Team B Completed Final

Running head: BUSINESS CONTINUITY PLAN FOR RIORDAN MANUFACTURING
PAPER 1

Business Continuity Plan for Riordan Manufacturing

NTC/411
October 27, 2014

BUSINESS CONTINUITY PLAN FOR RIORDAN MANUFACTURING 2

Business Continuity Plan for Riordan Manufacturing
Riordan Manufacturing is in need of a new network, this plan will develop a network that
will benefit the business, the employees and the customers in a manner that will provide all of
them with a smooth operating experience as well as to future proof the entire network. The
Network will handle all incoming and outgoing traffic for both the employees on the intranet, as
well as the customers on the external internet web site. Quality of Service (QoS) will be
implemented to assist in data tracking for use of the bandwidth to determine and plan how much
bandwidth is needed and to determine where congestion issues are as they arise. The plan is to
implement all of the locations into one wide area network (WAN). The locations are in San Jose,
California; Albany, Georgia; Pontiac, Missouri and Hangzhou, China. All of these locations will
be backed up and implemented to run together as one unit while maintaining the flexibility of the
local area networks (LANs) that they are. All access will use VPNs for the added security layer
using the client CITRIX. Security measures will also be implemented to ensure that the network
is secure for the business, its employees and of course, the customers. This plan will outline and
identify the information team, from the Chief Information Officer (CIO), to the programmer
analyst to show the order of the IT team and the roles they are currently in.


Business Continuity Organization

Name Job Title Roles/Responsibilities Reports To
Maria Castillo Database Analyst
Designs logical and physical databases
and coordinates database development.
Network
Administrator
Gary Tucker
Stacey Jones
Manager IT Services
(Albany)
Directs and coordinates local area
computer network activities.
Chief
Information
Officer
Dirk Kort
Manager IT Services
(Pontiac)
Chief
Information
Officer
John Lefever
Network
Administrator
Installs, configures, and troubleshoots
local area computer networks and
associated assemblies.
Manager IT
Services
(Albany)
Gilbert Lofaro Program/Analyst
Analyzes requirements and develops
computer programs.
Network
Administrator
Gary Tucker

Bill
McConnell
CAM Support
Specialist
Support computer-aided
manufacturing processes within
assigned plant. Provide technical
assistance to computer system users.
Answer questions or resolve computer
problems for clients in person, via
telephone or from remote location.
May provide assistance concerning the
use of computer hardware and
software.
Network
Administrator
John Lefever &
Bill Mosterd
Patricia Miller
Manager IT Services
(San Jose)
Chief
Information
Officer
Bill Mosterd
Network
Administrator
Manager IT
Services
(Albany)
Vinh
Nakaajima
Network
Administrator
Manager IT
Services (San
Jose)
Don Peterson Program/Analyst
computer programs.
Network
Administrator
Vinh
Nakaajima
Young-Sook
Phin
Program/Analyst
computer programs.
Network
Administrator
Vinh
Nakaajima
Vongpaka
Phouthaphone
Database Analyst
Network
Administrator
Vinh
Nakaajima
Bounmy
Rattanavong
Program/Analyst
computer programs.
Network
Administrator
Gary Tucker
Julie Saagman
Administrative
Assistant
Provides administrative support
(copying, word processing,
scheduling, etc.) for one or more
managers.

