Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Phone: 415-555-2668
Fax: 415-555-2622
Editing Nguyen
2 | Page
Table of Contents
3 | Page
In the Event of a Fire 19
In the Event of Tornado 20
Appendixes 22
Appendix A: DigiKnight Technologies Inc. Recovery Teams 22
Emergency Management Team (EMT) 22
Purpose: 22
Responsibilities: 22
Disaster Recovery Team (DRT) 22
Purpose: 22
Responsibilities: 22
Information Technology Services (IT) 23
Purpose: 23
Responsibilities: 23
Appendix B: Contact Lists 24
Recovery Team 24
Management Contact 25
Insurance Provider 26
Vendor/Suppliers 26
Appendix C: Equipment Inventory 28
Appendix D: Distribution List 29
Primary 29
Alternatives 30
Appendix E: Risk Mitigation Strategies 32
Appendix F: Legal and Regulatory Constraints 33
Corporate legal and regulatory constraints 33
Definition 33
Appendix G: Template 35
Communication Template to assist in crisis communication situations 35
Appendix H: Service Contract 37
Computers 37
4 | Page
Office Equipment 38
Appendix I: Policy/Procedures 40
Notifying Crisis Communication Command Center Procedure 40
Locating and Testing of Emergency Systems 40
Policy for Shelter and amenities 41
Safety Guidelines Procedures 43
Evacuation Procedure 43
Appendix J: Test Scenario 46
Nature-Based Test Scenario 46
Man-Made-Based Test Scenario 46
Appendix K: Map 47
References 48
5 | Page
Executive Summary
This project is needed because it is known Machines & Hardware Fail, Humans Make Mistakes, Nature is
Unpredictable, and Customers Want Access 24/7/365 A business continuity and disaster recovery plan
will help ensure our company can keep operating during and after unexpected events occur. The
business continuity plan and disaster recovery plans focus on making sure the employees are safe and
the company can continue operating toward the business objectives. We live in a world that requires
constant access and a dependency for many clients and partner providers, a company cannot afford any
The project will prepare the corporate for any type of possible event that could cause interruption to the
business operation. The project will provide the corporate with a list of policies and procedure that will
guides employees through emergency event. The document will include an evacuation plan that will
help the corporate organized and be ready for any possible event that could harm the company or
employees in the facilities. The project will give the corporate a risk assessment that show what the
company need to avoid or being careful with. This document will also provide the company a look to
the upstream, downstream to business operation based on the specific problem that the corporate can
encounter. It will allow the corporate to understand the impact of a certain event and how to recovery
from the event and continue the business in a short time to avoid losing business assets.
The cost of this project based on the recommendation could exceed millions of dollars, but it will protect
and provide a plan for the corporate in a long run. It is quite an expensive plan, but it provides the
corporate with an alternative option to continue their business and recover from any disaster event that
6 | Page
Purpose
The Business Continuity and Disaster Recovery plan document was created to prepare DigiKnight
Technology Inc. corporate for any possible events that could cause interruption to business operation.
The corporate will be able to assess the risk and prepare a plan specifically prepare to fix the problem or
prevent it from happening. This plan will allow the corporate to transition between the main site to an
alternative site to continue business operation in case of event that damage the main work site. The
main objective of this document is to prepare the corporate to continue business function when an
event occur that could cause interruption, but it also prevents it from happening.
Scope
The scope of this document is assessing any potential risk that could interrupted business operation.
This document is used as a plan to prevent this event from happening or giving the corporate an idea of
Objectives
Provide reference for critical data (emergency numbers, insurance information, etc.)
Provide a list of policy and procedure that need to be follow in an emergency event
7 | Page
Assumptions
Some disasters are beyond the ability of the company to handle (i.e. nuclear war)
Vital documents, such as this plan, survive the disaster and are accessible immediately
afterwards
Support organizations survive the disaster and are equipped to handle the company's needs
BCDR plan will be updated to support the business needs and requirements
Disaster Definition
Any type of event that could cause interruption to the business operation. It could possibly be a natural
Disaster Recovery Team (DRT) will create a new risk assessment annually to update the current threats
and possible disaster to the corporate. The Emergency Management Team (EMT) will then review and
create a new plan that could support the current needs. EMT will then present it to the CEO for
approval and update corporate management about the change. Once document revision is approved, it
will be put in place and implement the changes that is need for the update. Information Technology
Services (IT) will be working together with DRT and EMT to implement the changes.
