University IT Disaster Recovery Plan

Abstract

In this case study we would be drafting a disaster recovery plan for Robert University which includes all the critical data resources to needed for the university to establish critical functions to be operational in an event of disaster and minimize the effects of damage. In this case study described below allows all the necessary operations to the staff needed in an event of a disaster

Keywords:  disaster recovery, disaster, critical functions

University IT Disaster Recovery Plan 

In an event of disaster, this recovery plan can help the Robert university staff and IT department to reduce the effects of damage and quickly restore university critical operations.

Plan Overview and Objectives

This is a disaster recovery plan drafted for all campuses and managements of Robert University. Robert University is one the prestigious educational university across the United States offering excellent degree programs to students providing undergraduate and masters. In this recovery process, each structural procedure is well defined and is necessary to follow when the disaster emergency is invoked. The disaster recovery office and team members are responsible to activate the initiation of the disaster plan when invoked.

The primary responsibilities are to provide a comprehensive plan in responding to the threats caused by the disaster, safeguard critical university data and records and return to minimal / operational process, threat aversion and recovery of incase of lost information.

Recovery process would be enforced and each disaster recovery teams are well defined about their roles and responsibilities. All teams perform recovery activities in a well-coordinated manner to ensure independent from threat to be effective.

Declaration of Disaster

The following persons are authorized in these titles has the right to invoke a disaster and signal the initiation of the recovery process in an event of the disaster at Robert University.

Positions / Titles

Chancellor

Vice- Chancellor

Head of IT/ Operations department

Disaster planning mechanism

Robert University is fully committed in having an effective disaster plan for its campuses across the United states in compliance with the state and federal laws. The disaster recovery plan consists of disaster recovery mechanisms that would help in mitigating its effect. (Van Alstin, C. M., 2016) The threats are effectively tackled, and all measures are taken to cover the vulnerabilities in the system to minimize the impact of the risk. We classify the threats into low risk hazards and high-risk hazards which can be both natural and man-made. Some of the disasters include low-risk

• Destruction of equipment
• Communication equipment damage
• Infrastructure Damage
• Interruptions- Short term
   

Natural Hazards

• Fire
• Earthquake
• Flood
• Tornado and High winds

Preventive Measures:

 Fire:

All buildings in the university campuses are fitted with excellent state of the art fire alarm system and fire extinguishers and emergency exits at all campuses. All detailed procedures and protocols in an event of fire. Regular monitoring and inspections of the fire equipment is also made mandatory.

Flood, Tornados and High winds:

  In an event of flood, tornados and high winds, students and faculty members are issued warning in an event through college communication and advised to seek shelter in the designated hallway in case of emergency. (Van Alstin, C. M.,2016) Advisory messages would be sent out through emails to students and teachers.

 

Earthquake:

Although Robert University and its campuses are not located in the earthquake prone or low risk area, several precautions have been taken to avert the threat. The buildings of the university campuses have been built to resist the earthquake. All measures have been taken to prevent damage.

Terrorists and Cyberattacks:  Robert University and its campuses are well guarded by university police and well lit in night to provide security and tackle situations. All server rooms are well guarded. University and its vendors are constantly upgrading their IT assets from cyber criminals and ensure university property is well guarded. These are some of the hazards to be protected where cyber criminals can tamper with.

        University Records can be destroyed

      Student Credits and Registrations

      Records of Graduation

      Payment records of Students

      Payrolls

      Accounts and Budgets

      Alumni/ Donations Records

Preventive measures:

The Department of IT for Robert University is responsible for handling all operations of information technology. All the infrastructure systems are encrypted with strong passwords. Passwords are changed on a regular basis. Strictly authorized persons undergo background checks to protect the integrity of the data. All licenses and software are procured through vendors after through verification. All sensitive data is continuously updated in back site servers and can be restored immediately in an event of disaster even if the central servers are in downtime. For example: If the Records of Graduation department servers is are down, precautions are laid down to restore normalcy within moments of time without loss of critical data.

Decision Making for a disaster workflow

 

 

 

Key Members of Recovery teams

 

a)      Disaster Recovery Supervisor

b)     Management Team members

c)      Vendors and Suppliers

d)     Technical Members

e)      University Management

Disaster Recovery supervisor:

One of the key responsibilities of disaster recovery supervisor is responsible for ensuring recovery plan is in the state of readiness in an event of a disaster. Other responsibilities include

• Mitigating of the recovery plan
• Training of personnel belonging to recovery teams
• Disaster recovery plan testing and updating.
• Evaluation and monitoring of disaster recovery plans.
• Reviewing and updating recovery plan annually basis.

