Business Continuity Plan Executive Overview

Similar documents
University Information Systems. Administrative Computing Services. Contingency Plan. Overview

Introduction to Business continuity Planning

TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY

INFORMATION SECURITY- DISASTER RECOVERY

Business Continuity and Disaster Recovery. Ed Crowley Ch 12

Data Storage, Recovery and Backup Checklists for Public Health Laboratories

Table of Contents. Sample

Template. IT Disaster Recovery Planning: A Template

BUSINESS CONTINUITY. Topics covered in this checklist include: General Planning

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 13 Business Continuity

Module 4 STORAGE NETWORK BACKUP & RECOVERY

CANVAS DISASTER RECOVERY PLAN AND PROCEDURES

Data Recovery Policy

Contingency Planning

IT CONTINUITY, BACKUP AND RECOVERY POLICY

Appendix 3 Disaster Recovery Plan

Continuity of Business

TEL2813/IS2820 Security Management

EXHIBIT A. - HIPAA Security Assessment Template -

Certified Information Systems Auditor (CISA)

Audit & Advisory Services. IT Disaster Recovery Audit 2015 Report Date January 28, 2015

Aljex Software, Inc. Business Continuity & Disaster Recovery Plan. Last Updated: 1/30/2017.

Piton Investment Management. Business Continuity Plan

Please indicate below the principle nature of your department s operations (check all that apply): Student life support.

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

Disaster Recovery Planning

Memorandum APPENDIX 2. April 3, Audit Committee

Dude Solutions Business Continuity Overview

DISASTER RECOVERY PRIMER

University of Hawaii Hosted Website Service

3.3 Understanding Disk Fault Tolerance Windows May 15th, 2007

Network Performance, Security and Reliability Assessment

Admin Plus Pack Option. ExecView Web Console. Backup Exec Admin Console

STATE OF NORTH CAROLINA

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

Contents. Chapter 3: Chapter 4: Critical Server Ranking Classifying Systems for Recovery Priority Mission-Critical Only, Please...

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Disaster Recovery (DR) Planning with the Cloud Desktop

SERVICE DESCRIPTION MANAGED BACKUP & RECOVERY

BME CLEARING s Business Continuity Policy

Power Outages and the Hosted VOIP Option

Disaster Recovery Solutions for Oracle Database Standard Edition RAC. A Dbvisit White Paper By Anton Els

MassMutual Business Continuity Disclosure Statement

Keys To Disaster Preparedness

Business Continuity Planning Keeping Pace with New Technology

Trust Services Principles and Criteria

Florida State University

Disaster Recovery Planning: Weighing your customer s options

Our key considerations include:

Rapid Recovery from Logical Corruption

Leveraging ITIL to improve Business Continuity and Availability. itsmf Conference 2009

REGIONAL UTILITY COORDINATION PLAN. Portland, Oregon / Vancouver, Washington Metropolitan Area

Data Center Operations Guide

Disaster recovery planning for health care data and HIPAA compliance regulations

The Future of Business Continuity & Resiliency

Testimony of Donald D. Kittell Executive Vice President Securities Industry Association

COUNTY GOVERNMENT OF BUSIA P.O. PRIVATE BAG BUSIA, KENYA. Disaster Recovery & Business Continuity Plan for ICT Services

Any observations not included in this report were discussed with your staff at the informal exit conference and may be subject to follow-up.

Introduction. Overview. Every Crisis Management Team Needs a Critical Decision Checklist. Presented by Roseanne Rostron, CBCP President Raido Response

Cybersecurity Checklist Business Action Items

Disaster Recovery and Business Continuity Planning (Mile2)

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

Public and Private Interdependencies Filling a Gap in Most Continuity Plans

Business Continuity: How to Keep City Departments in Business after a Disaster

High Availability through Warm-Standby Support in Sybase Replication Server A Whitepaper from Sybase, Inc.

Business Resiliency in the Cloud: Reality or Hype?

MUNICIPALITY OF NORRISTOWN. Responses to Proposal Questions

Businesss Continuity. Client Briefing

A CommVault White Paper: Business Continuity: Architecture Design Guide

Achieving Rapid Data Recovery for IBM AIX Environments An Executive Overview of EchoStream for AIX

Build a viable plan for disaster recovery and crisis management.