Aimee Samus CAD/CAM Support Work with CAD systems creating, Network

Specialist modifying and releasing drawings and
word drawings under direct
supervision of a supervisor for use by
other departments and customers. In
addition, support computer-aided
manufacturing processes as they are
designed.
Administrator
Vinh
Nakaajima
Mary Tran
Web Support
Specialist
Supports Web-based products and
services through email support,
desktop support and telephone support.
Interacts with customers and
troubleshoots problems to provide a
high level of customer satisfaction.
Network
Administrator
Vinh
Nakaajima
Kim Tran Database Analyst
Network
Administrator
John Lefever &
Bill Mosterd
Maria Trinh
Chief Information
Officer
Chief IS/IT officer of organization.
Develops strategy for information
systems department based on long
term corporate goals.
Chief
Operating
Officer Hugh
McCauley
Phan Trinh
CAM Support
Specialist
Support computer-aided
manufacturing processes within
assigned plant. Provide technical
assistance to computer system users.
Answer questions or resolve computer
problems for clients in person, via
telephone or from remote location.
May provide assistance concerning the
use of computer hardware and
software.
Network
Administrator
Gary Tucker
Robert Trinh Program/Analyst
computer programs.
Network
Administrator
John Lefever &
Bill Mosterd
Gary Tucker
Network
Administrator
Manager IT
Services
(Pontiac)
Dan Tully
Telecommunications
Specialist
Installs and repairs
telecommunications systems and
Network
Administrator

equipment. Vinh
Nakaajima
N/A Contract Employees
Contract Labor Manager IT
Services (China
- Chinese
National)
N/A
Manager IT Services
(China - Chinese
National)
Chief
Information
Officer

Business Impact Analysis
Purpose:
The business impact analysis will assist in the development of a contingency and disaster
recovery plan for Riordan Manufacturings wide area network. The purpose for this business
impact analysis is to predict the consequences of disruption of Riordans function and processes
and gather the necessary information to develop recovery strategies.


Point of Contact: Maria Trinh, Chief Information Officer
Hardware:
1. 24 port 100 Mbps Switches
2. 24 Port Hub Linksys EF2H24
3. 24 port switches Cisco 2950
4. 48 port Patch Panels
5. APC Smart-UPS 5000 VA USB & Serial 220V
6. Blade Server HP BL 460 P 100 Mbps Switches
7. Cisco Catalyst 3560 Ethernet switch 24 port
8. Cisco Catalyst 3560 Ethernet Switch 48 port
11. Cisco Router 2900
12. Dell Vostro i3 3.3 Ghz 4 GB MB RAM GB HD WIN 7 OS Office 2007
13. Dell Vostro i3 3.3 Ghz 4 GB RAM 500 GB HD WIN 7 OS Office 2007
14. Gateway/Switch
15. HP color Multifunction Office Jet 8600
16. HP CP4225n Color Laser Printer
17. HP LaserJet BW P4510 Printer
18. HP LaserJet BW printers P3015dn
19. HP LaserJet M602n
20. HP LaserJet Pro MFN M425dn
21. HP Plotter

22. IBM HS20 Blade Sever 2 X XEON 2.8 GHz 1 GB RAM
23. IBM pSeries 6E4 Multiprocessor 16GB RAM 1 TB HD
24. IP Phones
25. Ka Band ATM AA1 PVC 51.8 Mb data rate, AES end-to-end
26. MAC PRO Dual 1.8 GB 1 Ghz 6 core 12 GB Ram 1 TB HD 27" monitors
27. NAS Disk array
28. NAS Iomega P800M
29. Phaser 6700 color Printers
30. UNIX ERP/MRP Server ERP = SAP
31. VoIP/Data Router
32. WIN Exchange Server
33. WIN Network Server
34. Firewall
35. 5KVA UPS
Software:
1. HRIS
2. Windows 7 Operation System
3. Microsoft Office 2007


Recovery Time Objectives:
Timing/Duration Operational Impacts Financial Impact
Less than an one hour
One hour eight hours
Eight hours 24 hours
24 hours 72 hours

Timing - Identify point in time when interruption would have greater impact.
Duration - Identify the duration of the interruption or point in time when the operational and or
financial impact(s) will occur.
Operational Impacts
Lost sales and income
Negative cash flow resulting from delayed sales or income
Increased expenses (e.g., overtime labor, outsourcing, expediting costs, etc.)
Regulatory fines
Contractual penalties or loss of contractual bonuses
Customer dissatisfaction or defection
Delay executing business plan or strategic initiative
Defective Hardware or Software
Hardware or Software upgrades
Financial Impact Quantify operational impacts in financial terms.