Recovery Teams
8 | Page
Information Technology Services (IT)
All team members will keep an updated phone list that lists the phone numbers of other
members of their department at all times in case of emergency after work hours
All team members will be familiar with the plan so that action can be taken quickly in the case of
disaster
Team Members will notify their Department supervisors in the event of disaster and follow
proper procedure.
Team members
Department supervisors will maintain a hardcopy of the current plan at their homes in case of
emergency
In the event of emergency, Department Supervisors will begin notifications using the phone list
Threats Assessment
The threats were ranked based on the likelihood of the event taken place and their vulnerability. List of
Natural Threats
Earthquake
o Upstream: 45%
9 | Page
o Downstream: 45%
Wildfire
o Upstream: 75%
o Downstream: 75%
Tornado
o Upstream: 55%
o Downstream: 55%
Hurricane
o Upstream: 100%
o Downstream: 100%
Earthquake
o Upstream: 45%
o Downstream: 45%
Man-made Threats
Competition
o Upstream: 50%
o Downstream: 50%
o Upstream: 50%
o Downstream: 50%
Disgruntled Employees
10 | Page
o Upstream: 10%
o Downstream: 25%
o Upstream: 50%
o Downstream: 50%
Corporate Espionage
o Upstream: 30%
o Downstream: 25%
Severe Weather
o Upstream: 75%
o Downstream: 75%
Malicious Software
o Upstream: 100%
o Downstream: 100%
Corrupted Data
o Upstream: 50%
o Downstream: 50%
Software Bugs
o Upstream: 50%
o Downstream: 50%
11 | Page
Virus
o Upstream: 40%
o Downstream: 45%
Environmental/Infrastructure Threats
Wildfire
o Upstream: 75%
o Downstream: 75%
Earthquakes
o Upstream: 45%
o Downstream: 45%
Flash Flood
o Upstream: 25%
o Downstream: 25%
Tornado
o Upstream: 10%
o Downstream: 10%
Hurricane
o Upstream: 5%
o Downstream: 5%
12 | Page
Alternative Site Backup Plan
Cold Site
Begin by turning on power and making sure internet is available on site. Designated crews should
already be on their way or on site to begin marking and designating where equipment will be places.
Back on site, crews will be loading what is essential onto moving vehicles. At this point all business
critical will be taken and everything else will be rented out. If renting, the designated personnel will have
IT oversees backing up and deciding what must be taken and what must be left behind. Anything left
Human Resources, payroll, and similar departments will need to backup all essential databases per ITs
instruction. It is up to the individual managers to keep a tab of what is taken and what is left behind.
Once on site, the sections will begin to set up and run barebones business critical operations. IT is
deemed Priority One, followed by equipment crews and Human Resources, and lastly Payroll.
Warm Site
Process to transfer primary site operations to warm site. This does not mean take everything, only take
When relocating to an alternate site you must ensure that everything that is vital to your operation is
taken. Not necessarily all equipment, but the important stuff that if not taken could be detrimental to
your operation. Any information that may detail your operation or hold any sort of trade secrets will
13 | Page
When a relocation is necessary management will make the notification. All employees must pack up
what they can, in a safe manner, pack up all of their desk items and prepare them for relocation to the
alternate site. They will grab any documents that are important, or that may be considered important or
IT will have to ensure proper backups are conducted and ensure that the data is available on backups.
Those backups will have to be removed from the server and taken to the alternate location as well. IT
management will arrange with the service providers of all utilities in use at the main site on shut down
Human Resources will need to ensure that they grab and take all of the files that hold any sort of
Personal Identifiable Information and that all of the important documents for the company get taken
with them.
Hot Site
When initial crisis is verified and confirmed, the designated hot site coordinator will take charge.
Assigning pre-designated personnel to the site or another location. HR, payroll, and other critical
Hot site coordinator will already be on site performing basic checks to ensure equipment is operational.
