ntw440 BCDR Plan

DigiKnight Technologies Inc.
2725 E. Technology Ave, Fremont, CA 94536
Phone: 415-555-2668
Fax: 415-555-2622
Business Continuity/Disaster Recovery Plan

Last Revision Date: 8AUG2017
Revisions Control Table
Date Summary of Changes Changes By (Name)
12DEC2016 Initial Draft Livia Nguyen
14DEC2016 Add Executive Summary Jose A Mejia, Jordon Rude, Livia
Editing Nguyen
8AUG2017 Editing Livia Nguyen
2 | Page
Table of Contents
Revisions Control Table 2

Executive Summary 6
Purpose 7
Scope 7
Objectives 7
Assumptions 8
Disaster Definition 8
Document Revision Procedures 8
Recovery Teams 8
Team Member Responsibilities 9
Department Supervisor Responsibilities 9
Threats Assessment 9
Natural Threats 9
Man-made Threats 10
IT and Technology-based Threats 11
Environmental/Infrastructure Threats 12
Alternative Site Backup Plan 13
Cold Site 13
Warm Site 13
Hot Site 14
Mirrored Site 15
Mobile Site 16
Instructions for activating the plan 16
Procedure to notify and activate the plan 16
Disaster Declaration 17
Emergency Management Procedures 18
In the Event of a Flood or Water Damage 18
In the Event of an Earthquake 19
3 | Page
In the Event of a Fire 19
In the Event of Tornado 20
Appendixes 22
Appendix A: DigiKnight Technologies Inc. Recovery Teams 22
Emergency Management Team (EMT) 22
Purpose: 22
Responsibilities: 22
Disaster Recovery Team (DRT) 22
Purpose: 22
Information Technology Services (IT) 23
Purpose: 23
Appendix B: Contact Lists 24
Recovery Team 24
Management Contact 25
Insurance Provider 26
Vendor/Suppliers 26
Appendix C: Equipment Inventory 28
Appendix D: Distribution List 29
Primary 29
Alternatives 30
Appendix E: Risk Mitigation Strategies 32
Appendix F: Legal and Regulatory Constraints 33
Corporate legal and regulatory constraints 33
Definition 33
Appendix G: Template 35
Communication Template to assist in crisis communication situations 35
Appendix H: Service Contract 37
Computers 37
4 | Page
Office Equipment 38
Appendix I: Policy/Procedures 40
Notifying Crisis Communication Command Center Procedure 40
Locating and Testing of Emergency Systems 40
Policy for Shelter and amenities 41
Safety Guidelines Procedures 43
Evacuation Procedure 43
Appendix J: Test Scenario 46
Nature-Based Test Scenario 46
Man-Made-Based Test Scenario 46
Appendix K: Map 47
References 48
5 | Page
Executive Summary
This project is needed because it is known Machines & Hardware Fail, Humans Make Mistakes, Nature is
Unpredictable, and Customers Want Access 24/7/365 A business continuity and disaster recovery plan
will help ensure our company can keep operating during and after unexpected events occur. The
business continuity plan and disaster recovery plans focus on making sure the employees are safe and
the company can continue operating toward the business objectives. We live in a world that requires
constant access and a dependency for many clients and partner providers, a company cannot afford any
down time or time lost due to unmanaged time.
The project will prepare the corporate for any type of possible event that could cause interruption to the
business operation. The project will provide the corporate with a list of policies and procedure that will
guides employees through emergency event. The document will include an evacuation plan that will
help the corporate organized and be ready for any possible event that could harm the company or
employees in the facilities. The project will give the corporate a risk assessment that show what the
company need to avoid or being careful with. This document will also provide the company a look to
the upstream, downstream to business operation based on the specific problem that the corporate can
encounter. It will allow the corporate to understand the impact of a certain event and how to recovery
from the event and continue the business in a short time to avoid losing business assets.
The cost of this project based on the recommendation could exceed millions of dollars, but it will protect
and provide a plan for the corporate in a long run. It is quite an expensive plan, but it provides the
corporate with an alternative option to continue their business and recover from any disaster event that
is a threat to the corporate.
6 | Page
Purpose
The Business Continuity and Disaster Recovery plan document was created to prepare DigiKnight
Technology Inc. corporate for any possible events that could cause interruption to business operation.
The corporate will be able to assess the risk and prepare a plan specifically prepare to fix the problem or
prevent it from happening. This plan will allow the corporate to transition between the main site to an
alternative site to continue business operation in case of event that damage the main work site. The
main objective of this document is to prepare the corporate to continue business function when an
event occur that could cause interruption, but it also prevents it from happening.
Scope
The scope of this document is assessing any potential risk that could interrupted business operation.
This document is used as a plan to prevent this event from happening or giving the corporate an idea of
what need to be done in a disaster event.
Objectives
Provide guidance in the event of disaster/catastrophic business interruption
Provide reference for critical data (emergency numbers, insurance information, etc.)
Provide a list of disaster recovery procedures and resources
Identify Customers/Vendors to be notified in the event of disaster
Provide Evacuation plan to protect the employees and business
Provide a list of policy and procedure that need to be follow in an emergency event
7 | Page
Assumptions
Key personnel will be available following a disaster
Some disasters are beyond the ability of the company to handle (i.e. nuclear war)
Vital documents, such as this plan, survive the disaster and are accessible immediately
afterwards
Support organizations survive the disaster and are equipped to handle the company's needs
BCDR plan will be updated to support the business needs and requirements
Disaster Definition
Any type of event that could cause interruption to the business operation. It could possibly be a natural
disaster event or threats, such as cyber-attack or man-made threats.
Document Revision Procedures
Disaster Recovery Team (DRT) will create a new risk assessment annually to update the current threats
and possible disaster to the corporate. The Emergency Management Team (EMT) will then review and
create a new plan that could support the current needs. EMT will then present it to the CEO for
approval and update corporate management about the change. Once document revision is approved, it
will be put in place and implement the changes that is need for the update. Information Technology
Services (IT) will be working together with DRT and EMT to implement the changes.
Recovery Teams
Emergency Management Team (EMT)
Disaster Recovery Team (DRT)
8 | Page
Information Technology Services (IT)
Team Member Responsibilities
All team members will keep an updated phone list that lists the phone numbers of other
members of their department at all times in case of emergency after work hours
All team members will be familiar with the plan so that action can be taken quickly in the case of
disaster
Team Members will notify their Department supervisors in the event of disaster and follow
