it pe!$o!ms its intended $unction in an unimpai!ed manne!? $!ee $!om delibe!ate o! inade!tent unauto!i+ed manipulation o$ te system" InterFa6ilit. B,siness Contin,it. Plannin+ "e+,lation A !e*ulation &!itten and imposed by te 2ede!al 2inancial Institutions Examination Council conce!nin* te need $o! $inancial institutions to maintain a &o!8in* disaste! !ecoe!y plan" Interfa6e - A connection bet&een a!d&a!e deices? applications? o! di$$e!ent sections o$ a compute! net&o!8" Interi7 Or+aniational Str,6t,re - An alte!nate o!*ani+ation st!uctu!e tat &ill be used du!in* !ecoe!y $!om a disaste!" Tis tempo!a!y st!uctu!e &ill typically st!eamline cains o$ command and inc!ease decision-ma8in* autonomy" Internal 2ot sites - A $ully euipped alte!nate p!ocessin* site o&ned and ope!ated by te o!*ani+ation" Internet - A &o!ld&ide system o$ lin8ed compute! net&o!8s" Internet SerGi6e ProGi:er ISP - A company tat p!oides Inte!net access se!ices to consume!s and businessesJ ISPs lease connections $!om Inte!net bac8bone p!oide!sJ &ile most ISPs a!e small companies tat se!ice a local a!ea? te!e a!e also !e*ional and national ISPs suc as Ame!ica %nline;" Intero=erabilit. - Te ability o$ one compute! system to cont!ol anote!? een tou* te t&o systems a!e made by di$$e!ent manu$actu!e!s" Interr,=tion - An outa*e caused by te $ailu!e o$ one o! mo!e communications lin8s &it entities outside o$ te local $acility" Intranet - a compute! net&o!8? based on Inte!net tecnolo*y? &ic is desi*ned to meet te inte!nal needs $o! sa!in* in$o!mation &itin a sin*le o!*ani+ation o! company" In=,t/O,t=,t I/O - J /eception !ead; o! t!ansmission &!ite; o$ compute! si*nalsJ te enti!e connection pat bet&een te CP= bus and te dis8 d!ies" I/Os Per Se6on: IOPS - A measu!e o$ pe!$o!mance $o! a ost-attaced sto!a*e deice o! /AI( cont!olle!" (,st A B,n60 Of $iss (BO$ - A dis8 a!!ay &itout a cont!olle!" Date

e!sion 1"6

Pa*e 31


@ernel - Te co!e o$ an ope!atin* system suc as 7indo&s 0.? 7indo&s 9T? 4ac %S o! =nixJ p!oides basic se!ices $o! te ote! pa!ts o$ te ope!atin* system? ma8in* it possible $o! it to !un see!al p!o*!ams at once multitas8in*;? !ead and &!ite $iles and connect to net&o!8s and pe!ipe!als" Lo6al Area Net;or LAN - A A9 consists o$ pe!sonal compute!s tat a!e connected to*ete! t!ou* a!ious means? so tat tey can communicate &it eac ote!" A net&o!8 o$ compute!s? &itin a limited a!ea e"*"? a company o! o!*ani+ation;J Computin* euipment? in close p!oximity to eac ote!? connected to a se!e! &ic ouses so$t&a!e tat can be access by te use!s" Tis metod does not utili+e a public ca!!ie!" See Also A= LAN "e6oGer. - Te component o$ (isaste! /ecoe!y &ic deals speci$ically &it te !eplacement o$ A9 euipment in te eent o$ a disaste!? and te !esto!ation o$ essential data and so$t&a!e Similar (erms8 Client/Ser#er :eco#ery Lease: Line - =sually synonymous &it dedicated line" Le+a6. - A compute!? system? o! so$t&a!e tat &as c!eated $o! a speci$ic pu!pose but is no& outdatedJ anytin* le$t oe! $!om a p!eious e!sion o$ te a!d&a!e o! so$t&a!e" Line "ero,tin+ - A se!ice o$$e!ed by many !e*ional telepone companies allo&in* te compute! cente! to uic8ly !e!oute te net&o!8 o$ dedicated lines to a bac8up site" Line Volta+e "e+,lators - Also 8no&n as su!*e p!otecto!s" Tese p!otecto!s5!e*ulato!s dist!ibute elect!icity eenly" Lo+i6 Bo7b - A compute! code tat is p!eset to cause a mal$unction? at a late! time? &en a speci$ied set o$ lo*ical conditions occu!s" 2o! example? a speci$ic social secu!ity numbe! in a pay!oll system is p!ocessed and te lo*ic bomb is actiated? causin* an imp!ope! amount o$ money to be p!inted on te cec8" Loss - Te un!ecoe!able business !esou!ces tat a!e !edi!ected o! !emoed as a !esult o$ a disaste!" Suc losses may be loss o$ li$e? !eenue? ma!8et sa!e? competitie statu!e? public ima*e? $acilities? o! ope!ational capability" Loss "e:,6tion - Te tecniue o$ institutin* mecanisms to lessen te exposu!e to a pa!ticula! !is8" oss !eduction is intended to !eact to an eent and limit its e$$ect" Examples o$ oss /eduction include sp!in8le! systems" Linear Ta=e O=en LTO - J A ne& standa!d tape $o!mat deeloped by FP? IB4? and Sea*ateJ expected aailability in #666" Lo+i6al Unit N,7ber LUN - An add!essin* sceme used to de$ine SCSI deices on a sin*le SCSI bus" Ma60ine-rea:able Me:ia - 4edia tat can coney data to a *ien sensin* deice? e"*"? dis8ettes? dis8s? tapes? compute! memo!y" Mainfra7e Co7=,ter - A i*-end compute! p!ocesso!? &it !elated pe!ipe!al deices? capable o$ suppo!tin* la!*e olumes o$ batc p!ocessin*? i* pe!$o!mance on-line t!ansaction p!ocessin* systems? and extensie data sto!a*e and !et!ieal" Similar (erms8 7ost Computer Mali6io,s Soft;are - Any o$ a $amily o$ compute! p!o*!ams deeloped &it te sole pu!pose o$ doin* a!m" 4alicious code is usually embedded in so$t&a!e p!o*!ams tat appea! to p!oide use$ul $unctions but? &en actiated by a use!? cause undesi!able !esults" Me:ia Trans=ortation CoGera+e - An insu!ance policy desi*ned to coe! t!anspo!tation o$ items to and $!om an E(P cente!? te cost o$ !econst!uction and te t!acin* o$ lost Date