Disaster recovery supervisor acts as a liaison between recovery teams, vendors & suppliers and managements teams in an event of a disaster.

 

Recovery infrastructure

 The University has a dedicated alternate site to restore all operations and fitted with all the supplies and office stations till the normalcy is retuned. A dedicated site is to be operated from a different city to ensure operations can be restored. There is a dedicated cold site with excellent connectivity and excellent state of the art HVAC systems to ensure all servers kick in immediately. All the inventory and computer supplies are well stored, and university has partnerships with various vendors and suppliers to restore the software and licenses on basis of emergency. The IT department is responsible for mitigating the process.

Emergency backup strategies:

 

 The university has a backup location site where critical data and information is updated on a periodically basis and it uses high encryption standards to protect the integrity of the data.

Some of the key procedures involved in the backup strategies include.

1. Maintenance of servers are done at night times. Prior notice is given to all students and management.
2. Monthly backups are stored for at least yearly before recycling.
3. Only designated members perform backups
4. All backups are stored securely at an alternative site.

Software Applications Recovery:

 At the university all software application is classified into four tiers. Tier 1 Applications are critical software’s, Tier 2 applications include vital software applications that is necessary for the returning to normalcy. Tier 3 and Tier 4 applications are those applications which can be flexible and non-essential applications.

All Tier 1 classification is considered as critical applications which means these vital assets are considered as high priority during recovery stages. In an occurrence of a disaster these tier applications can last up to 5hours after the outrage occurs. The next is tier 2 applications which lasts up to 12-16 hrs. after outrage so comes in line after all critical assets are recovered so priority of backing up this is next to tier1 applications. (Telenyk Sergii, Bukasov Maksym, & Yasochka Maksym.,2016). Other applications have downtime of 2-5 days which requires normal priority or low backups.

Classification	Applications	Recovery Time Priority
TIER 1	Critical Applications	High priority
TIER 2	Vital Applications	High priority after Tier 1 applications
TIER 3	Convenient applications	Normal priority
TIER 4	Non-Essential Applications	Least priority

Disaster Recovery Process.

As mentioned in the above plan, the emergency and recovery activation process are declared by the chancellor, vice-chancellor and head of the Head of IT/ Operations department the orders are passed to the disaster recovery supervisor. The disaster recovery then authorizes different recovery team to initiate the process of recovery. All personnel and equipment contingencies plans are placed in motion (Campbell, R. (2012). All university media and storage restoration without loss of critical data and all operations is the primary goal to ensure integrity and sustainability. The work flow is classified into stages as mentioned below

      Recovery plan to be implemented.

      Team Leaders would be notified.

      Contacts needed for key personnel will be notified.

      Alternate location would be activated

      Data center new location would be secured.

      New equipment would be reconfigured/ordered

      Network would be reconfigured

      New software and data would be installed.

      All users (students & faculty) and managements would be informed.

Determining Roles and establishing responsibilities for recovery process:

 

In this recovery plan we classify them into different teams which is responsible for different activities during emergency.

 

Infrastructure and Campus Team

This team is in charge for handling all missions related to the physical infrastructure that store computer systems, including both the main campus and cold site locations. They also are in charge for estimating the damage and repairs needed in an event of catastrophic disaster.

 

Responsibilities

• Ensuring that the alternate facility is properly maintained.
• Responsible for arranging transportation, inventory, food supplies and other arrangements are provided for all personnel working at the alternate facility.
• Assess infrastructure damage to the original facility.
• Appropriate precautions are taken to prevent further destruction to the original facility

IT Network Team

The IT network team is in charge for estimating the destruction caused to the university network facilities and responsible for providing communications connectivity during a catastrophe.

Responsibilities

• Estimating the destruction caused to the network framework at the facility and prioritize the recovery of services in the manner and order that has the least impact.
• Restoration of key communication services

Hardware Team

The hardware team is in charge for providing and recovering server & storage related operations for running key IT applications.

Responsibilities

• Estimating the impact to servers/storage and prioritizing key services the recovery of devices.
• Responsible for maintaining servers and storage services. Ensuring proper updating and backup copies
• Installing and maintaining servers across the campus.