proper procedure.
Team members
Department Supervisor Responsibilities
Department supervisors will maintain a hardcopy of the current plan at their homes in case of
emergency
In the event of emergency, Department Supervisors will begin notifications using the phone list
Department Supervisors will notify senior management in the event of disaster
Threats Assessment
The threats were ranked based on the likelihood of the event taken place and their vulnerability. List of
the percentage of upstream and downstream loss during the event.
Natural Threats
Earthquake
o Upstream: 45%
9 | Page
o Downstream: 45%
Wildfire
o Upstream: 75%
o Downstream: 75%
Tornado
o Upstream: 55%
o Downstream: 55%
Hurricane
o Upstream: 100%
o Downstream: 100%
Earthquake
o Upstream: 45%
o Downstream: 45%
Man-made Threats
Competition
o Upstream: 50%
o Downstream: 50%
Malicious Individual (Hacktivists, hacker group, etc)
o Upstream: 50%
o Downstream: 50%
Disgruntled Employees
10 | Page
o Upstream: 10%
o Downstream: 25%
Politically Motivated Individuals
o Upstream: 50%
o Downstream: 50%
Corporate Espionage
o Upstream: 30%
o Downstream: 25%
IT and Technology-based Threats
Severe Weather
o Upstream: 75%
o Downstream: 75%
Malicious Software
o Upstream: 100%
o Downstream: 100%
Corrupted Data
o Upstream: 50%
o Downstream: 50%
Software Bugs
o Upstream: 50%
o Downstream: 50%
11 | Page
Virus
o Upstream: 40%
o Downstream: 45%
Environmental/Infrastructure Threats
Wildfire
o Upstream: 75%
o Downstream: 75%
Earthquakes
o Upstream: 45%
o Downstream: 45%
Flash Flood
o Upstream: 25%
o Downstream: 25%
Tornado
o Upstream: 10%
o Downstream: 10%
Hurricane
o Upstream: 5%
o Downstream: 5%
12 | Page
Alternative Site Backup Plan
Cold Site
Begin by turning on power and making sure internet is available on site. Designated crews should
already be on their way or on site to begin marking and designating where equipment will be places.
Back on site, crews will be loading what is essential onto moving vehicles. At this point all business
critical will be taken and everything else will be rented out. If renting, the designated personnel will have
already planned with renting company.
IT oversees backing up and deciding what must be taken and what must be left behind. Anything left
behind will be purged of data and disconnected, stored is possible.
Human Resources, payroll, and similar departments will need to backup all essential databases per ITs
instruction. It is up to the individual managers to keep a tab of what is taken and what is left behind.
Once on site, the sections will begin to set up and run barebones business critical operations. IT is
deemed Priority One, followed by equipment crews and Human Resources, and lastly Payroll.
Warm Site
Process to transfer primary site operations to warm site. This does not mean take everything, only take
what is needed (not available at warm site).
When relocating to an alternate site you must ensure that everything that is vital to your operation is
taken. Not necessarily all equipment, but the important stuff that if not taken could be detrimental to
your operation. Any information that may detail your operation or hold any sort of trade secrets will
need to be taken to the alternate site as well.
13 | Page
When a relocation is necessary management will make the notification. All employees must pack up
what they can, in a safe manner, pack up all of their desk items and prepare them for relocation to the
alternate site. They will grab any documents that are important, or that may be considered important or
secret in nature to the company.
IT will have to ensure proper backups are conducted and ensure that the data is available on backups.
Those backups will have to be removed from the server and taken to the alternate location as well. IT
management will arrange with the service providers of all utilities in use at the main site on shut down
and transfer of specified services such as internet, etc.
Human Resources will need to ensure that they grab and take all of the files that hold any sort of
Personal Identifiable Information and that all of the important documents for the company get taken
with them.
Hot Site
When initial crisis is verified and confirmed, the designated hot site coordinator will take charge.
Assigning pre-designated personnel to the site or another location. HR, payroll, and other critical
departments will begin transporting to hot site.
Hot site coordinator will already be on site performing basic checks to ensure equipment is operational.
Designated personnel will then arrive and begin to assemble in the pre-assembled areas. IT personnel
will make sure all data has been backed up or that all personnel have as accurate data as possible.
The hot site should be operational in under two hours. As the designated hot site coordinator makes
sure that all building functions are operational. This includes electricity, internet, water services, waste
14 | Page
services, etc. The hot site should be completely operational in under 48 hours and will continue to
operate in a normal capacity while the primary site is worked on and investigated.
Mirrored Site
Find a site with the bigger than the primary site because employees will be working in the same place.
Get all of the equipment and devices that the alternative site need. Make sure that there is nothing in
the way when setting up the equipment. Work with services provider and utilities that needed and
added to the new site.
Everything will be copied and taking to the new site to set up like the primary site. All of the equipment
that the company owned will be put in place. Another option is to rent the equipment, which will
decrease the cost going into implementing the plan. All employees will be in charge of getting
equipment and item that they will need for their task.
IT will back up and create a copy of all the data that was currently on the primary site to add to the new
alternative site. All of the backup will now be placed into the new server in the mirrored site. The site
will have to be set up with the same configuration as the primary site since its function will be exactly
the same as the primary site. IT management will be working with service providers and utilities to shut
down the primary site and get the alternative site running.
Human Resources will grab any last files that contain important information to the new site. Everything
that was taken from the primary site need to be documented properly so that it can be track and make
sure that nothing was missing later when moving back to the primary site.
15 | Page
Mobile Site
The Mobile site transport must be acquired and equipped with all necessary equipment to enact an
alternate site. The mobile site should be based in a separate location than the primary and alternate
sites. For quick deployment, it is imperative to have the mobile site ready to go beforehand and all
necessary instruction about the mobile site be made available to the disaster recovery team. In the
event that the Mobile Site is deployed, team members must designate a driver and operators for the
site and follow all directives for arriving at designated location while keeping systems operable and
running.
Instructions for activating the plan
Procedure to notify and activate the plan