e!sion 1"6

Pa*e 3#


items" Coe!a*e is usually extended to t!anspo!tation and disonesty o! collusion by delie!y employees" Me+ab.te - App!oximately one million bytes? 1?6#' 8ilobytes Ma+neti6 In C0ara6ter "ea:er MIC" E,i=7ent - Euipment used to imp!int macine-!eadable code" Dene!ally? $inancial institutions use tis euipment to p!epa!e pape! data $o! p!ocessin*? encodin* imp!intin*; items suc as !outin* and t!ansit numbe!s? account numbe!s? and dolla! amounts" Mirrorin+ - A metod o$ sto!a*e in &ic data $!om one dis8 is duplicated on anote! dis8 so tat bot d!ies contain te same in$o!mation? tus p!oidin* data !edundancy" Mission 6riti6al - Any compute! p!ocess tat cannot $ail du!in* no!mal business ou!sJ some compute! p!ocesses e"*"? telepone systems; must !un all day lon* and !eui!e 166 pe!cent uptime" Mobile 2ot Site - A la!*e t!aile! containin* bac8up euipment and pe!ipe!al deices delie!ed to te scene o$ te disaste!" It is ten oo8ed up to existin* communication lines" Mo:,lator $e7o:,lator Unit MO$EM - (eice tat cone!ts data $!om analo* to di*ital and bac8 a*ain" Monitorin+ - An on*oin* actiity tat cec8s on te system? its use!s? o! te eni!onment" Mean S;a=s Bet;een Fail,re MSBF - A statistical calculation used to p!edict te ae!a*e use$ulness o$ a !obotic deice e"*"? a tape lib!a!y; &it any inte!!uption o$ se!ice" Mean Ti7e Bet;een Fail,re MTBF - A statistical calculation used to p!edict te ae!a*e use$ulness o$ a deice &itout any inte!!uption o$ se!ice" Mean Ti7e To "e=air MTT" - Te ae!a*e amount o$ time !eui!ed to !esole most a!d&a!e o! so$t&a!e p!oblems &it a *ien de ice" M,lti-=latfor7 - "Te ability o$ a p!oduct o! net&o!8 to suppo!t a a!iety o$ compute! plat$o!ms e"*" IB4? Sun? 4acintos;J also !e$e!!ed to as c!oss-plat$o!m" Nat,ral T0reats - Eents caused by natu!e causin* dis!uptions to an o!*ani+ation" Net;or - Te %pen Systems Inte!connect %SI; seen-laye! model attempts to p!oide a &ay o$ pa!titionin* any compute! net&o!8 into independent modules $!om te lo&est pysical; laye! to te i*est application; laye!" 4any di$$e!ent speci$ications exist at eac o$ tese laye!s" Te net&o!8 is composed o$ a communications medium and all components attaced to tat medium &ose !esponsibility is te t!ans$e!ence o$ in$o!mation" Net;or Ar60ite6t,re - Te basic layout o$ a compute! and its attaced systems? suc as te!minals and te pats bet&een tem" Net;or-Atta60e: Stora+e NAS - A dis8 a!!ay sto!a*e system tat is attaced di!ectly to a net&o!8 !ate! tan to te net&o!8 se!e! i"e"? ost attaced;J $unctions as a se!e! in a client5se!e! !elationsip? as a p!ocesso!? an ope!atin* system o! mic!o-8e!nel? and p!ocesses $ile I5% p!otocols suc as S4B and 92S" Net;or SerGi6e ProGi:er NSP - a company tat p!oides te national o! inte!national pac8et-s&itcin* net&o!8s tat ca!!y Inte!net t!a$$icJ also called a bac8bone ope!ato!" Net;or O,ta+e - An inte!!uption in system aailability as a !esult o$ a communication $ailu!e a$$ectin* a net&o!8 o$ compute! te!minals? p!ocesso!s? o! &o!8stations"

Date

e!sion 1"6

Pa*e 33


No:e or net;or no:e - Any deice tat is di!ectly connected to te net&o!8? usually t!ou* Ete!net cableJ nodes include $ile se!e!s and sa!ed pe!ipe!alsJ te name used to desi*nate a pa!t o$ a net&o!8" Tis may be used to desc!ibe one o$ te lin8s in te net&o!8? o! a type o$ lin8 in te net&o!8 $o! example? Fost 9ode o! Inte!cept 9ode;" Nonessential F,n6tion/$ata - Business actiities o! in$o!mation tat could be inte!!upted o! unaailable inde$initely &itout si*ni$icantly )eopa!di+in* c!itical $unctions o$ an o!*ani+ation" Nonessential "e6or:s - /eco!ds o! documents? &ic? i$ i!!et!ieably lost o! dama*ed? &ill not mate!ially impai! te o!*ani+ationLs ability to conduct business" NT Mi6rosoft 'in:o;s NT - An ope!atin* system deeloped by 4ic!oso$t $o! i* pe!$o!mance p!ocesso!s and net&o!8ed systems" Ori+inal E,i=7ent Man,fa6t,rer OEM - A company tat manu$actu!es a *ien piece o$ a!d&a!e unli8e a alue-added !eselle!? &ic can*es and !epac8a*es te a!d&a!e;" Off-2ost Pro6essin+ - A bac8up mode o$ ope!ation in &ic p!ocessin* can continue t!ou*out a net&o!8 despite loss o$ communication &it te main$!ame compute!" Off-Line Pro6essin+ - A bac8up mode o$ ope!ation in &ic p!ocessin* can continue manually o! in batc mode i$ te on-line systems a!e unaailable" Off-Site Stora+e Fa6ilit. - A secu!e location? !emote $!om te p!ima!y location? at &ic bac8up a!d&a!e? so$t&a!e? data $iles? documents? euipment? o! supplies a!e sto!ed" On-Line S.ste7s - An inte!actie compute! system suppo!tin* use!s oe! a net&o!8 o$ compute! te!minals" O=en s.ste7s net;or - A net&o!8 comp!ised o$ euipment tat con$o!ms to indust!y standa!ds o$ inte!ope!ability bet&een di$$e!ent ope!atin* systems e"*"? =nix? 7indo&s 9T;" O=eratin+ Soft;are - A type o$ system so$t&a!e supe!isin* and di!ectin* all o$ te ote! so$t&a!e components plus te compute! a!d&a!e" O=eratin+ S.ste7 - Te maste! cont!ol p!o*!am e"*"? 7indo&s; tat mana*es a compute!Ls inte!nal $unctions and p!oides a means o$ cont!ol to te compute!Ls ope!ations and $ile system" Or+aniation C0art - A dia*!am !ep!esentatie o$ te ie!a!cy o$ an o!*ani+ationLs pe!sonnel" Or+aniation-'i:e - A policy o! $unction applicable to te enti!e o!*ani+ation" O,ta+e - See Systems %uta'e O,tso,r6in+ - Te t!ans$e! o$ data p!ocessin* $unctions to an indepen dent ti!d pa!ty" O;ner - Te indiidual desi*nated as bein* !esponsible $o! te p!otection o$ IT !esou!ces" Te o&ne! *ene!ally $alls into t&o b!oad cate*o!ies: custodial and o&ne!" 2o! example? te No&ne!O o$ te !esou!ces? may be te mana*e! o$ tat $acility" /esou!ces located &itin use! a!eas may be No&nedO by te mana*e! o$ tose a!eas" To assist &it te dete!mination o$ o&ne!sip? indiidual system bounda!ies must be establised" A system is identi$ied by lo*ical bounda!ies bein* d!a&n a!ound te a!ious p!ocessin*? communications? sto!a*e? and !elated !esou!ces" Tey must be unde! te same di!ect mana*ement cont!ol &it essentially te same $unction? !eside in te same eni!onment? and ae te same ca!acte!istics and secu!ity needs" %&ne!sip o$ in$o!mation and5o! in$o!mation p!ocessin* !esou!ces may be assi*ned to an o!*ani+ation? subo!dinate $unctional element? a position? o! a speci$ic indiidual" 7en o&ne!sip is assi*ned to an Date