Designated personnel will then arrive and begin to assemble in the pre-assembled areas. IT personnel
will make sure all data has been backed up or that all personnel have as accurate data as possible.
The hot site should be operational in under two hours. As the designated hot site coordinator makes
sure that all building functions are operational. This includes electricity, internet, water services, waste
14 | Page
services, etc. The hot site should be completely operational in under 48 hours and will continue to
operate in a normal capacity while the primary site is worked on and investigated.
Mirrored Site
Find a site with the bigger than the primary site because employees will be working in the same place.
Get all of the equipment and devices that the alternative site need. Make sure that there is nothing in
the way when setting up the equipment. Work with services provider and utilities that needed and
Everything will be copied and taking to the new site to set up like the primary site. All of the equipment
that the company owned will be put in place. Another option is to rent the equipment, which will
decrease the cost going into implementing the plan. All employees will be in charge of getting
equipment and item that they will need for their task.
IT will back up and create a copy of all the data that was currently on the primary site to add to the new
alternative site. All of the backup will now be placed into the new server in the mirrored site. The site
will have to be set up with the same configuration as the primary site since its function will be exactly
the same as the primary site. IT management will be working with service providers and utilities to shut
down the primary site and get the alternative site running.
Human Resources will grab any last files that contain important information to the new site. Everything
that was taken from the primary site need to be documented properly so that it can be track and make
sure that nothing was missing later when moving back to the primary site.
15 | Page
Mobile Site
The Mobile site transport must be acquired and equipped with all necessary equipment to enact an
alternate site. The mobile site should be based in a separate location than the primary and alternate
sites. For quick deployment, it is imperative to have the mobile site ready to go beforehand and all
necessary instruction about the mobile site be made available to the disaster recovery team. In the
event that the Mobile Site is deployed, team members must designate a driver and operators for the
site and follow all directives for arriving at designated location while keeping systems operable and
running.
Security will do a sweep of the main location to ensure that all members are evacuating from the main
building and that nothing important is left behind. Security can utilize pre-made checklists that double
check to ensure all important assets were removed, all important documents were taken, as well as
Upon arrival to the alternate work site, Security will need to do a sweep of the building to ensure no
transients, wild animals, or anything crazy is inside of the building. Once the sweep is complete and the
all clear is given then everyone can head inside and start setting up shop.
First IT will need to ensure that the services that needed to be turned on or transferred to the alternate
site were actually moved. Once that is confirmed then they will need to get the servers back online via
the backups they made before the relocation. After that is completed and tested then they can start
16 | Page
The workers will ensure that they have power at their respective stations, if no power is available then
they will need to notify IT so they can get an electrician on site to fix the dead power line. Workers will
ensure that they have a functioning Lan Connection as well as ensuring that all equipment essential to
the job are functioning as they should. If there are any issues with anything the worker is responsible for
HR will ensure that all important documents are accounted for and locked up as necessary. HR will also
ensure that they are functioning at 100% and notify IT in the event of not being able to do their job
Disaster Declaration
The disaster declaration statement should include the general disaster information:
Impact of event
The disaster declaration statement should include specific information and instructions for various
Employees
Customers
Business partners
17 | Page
Community and media
These procedures are for DigiKnight Technologies Inc. personnel in the event of a disaster. If these
procedures are unclear, personnel should seek guidance from team leaders or disaster response teams.
These procedures will be given to all DigiKnight Technologies Inc. management personnel for reference.
If personnel cannot access their workspace, they are to contact their team leads or department
In the event of a flood or broken water pipe within the facilities, follow the instruction on the
procedure below:
See if the emergency can be contained by turning off the water main, or nearest source of
water. If it is flooding, try to contain the flooding to one area and try to plug the source.
Notify maintenance immediately to shut down power to the affected area of the building to
help prevent any electrical fires that may trigger from water damage.
Notify all personnel in the building of the situation and have them prepare to evacuate if
needed.
18 | Page
Personnel will evacuate if needed to a predetermined assembly area by department and will all
be accounted for.
In the event of a major earthquake, follow the evacuation plan and look for shelter by followed
supervisor instruction.
See if the situation is okay, check yourself and the surrounding area for any injured persons or
building damage.