Security will do a sweep of the main location to ensure that all members are evacuating from the main
building and that nothing important is left behind. Security can utilize pre-made checklists that double
check to ensure all important assets were removed, all important documents were taken, as well as
ensuring that the building is secure after evacuation is complete.
Upon arrival to the alternate work site, Security will need to do a sweep of the building to ensure no
transients, wild animals, or anything crazy is inside of the building. Once the sweep is complete and the
all clear is given then everyone can head inside and start setting up shop.
First IT will need to ensure that the services that needed to be turned on or transferred to the alternate
site were actually moved. Once that is confirmed then they will need to get the servers back online via
the backups they made before the relocation. After that is completed and tested then they can start
getting the equipment online.
16 | Page
The workers will ensure that they have power at their respective stations, if no power is available then
they will need to notify IT so they can get an electrician on site to fix the dead power line. Workers will
ensure that they have a functioning Lan Connection as well as ensuring that all equipment essential to
the job are functioning as they should. If there are any issues with anything the worker is responsible for
notifying IT so that the issue can be resolved.
HR will ensure that all important documents are accounted for and locked up as necessary. HR will also
ensure that they are functioning at 100% and notify IT in the event of not being able to do their job
because of malfunctioning equipment or access.
Disaster Declaration
The disaster declaration statement should include the general disaster information:
Notification and clarification of event
Impact of event
Current status and condition of people, facilities, and equipment
Frequency of updates, estimated time of next update
The disaster declaration statement should include specific information and instructions for various
stakeholders and groups including:
Employees
Vendors, suppliers, contractors
Customers
Business partners
17 | Page
Community and media
Legal and regulatory notification requirements
Emergency Management Procedures
These procedures are for DigiKnight Technologies Inc. personnel in the event of a disaster. If these
procedures are unclear, personnel should seek guidance from team leaders or disaster response teams.
If immediate action is required, priority should be given to personnel safety.
These procedures will be given to all DigiKnight Technologies Inc. management personnel for reference.
If personnel cannot access their workspace, they are to contact their team leads or department
supervisor for a secondary workspace.
In the Event of a Flood or Water Damage
In the event of a flood or broken water pipe within the facilities, follow the instruction on the
procedure below:
See if the emergency can be contained by turning off the water main, or nearest source of
water. If it is flooding, try to contain the flooding to one area and try to plug the source.
Notify maintenance immediately to shut down power to the affected area of the building to
help prevent any electrical fires that may trigger from water damage.
Immediately notify management of the situation and call 9-1-1 if needed.
Notify all personnel in the building of the situation and have them prepare to evacuate if
needed.
18 | Page
Personnel will evacuate if needed to a predetermined assembly area by department and will all
be accounted for.
In the Event of an Earthquake
In the event of a major earthquake, follow the evacuation plan and look for shelter by followed
supervisor instruction.
See if the situation is okay, check yourself and the surrounding area for any injured persons or
building damage.
If life is at risk, or rescue is needed immediately called 9-1-1
If there are any power lines exposed from damages incurred by the earthquake notify
maintenance so the power can be turned off to help prevent any shock, or electrical fires from
causing further damage.
Immediately notify management of the situation and about any injuries or damages that were
caused.
needed.
be accounted for.
In the Event of a Fire
If any type of fire event is happening, immediately follow the evacuation plan and leave the building by
following supervisor instruction. Supervisor will be contacting for emergency help by using the
emergency response contact list to stop the fire.
19 | Page
See if the emergency can be contained by use of fire extinguisher first. If it's out of control find
the nearest fire alarm and trigger the alarm and call 9-1-1.
Immediately notify management of the situation, where the fire is at, and any team, or
department that may be affected.
needed.
be accounted for.
In the Event of Tornado
In the event of a Tornado within any of the three building facilities, the guidelines and procedures in this
section are to be followed.
As soon as a tornado is noticed or there is notification of a tornado prepare for the worst.
Immediately notify management of the situation
Prepare for shelter in place if necessary
Board up all the windows in the building and ensure that people stay away from any doors or
windows.
Ensure that emergency kits are distributed that include candles, a battery powered radio,
blankets, water, and some food items that are nonperishable.
Notify all personnel in the building of the situation and have them prepare to evacuate if able or
needed.
20 | Page
Personnel will evacuate to a predetermined assembly area by department and will all be
accounted for if needed.
21 | Page
Appendixes
Appendix A: DigiKnight Technologies Inc. Recovery Teams
Emergency Management Team (EMT)
Note: see Appendix B for contact information
Purpose:
The EMT is intended to coordinate disaster recovery operations, evaluate and declare disaster
conditions, communicate with senior management.
Responsibilities:
Evaluate recovery actions and coordinate recovery efforts
Evaluate any damage assessments
Determine recovery priorities
Keep senior management informed as to the progress of recovery efforts
Disaster Recovery Team (DRT)
Purpose:
The DRT is intended to determine recovery need and that recovery operations are proceeding as
necessary.
Responsibilities:
Establish command center and secondary work locations
22 | Page
Notify all department supervisors and ensure that they have activated their disaster
recovery plan, if necessary
Take appropriate action to return business to normal operations
Prepare a post-disaster recovery report
Coordinate recovery plans and ensure plans are kept up to date
Information Technology Services (IT)
Purpose:
IT will assist recovery efforts by facilitating technology restoration.
Responsibilities:
Provide guidance on replacement/repair of damaged equipment
Salvage equipment that can be used in recovery efforts
23 | Page
Appendix B: Contact Lists
Recovery Team
Administrative Support Team
Address: 2725 E. Technology Ave. Fremont, CA 94536
Personnel: Mark Saunders
Phone Number: 415-555-2668
Fax Number: 415-555-2622
IT Team
Personnel: Alivia McKellips
Management
Personnel: Taylor Copeland
BC/DR Team
Personnel: Melvin Martin
Crisis Management Team
Personnel: Jesse Quinn