e!sion 1"6

Pa*e 3'


o!*ani+ational o! $unctional element? te ead o$ te unit so desi*nated &ill be conside!ed te !esou!ce o&ne!" Some? but not necessa!ily all $acto!s to be conside!ed in te dete!mination o$ o&ne!sip a!e: %Te o!i*inato! o! c!eato! o$ data" #%Te o!*ani+ation o! indiidual &it te *!eatest $unctional inte!est" &%Pysical possession o$ te !esou!ce" Parallel Test- A test o$ !ecoe!y p!ocedu!es in &ic te ob)ectie is to pa!allel an actual business cycle" Parit. :ata - A bloc8 o$ in$o!mation matematically c!eated $!om see!al bloc8s o$ use! data to allo& !ecoe!y o$ use! data contained on a d!ie tat as $ailed in an a!!ayJ used in /AI( leels 3 and ," Pass;or: - A st!in* o$ alpanume!ic ca!acte!s cosen by an indiidual to elp ensu!e tat tei! compute! access is p!otected" Pass&o!ds a!e can*ed $!euently to minimi+e te !is8 o$ unauto!i+ed disclosu!e" Additional pass&o!ds may be assi*ned by te use! to pa!ticula! $iles o! data sets" Personal Co7=,ter Inter6onne6t PCI - An indust!y-standa!d bus used in se!e!s? &o!8stations? and PCs" Peri=0eral E,i=7ent- (eices connected to a compute! p!ocesso! tat pe!$o!m suc auxilia!y $unctions as communications? data sto!a*e? p!intin*? etc" Petab.te - 1?6#' te!abytes" P0.si6al Safe+,ar:s - Pysical measu!es ta8en to p!eent a disaste!? suc as $i!e supp!ession systems? ala!m systems? po&e! bac8up and conditionin* systems? access cont!ol systems? etc" Platfor7 - A a!d&a!e standa!d? suc as IB4? Sun? o! 4acintos" Portable S0ell - An eni!onmentally p!otected and !eadied st!uctu!e tat can be t!anspo!ted to a disaste! site so euipment can be obtained and installed nea! te o!i*inal location" Pro6e:,ral Safe+,ar:s - P!ocedu!al measu!es ta8en to p!eent a disaste!? suc as sa$ety inspections? $i!e d!ills? secu!ity a&a!eness p!o*!ams? !eco!ds !etention p!o*!ams? etc" Pro=rietar. - P!iately deeloped and o&ned tecnolo*y" Proto6ol - A standa!d tat speci$ies te $o!mat o$ data and !ules to be $ollo&ed in data communication and net&o!8 eni!onments" "AI$ A:Gisor. Boar: "AB - J an o!*ani+ation o$ sto!a*e system manu$actu!e!s and inte*!ato!s dedicated to adancin* te use and a&a!eness o$ /AI( and associated sto!a*e tecnolo*iesJ sta!ted in 100#? /AB states its main *oals as education? standa!di+ation and ce!ti$ication" "a67o,nt - Te cabinet tat ouses a se!e!5sto!a*e &o!8station also !e$e!!ed to as a se!e! !ac8;J to mount euipment into a cabinet" "e:,n:ant Arra. of In:e=en:ent or ine?=ensiGe $iss "AI$ - A collection o$ sto!a*e dis8s &it a cont!olle! o! cont!olle!s; to mana*e te sto!a*e o$ data on te dis8s" "e:,n:ant $ata Pat0 "$P - (ot FillLs so$t&a!e tecnolo*y tat c!eates an alte!nate data pat bet&een te se!e! and te sto!a*e system in te eent o$ system component $ailu!es to ensu!e continuous access to data" "eal-ti7e - Immediate p!ocessin* o$ input o! noti$ication o$ status"