2 ESF 2 Communications

University of Pittsburgh Security Assessment Questionnaire (v1.7)

A Model for Resilience

NUIT Tech Talk. Emergency Preparedness. March 1, Sharlene Mielke. Jay Bagley. Disaster Recovery / Business Continuity Coordinator

Infocomm Professional Development Forum 2011

RECENT HURRICANE CASE STUDIES: IMPACT OF BUSINESS RECOVERY PLANNING AND TESTING. Dan Perrin, Regus Stephanie Samuels, Voya

DoDI IA Control Checklist - MAC 1-Classified. Version 1, Release March 2008

Subject: Audit Report 18-84, IT Disaster Recovery, California State University, Sacramento

POWERING NETWORK RESILIENCY WITH UPS LIFECYCLE MANAGEMENT

Natural Disaster Preparation Checklist

IPMA State of Washington. Disaster Recovery in. State and Local. Governments

Level 3 Certificate in Cloud Services (for the Level 3 Infrastructure Technician Apprenticeship) Cloud Services

IT-BCP Survey 2014 Report

ASSURING BUSINESS CONTINUITY THROUGH CONTROLLED DATA CENTER

Corporate Security & Emergency Management Summary of Submitted 2015 Budget From Rates

Business Continuity and Disaster Recovery

Report. Diemer Plant Improvements Program Audit Report. Internal Audit Report for January 2011

Information Technology Disaster Recovery Planning Audit Redacted Public Report

Physical and Environmental Security Standards

Disaster Recovery Planning: Is Your Plan in Place? Presented by: Steve Shofner, CISA, CGEIT

Six Myths About Business Continuity Management and Disaster Recovery

COMMUNICATIONS EMERGENCY SUPPORT FUNCTION (ESF #2) FORMERLLY COMMUNICATIONS AND WARNING

Business Continuity Planning

CUNY Graduate Center Information Technology. IT Provisioning for Business Continuity & Disaster Recovery Effective Date: April 6, 2018

Disaster Recovery Planning Blackout. Katrina

BUSINESS CONTINUITY: THE PROFIT SCENARIO

Cooling Contingency Planning. Planni ng for the U nexpected. Is Your Health Care Facility Prepared?

April Appendix 3. IA System Security. Sida 1 (8)

Global Statement of Business Continuity

Transcription:

Business Continuity Plan Executive Overview In terms of business continuity and disaster recovery planning, Harland Clarke s mission is to ensure the availability of critical business functions and Information Technology (IT) operations within acceptable timeframes should a disaster or outage affect one or more of our facilities or operations. Harland Clarke s plan is developed to meet the criteria and sound practices of the Federal Financial Institution Examination Council (FFIEC) interagency statement on contingency planning. The planning approach has the following features: Proactively evaluating risks and mitigating their effect through implementation of loss control counter measures, e.g., cyber risks & internet security provisions Annually updating the business impact analyses for prioritization of core processing and customer service functions and their information and service dependencies. Reviewing the plan quarterly Frequently upgrading business continuity strategies, the supporting disaster recovery strategies and their associated action plans part of our product development process Annually exercising sections of the business continuity plans and annual testing of disaster recovery plans Effectively providing awareness communications and training related to emergency operations, mitigation measures and recovery responsibilities for all associates 1 P age

BCP Activation Process Start Outage Reported -Console -Internal call, e-mail, fax -Client call, e-mail, fax -Automated Script -Supplier/PSP call, e-mail, fax Gather Details -Description of disaster? -Injuries? -City emergency offices contacted? -Extent of damage -Who else is affected? -Contact information Initiate Emergency Notification to CORPDR01 DRTDR Assessment Team Convenes at Predetermined Location Damage Assessment DRTDR Alert Alternate Site(s) Yes Activate Disaster Relocation Plan? Notify M&F Crisis Team Activate BCP/ DR Plan(s) No Follow Incident Management Process Notify Affected Clients 2 P age