24 | Page
HR
Personnel: Kurt Lloyd
Management Contact
DigiKnight Technologies Inc.
Address: 2725 E. Technology Ave, Fremont, CA 94536
Fax: 415-555-2622
CEO: 415-555-7841
Administration: 415-555-8643
Sales Department: 415-555-6312
Manufacturing Department: 415-555-6161
Research & Development Department: 415-555-3223
Maintenance Department: 415-555-3970
Advertising Department: 415-555-3131
Shipping Department: 415-555-6431
Purchasing Department: 415-555-3298
Security Department: 415-555-3852
IT Department: 415-555-8352
25 | Page
Insurance Provider
Agent: Michael Rizzo
Address: 38750 Paseo Padre Parkway Ave A-3 Fremont, CA 94536-6169
Phone number: 512-791-8611
Vendor/Suppliers
Computer Vendors
o Dell
Address: One Dell Way Round Rock, Texas 78662
Toll Free Number: 1-800-WWW-DELL
o HP
Address: 3000 Hanover Street Palo Alto, CA 94304-1185
Toll Free Number: 800-282-6672
o Boldata
Address: 48363 Fremont Blvd. Fremont, CA 94538
Toll free Number: 800-923-2653
Suppliers
o Blank DVD/CD/Cases
The Tech Geek
Address: 48965 Warm Springs Blvd Fremont, CA 94539
Toll Free Number: 1-800-456-0825
Disc Makers
26 | Page
Address: 7905 N. Route 130 Pennsauken, NJ 08110-1402
Dub-It Media Services
Address: 1110 North Tamarind Avenue Hollywood, CA 90038
Toll Free Number: 1-888-99DUB-IT
ISSI Business Solutions
Address: 22122 20th Ave SE #152 Bothell, WA 98021
Toll Free Number: 1-800-660-3586
o Packaging Box
Customized Packaging Solutions Inc.
Address: 8333 24th Avenue P.O. Box 278060 Sacramento, CA 95826
The Packaging House, Inc.
Address: 6330 North Pulaski Road Chicago, IL 60646-4594
o Paper
JC Paper
Address: 47422 Kato Rd Fremont, CA 94538
27 | Page
Appendix C: Equipment Inventory
Building One
o 10 computers
Building Two
o 27 computers
Building Three
o 10 Server
o 20 computers
28 | Page
Appendix D: Distribution List
Primary
Administration
o Mark Saunders mdaunders@DigiKnight.com
Sales
o Diane Ford - dford@DigiKnight.com
Manufacturing
o Linda Kraemer - lkraemer@DigiKnight.com
Research & Development
o Carlton Bowden - cbowden@DigiKnight.com
Maintenance
o Michael Winters - mwinters@DigiKnight.com
Advertising
o Michael Churchill - mchurchill@DigiKnight.com
Shipping
o Kenneth Gilliam - kgilliam@DigiKnight.com
Purchasing
o Katherine Cavenaugh - kcavenaugh@DigiKnight.com
Security
o Brett Kelcey - bkelcey@DigiKnight.com
IT
o Alicia McKellips - amckellips@DigiKnight.com