Date

e!sion 1"6

Pa*e 3,


"e6i=ro6al A+ree7ent - An a*!eement bet&een t&o o!*ani+ations &it compatible compute! con$i*u!ations allo&in* eite! o!*ani+ation to utili+e te ote!Ls excess p!ocessin* capacity in te eent o$ a disaste!" "e6or: "etention - Sto!in* isto!ical documentation $o! a set pe!iod o$ time? usually mandated by state and $ede!al la& o! te Inte!nal /eenue Se!ice" "e6oGer. A6tion Plan - Te comp!eensie set o$ documented tas8s to be ca!!ied out du!in* !ecoe!y ope!ations" "e6oGer. AlternatiGe - Te metod selected to !ecoe! te c!itical business $unctions $ollo&in* a disaste!" In data p!ocessin*? some possible alte!naties &ould be manual p!ocessin*? use o$ se!ice bu!eaus? o! a bac8up site ot o! cold-site;" A !ecoe!y alte!natie is usually selected $ollo&in* a /is8 Analysis? Business Impact Analysis? o! bot" Similar (erms8 Bac&up site, ac&up alternati#e "e6oGer. Ca=abilit. - Tis de$ines all o$ te components necessa!y to pe!$o!m !ecoe!y" Tese components can include a plan? an alte!nate site? can*e cont!ol p!ocess? net&o!8 !e!outin*? and ote!s" "e6oGer. Mana+e7ent Tea7 - A *!oup o$ indiiduals !esponsible $o! di!ectin* te deelopment and on-*oin* maintenance o$ a disaste! !ecoe!y plan" Also !esponsible $o! decla!in* a disaste! and p!oidin* di!ection du!in* te !ecoe!y p!ocess" "e6oGer. Plannin+ Tea7 - A *!oup o$ indiiduals appointed to oe!see te de elopment and implementation o$ a disaste! !ecoe!y plan" "e6oGer. Point ObJe6tiGe "PO - Te point in time to &ic data must be !esto!ed in o!de! to !esume p!ocessin* t!ansactions" /P% is te basis on &ic a data p!o)ection st!ate*y is deeloped" "e6oGer. Tea7 - See Business :eco#ery (eam "e6oGer. Ti7e - Te pe!iod $!om te disaste! decla!ation to te !ecoe!y o$ te c!itical $unctions" "elo6atable S0ell - See Portale S)ell "e6oGer. =ro6e:,res - te actions necessa!y to !esto!e a systemKs p!ocessin* capability and data $iles a$te! a system $ailu!e" "is - A combination o$ te li8eliood tat a t!eat &ill occu!? te li8eliood tat a t!eat occu!!ence &ill !esult in an ade!se impact? and te see!ity o$ te !esultin* ade!se impact" "is anal.sis - A $o!mal systematic app!oac to assessin* te ulne!ability o$ an in$o!mation tecnolo*y system o! installation" /is8 analysis is te p!ocess o$ analy+in* t!eats to and ulne!abilities o$ an in$o!mation system to dete!mine te !is8s potential $o! losses;" Te !esultin* data is ten analy+ed" Te analysis is used as a basis $o! identi$yin* app!op!iate and cost-e$$ectie measu!es to counte! te identi$ied t!eats and ulne!abilities" Te !is8 analysis identi$ies t!eats? uanti$ies te potential losses $!om t!eat !eali+ation? examines te cost bene$it o$ applyin* alte!natie measu!es to counte! te identi$ied t!eats and !educes potential loss? and de$ines o! documents te de*!ee o$ acceptable !is8" Similar (erms8 :is& assessmentK impact assessmentK corporate loss analysisK ris& identi$icationK exposure analysisK exposure assessment "is 7ana+e7ent - Te p!ocess o$ te identi$ication? measu!ement? cont!ol? and minimi+ation o$ secu!ity !is8 in in$o!mation systems" Also? it means to assess !is8? ta8e actions to !educe !is8 to an acceptable leel? and maintain !is8 at tat leel" Ine!ent in

Date

e!sion 1"6

Pa*e 3


tis de$inition a!e te concepts tat !is8 cannot be completely eliminated and te most secu!e compute! system is te one tat no one uses" "o,ter - An elect!onic deice tat connects t&o o! mo!e net&o!8s and !outes incomin* data pac8ets to te app!op!iate net&o!8" Safe+,ar:s - Te p!otectie measu!es and cont!ols tat a!e p!esc!ibed to meet te secu!ity !eui!ements speci$ied $o! a system" SalGa+e H "estoration - Te p!ocess o$ !eclaimin* o! !e$u!bisin* compute! a!d&a!e? ital !eco!ds? o$$ice $acilities? etc" $ollo&in* a disaste!" SalGa+e Pro6e:,res - Speci$ied p!ocedu!es to be actiated i$ euipment o! a $acility sould su$$e! any dest!uction" Sa7=le Plan - A *ene!ic disaste! !ecoe!y plan tat can be tailo!ed to $it a pa!ticula! o!*ani+ation" Stora+e Area Net;or SAN - A net&o!8 in$!ast!uctu!e o$ sa!ed multi-ost sto!a*e? lin8in* all sto!a*e deices as &ell as inte!connectin* !emote sites" Satellite Co77,ni6ation - (ata communications ia satellite" 2o! *eo*!apically dispe!sed o!*ani+ations? may be iable alte!natie to *!ound-based communications in te eent o$ a disaste!" S6alable - Te ability o$ a p!oduct o! net&o!8 to accommodate *!o&t" S6an - To examine compute! codin*5p!o*!ams seuentially? pa!t by pa!t" 2o! i!uses? scans a!e made $o! i!us si*natu!es o! potentially unsa$e p!actices" E"*"? can*es to an executable $ile? di!ect &!ites to speci$ic dis8 secto!s? et al";" S6o=e - P!ede$ined a!eas o$ ope!ation $o! &ic a disaste! !ecoe!y plan is deeloped" S7all Co7=,ter S.ste7 Interfa6e SCSI - An inte!$ace tat se!es as an expansion bus tat can be used to connect a!d dis8 d!ies? tape d!ies? and ote! a!d&a!e components" Se6,re - In te!minolo*y? suc as e"*"? secu!e A9 o! secu!e deice? means tat te !outin* add!esses on te net&o!8 a!e monito!ed and allo&ed to p!oceed only $o! auto!i+ed use!s" Tis net&o!8 t!a$$ic monito!in* and auto!i+ation p!ocess is !e$e!!ed to as <=ame>Ks N$i!e&allsO" Systems and deices? not bein* monito!ed? a!e !e$e!!ed to as bein* outside o$ <=ame>Ks secu!e $i!e&all and te te!m Nnon-secu!eO is applied" Se6,rit. feat,res - A!e cont!ols tat p!otect a*ainst te identi$ied ulne!abilities? i"e" $i!e and &ate! ala!ms? pass&o!ds and ote! access p!otection? use o$ !emoable media $o! data sto!a*e? data alidation cont!ols? audit t!ails? un-inte!!uptible po&e! sou!ces =PS; to p!otect a*ainst elect!ical outa*es? pe!sonnel sc!eenin*? compute! secu!ity a&a!eness t!ainin* o$ use!s? etc" Se6,rit. infra6tion - Te $ailu!e to $ollo& applicable la&s and !e*ulations and establised <=ame> policies and p!ocedu!es pe!tainin* to te p!otection o$ <=ame> in$o!mation and compute! !esou!ces" Fence$o!t? in$!action and iolation a!e to be used inte!can*eably t!ou*out tis document" Se6,rit. =oli6. - Te set o$ la&s? !ules? and p!actices tat !e*ulate o& an o!*ani+ation mana*es? p!otects? and dist!ibutes sensitie in$o!mation" Se6,rit. s=e6ifi6ation - A detailed desc!iption o$ te secu!ity !eui!ements and speci$ications necessa!y to p!otect an in$o!mation tecnolo*y system o! installation" SensitiGe infor7ation - In$o!mation tat !eui!es a de*!ee o$ p!otection due to its natu!e? ma*nitude o$ loss? o! a!m tat could !esult $!om inade!tent o! delibe!ate disclosu!e? modi$ication? o! dest!uction" Tis includes in$o!mation tat is Date