Summary In the event of an emergency in one or more of our facilities, Harland Clarke has a number of available options depending on the particular situation. The Harland Clarke Information Systems are designed to transmit and transfer work anywhere in our system. Our typesetting systems and quality assurance files are centrally controlled and distributed. Therefore, the specifications for all of your documents are available for immediate use nationwide for as long as necessary. All check plants have designated alternate plants prepared to provide back-up support in case of a disaster or additional workload. However, in an emergency, any plant in any area can assist immediately. In addition, we have our own rebuilding operation with spare equipment ready and available for expansion, new plant start-ups, or for immediate shipment to any plant. This includes major equipment as well as spare parts. In addition to the above, Harland Clarke has employees who frequently travel to plants system-wide to support new technology installation, new plant start-ups and special high volume or short notice conversions. These employees, along with manufacturing staff employees, are available immediately in emergency situations. The following is an overview of Recovery Plans for critical business services: CPU and Network Contingency Plan A. Plan Elements Harland Clarke as a multi-faceted approach to protect the essential business functions served through data processing and data communications system. This approach is designed to prevent, minimize, and optimally recover from the loss of computing and communications resources, which drive our operations. Some of the elements of Legacy Clarke s plan are as follows: 1. Redundancy in mechanical and electrical systems UPS (Uninterruptible Power Supply) Emergency generator Redundant air conditioning Redundant chilled water units 3 P age

2. State-of-the-art fire protection and site security systems Fire suppression system Water detection system 3. Data protection and security systems Software and telecommunications security protection systems Off-site storage of data and system control software for backup protection 4. Redundancy in hardware and communications systems Redundancy in remote device and communications controllers at primary and recovery sites Integrated telecommunications dial back-up capability to remote customer sites and plants at primary and recovery sites 5. Site selection criterion for disaster prevention Not in flood plain Not in flight patterns Located away from railroads B. Disaster Downtime (RTO) We anticipate that, should a catastrophe strike a Harland Clarke computer center, critical systems can be recovered in 48 72 hours. This estimate is based upon our current design, and exercise results, the nature of the disaster, and what day of the week the disaster occurs. During this short period, all plant and customer service personnel would continue to operate using manual procedures. After computer operations are restored, this manual tracking of all orders and service calls would be re-entered into the system and all operations would return to normal. 4 P age

Disaster Recovery Plan for Imprint Plants All Harland Clarke imprint plants have designated alternate plants prepared to provide backup support in case of a disaster or additional workload. Our plan network is designed to direct or re-direct complete processing information from one production site to another. Each plant maintains a spare parts inventory in the event of a machine breakdown. Expensive or hard to replace parts are maintained by Plant Engineering Services (PES) to be shipped overnight if needed. Equipment Imprint plants in the Harland Clarke system are not run at full capacity. Based on this, any of our production sites are equipped for additional production capacity. In addition, we have our own equipment rebuilding and storage operation. This location houses enough spare equipment to expand or open a new operation. This includes major equipment as well as spare parts. Base Stock Inventories Should volumes increase to Harland Clarke for any reason, Harland Clarke Base Stock operations can immediately respond with increased production of check stock for any of our facilities. This additional base stock would be available for overnight shipment to any production site. Harland Clarke has deployed redundant systems in each regional print facility, and each system has the ability to hub work to an alternate plant due to application design. Redundant systems can be reconfigured quickly to accept work up to double the normal work performed. Disaster backup tapes are performed each work night. In the event that one or more plants become unavailable, work can be hubbed to an alternative plant within hours while backup tapes are being transported to the alternate plant location. These disaster recovery procedures are standard across the Harland Clarke plant network. 5 P age