29 | Page
Alternatives
Administrative Support Team
o 2POC: Jennifer Taft
o Phone Number: 415-555-0690
o Email: jtaft@digiknight.com
IT Team
o 2POC: John Teller
o Email: jteller@digiknight.com
Management
o 2POC: Jack Reacher
o Email: jreacher@digiknight.com
BC/DR Team
o 2POC: Denise Andrews
o Email: dandrews@digiknight.com
Crisis Management Team
o 2POC: Julia Magallenas
o Email: jmagallenas@digiknight.com
30 | Page
HR
o 2POC: Kurt Cobain
o Email: kcobain@digiknight.com
31 | Page
Appendix E: Risk Mitigation Strategies
Risk Buffering would entail the involvement of failsafe and backups to ensure the success of the
implemented plan. If plan A falls through, plan B is enacted and ensures that plan A is restored to its
fullest.
Risk avoidance is the elimination or avoidance of certain crucial risks that could inevitable impact the
company in a detrimental fashion. The nature of the solution is to mitigate risks based on choices
available.
Risk Control involves plotting and devising an alternative plan that may implement a different solution
as a backup to limit the amount of risk a company may encounter. This may include being more in
control of the risks that present themselves within a company such as lack of security. Risk control
seems to be the ultimate fallback in case a company is about to go bankrupt from loss of sales or
damages that exceed the operating cost annually.
Risk transfer and contracting typically occurs on the contractual level where one party agrees to share
some of the risk with another entity. That being said, this solution seems to demand a certain amount of
risk in return for rewards or kickbacks amongst the participants involved. Companies that contract their
services out to third party personnel typically use risk transfer and contracting. Contracts typically
extend to a maximum of 3-6
32 | Page
Appendix F: Legal and Regulatory Constraints
Corporate legal and regulatory constraints
Company should advise a legal team or legal staff and have them provide input on legal issues.
Dependent upon contents of message, possible company regulations for intellectual property or
sensitive data/documentation that can be used against the company. These regulations may
include a sort of self-destruct initiative or disposal process to not allow the information to get
into the wrong hands. This may also apply to private companies that may have a strong public
image that do not want to be defaced to the public.
o Control timing of release.
o Mitigate issues before public release.
o Messages delete every hour on the hour.
o Or the opposite, regulation may include that messages CANNOT be deleted.
Other Legal constraints could include failure to report to federal agencies such as OSHA, DHHS,
DHS and complying with HIPAA.
o Fines and penalties entailed with failure to comply with federal agencies.
o Potential lawsuits by employees.
o Protection of employee information.
Definition
Intellectual Property - a work or invention that is the result of creativity, such as a manuscript or
a design, to which one has rights and for which one may apply for a patent, copyright,
trademark, etc.
33 | Page
Sensitive Information - data that is protected against unwarranted disclosure. Access to
sensitive information should be safeguarded. Protection of sensitive information may be
required for legal or ethical reasons, for issues pertaining to personal privacy, or for proprietary
considerations.
OSHA - The Occupational Safety and Health Administration, more commonly known by its
acronym OSHA, is responsible for protecting worker health and safety in the United States.
DHHS - Acronym for the U.S. Department of Health and Human Services. Also known as HHS.
The U.S. Department of Health and Human Services has two types of operating divisions: The
Human Services and the Public Health Service Operating Divisions.
DHS - The United States Department of Homeland Security (DHS) is a federal agency designed to
protect the United States against threats. Its wide-ranging duties include aviation security,
border control, emergency response and cybersecurity.
HIPAA - Acronym that stands for the Health Insurance Portability and Accountability Act, a US
law designed to provide privacy standards to protect patients' medical records and other health
information provided to health plans, doctors, hospitals and other health care providers.
34 | Page
Appendix G: Template
Communication Template to assist in crisis communication situations
To whom it may concern,
On (mm/dd/yyyy) at approximately (0123) an event took place at our company due to natural
weather conditions. Everything is under control and we are working with local disaster recovery
agencies to get us back online and fully operational. During this time, we will be working hard to ensure
that everything that needs to be done will be done in a timely manner and in the safest way possible.
Our goal is to ensure that this incident is contained with zero incidents and that we are able to fully
recover in the quickest amount of time possible. If you need any further information, please feel free to
contact our Public Affairs Officer at (123)456-7890. Thanks for your understanding.
General disaster information including:
Notification and Clarification of event (What happened, How it happened)
Impact of event (Systems impacted, Personnel affected, Buildings or assets)
Current status and condition of personnel, buildings, and assets
Frequency of updates and estimated time of next update
Specific Information/Instructions pertaining to specific groups:
Employees
Vendors, suppliers and contractors
Customers
Business partners
35 | Page
Community and media
Legal and regulatory notification requirements
Contact information for additional information
Public Affairs Officer
Jack Sparrow
(123)456-7890
jsparrow@DigiKnight.com
36 | Page
Appendix H: Service Contract
Computers
Dell
o Contract expire every year on December 29th
o Contract can be renewed without changes every year
o Same day service will only be accepted if request was made before 3 pm
o Computer serial number is DGK12389-# (# is the number of computer)
o Called 1-888-555-5897 for service
HP
o Contract expire on February 22nd every year
o Contract can be renewed without changes every year
o Provide 34 house and all year service without additional charge
o Computer serial number is DGK55879-# (# is the number of computer)
Boldata
o Contract only offer to send maintenance personnel on site from Monday to Friday
between noon to 5 pm
o Contract expire on March 9th every three year
o Serial number is DGK-# (# is the number of computer)
37 | Page
o Call 1-888-555-1497 for service
We Sell Software Inc.
o 24-hour customer support telephone service
o Cover all office, sales, administration, and any other software program that the
companies has.
o Called 1-888-9876 for software service
Office Equipment
Copy/Fax machines
o Contract expire on November 7th every year
o Service contract covers normal working hours at the company.
o Send new unit if necessary
o Broken units need to be send back
o Contract number for all office equipment is OEIDKG-125
o All devices serial number are DGK191
Production Machines
o Production machine are serviced on site by the maintenance staff
o Contact We FixEm Inc. if the maintenance staff cannot repair the broken production
machine.
38 | Page
o Called 1-888-555-0567 for We FixEm Inc. service
o Machine does not have serial number because it is custom built
o Contract number is WFDK4898
39 | Page
Appendix I: Policy/Procedures
Notifying Crisis Communication Command Center Procedure
In the event that the Crisis Communication Command Center needs to be contacted management will
need to ensure that IT is notified and aware of all situations and tasks that need to be completed.
The BC/DR team will work with management and IT to ensure continuity of all information that needs
to be known.
The BC/DR team will work with the Crisis Management team and coordinate all efforts with the Crisis
Communication Command Center.
Locating and Testing of Emergency Systems
General Requirements:
Exit route design must be permanent.
Ensure exit doors swing in the direction of travel.
All exits must be clearly marked and lit with red EXIT signs.
Post appropriate signs for other doors stating, NOT AN EXIT.
Emergency Alarms
Alarms must be regularly checked and tested in accordance with regulations.
Emergency action plan implemented to evacuate personnel and integrated with local or state/Federal
agencies in accordance with emergency.
40 | Page
Emergency medical and first aid equipment must be put in accessible locations and clearly marked.
First aid equipment must be maintained and supplied.
Train personnel in adequate use of first aid equipment.
Fire suppression systems must be checked and maintained according to system regulations.
Fire suppression systems must be placed in readily accessible areas.
Fire extinguishers should be only approved portable systems.
Written fire prevention plan that includes what to do when a major fire hazard occurs. Procedures for
dealing with the hazard and who to contact to help control the hazard.
OSHA Regulations
Policy for Shelter and amenities
Close the business. Bring everyone into the room(s). Shut and lock the door(s).
If there are customers, clients, or visitors in the building, provide for their safety by asking them
to stay not leave. When authorities provide directions to shelter-in-place, they want everyone
to take those steps now, where they are, and not drive or walk outdoors.
Unless there is an imminent threat, ask employees, customers, clients, and visitors to call their
emergency contact to let them know where they are and that they are safe.
Turn on call-forwarding or alternative telephone answering systems or services. If the business
has voice mail or an automated attendant, change the recording to indicate that the business is
closed, and that staff and visitors are remaining in the building until authorities advise it is safe
to leave.
41 | Page
Close and lock all windows, exterior doors, and any other openings to the outside.
If you are told there is danger of explosion, close the window shades, blinds, or curtains.
Have employees familiar with your buildings mechanical systems turn off all fans, heating and
air conditioning systems. Some systems automatically provide for exchange of inside air with
outside air these systems, in particular, need to be turned off, sealed, or disabled.
Gather essential disaster supplies, such as nonperishable food, bottled water, battery-powered
radios, first aid supplies, flashlights, batteries, duct tape, plastic sheeting, and plastic garbage
bags.
Select interior room(s) above the ground floor, with the fewest windows or vents. The room(s)
should have adequate space for everyone to be able to sit in. Avoid overcrowding by selecting
several rooms if necessary. Large storage closets, utility rooms, pantries, copy and conference
rooms without exterior windows will work well. Avoid selecting a room with mechanical
equipment like ventilation blowers or pipes, because this equipment may not be able to be
sealed from the outdoors.
It is ideal to have a hard-wired telephone in the room(s) you select. Call emergency contacts
and have the phone available if you need to report a life-threatening condition. Cellular
telephone equipment may be overwhelmed or damaged during an emergency.
o Use duct tape and plastic sheeting (heavier than food wrap) to seal all cracks around the
door(s) and any vents into the room.
Write down the names of everyone in the room, and call your business designated emergency
contact to report who is in the room with you, and their affiliation with your business
(employee, visitor, client, customer.)