e!sion 1"6

Pa*e 3


%4ission c!itical i"e"? loss o! a!m &ould be suc tat an <=ame> o$$ice could not pe!$o!m essential $unctions;" #%Sould not be disclosed unde! te 2!eedom o$ In$o!mation Act? suc as p!op!ieta!y data and economic $o!ecasts" P!op!ieta!y data includes t!ade sec!ets? comme!cial? o! $inancial data obtained in te cou!se o$ Doe!nment business? $!om o! !elatin* to a pe!son o! pe!sons outside te *oe!nment? not *ene!ally aailable to te public? and &ic is p!iile*ed? &ould cause competitie a!m i$ !eleased? o! impai! te ability o$ te *oe!nment to obtain data in te $utu!e" &%Complies &it %4B Ci!cula! A-1# 2inancial 4ana*ement Systems" 1%Complies &it te P!iacy Act o$ 10'" (ata? &ic pe!tains to a speci$ic indiidual by name? Social Secu!ity 9umbe! o! by some ote! identi$yin* means? and is pa!t o$ a system o$ !eco!ds as de$ined in te P!iacy Act o$ 10'" 3%Classi$ied" SerGer - A compute! tat sto!es application and data $iles $o! all &o!8stations on a net&o!8J also !e$e!!ed to as a $ile se!e!" S0a:o; File Pro6essin+ - An app!oac to data bac8up in &ic !eal-time duplicates o$ c!itical $iles a!e maintained at a !emote p!ocessin* site" Similar (erms8 :emote ;irrorin' Si7,lation Test - A test o$ !ecoe!y p!ocedu!es unde! conditions app!oximatin* a speci$ic disaste! scena!io" Tis may inole desi*nated units o$ te o!*ani+ation actually ceasin* no!mal ope!ations &ile exe!cisin* tei! p!ocedu!es" Sills InGentor. - A listin* o$ employees tat lists tei! s8ills tat apply to !ecoe!y" S=in:le - 4ecanism inside a a!d dis8 d!ie tat moes te eads into placeJ te axle on &ic a dis8 tu!ns" Serial Stora+e Ar60ite6t,re SSA - A i*-speed metod o$ connectin* dis8? tape? and C(-/%4 d!ies? p!inte!s? scanne!s? and ote! deices to a compute!" Stan:-Alone Pro6essin+ - P!ocessin*? typically on a PC o! mid-!an*e compute!? &ic does not !eui!e any communication lin8 &it a main$!ame o! ote! p!ocesso!" Stri=in+ - A metod o$ sto!a*e in &ic a unit o$ data is dist!ibuted and sto!ed ac!oss see!al a!d dis8s? &ic imp!oes access speed b ut does not p!oide !edundancy" Str,6t,re: 'al-T0ro,+0 Test - Team membe!s &al8 t!ou* te plan to identi$y and co!!ect &ea8nesses" S,bs6ri=tion - Cont!act commitment p!oidin* an o!*ani+ation &it te !i*t to utili+e a endo! !ecoe!y $acility $o! !ecoe!y o$ tei! main$!ame p!ocessin* capability" S,=er-,ser - A system account tat as $ull system-&ide administ!atie p!iile*es" 4ost =9I@ macines ae a lo* on account called NrootO? &ic acts as te supe!-use!" S,staine: 7o:e - Te measu!ed t!ans$e! !ate o$ a *ien deice du!in* no!mal ope!ation" S;it60 - A net&o!8 t!a$$ic-monito!in* deice tat cont!ols te $lo& o$ t!a$$ic bet&een multiple net&o!8 nodes" S.ste7 - A *ene!ic te!m used $o! its b!eity to mean eite! a ma)o! application o! a *ene!al suppo!t system" A system is identi$ied by lo*ical bounda!ies d!a&n a!ound te a!ious p!ocessin* communications? sto!a*e? and !elated !esou!ces" Tey must be unde! same di!ect mana*ement cont!ol not !esponsibility;? pe!$o!m essentially te same $unction? !eside in te same eni!onment? and ae te same ca!acte!istics and secu!ity needs" A system does not ae to be pysically connected"

Date

e!sion 1"6

Pa*e 3.


S.ste7s $o;nti7e - A planned inte!!uption in system aailability $o! sceduled system maintenance" S.ste7s inte+rator - An indiidual o! company tat combines a!ious components and p!o*!ams into a $unctionin* system? customi+ed $o! a pa!ticula! custome!Ls needs" S.ste7 O,ta+e - An unplanned inte!!uption in system aailability as a !esult o$ compute! a!d&a!e o! so$t&a!e p!oblems? o! ope!ational p!oblems" S.ste7 Se6,rit. Plan SSP - A plan to be deeloped by <=ame> in acco!dance &it %4B and 9IST *uidelines implementin* te Compute! Secu!ity Act o$ 10.? to sa$e*ua!d te secu!ity o$ its in$o!mation tecnolo*y systems and installations" Tar+et - a SCSI deice tat pe!$o!ms an ope!ation !euested by an initiato!" TC - Ta* command ueuin*J a $eatu!e int!oduced in te SCSI-# speci$ication tat pe!mits eac initiato! to issue commands accompanied by inst!uctions $o! o& te ta!*et sould andle te commandJ te initiato! can eite! !euest te command to be executed at te $i!st aailable oppo!tunity? in te o!de! in &ic te command &as !eceied? o! at a time deemed app!op!iate by te ta!*et" Te60ni6al T0reats - A disaste! causin* eent tat may occu! !e*a!dless o$ any uman elements" Tel6o - Abb!eiation $o! a Mtelecommunications company"M Te7=orar. O=eratin+ Pro6e:,res - P!edete!mined p!ocedu!es? &ic st!eamline ope!ations &ile maintainin* an acceptable leel o$ cont!ol and auditability du!in* a disaste! situation" Terab.te - App!oximately one t!illion bytes? 1?6#' *i*abytes" Test Plan - Te !ecoe!y plans and p!ocedu!es tat a!e used in a systems test to ensu!e iability" A test plan is desi*ned to exe!cise speci$ic action tas8s and p!ocedu!es tat &ould be encounte!ed in a !eal disaste!" Test s6enarios - A!e desc!iptions o$ te tests to be pe!$o!med to cec8 te e$$ectieness o$ te secu!ity $eatu!es" Tey may include alidation o$ pass&o!d const!aints? suc as len*t and composition o$ te pass&o!d? ent!y o$ e!!oneous data to cec8 data alidation cont!ols? !eie& o$ audit in$o!mation p!oduced by te system? !eie& o$ Business Continuity Plans and !is8 analyses? etc" T0reat - Any ci!cumstance o! eent &it te potential to cause a!m to a system in te dest!uction? disclosu!e? modi$ication o$ data? and5o! denial o$ se!ice" T0ro,+0=,t - 4easu!es te numbe! o$ se!ice !euests on te I5% cannel pe! unit o$ time" Ti7e Bo7b - Compute! code tat is p!eset to cause a late! mal$unction a$te! a speci$ic date? time? o! a speci$ic numbe! o$ ope!ations" Te N2!iday te 13tO compute! i!us is an example" Tis i!us in$ects te system see!al days o! een monts be$o!e and lies do!mant until te date !eaces 2!iday te 13t" To=olo+. - Deomet!ic a!!an*ement o$ nodes and cable lin8s in a local a!ea net&o!8J may be eite! cent!ali+ed o! decent!ali+ed" Transfer rate - Te numbe! o$ me*abytes o$ data tat can be t!ans$e!!ed $!om te !ead5&!ite eads to te dis8 cont!olle! in one second" Tra= $oor - A set o$ inst!uction codes embedded in a compute! ope!atin* system tat pe!mits access? &ile bypassin* secu!ity cont!ols" TroJan 2orse - A p!o*!am tat causes unexpected and usually undesi!able; e$$ects &en &illin*ly installed o! !un by an unsuspectin* use!" A T!o)an o!se is commonly dis*uised Date

e!sion 1"6

Pa*e 30


as a *ame? a utility? o! an application" A pe!son can eite! c!eate o! *ain access to te sou!ce code o$ a common? $!euently used p!o*!am and ten add code? so tat te p!o*!am pe!$o!ms a a!m$ul $unction? in addition to its no!mal $unction" Tese p!o*!ams a!e *ene!ally deeply bu!ied in te code o$ te ta!*et p!o*!am? lie do!mant $o! a p!eselected pe!iod? and a!e t!i**e!ed in te same manne! as a lo*ic bomb" A T!o)an o!se can alte!? dest!oy? disclose data? o! delete $iles" T,rne. - A p!oduct o! system tat can be plu**ed in? tu!ned on? and ope!ated &it little o! no additional con$i*u!in*" Uninterr,=tible Po;er S,==l. UPS - A bac8up po&e! supply &it enou* po&e! to allo& a sa$e and o!de!ly sutdo&n o$ te cent!al p!ocessin* unit sould te!e be a dis!uption o! sutdo&n o$ elect!icity" UNI! - An ope!atin* system tat suppo!ts multitas8in* and is ideally suited to multi-use! applications suc as net&o!8s;" U=loa:in+ - Connectin* to anote! compute! and sendin* a copy o$ p!o*!am o! $ile to tat compute!" S99 AS% Do!nloadin' Usef,l "e6or:s - /eco!ds tat a!e elp$ul but not !eui!ed on a daily basis $o! continued ope!ations" User - A pe!son o! a p!ocess accessin* an automated in$o!mation system? eite! by di!ect o! indi!ect connection" User Contin+en6. Pro6e:,res - 4anual p!ocedu!es to be implemented du!in* a compute! system outa*e" User I$ - A *!oup o$ ca!acte!s and5o! numbe!s tat uniuely identi$y an indiidual and a!e used to *ain alid access to a compute! system" A use! id is no!mally coupled &it a pass&o!d tat is set by te o&ne! o$ te use! id" Val,e-A::e: "eseller VA" - A business tat !epac8a*es and imp!oes a!d&a!e manu$actu!ed by an o!i*inal euipment manu$actu!e!" Vir,s - A code se*ment tat !eplicates by attacin* copies o$ itsel$ to existin* executable p!o*!ams" Tis is usually done in suc a manne! tat te copies &ill be executed &en te $ile is loaded into memo!y? allo&in* tem to in$ect still ote! $iles? and so on" Te ne& copy o$ te i!us is executed &en a use! executes te ne& ost p!o*!am" Te i!us may include any additional NpayloadO tat is t!i**e!ed &en speci$ic conditions a!e met" 2o! example? some i!uses display a text st!in* on a pa!ticula! date" Te!e a!e many types o$ i!uses includin* a!iants? oe!&!itin*? !esident? stealt? and polymo!pic" i!uses o$ten ae dama*in* side e$$ects? sometimes intentionally? sometimes not" Vir,s :ete6tion soft;are - So$t&a!e &!itten to scan macine-!eadable media on compute! systems" Te!e a!e a *!o&in* numbe! o$ !eputable so$t&a!e pac8a*es aailable tat a!e desi*ned to detect and5o! !emoe i!uses" In addition? many utility p!o*!ams can sea!c text $iles $o! i!us si*natu!es o! potentially unsa$e p!actices" Vir,s si+nat,re - A uniue set o$ ca!acte!s? &ic identi$y a pa!ticula! i!us" Tis may also be !e$e!!ed to as a i!us ma!8e!" Vital "e6or:s - /eco!ds o! documents? $o! le*al? !e*ulato!y? o! ope!ational !easons? cannot be i!!et!ieably lost o! dama*ed &itout mate!ially impai!in* te o!*ani+ationLs ability to conduct business" Voi6e "e6oGer. - Te !esto!ation o$ an o!*ani+ationLs oice communications system" V,lnerabilit. - A &ea8ness in an in$o!mation system o! component e"*"? secu!ity p!ocedu!es? a!d&a!e desi*n? inte!nal cont!ols; tat could be exploited? attac8ed o! $ail" Date