 

How to establish critical services and functions:

Department	Critical activities
Financial	•         Financial management •         Emergency Funds •         Invoices for Repair and damages
Information Technology services	•         Establishing Help desks for students and managements •         Permissions and Authorization •         Contingency management •         Procurement of IT services •         Request fulfillment
HR	•         Establishing Executive communication •         Emotional support •         Payrolls
Recovery	•         Respond to crisis •         Assigning protocols as per recovery plan
Infrastructure	•         Procurement of Emergency site and establishing command center setup •         Local security •         Basic utilities (power, gas, water and sewage) •         HVAC’s systems
Transportation facilities	•         Establishing emergency transportation facilities
Others	•         Meetings  •         First responders. Police, fire, hospital •

Assessing the damage:

This is one the fundamental step in the recovery process. In this stage the impact of the disaster is determined to the all the assets of the university including the infrastructure of the university, hardware, software and personnel. All personnel struck in the disaster will be shifted to the nearby general hospital. Human life will be treated with top priority. During the catastrophic events medical condition such as exhaustion, post traumatic disorders can occur.( Wallace, M., & Webber, L.,2011). All recovery team members are trained to properly detect and help those people who survived the disaster.

In the recovery teams, Members are given full flexible freedom to assess the impact and determine the things needed for either replacing or repairing the critical assets. All assessment should be sent to the emergency procurement department for purchasing new infrastructure.

All hardware items which not damaged disaster should be evaluated and sent to storage area. The teams are divided into two groups. One team is responsible for finding out all the critical damaged and lost. (Preimesberger, C ,2017). The other team comprises of engineers to assessing of the condition of hardware. Based on the recommendations from the experts, decisions are made for procurement.

All HVAC’S systems in the campuses are constantly monitored and tested. All procedures regarding the facility maintenance takes around 20 days. If failed to perform then all the administration begins from alternative site.

All procurement including shipping, reordering, quotations of equipment does through emergency procurement department. Separate financial are allocated in the annual budget of the university for disaster management. The university has separate partnerships with several multinational and local vendors and suppliers to provide equipment at moment notice with transportation. Insurance coverage to some facilities also included.

Plan Testing

Testing is an important phase of DRP plan. It essentially reviews all the procedures and protocols in motion and ensure that the organization is prepared for all scenarios. The primary objective of a good disaster recovery plan is that it can be executed without hiccups and efficiently at any given time. (Wallace, M., & Webber, L.,2011) To make this happen, everyone is responsible and play an active role in the plan.

Some of the basic Testing agenda

        Scope of the test

        Objectives of the test

        Test Results

        Impact of the test results

        Updating and reevaluation of plans based on the test.

Evaluating the Test

        All the test participants involved in the plan should ensure that

a)      Objectives of the test are met

b)     Critical problems occurred during the test

c)      Addressing change of events occurred during the test

d)     All the resources used in the test

Occasional disaster recovery plan reviews need to happen, because changes can affect the recovery plans.

1. Constantly review all organizational needs, and prioritize the actions needed to be taken
2. Review and ensure all the team’s inventory and supplies lists needed are up to date.
3. Ensure that emergency telephone and contact lists are updated.

References

• Campbell, R. (2012). How to write a disaster recovery plan. Pulse, 72(41), 37–38. Retrieved from http://0-search.ebscohost.com.library.acaweb.org/login.aspx?direct=true&db=a9h&AN=84544623&site=ehost-live
• Preimesberger, C. (2017). 10 Essential Components of an Effective Disaster Recovery Plan. EWeek, 2. Retrieved from http://0-search.ebscohost.com.library.acaweb.org/login.aspx?direct=true&db=a9h&AN=123489768&site=ehost-live
• Telenyk Sergii, Bukasov Maksym, & Yasochka Maksym. (2016). Resource management for server virtualization under the limitations of recovery time objective. Open Physics, Vol 14, Iss 1, Pp 517-523 (2016), (1), 517. https://doi.org/10.1515/phys-2016-0059
• Van Alstin, C. M. (2016). How secure is your disaster recovery plan? Effective DR means being prepared for both tornados and ransomware… David Finn and David LeClair. Health Management Technology, 37(6), 6–8. Retrieved from http://0-search.ebscohost.com.library.acaweb.org/login.aspx?direct=true&AuthType=ip,cpid,url&custid=s4338230&db=c8h&AN=117941278
• Wallace, M., & Webber, L. (2011). The Disaster Recovery Handbook : A Step-by-Step Plan to Ensure Business Continuity and Protect Vital Operations, Facilities, and Assets (Vol. 2nd ed). New York: AMACOM. Retrieved from http://0-search.ebscohost.com.library.acaweb.org/login.aspx?direct=true&AuthType=ip,cpid,url&custid=s4338230&db=nlebk&AN=349248.