Objective
The objective of this policy is to create a structure that outlines the steps necessary to continue the operations of the State Department in the event of an unforeseen interruption in normal business operations. This includes; defining and prioritizing …show more content…
The data center staff includes the administrators of network operations, power and all other staff that contribute to the successful operation of the data center. Additionally the policy applies to all contractors, consultants temporary or permanent. The aforementioned personnel are responsible to create and implement adequate business continuity practices in accordance with all State Department policies and standards as well as local laws and regulations.
Scenarios
In order to form the policy several different scenarios were considered and prepared for. The plan applies largely to the following cases:
• External Threats attacking the State Departments Information Technology systems, the attacks include DDOS, DOS, Malware or Virus infections.
• The event of business services becoming unavailable due to the effects from a power, IT network or ISP outage, flooding, etc.
Issues, Assumptions, and Constraints
These assumptions are based on the above ideas; the assumptions were used to help develop the State Departments DR/BCP:
• The State Department can no longer operate normally and the issue is not able to be remediated within 24 …show more content…
Natural disaster, fire, flooding, terrorism. Low The Facilities should be setup for critical needs within two business hours. The vital services must be restored within four business hours of the event, and the restoration of business as usual within eight to twenty-four hours after the incident.
2. Data unavailability, caused purposefully or accidentally by human error or technical fault. Medium All data/files save on the server are backed up twice every day, morning and evening. The backups are stored onsite and offsite.
3. Interruption to business processes, due to a breakdown or damage of integral equipment. Medium The equipment must be replaced and services restore within four to twenty four hours based on the impact level.
4. Theft of the organization’s assets, data or physical devices. High Stolen assets that are critical for business operations must be replaced and a list of sources for replacement property/equipment must be available in a pre-assigned location.
5. Loss of IT services for an extended length of time Medium Relocate to a previously designated work