e!sion 1"6

Pa*e '6


ulne!abilities include susceptibility to pysical dan*e!s? suc as $i!e o! &ate!? unauto!i+ed access to sensitie data? ent!y o$ e!!oneous data? denial o$ timely se!ice? $!aud? etc" 'i:e Area Net;or 'AN - A net&o!8 tat uses i*-speed? lon*-distance communications tecnolo*y e"*"? pone lines and satellites; to connect compute!s oe! lon* distances" Simila! to a A9? except tat pa!ts o$ a 7A9 a!e *eo*!apically dispe!sed? possible in di$$e!ent cities o! een on di$$e!ent continents" Public ca!!ie!s li8e telecommunications ca!!ie!s a!e included in most 7A9sJ e!y la!*e 7A9s may ae inco!po!ate satellite stations o! mic!o&ae to&e!s" 'ar7 Site - An alte!nate p!ocessin* site &ic is only pa!tially euipped As compa!ed to Fot Site &ic is $ully euipped;" 'eb 6a60e - A 7eb cace $ills !euests $!om te 7eb se!e!? sto!es te !euested in$o!mation locally? and sends te in$o!mation to te clientJ te next time te &eb cace *ets a !euest $o! te same in$o!mation? it simply !etu!ns te locally caced data instead o$ sea!cin* oe! te Inte!net? tus !educin* Inte!net t!a$$ic and !esponse time" 'eb site - A location on te 7o!ld 7ide 7eb tat is o&ned and mana*ed by an indiidual? company o! o!*ani+ationJ usually contains a ome pa*e and additional pa*es tat include in$o!mation p!oided by te siteLs o&ne!? and may include lin8s to ote! !eleant sites" 'orl: 'i:e 'eb ''' - A *lobal ype!text system ope!atin* on te Inte!net tat enables elect!onic communication o$ text? *!apics? audio? and ideo" 'or7 - A complete p!o*!am tat p!opa*ates itsel$ $!om system to system? usually t!ou* a net&o!8 o! ote! communication $acility" A &o!m is simila! to a i!us" It is able to in$ect ote! systems and p!o*!ams usually by spa&nin* copies o$ itsel$ in eac compute!Ks memo!y" A &o!m di$$e!s $!om a i!us? in tat a i!us !eplicates itsel$? &ile a &o!m does not" A &o!m copies itsel$ to a pe!sonKs &o!8station oe! a net&o!8 o! t!ou* a ost compute! and ten sp!eads to ote! &o!8stations" A &o!m mi*t duplicate itsel$ in one compute! so o$ten tat it causes te compute! to c!as" Sometimes &!itten in sepa!ate se*ments? a &o!m is int!oduced su!!eptitiously into a ost system? eite! $o! $un o! &it intent to dama*e o! dest!oy in$o!mation" It can easily ta8e oe! a net&o!8? as te Ninte!netO &o!m did" Te Ninte!netO &o!m &as intentionally !eleased into te A/PA9ET p!edecesso! to te inte!net; by /obe!t 4o!!is in 10? as an expe!iment" =nli8e a t!o)an o!se? a &o!m ente!s a system uninited" !O" en+ine9 P!ocess o! set o$ inst!uctions tat calculates data bit !elationsips in a /AI( subsystem"

8

APPEN$ICES

All te items in tis section sould !eceie a sepa!ate appendix" In many cases in$o!mation &ill be *ene!ated $!om te I4S database" 2!euent updates and !eie&s sould be made $o! tis data" A p!inted copy sould be made $o! inclusion in te Business Continuity Plan" Fo&ee!? as tis is te dynamic in$o!mation? te o$$icial !eco!d sould be te I4S" Access to te I4S sould be aailable $!om outside te < Facility.s> no!mal ope!ation location" I4S data sould be sto!ed in a location *eo*!apically sepa!ate $!om < Facility.s> o$$ices" A means to access tis data $!om alte!nate locations sould be in place and tested" Date

e!sion 1"6

Pa*e '1


Date

e!sion 1"6

Pa*e '#


APPEN$I! A  BUSINESS CONTINUITY PLAN CONTACT INFO"MATION

Date

e!sion 1"6

Pa*e '3


Tis appendix sould include all points o$ contact o$ positions desc!ibed in te Business Continuity Plan and 8ey o!*ani+ational pe!sonnel" Include ome and mobile telepone numbe!s" Include eme!*ency location assi*nments" Include a telepone t!ee? &ic lists te o!de! o$ contact &en a contin*ency situation o! disaste! is decla!ed" Te contact list sould indicate te system and o!*ani+ation &itin te tat eac indiidual is associated &it" A !e$e!ence list o$ eme!*ency se!ices and public utilities sould be included"

Date

e!sion 1"6

Pa*e ''


APPEN$I! B  EME")ENCY P"OCE$U"ES

Date

e!sion 1"6

Pa*e ',


Include Eme!*ency P!ocedu!es $o! <=ame> <=ame> and and te 2acility" 2acility" (esc!ibe actions to to be ta8en by employees empasi+in* pe!sonnel sa$ety" sa$ety" Add!ess potential potential scena!ios includin* $i!e? bomb t!eat o! eent? and ciil ciil diso!de!s" Include eacuation p!ocedu!es"

Date

e!sion 1"6

Pa*e '


APPEN$I! C  TEAM STAFFIN) STAFFIN) AN$ TAS@IN)S TAS@IN)S

Date

e!sion 1"6

Pa*e '


Incl Includ udee a !ost !oste! e! and and list list o$ acti action onss and and !esp !espon onsi sibi bili liti ties es $o! $o! eac eac team team c!ea c!eate ted d by < Facility Facility> > in Section ,"#" Te $ollo&in* is an example o$ t&o tables $o! eac team: Ro*e Business Continuity Plan Coordinator Coordinator 5(eam 5(eam eader Facilities :epresentati#e :epresentati#e 5(o coordinate closely !it) Facility 9n'ineer (ec)nical :epresentati#e 5s

#ame

Pre+ontin,ency Pre+ontin ,ency

Action 1 Action " Disaster ontin,ency ontin,ency Immediate Immediate Res-onse Res-onse

Action 1 Action " Post+ontin,ency Post+ontin ,ency

Action 1 Action "

Date

e!sion 1"6

Pa*e '.