42 | Page
Keep listening to the radio or television until you are told all is safe or you are told to evacuate.
Local officials may call for evacuation in specific areas at greatest risk in your community.
Safety Guidelines Procedures
Understand and follow corporate provided sate procedure.
Report any sickness or injury to the supervisor.
In the result of injury causes bone fracture, or other severe condition, employees must be
removed from the current job until medical attention was given properly.
Avoid wearing loose clothing accessory in case it got caught in machinery.
Always pay attention to the surrounding to avoid hurting yourself and other around.
Wear protective equipment if required for the task at all time.
Make sure that there are nothing blocking the emergency exit way at all time.
Keep your own work area clean
Shut down any machinery before doing any maintenance.
Only authorized personnel are allowed to operated tow motors and lift trucks.
Do not run around in working area.
Do not temper with anything that you are not responsible for (such as the electric control)
Report any unsafe incident or action to supervisor immediately.
Evacuation Procedure
Water Emergency (flood, rain, water main)
See if the emergency can be contained by turning off the water main, or nearest source
of water. If it is flooding, try to contain the flooding to one area and try to plug the
source.
43 | Page
Notify maintenance immediately to shut down power to the affected area of the
building to help prevent any electrical fires that may trigger from water damage.
Immediately notify management of the situation and call 9-1-1 if needed.
needed.
Personnel will evacuate if needed to a predetermined assembly area by department and
will all be accounted for.
Earthquake
See if the situation is okay, check yourself and the surrounding area for any injured
persons or building damage.
If life is at risk, or rescue is needed immediately call 9-1-1
If there are any power lines exposed from damages incurred by the earthquake notify
maintenance so the power can be turned off to help prevent any shock, or electrical
fires from causing further damage.
Immediately notify management of the situation and about any injuries or damages that
were caused.
needed.
44 | Page
Fire
See if the emergency can be contained by use of fire extinguisher first. If it's out of
control find the nearest fire alarm and trigger the alarm and call 9-1-1.
Immediately notify management of the situation, where the fire is at, and any particular
team, or department that may be affected.
needed.
Tornado
As soon as a tornado is noticed or there is notification of a tornado prepare for the
worst.
Immediately notify management of the situation
Prepare for shelter in place if necessary
Board up all the windows in the building and ensure that people stay away from any
doors or windows.
Ensure that emergency kits are distributed that include candles, a battery powered
radio, blankets, water, and some food items that are nonperishable.
able or needed.
Personnel will evacuate to a predetermined assembly area by department and will all be
accounted for if needed.