Recovery Point Objective for Data Restoration:
Riordan Manufacturing should list servers and personal computers because multiple
applications may reside on each device. According to AIMS, Inc., (n.d.), It is recommended that
all critical server and critical personal computer data be backed up. Copies of the personal
computer files can be uploaded to a server just before a complete save of the system is done.
Personal computer backups are then saved with the normal system save procedure (Backup
Details). As a result, this provides Riordan Manufacturing a more secure back up of personal
computers-related systems if a local area disaster occurs at any of the locations of the WAN
(AIMS, Inc., n.d.).
Priority
Applications
Storage
Location
Amount of
Data
Type of
Device
Storage Media

Approximate
Restoration
time


Business Continuity Strategies & Requirements
Business continuity strategy is following these areas:
Business resumption planning - The operations piece of business continuity
planning
Disaster recovery planning - The technological aspect of business continuity
planning; the advance planning and preparations necessary to minimize loss and
ensure continuity of the critical business functions of an organization in the event
of disaster
Crisis management The overall coordination of an organizations response to a
crisis in an effective, timely manner, with the goal of avoiding or minimizing
damage to the organizations profitability, reputation or ability to operate
("ISACA: About IISACA, 2014)
Risk management and disaster recovery planning work together to produce value to each
risk that could affect Riordan and then designing a disaster recovery plan that address each risk
base on the value of risk to Riordan. For instances, a Riordan employee use a USB flash drive to
transfer documents from other employees. Somehow a virus was downloaded onto the USB
flash drive and one of the employees executes the virus on computer while connected to the
internal network. The virus starts to encrypt shared folders on the network. Though there might
not be a direct policy against using USB drive for file transfer, Riordan must have a recovery
plan that can address a crisis like this. Crisis management is where Riordan can organize to
implement a disaster recovery plan which would be in place for such an attack. Virus attacks are
common and preventive measure can reduce the damage of such an attack. In addition,

preventive measure might only warn of an issue not directly address the issue so having a plan
that includes:

Contact Management
Emergency meeting
Address: who is doing what
Isolating the issue
Implementing Disaster Recovery Plan

Riordan should have backups off all shared document that can be restored after an attack
has been naturalized and removed. All data should be available even if the internal networks of
servers are down because of an attack. Backups and cloud base file storage helps for, act of
God, disasters where employees might have to work offsite because of physical damage to the
infrastructure at Riordan.


Training, Testing & Exercising
Training Riordan Employees
All Riordan employees will be trained in understanding business recovery plan
and how it affects them directly. training refers only to informing personnel of their
roles and responsibilities within a particular IT plan, such as decision making, and
teaching those skills related to those roles and responsibilities ("NIST: Guide To Test,
Training, And Exercise Programs For IT Plans And Capabilities", 2006). Training
Riordan employees on roles and responsibilities prepares employees in how to act and
what to do in case of a disaster. Implementing a disaster recovery plan relies on
employees knowing what to do and how to act. Training, testing, and exercising are
important to the success of a disaster recovery plan.
Testing schedule, procedures, and business recovery strategies
Test are evaluation tool that use quantifiable metrics or expected outcomes to
validate the operability of a system or system component that are identified as critical
in an IT plan ("NIST: Guide To Test, Training, And Exercise Programs For IT Plans And
Capabilities", 2006). In creating a disaster recovery plans, testing the plan is ideal in
insuring when the plan is implemented it work as planned. Building a testing schedule
involves first creating a need for a test and then insuring all elements that are being testes
are ready, like:
Training of employees
Orientation to over the exercise