If there are any power lines exposed from damages incurred by the earthquake notify
maintenance so the power can be turned off to help prevent any shock, or electrical fires from
Immediately notify management of the situation and about any injuries or damages that were
caused.
Notify all personnel in the building of the situation and have them prepare to evacuate if
needed.
Personnel will evacuate if needed to a predetermined assembly area by department and will all
be accounted for.
If any type of fire event is happening, immediately follow the evacuation plan and leave the building by
following supervisor instruction. Supervisor will be contacting for emergency help by using the
19 | Page
See if the emergency can be contained by use of fire extinguisher first. If it's out of control find
the nearest fire alarm and trigger the alarm and call 9-1-1.
Immediately notify management of the situation, where the fire is at, and any team, or
Notify all personnel in the building of the situation and have them prepare to evacuate if
needed.
Personnel will evacuate if needed to a predetermined assembly area by department and will all
be accounted for.
In the event of a Tornado within any of the three building facilities, the guidelines and procedures in this
As soon as a tornado is noticed or there is notification of a tornado prepare for the worst.
Board up all the windows in the building and ensure that people stay away from any doors or
windows.
Ensure that emergency kits are distributed that include candles, a battery powered radio,
Notify all personnel in the building of the situation and have them prepare to evacuate if able or
needed.
20 | Page
Personnel will evacuate to a predetermined assembly area by department and will all be
21 | Page
Appendixes
Purpose:
The EMT is intended to coordinate disaster recovery operations, evaluate and declare disaster
Responsibilities:
Purpose:
The DRT is intended to determine recovery need and that recovery operations are proceeding as
necessary.
Responsibilities:
22 | Page
Notify all department supervisors and ensure that they have activated their disaster
Purpose:
Responsibilities:
23 | Page
Appendix B: Contact Lists
Recovery Team
IT Team
Management
BC/DR Team
HR
Management Contact
Fax: 415-555-2622
CEO: 415-555-7841
Administration: 415-555-8643
IT Department: 415-555-8352
25 | Page
Insurance Provider
Vendor/Suppliers
Computer Vendors
o Dell
o HP
o Boldata
Suppliers
o Blank DVD/CD/Cases
Disc Makers
26 | Page
Address: 7905 N. Route 130 Pennsauken, NJ 08110-1402
o Packaging Box
o Paper
JC Paper
27 | Page
Appendix C: Equipment Inventory
Building One
o 10 computers
Building Two
o 27 computers
Building Three
o 10 Server
o 20 computers
28 | Page
Appendix D: Distribution List
Primary
Administration
Sales
Manufacturing
Maintenance
Advertising
Shipping
Purchasing
Security
IT
o Email: jtaft@digiknight.com
IT Team
o Email: jteller@digiknight.com
Management
o Email: jreacher@digiknight.com
BC/DR Team
o Email: dandrews@digiknight.com
o Email: jmagallenas@digiknight.com
30 | Page
HR
o Email: kcobain@digiknight.com
31 | Page
Appendix E: Risk Mitigation Strategies
Risk Buffering would entail the involvement of failsafe and backups to ensure the success of the
implemented plan. If plan A falls through, plan B is enacted and ensures that plan A is restored to its
fullest.
Risk avoidance is the elimination or avoidance of certain crucial risks that could inevitable impact the
company in a detrimental fashion. The nature of the solution is to mitigate risks based on choices
available.
Risk Control involves plotting and devising an alternative plan that may implement a different solution
as a backup to limit the amount of risk a company may encounter. This may include being more in
control of the risks that present themselves within a company such as lack of security. Risk control
seems to be the ultimate fallback in case a company is about to go bankrupt from loss of sales or
Risk transfer and contracting typically occurs on the contractual level where one party agrees to share
some of the risk with another entity. That being said, this solution seems to demand a certain amount of
risk in return for rewards or kickbacks amongst the participants involved. Companies that contract their
services out to third party personnel typically use risk transfer and contracting. Contracts typically
32 | Page
Appendix F: Legal and Regulatory Constraints
Company should advise a legal team or legal staff and have them provide input on legal issues.
