IT DIsasTer recovery PolIcy 1

Transcription

1 IT Disaster Recovery Policy 1

2 1. PURPOSE An IT recovery strategy plan is necessary to minimize the effect of unexpected and undesirable situations affecting critical information or other parts of the organization s information systems and to recover quickly and effectively as possible from unseen disasters. 2. SCOPE To make sufficient preparations and to establish a set of agreed upon procedures for responding to a disaster or emergency in order to minimize risk in the organization. Ensure that proposed contingency arrangements are time-effective. 3. SAMRAS DRP PROCEDURE Check if mirror was successful to SAMRAS DRP server. If not restore previous successful backup from tape. Backup restoration from tape is as follows: Log in with System account (backup and restore rights) Select new backup and restore script from main menu Type yes for agreement Choose what to restore (payroll, all data etc.) by entering corresponding number. Confirm by typing yes If mirroring is successful, change IP address to by logging in with relevant super user account, use the ifconfig command to edit IP address. Reboot Test the restored installation to determine that it is fully operational. 4. IMIS AND FILE SERVER DRP PROCEDURE (same) Obtain DRP server and set the machines up as temporary server/s. Obtain the Microsoft CD s with the software and application cd s if required. Install the operating systems and load the latest service packs for the operating system to bring it to the required levels as required. Install the Backup software (Backup Exec) Steps 2-4 only if required. Restore image of previous Full and Differential backup(most recent) from NAS device: Open Symantec backup exec Run the restore backup wizard 2

3 5. PROCEDURE ACTIVITY FOR OFFSITE Locate a suitable building as a temporary Computer room. Reroute wireless connection in order to temporarily connect the various municipal sites to the temporary computer room. Obtain network router and network switch hardware from the suppliers, if needed. Obtain Server hardware as needed and set the machines up as temporary server/s Obtain the backup tapes from safe or NAS devices with backup images to restore the server. Obtain the Microsoft CD s with the software required. Obtain the various applications CD s Install the operating systems and load the latest service packs for the operating system to bring it to the required levels as required. Install the Backup software (Backup Exec) Restore backup/image of previous backup. Test the restored installation to determine that it is fully operational 6. Risk Management There are many potential disruptive threats which can occur at any time and affect the normal business process. We have considered a wide range of potential threats and the results of our deliberations are included in this section. Each potential environmental disaster or emergency situation has been examined. The focus here is on the level of business disruption which could arise from each type of disaster. Potential disasters have been assessed as follows: Potential Disaster Probability Rating Impact Rating Brief Description Of Potential Consequences & Remedial Actions Theft/ Vandalism 1 1 Burglar gates, Security camera s and security officer, access control system Fire 1 3 Fire extinguisher installed. Offsite Temporary server room Electrical storms 1 2 Power surge protection plus, UPS installed Data loss 2 3 Backup procedures in place, Backup restore testing procedure, SAMRAS DRP in place Electrical power 1 1 UPSs installed, Power surge Failure Loss of communications network services protection 2 2 Reroute wireless connection through secondary antenna s.(backup antenna s) Probability: 5=Very High, 1=Very Low Impact: 5=Total destruction, 1=Minor annoyance 3

4 7. Emergency Response Plan Triggering Events Key trigger issues at headquarters that would lead to activation of the DRP are: Total loss of all communications Total loss of power Loss of the building Assembly Points Where the premises need to be evacuated, the DRP invocation plan identifies two evacuation assembly points: Primary Main entrance in front of building; Alternate Parking lot of company at the back 8. RECORDING AND MANAGEMENT OF DRP When an incident occurs the DRP must be activated. The IT Department will then decide the extent to which the DRP must be invoked. All IT personnel must be issued a reference with contact details to be used in the event of a disaster. Responsibilities of IT are: IT Department must respond immediately to a potential disaster Assess the extent of the disaster and its impact on the business, data center, etc. DR assessment and management form to be completed Decide which elements of the DR Plan should be activated Establish and manage disaster recovery to maintain services and return to normal operation Ensure employees are notified and allocate responsibilities and activities as required Supplier Contact Info Company, Name, Title Contact Option Contact Number CEO s Technologies (servers) Work Alternate Dries Swanepoel Mobile Address Lynsey Pretorius Alternate lynseyp@ceos.co.za Bytes Technologies (Samras) Work Roland Looser Alternate Mobile Address Roland.looser@bytes.co.za Alternate Samras.support@bytes.co.za TGIS (IMIS) Work Alta Mobile Anancia Mobile Shaun Mobile Anton Mobile

5 Company, Name, Title Contact Option Contact Number Telkom (lines + phones) Work Louis Greyer Mobile Ryk Myburg Mobile Tokkie Meyer Mobile Kendall Mobile Desmond Visagie Mobile Louis Greyer Address geyerl@telkom.co.za Desmond Visagie Alternate visagidm@telkom.co.za URB (servers, , internet, Work network, wireless) Charniel Viljoen Mobile Andries Fourie Mobile Charniel Address charniel@urb.co.za Andries Alternate andries@urb.co.za Personnel Contacts Name, Title Contact Number Gilbert Lategan - Municipal Support Director Petrus Beukes Financial Director Kobus van Zyl Acting Director Corporate Services Hersiening van beleid // Reviewing of policy Hersiening van beleid geskied jaarliks waar wetgewing dit vereis (Council 26/9/2012) The reviewal of policy only be done annually where required by legislation (Council 26/9/2012) Opvolging/Succession Hierdie beleid is ook van toepassing op Siyanda Distrik Munisipaliteit se opvolger in regte. This policy is also relevant to Siyanda District Municipalities successor in law. Approved by:.. Municipal Manager Date Reviewed by Council: 30/08/2012 Amended by Council: 26/09/2012 5