APPEN$I! $  ALTE"NATE SITE P"OCE$U"ES

Date

e!sion 1"6

Pa*e '0


Tis appendix sould include detailed p!ocedu!es on standin* up te selected alte!nate sites;" Include contact indiiduals and numbe!s? maps $o! !eacin* te $acility? euipment on site tat sould be b!ou*t on line? euipment !eui!ed $o! p!ocu!ement? telecommunications p!oide!s $o! contact" Te!e sould be sepa!ate p!ocedu!es based on te < Facility.s> maintained aailability o$ a ot site and a cold site"

Date

e!sion 1"6

Pa*e ,6


APPEN$I! E  $OCUMENTATION LIST

Date

e!sion 1"6

Pa*e ,1


Include a list o$ all <=ame>? , and system documentation pe!tinent to te ope!ation and maintenance o$ eac system" Tis list sould include but is not limited to system a!citectu!e? ope!atin* manuals? system secu!ity plans? !is8 assessments? 4%=s? 4%As? SAs? testin* p!ocedu!es and !esults? system inte!dependencies? asset inento!y? a!d&a!e inento!y? so$t&a!e inento!y? bac8up p!ocedu!es? con$i*u!ation *uidelines? alte!nate site status and inento!y? and standa!d ope!atin* p!ocedu!es" (ocumentation must be deeloped? updated and5o! modi$ied to !e$lect te most cu!!ent in$o!mation and ten ente!ed into an automated (/P !elational database" A copy sould ten be sto!ed at te o$$site sto!a*e $acility" Tis data sould be !eie&ed and modi$ied as can*es occu! &itin te eni!onment"

Date

e!sion 1"6

Pa*e ,#


APPEN$I! F  SOFT'A"E INVENTO"Y

Date

e!sion 1"6

Pa*e ,3


Tis appendix sould be populated &it te most cu!!ent data tat di!ectly !e$lects te cu!!ent so$t&a!e? bein* tested and ealuated? ope!ational in te acceptance eni!onment pendin* $inal !eie&? implemented in p!oduction? o&ned &ete! onsite o! o$$site ?and deployed by te < Facility>" Tis sould include te licensin* a*!eements" A copy o$ tis data sould be sto!ed at te o$$site sto!a*e $acility alon* &it te Business Continuity Plan" An automated tool could assist &it te deelopment and implementation o$ tis type o$ p!oduct"

Date

e!sion 1"6

Pa*e ,'


APPEN$I! )  2A"$'A"E INVENTO"Y

Date

e!sion 1"6

Pa*e ,,


Tis appendix sould be populated &it te most accu!ate data !e$lectie o$ te a!d&a!e assets cu!!ently o&ned and deployed by te < Facility>" In addition te inento!y o$ te alte!nate site a!d&a!e assets sould be included as &ell" Te pu!case and implementation o$ an automated tool could assist in tis e$$o!t"

Date

e!sion 1"6

Pa*e ,


APPEN$I! 2  COMMUNICATIONS "EUI"EMENTS

Date

e!sion 1"6

Pa*e ,


Tis appendix sould include te most accu!ate data associated &it te data and oice communications in place $o! " It sould include an inento!y o$ all communications euipment? dia*!ams and uniuely identi$ied data 7A9 and A9 ci!cuits? data net&o!8 bac8up alte!naties? and oice net&o!8 speci$ications"

Date

e!sion 1"6

Pa*e ,.


APPEN$I! I -VEN$O" CONTACT LISTS

Date

e!sion 1"6

Pa*e ,0


Tis appendix sould be populated &it te listin* o$ all endo!s and cont!acto!s tat cu!!ently p!oide suppo!t o! &ill p!oide suppo!t in a post-disaste! eni!onment" Additionally? any Se!ice eel A*!eements SAs; tat ae been executed and all subseuent modi$ications sould be included &it accu!ate Points o$ Contact P%Cs; and eme!*ency contact in$o!mation"

Date

e!sion 1"6

Pa*e 6


APPEN$I! ( - E!TE"NAL SUPPO"T A)"EEMENTS

Date

e!sion 1"6

Pa*e 1


Tis appendix sould include documentation $o! se!ice and eme!*ency maintenance a*!eements &it manu$actu!e!s? data sto!a*e $acilities? telecommunications p!oide!s? and sta$$ t!anspo!tation p!oide!s" It sould include points o$ contact and auto!i+ation p!ocedu!es $o! delie!y o$ se!ices"

Date

e!sion 1"6

Pa*e #


APPEN$I! @ - $ATA CENTE"/COMPUTE" "OOM EME")ENCY P"OCE$U"ES AN$ "EUI"EMENTS

Date

e!sion 1"6

Pa*e 3


Tis appendix sould include additional eme!*ency p!ocedu!es $o! all secu!ed data cente! o! compute! !oom $acilities ostin* systems" In$o!mation on $i!e? smo8e? &ate!? and int!usion ala!ms sould be included" Po&e! do&n p!ocedu!es sould be included" 2acility layout? po&e! !eui!ements? cable dia*!ams? and media connection outlets sould be included" A (ata Cente! inento!y sould be ext!acted $!om Appendixes 2? D? and F and included in tis appendix"

Date

e!sion 1"6

Pa*e '


APPEN$I! L - PLAN MAINTENANCE P"OCE$U"ES

Date

e!sion 1"6

Pa*e ,


Tis appendix sould include te $!euency o$ !eie& $o! te plan" It can be diided into static in$o!mation and dynamic in$o!mation" Tis !esponsibility sould be assi*ned to an indiidual associated &it te Business Continuity Plan and included in tei! o$$icial )ob desc!iption"

Date

e!sion 1"6

Pa*e 


APPEN$I! M - CONTIN)ENCY LO)

Date

e!sion 1"6

Pa*e 

Contingency plan Template

Recommend Documents