Dependent upon contents of message, possible company regulations for intellectual property or
sensitive data/documentation that can be used against the company. These regulations may
include a sort of self-destruct initiative or disposal process to not allow the information to get
into the wrong hands. This may also apply to private companies that may have a strong public
Other Legal constraints could include failure to report to federal agencies such as OSHA, DHHS,
o Fines and penalties entailed with failure to comply with federal agencies.
Definition
Intellectual Property - a work or invention that is the result of creativity, such as a manuscript or
a design, to which one has rights and for which one may apply for a patent, copyright,
trademark, etc.
33 | Page
Sensitive Information - data that is protected against unwarranted disclosure. Access to
required for legal or ethical reasons, for issues pertaining to personal privacy, or for proprietary
considerations.
OSHA - The Occupational Safety and Health Administration, more commonly known by its
acronym OSHA, is responsible for protecting worker health and safety in the United States.
DHHS - Acronym for the U.S. Department of Health and Human Services. Also known as HHS.
The U.S. Department of Health and Human Services has two types of operating divisions: The
DHS - The United States Department of Homeland Security (DHS) is a federal agency designed to
protect the United States against threats. Its wide-ranging duties include aviation security,
HIPAA - Acronym that stands for the Health Insurance Portability and Accountability Act, a US
law designed to provide privacy standards to protect patients' medical records and other health
information provided to health plans, doctors, hospitals and other health care providers.
34 | Page
Appendix G: Template
On (mm/dd/yyyy) at approximately (0123) an event took place at our company due to natural
weather conditions. Everything is under control and we are working with local disaster recovery
agencies to get us back online and fully operational. During this time, we will be working hard to ensure
that everything that needs to be done will be done in a timely manner and in the safest way possible.
Our goal is to ensure that this incident is contained with zero incidents and that we are able to fully
recover in the quickest amount of time possible. If you need any further information, please feel free to
contact our Public Affairs Officer at (123)456-7890. Thanks for your understanding.
Employees
Customers
Business partners
35 | Page
Community and media
Jack Sparrow
(123)456-7890
jsparrow@DigiKnight.com
36 | Page
Appendix H: Service Contract
Computers
Dell
o Same day service will only be accepted if request was made before 3 pm
HP
Boldata
o Contract only offer to send maintenance personnel on site from Monday to Friday
between noon to 5 pm
37 | Page
o Call 1-888-555-1497 for service
o Cover all office, sales, administration, and any other software program that the
companies has.
Office Equipment
Copy/Fax machines
Production Machines
o Contact We FixEm Inc. if the maintenance staff cannot repair the broken production
machine.
38 | Page
o Called 1-888-555-0567 for We FixEm Inc. service
39 | Page
Appendix I: Policy/Procedures
In the event that the Crisis Communication Command Center needs to be contacted management will
need to ensure that IT is notified and aware of all situations and tasks that need to be completed.
The BC/DR team will work with management and IT to ensure continuity of all information that needs
to be known.
The BC/DR team will work with the Crisis Management team and coordinate all efforts with the Crisis
General Requirements:
All exits must be clearly marked and lit with red EXIT signs.
Emergency Alarms
Emergency action plan implemented to evacuate personnel and integrated with local or state/Federal
40 | Page
Emergency medical and first aid equipment must be put in accessible locations and clearly marked.
Fire suppression systems must be checked and maintained according to system regulations.
Written fire prevention plan that includes what to do when a major fire hazard occurs. Procedures for
dealing with the hazard and who to contact to help control the hazard.
OSHA Regulations
Close the business. Bring everyone into the room(s). Shut and lock the door(s).
If there are customers, clients, or visitors in the building, provide for their safety by asking them
to stay not leave. When authorities provide directions to shelter-in-place, they want everyone
to take those steps now, where they are, and not drive or walk outdoors.
Unless there is an imminent threat, ask employees, customers, clients, and visitors to call their
emergency contact to let them know where they are and that they are safe.
has voice mail or an automated attendant, change the recording to indicate that the business is
closed, and that staff and visitors are remaining in the building until authorities advise it is safe
to leave.
41 | Page
Close and lock all windows, exterior doors, and any other openings to the outside.
If you are told there is danger of explosion, close the window shades, blinds, or curtains.