Disaster Recovery Plan for MICR Forms Salt Lake City, UT Harland Clarke s MICR Forms primary production facility is located in Salt Lake City, Utah. The plants computer systems run on Windows NT platform (Compaq ProLiant and IBM blade servers). All systems are backed up to a tape library and stored onsite and offsite. The network is connected across the Harland Clarke WAN to allow communication between all plants and departments within the company. Our Jeffersonville, Indiana facility is our designated disaster recovery site. Most composition and production equipment is virtually identical. In the event of an emergency requiring additional capacity, our Columbia, South Carolina facility would be used for the creation of inventory and specific overprint product lines. Composition files are maintained on-line in both facilities. Daily backups are performed on all updated composition files. All composition files are compatible with Postscript Level III. Full system backups are performed once per week. Two rotating backups of the system files are maintained. One backup is kept at the on- site and another one is kept at Perpetual storage. Each week the backups are rotated. All press equipment is regularly maintained and each facility has a minimum of five presses, all virtually identical. In the event of an equipment breakdown, the products can be moved to another press within the facility within two hours. Both facilities have multiple pieces of bindery equipment equally capable of performing redundant tasks necessary to ship orders in a timely basis. Harland Clarke has a policy of planned redundancy and back-up sourcing of computer, equipment, staffing and source of supply. If equipment fails for any reason, the equipment is repaired on an emergency basis if possible. We have maintenance agreements and emergency repair arrangements on critical equipment. If the equipment cannot be repaired in sufficient time to avoid significant down-time (greater than 24 hours or less depending on demand) the work will be: a) transferred to an alternate work center or b) outsourced, as appropriate. In the event of major equipment failure or loss due to fire, vandalism, etc., work will be immediately transferred to an alternate process or outsourced and the process to replace equipment will be expedited where possible. 6 P age

Disaster Recovery Plan for Contact Service Centers In the unlikely event of a Customer Service Center being shut down for any reason, Harland Clarke has contracted with our Telecom provider to immediately route all incoming calls to our additional Customer Service Center to ensure clients and their customers of uninterrupted service. Harland Clarke has also developed a Telephone Disaster Recovery Plan Checklist for our Contact Service Centers to utilize in the event of a disaster. Disaster Recovery Plan for Web servers In the event of prolonged outage impacting all our web servers, Harland Clarke has contracted with SunGard Availability Services to provide site, hardware and connectivity replacement until a return to normal operations. Anticipated recovery time is 48-72 hours. For individual outages on a web server, redundancy is built into each server. Investment Services/Direct Marketing Baltimore, MD The Baltimore facility has added to the routine plant recovery procedures described above, by the addition of a hot-switchable, non-interrupted CPU processors and disk drives, reducing recovery time. Baltimore has also leveraged its disaster recovery for immediate movement to an alternate Harland Clarke facility; in the event of a major failure short of a site disaster at Baltimore, mirroring and automatic Wide-Area data updates allow for rapid continued processing to resume from the alternate site. Checks In The Mail, New Braunfels, TX Checks In The Mail recovery objective is to restore critical (Category I & II) production processes within 24-48 hours, and essential (Category III) production processes within 72 hours to 1 week of a disaster that disables any functional area and/or essential equipment supporting the systems or functions in that area. In the event of a short or long-term outage, all areas can perform their functions from another location (even their own homes) with access to the Odyssey application. In the worst-case scenario of total destruction of the facility, with the restoration of 100% of the critical servers and applications, Priority 1 & 2 critical services can be 100% functional within the defined RTO of 8 hours to 1 week. SunGard Availability Services, 401 North Broad Street, Philadelphia, PA 19108 has been designated as the technology backup location for the CITM facility. 7 P age

Direct Marketing/Investment Services Disaster Recovery Plan Fallback Site Chicago, IL Customer Data Primary Site Glen Burnie, MD T1 Dedicated Data Line Real Time Data Shadowing Chicago HP3000 (fallback) DMIS HP3000 (primary) Harland WideArea Network DMIS Solimar Xerox Print Servers Xerox 4635 Xerox 4635 Primary Site Closeout Equipment Bindery Inserting Folding Harland Chicago Print Facilities 8 P age

Harland Clarke Data Centers Harland Clarke has two data centers located in Atlanta, GA and Dallas, TX; both are under contract with SunGard Availability Services for hot-site services. Included in the SunGard services at the time of a disaster or recovery exercises are: mainframe and distributed systems equipment, network connectivity and internet access. Harland Clarke Recovery Time Objective (RTO) is 48 72 hours. The two data centers support different services for Harland Clarke and do not act as alternate backups to each other. Harland Clarke Routine Recovery As with any business, there are a number of routine outages, which occur that are not classified as a major disasters. In order to ensure the availability of Harland Clarke s services and products, standard operating procedures have been developed to effectively manage these outages. 9 P age

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback