Information Technology – Business Continuity Planning Essay Sample

Information Technology – Business Continuity Planning Pages
Pages: Word count: Rewriting Possibility: % ()

INTRODUCTION

In the present day world, “Business Continuity Planning” is becoming more and more important. Today, we are faced with multiple internal as well as external threats, some of which are man- made and others are natural. E.g. earthquakes, fire wars, terrorists attack, etc. Therefore, there is a need for making comprehensive arrangements for Business Continuity in the form of instituting physical security measures and backup arrangements so that operational sustainability of the institutions is ensured. As such, management of the organizations undertakes all actions high priority to having adequate measure in place for dealing effectively with emergency situations.

Few of the possible contingencies can be:

  • Flood, storm and earthquakes. (Natural Threat).
  • Fire, explosions, bomb threats. (Human Threat).
  • Electricity failures, telephone network failures, hardware or software technical breakdown.

Such disasters can bring operations to a complete stand still; affect premises, hardware, data, information and people.

This document describes the scenarios mentioned above and lays down at length specific actions required to be taken in such situations. It answers potential questions that may arise in emergency situations; for example what to do, when to react, where to report and who is responsible for managing the crisis.

General Emergencies.

  • Electrical power failure.
  • Computer hardware failure

Major Emergencies.

  • Hurricane/Typhoon, Flood and Earthquake
  • Bomb threat.
  • Civil disturbances.

EMERGENCY RESPONSES AND BACKUP

DEFINITION: In the definitions, which follow, the length of the emergency determines the category of emergency, i.e. whether it is short term, extended term or total disaster. In an emergency situation at the Data Center, Management should determine the length of the emergency and how long the disruption can be tolerated before loss results. A general emergency is normally caused by power failure, temporary hardware or software break down. Major emergencies covers the rest i.e. fire, bomb threat, civil disturbances, act of God e.g. earthquake, heavy down pour, major break down in hardware. Depending on the nature of the emergency, certain individuals and organizations must be contacted immediately.

AREAS OF RESPONSIBILITIES:

A listing of telephone numbers, to be used only in the time of an emergency, must be prepared and be readily available.

  • Fire Department.
  • Police Department.
  • Electric Supply Company
  • SCL (Hardware failure).
  • Backup facility Manager.
  • Computer Operators.

In an emergency the above officers and areas should be corroborated closely at all times to resolve problems and maintain an effective work force.

COMPUTER HARDWARE FAILURE

AREA OF RESPONSIBILITY: According to the nature of the emergency, the I.T. staff at the site impacted by the emergency condition may be required to contact any or all of the following:

  1. Fire Department
  2. Police Department
  3. General Services Department
  4. Country Operations Manager
  5. Internal Audit Department
  6. T Department – Karachi

BACK-UP PROCEDURE – SITE NOT DESTROYED:

 This procedure may be invoked by either of the following:

  1. Chief Operating Officer
  2. Country Operations & IT Head
  3. T. Manager
  4. Any of their designates

 If the disruption occurs during execution, person processing to notify the COO/I.T. Manger immediately. If duration of the failure exceeds two hours, than COO /I.T. Manager or his designate may decide to postpone processing till next morning. Similarly, if disruption occurs on Saturday during ONLINE processing and failure is not expected to be recovered by 16.00 hours than COO /I.T. Manager or his designate may decide to warp up till next morning as backup site is closed on Saturday. Otherwise the procedures to be followed are:

  1. Notify all department heads of the computer failure and that input and reports may be delayed.
  1. Arrange with all staff members of I.T. Department to standby for work to be done either at back-up site or on site.
  1. Arrange with each Operation Departments to make available at least one user, supervisor and officer to assist at the back-up site (data input, categorizing and controlling items to be transported to back-up site and releasing and authorizing transactions). In addition arrange personnel from Internal Audit department to supervise off-site data entry.
  1. Contact back-up site to arrange for computer time and support services either at their location or arrange for relocation CPU/Disk Storage to the new premises.
  1. Arrange with Administration Department for the transport of the following to back-up site if the data is to be processed off-site:
  2. a)    Personnel
  3. b)    Application System Software
  4. c)     All required files
  1. Prepare control log for all items transported to and from the back-up site.
  1. Assign personnel to accompany items, documents and materials while they are in transit or at back-up site. The I.T. personnel and Internal Audit will be responsible for above functions.

BACK-UP PROCEDURE – SITE DESTROYED:

This procedure may be invoked by either of the following:

  1. Chief Operating Officer
  2. Country Operations & IT Head
  3. T. Manager
  4. Any of their designates

The Procedures to be followed are:

Contact vendors/architect to negotiate contracts and orders for:

  1. Computer hardware
  2. Computer site reconstruction.
  3. Supplies, forms. Etc.
  4. Arrange for approval for funds appropriation for (1)
  5. Contact the back-up site and arrange for long term computer time and support services.
  6. Obtain from off site record retention center:
  1. All documentation regarding processing and control of application.
  2. All required files.
  3. Copies of system software
  4. Copies of application software
  1. Arrange with each Operations Departments to make available at least one clerk, supervisor and officer to assist at the back-up site (data input, categorizing and controlling items to be transported to back-up site and for transactions release and authorization). In addition arrange personnel from Internal Audit department to supervise off-site data entry.
  1. Arrange for the transport of the following to the back-up site:
  1. Application & System Software
  2. All required files
  3. All documentation required supplies
  1. Prepare control log for all items transported to and from the back-up site.
  1. Assign personnel to accompany items, documents and materials while they are in transit to back-up site. The I.T. personnel and Internal Audit will be responsible for the above function.

RESPONSES TO MAJOR EMERGENCY

  1. Hurricane/Typhoon, Flood and earth quake
  1. Bomb threat
  1. Civil disturbance
  1. Fire
  1. A) HURRICANE/TYPHOON, FLOOD, EARTH QUAKE:

 In case of emergency falling because of any of above, “Back-up procedure – Site Destroyed/Site not destroyed” will be followed.

  1. B)   BOMB THREATS:
  2. When a bomb threat is received, the person receiving the call will try to obtain as much information as possible form the caller, keep the caller talking without interruption and ask the caller to repeat the message and write the message if possible in its entirety.
  1. Bomb warning check list – try to obtain the following from the caller:
  2. Location of bomb
  3. When it is set to go off
  4. The type and description of bomb
  5. Description of caller, i.e. sex, age, nationality, political affiliation, etc.
  6. Voice characteristics
  7. Line static, echo, other line characteristics
  8. Did caller mention any names?
  1. Report the call to the Chief Operating Officer and Country Operations & IT Head immediately, as a prompt decision must be made to implement evacuation procedures.
  1. Alert the police who will in turn notify the Bomb Disposal Unit who will then comb the area.
  1. The areas to be searched should be isolated and the search team should include appropriate personnel who will be acknowledgeable of specific locations for bomb placement and would recognize foreign objects within affected areas.
  1. When the premises have been evacuation all windows and doors should be opened to reduce the blast damage.
  1. If a search without evacuation is to be instituted, a general announcement of the bomb threat should not be made to avoid confusion and panic. However, the search team should have some means of alerting personnel should a bomb or suspicious item be detected.
  1. e) Under no circumstances should members of the search team touch the bomb or suspicious package. The experts from the police bomb squad or a military demolition team should handle it.
  1. When a bomb threat is received through written communication, every effort will be made to safe guard the envelop and contents from unnecessary handling (for evidence purpose)

In these cases, the following steps will be taken:

The person receiving the correspondence will contact the Chief Operating Officer and the General Service Department.

The General Service Department will be responsible for any further actions concerning the threat.

Civil Disturbances:

  1. In the event of a civil disturbance, the primary consideration will be:
  1. Ensure the safety of all personnel
  1. Advice senior management as to the seriousness of the situation.
  1. Determine if emergency evacuation is necessary.
  1. The Chief Operating Officer/ Country Operations & IT Head or his designate will take the following actions:
  1. Contact Police if they are not already on the scene
  2. Inform head office about overall situation.
  1. If a decision to evacuate is made, the Emergency Evacuation procedure (Which should be available with the general service) will be followed, however, COO/Internal Auditor/ Country Operations & IT Head or their designate should make every reasonable attempt to:
  1. Secure police escort for personnel.
  1. Secure all files, reports, in the fire proof vault.
  1. Secure all magnetic media including mounted disk packs in fire proof cabinet/Vault.
  1. When the disturbance has ceased and Operation can resume the Chief Operating Officer or his designate will assess the situation to determine to what extent the following areas must be involved in the restoration of services at Branch Data Center.

EMERGENCY -FIRE:

During a Fire:

The person detecting the fire should alert all personnel in the immediate area call the fire brigade and inform the I.T. Manager immediately.

The following action will be taken:

  1. Sound the fire alarm.
  1. Power off all computer peripherals.
  1. If directed by supervisory personnel to fight the fire, remove the fire extinguishers from the wall brackets, follow instructions for its use, and direct contents on the blaze.
  1. If directed to evacuate, leave the floor at once via the nearest safest exit point and proceed to the area outside the branch.
  1. Before leaving the Data Center room the computer personnel or whoever is in the room should make sure that the computer system is powered down and secure the following materials:
  1. Set of tapes containing previous day’s backup of master files and other production libraries
  1. They must leave the computer room and proceed to the ground floor via the emergency exit door of the staircase or the normal staircase of the building and must never use the lifts at the main entrance.
  1. The I.T. Manager should ensure that all the I.T. personnel leave the Data Center.
  1. The I.T. Manager should verify all material taken from the Data Center if possible.
  1. All staff should assemble across the road – away from the building and any missing personnel should be reported to the Incharge Personnel Department.
  1. Do not return to the fire area or Data Center unless instructed to do so by authorized personnel.

After a Fire.

  1. The I.T. Manager will determine when it is safe for I.T. staff to re-enter the data Center.
  1. The I.T. manager will investigate and determine the following and must prepare a status report:
  1. Damage assessment in the area.
  2. Determination of any, existing or potential fire, or environmental hazards.
  3. Report on when resumption of work activity is feasible.
  4. Determination of time required returning to full operational status.
  5. In the event of serious damage to Data Center and computer peripherals, the contingency plan will be followed to support the operations of the branch.

References

Akhtar Syed and Afsar Syed (Nov 2003), Business Continuity Planning Methodology

Kenneth, A. Fulmer (Paperback – Oct 2004), Business Continuity Planning: A Step-by-Step Guide with Planning Forms, 3rd Edition

Douglas M. Henderson (May 1, 2006), The Comprehensive Business Continuity Management Program: Business Impact Analysis, Business Continuity Plan and Crisis / Risk Management Plan Development Templates

Kenneth N. Myers (Sep 29, 2006), Business Continuity Strategies: Protecting Against Unplanned Disasters

Faulkner Information Services (Jul 1, 2001), Preparing a Business Continuity Plan

Linda Pinson (Aug 30, 2001), Anatomy of a Business Plan

Search For The related topics

  • business
  • Olivia from Bla Bla Writing

    Hi there, would you like to get such a paper? How about receiving a customized one? Check it out https://goo.gl/3EfTOL

    sample
    Haven't found the Essay You Want?
    GET YOUR CUSTOM ESSAY SAMPLE
    For Only $13.90/page