All system are ready
Procedures have been created and defined
All legal requirements are met
Tabletop and full-scale exercises
Tabletop exercises are discussion-based exercise where personnel meet in a
classroom setting or in a breakout groups to discuss their roles during an emergency and
their responses to a particular emergency situation ("NIST: Guide To Test, Training, And
Exercise Programs For IT Plans And Capabilities", 2006). Tabletop exercises help
when training for a full-scale exercise and insure all employees are prepared to perform
their role. A full-scale exercise is to execute a disaster recovery plan to insure all aspect
work properly. Functional exercises allow staff to execute their roles and
responsibilities as they would in an actual emergency situation, but in a simulated manner
("NIST: Guide To Test, Training, And Exercise Programs For IT Plans And
Capabilities", 2006).
Program Maintenance and Improvement
Preparing for disasters
Disasters can strike in many forms and manners from accidental data theft to a
natural disaster and anything in between; Riordan Manufacturing needs to be prepared to
recover any data and to get an offline network online as soon as possible in one of these
events To ensure this happens, the protocols need to be in place to outline what triggers
will create an additional backup as well as to ensure that if the main network is detected

offline or flooded with a high amount of traffic to cut the main network off and run off
the backup locations.
During routine maintenance, there will be multiple checks for viruses, malware
and unusual activity; this will be in accordance with the Intrusion Protection System
(IPS) that will also be installed with monitoring for our ecommerce side to protect that
side as well. This will give the business the added edge needed to ensure that the data is
protected and safe, and able to be online at all times to prevent excessive downtime. To
do this, a schedule will be set up to sync all data within the network, at least once a night.
Bi-weekly maintenance will be performed to ensure that all codes and web applications
are up to code and not corrupted. Data shall be backed up at a scheduled time each night
to ensure that all systems are reserving the same data incase disaster does strike.
There is a method to each business backing the data up, as well as to maintaining
the QoS system ("Cisco",2014). QoS can be affected when data is backed up, bogged
down, and not maintained correctly. This is just one of many QoS affecting statistics, and
should always be kept in line. Preventing the overloading data directly affects QoS,
giving just one more reason to maintain the backup of the networks ("Techtarget", 2014).


Conclusion
With Riordan Manufacturings new network, all data form all sources will be
protected against all threats internal and external. The network will be set up and
maintained on a schedule to ensure that all errors are caught and corrected before they
become problems. An IPS system will be in place with external monitoring to protect the
data on the ecommerce site to give the added protection for the business to know that all
transactions, both internal and external are secure and backed up in the case of disaster. A
back up dynamic network will be put in place in a separate location to ensure that if
disaster strikes, there becomes too much traffic on the network, or any other reason
deemed worthy, the backup network will take over and allow the main network to be
reviewed and repaired. All of the changes will benefit anyone using the network from the
IT team to the customers and employees, this is a change for the better.


References
AIMS, Inc., (n.d.). Application / Hardware - Business Impact Analysis Template. Retrieved from
http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCcQFj
AA&url=http%3A%2F%2Fwww.aims1.com%2FFiles%2FRepository%2FBusinessImpa
ctAnalysisTool.pdf&ei=OFNMVIzYMYWsyAS9tYKgDQ&usg=AFQjCNGfaUC6ihAI
Den3rLsv_OY7YAkp6w
Cisco. (2014). Retrieved from http://www.cisco.com/c/en/us/products/ios-nx-os-
software/quality-of-service-qos/index.html
Federal Emergency Management Agency (2014). Business Continuity Plan. Retrieved from
http://www.fema.gov/media-library/assets/documents/89510
Federal Emergency Management Agency (2014). Business Impact Analysis Worksheet.
Retrieved from http://www.fema.gov/media-library/assets/documents/89526
ISACA: About ISACA. (2014). Retrieved from http://www.isaca.org/about-
NIST: Guide to Test, Training, and Exercise Programs for IT Plans and
Capabilities. (2006). Retrieved from http://csrc.nist.gov/publications/nistpubs/800-
84/SP800-84.pdf
TechTarget. (2014). Retrieved from http://searchdatacenter.techtarget.com/tip/Five-
ideas-for-setting-up-a-data-center-disaster-recovery-plan isaca/Pages/default.aspx


Team B Completed Final

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Team B Completed Final

Caricato da

Copyright:

Formati disponibili

Running head: BUSINESS CONTINUITY PLAN FOR RIORDAN MANUFACTURING

Potrebbero piacerti anche