45 | Page
Appendix J: Test Scenario
Nature-Based Test Scenario
In preparation for nature-based threats to Digiknight corp. We will be conducting a mandatory
test scenario to prepare for the event of an earthquake. Training for this event will include proper
assessment techniques for determining damage after an earthquake which will including but not be
limited to instruction on how to clear debris and remove equipment from any damage areas, how to
stop all production equipment when and if necessary, and what steps to take to insure safe practices
while doing so. This training will also include instructions on how to contact and notify all high-level
employees, maintenance teams, and other personnel in the event of an emergency situation. A drill will
be conducted to assess the level of efficiency for the earthquake action plans reviewed in training
sessions.
Thank you for your cooperation in this matter
Man-Made-Based Test Scenario
In preparation for man-made based threats to Digiknight corp. We will be conducting a
mandatory test scenario to prepare for the event of a network outage. Training for this event will
include procedures for notifying high level employees, IT teams, and other personnel, as well as how to
determine the cause of an outage and the time frame for its recovery. This training will be broken down
into several parts depending on the scale and time frame of each scenario outage. A drill will be
conducted to assess the level of efficiency for network outage action plans that will be reviewed in these
training sessions.
Thank you for your cooperation in this matter.
46 | Page
Appendix K: Map
47 | Page
References
https://definedterm.com/a/definition/1528
http://www.omnisecu.com/ccna-security/types-of-backup-sites.php
http://vladlen.info/publications/computer-generated-residential-building-layouts/
https://www.osha.gov/Publications/osha3122.html
48 | Page

ntw440 BCDR Plan

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

ntw440 BCDR Plan

Caricato da

Copyright:

Formati disponibili

DigiKnight Technologies Inc.

2725 E. Technology Ave, Fremont, CA 94536

Business Continuity/Disaster Recovery Plan

Revisions Control Table

Date Summary of Changes Changes By (Name)

12DEC2016 Initial Draft Livia Nguyen

14DEC2016 Add Executive Summary Jose A Mejia, Jordon Rude, Livia

8AUG2017 Editing Livia Nguyen

Revisions Control Table 2

down time or time lost due to unmanaged time.

is a threat to the corporate.

what need to be done in a disaster event.

Provide guidance in the event of disaster/catastrophic business interruption

Provide a list of disaster recovery procedures and resources

Identify Customers/Vendors to be notified in the event of disaster

Provide Evacuation plan to protect the employees and business

Key personnel will be available following a disaster

disaster event or threats, such as cyber-attack or man-made threats.

Document Revision Procedures

Emergency Management Team (EMT)

Disaster Recovery Team (DRT)

Team Member Responsibilities

Department Supervisor Responsibilities

Department Supervisors will notify senior management in the event of disaster

the percentage of upstream and downstream loss during the event.

Malicious Individual (Hacktivists, hacker group, etc)

Politically Motivated Individuals

IT and Technology-based Threats

already planned with renting company.

behind will be purged of data and disconnected, stored is possible.

what is needed (not available at warm site).

need to be taken to the alternate site as well.

secret in nature to the company.

and transfer of specified services such as internet, etc.

departments will begin transporting to hot site.

added to the new site.

Instructions for activating the plan

Procedure to notify and activate the plan

ensuring that the building is secure after evacuation is complete.

getting the equipment online.

notifying IT so that the issue can be resolved.

because of malfunctioning equipment or access.

Notification and clarification of event

Current status and condition of people, facilities, and equipment

Frequency of updates, estimated time of next update

stakeholders and groups including:

Vendors, suppliers, contractors

Legal and regulatory notification requirements

Emergency Management Procedures

If immediate action is required, priority should be given to personnel safety.

supervisor for a secondary workspace.

In the Event of a Flood or Water Damage

Immediately notify management of the situation and call 9-1-1 if needed.

In the Event of an Earthquake

If life is at risk, or rescue is needed immediately called 9-1-1

causing further damage.

In the Event of a Fire

emergency response contact list to stop the fire.

department that may be affected.

In the Event of Tornado

section are to be followed.

Immediately notify management of the situation

Prepare for shelter in place if necessary