Have employees familiar with your buildings mechanical systems turn off all fans, heating and
air conditioning systems. Some systems automatically provide for exchange of inside air with
outside air these systems, in particular, need to be turned off, sealed, or disabled.
Gather essential disaster supplies, such as nonperishable food, bottled water, battery-powered
radios, first aid supplies, flashlights, batteries, duct tape, plastic sheeting, and plastic garbage
bags.
Select interior room(s) above the ground floor, with the fewest windows or vents. The room(s)
should have adequate space for everyone to be able to sit in. Avoid overcrowding by selecting
several rooms if necessary. Large storage closets, utility rooms, pantries, copy and conference
rooms without exterior windows will work well. Avoid selecting a room with mechanical
equipment like ventilation blowers or pipes, because this equipment may not be able to be
It is ideal to have a hard-wired telephone in the room(s) you select. Call emergency contacts
and have the phone available if you need to report a life-threatening condition. Cellular
o Use duct tape and plastic sheeting (heavier than food wrap) to seal all cracks around the
Write down the names of everyone in the room, and call your business designated emergency
contact to report who is in the room with you, and their affiliation with your business
Local officials may call for evacuation in specific areas at greatest risk in your community.
In the result of injury causes bone fracture, or other severe condition, employees must be
removed from the current job until medical attention was given properly.
Always pay attention to the surrounding to avoid hurting yourself and other around.
Make sure that there are nothing blocking the emergency exit way at all time.
Only authorized personnel are allowed to operated tow motors and lift trucks.
Do not temper with anything that you are not responsible for (such as the electric control)
Evacuation Procedure
See if the emergency can be contained by turning off the water main, or nearest source
of water. If it is flooding, try to contain the flooding to one area and try to plug the
source.
43 | Page
Notify maintenance immediately to shut down power to the affected area of the
building to help prevent any electrical fires that may trigger from water damage.
Notify all personnel in the building of the situation and have them prepare to evacuate if
needed.
Earthquake
See if the situation is okay, check yourself and the surrounding area for any injured
If there are any power lines exposed from damages incurred by the earthquake notify
maintenance so the power can be turned off to help prevent any shock, or electrical
Immediately notify management of the situation and about any injuries or damages that
were caused.
Notify all personnel in the building of the situation and have them prepare to evacuate if
needed.
44 | Page
Fire
See if the emergency can be contained by use of fire extinguisher first. If it's out of
control find the nearest fire alarm and trigger the alarm and call 9-1-1.
Immediately notify management of the situation, where the fire is at, and any particular
Notify all personnel in the building of the situation and have them prepare to evacuate if
needed.
Tornado
worst.
Board up all the windows in the building and ensure that people stay away from any
doors or windows.
Ensure that emergency kits are distributed that include candles, a battery powered
radio, blankets, water, and some food items that are nonperishable.
Notify all personnel in the building of the situation and have them prepare to evacuate if
able or needed.
Personnel will evacuate to a predetermined assembly area by department and will all be
test scenario to prepare for the event of an earthquake. Training for this event will include proper
assessment techniques for determining damage after an earthquake which will including but not be
limited to instruction on how to clear debris and remove equipment from any damage areas, how to
stop all production equipment when and if necessary, and what steps to take to insure safe practices
while doing so. This training will also include instructions on how to contact and notify all high-level
employees, maintenance teams, and other personnel in the event of an emergency situation. A drill will
be conducted to assess the level of efficiency for the earthquake action plans reviewed in training
sessions.
mandatory test scenario to prepare for the event of a network outage. Training for this event will
include procedures for notifying high level employees, IT teams, and other personnel, as well as how to
determine the cause of an outage and the time frame for its recovery. This training will be broken down
into several parts depending on the scale and time frame of each scenario outage. A drill will be
conducted to assess the level of efficiency for network outage action plans that will be reviewed in these
training sessions.
46 | Page
Appendix K: Map
47 | Page
References
https://definedterm.com/a/definition/1528
http://www.omnisecu.com/ccna-security/types-of-backup-sites.php
http://vladlen.info/publications/computer-generated-residential-building-layouts/
https://www.osha.gov/Publications/osha3122.html
48 | Page