INDEX
Note: f following the page number indicates a figure.
A
ABC-rated fire extinguishers, 370
abortion clinics, 418
access
to facility, 88–91
to people, 87–88
accidents, 67
involving chemical spills, 407–408
and networks, 278
ACD (Automated Call Director), 173
acts of God, 351
additional personnel, acquiring, 144
administrative functions, of Emergency Operations Center, 207–208
administrative plan(s), 115–132
assumptions of, 118–119
and business continuity plan, 116, 117
distribution/updating of, 130–131
document repository for, 125
executive/departmental support for, 117
and IT systems, 130
and program awareness, 128–129
purpose of, 116
recovery strategies in, 122–123
reference section of, 131
risk assessment in, 123
role players in, 119–122
scope of, 117–118
table of contents for, 117
three-year program strategy for, 124–125
and training, 125–128
writing, 123–124
Afghanistan War, 391
after-action reports/reviews, 244–245
air, as component of fire, 366
air conditioning, 53
air-drying (of paper records), 311–312
airports, 345
air-quality problems, indoor, 405–406
alarms
and telecommunications equipment room mitigation plan, 287
and vital records storage, 301–304
alternate shifts, as part of pandemic plan, 194
AM/FM radios (in Emergency Operations Center), 211
animal rights groups, 418
annual tests, 226
anthrax, 406
antiterrorism, 414
application failures, data risk from, 316
application requirements, in technical recovery plan, 154
Application Service Providers (ASPs), 75, 77
assassinations, 415
assembly points, in crisis management plan, 135–136
assessment of key suppliers, 361–362
asset inventory, as component of interim plan, 95–96
asynchronous mirroring, 328f
Asynchronous Transfer Mode (ATM), 274
Atlanta, Georgia, Olympic Games, 419
AT&T, 271
attendance policy, 193
Automated Call Director (ACD), 173
automatic dialers (autodialers), 138, 139
automatic fire suppression systems, 368
automatic number identification, 271
B
backhoes, 280
backup media
interoperability of, 341
recovering, 161–162
safeguarding of, 339
backup(s), 58, 324–326, 330–331
of critical software, 337
Internet, 342
online, 330–331
workstation, 339–344
backup software, 341
barriers
internal fire, 368
batteries
for Emergency Operations Center, 209
UPS, 256–258
BCPs, see business continuity plans
BC-rated fire extinguishers, 370
benefits, employee, 384
biological attacks, 49
bit-by-bit striping, 329
blackouts, electrical, 251–252
blending in, 419
block-by-block striping, 329
brownouts, 250–251
brush fires, 47
building codes, 367
building evacuations, see evacuation(s)
building power system, 252
building security, and fire, 366
buried lines, breaks in, 278
business case, building a, 23–24, see also Business Impact Analysis (BIA)
business climate, 187
Business Continuity Manager, 2–5
and administrative plan, 119–121
and funding, 8
and ongoing support, 9
and risk assessment, 16
business continuity plans (BCPs), 2–3, 116, 117
business continuity strategy, 82–83
business critical data, 323
business departments, 196
Business Impact Analysis (BIA), 24–34, 124
benefits of, 25–26
data collection for, 27, 31–33
definition of, 24
identifying respondents for, 28
managing a, 26–27
and pandemic plan, 182–183
questionnaire for, 28–31
reporting results of, 33–34
and technical recovery, 150
and testing strategy, 224
byte-by-byte striping, 329
C
cabinets, workstation, 339
cable mitigation plan, 286
cable modem, 274
cabling (networks), 279–282
external, 280
internal, 279–280
maps of, 282
and route separation, 281–282
CAD (computer-assisted drafting), 409
calendar, testing, 226, 227f, 228
call accounting, 271
call lists, in crisis management plan, 138–139
call management systems, 271
call monitoring, 271
call trees, 138
cap (sprinkler heads), 373
carbon dioxide (CO2) fire extinguishers, 370
categorization
data, 323
of suppliers, 361–362
CD-ROM, 342
backups on, 341
water-damaged, 314
chemical hazards, 402–403
chemical spills, 407–408
chemical users, as manufactured risk, 48
civil risks, 49
clamping voltage (surge suppressors), 254
cleanup efforts, 385
climate control, as facility-wide risk, 53
coffee pots, as fire hazard, 368
“cold seats,” 168
cold sites, 321
combat stress, 382
command and control, by Emergency Operations Center, 201, 206–207
Command Center, 147
communicating
with customers, 352–354
with employees, 395–396
with news media, 410
as term, 137
communication(s)
by Emergency Operations Center, 220
interactive, 395–396
in pandemic plan, 188, 189f, 190–192
as pandemic technique, 185
in technical recovery plan, 160–161
see also telecommunications
communications function, of Emergency Operations Center, 207, 210–214, 220
communications plan, 17–19, 137–138
community relations personnel, as team members, 11
company information, and work area recovery, 166
compromised information, 318
computer-assisted drafting (CAD), 409
computer hardware
and electrical problems, 251–252
standardizing, 285
computer networks, see networks
computer peripherals, standardizing, 285
confidential information, 56
confined spaces, 404
connectivity requirements, in technical recovery plan, 154
containers, fireproof, 302
containment, damage, 146
containment team, and Emergency Operations Center, 205–206
continuity of leadership, 111
contractual obligations, and pandemic plan, 183
control function, of Emergency Operations Center, 207
control valves (sprinkler systems), 374–375
controversial businesses, as terrorist targets, 418
corporate communications, 147
corporate communications manager, 135, 141–142
costs, downtime, 39–40
counseling
crisis, 373
posttraumatic, 145
crisis counseling, 373
crisis management plan(s), 133–148
essential elements of, 135–139
executive staff responsibilities in, 139–142
Human Resources function in, 143–145
problem identification in, 134
Purchasing function in, 145
role players in, 134–135
Sales function in, 145
sections of, 145–148
solution identification in, 134
critical business function, identification of, 97
critical data, identification of, 322–323
crowds, avoiding, 419
customer notification plan, 349
customers, 349–354
and fire, 365
key, 350–352
pandemic strategy with, 81
plan for communicating with, 352–354
risk assessment with, 352
and work area recovery, 166
customer support, data loss and inability to provide, 319
D
DaaS (desktop as a service), 343
damage
fire, 365–366
damage containment, 146, 219–220
dams, as manufactured risk, 48
data, 315–334
identifying critical, 322–323
and IT infrastructure, 316, 317f
nonessential, 323
planning for recovery of, 320–322
policies and procedures involving, 323–324
process of recovering, 324–325
risk assessment with, 316–319
steps in recovering, 319–320
storage of, 325–331
testing of support plan for, 333–334
virtualization of, 332–333
see also vital records
data backup(s)
mobile, 345
and telecommunications equipment room mitigation plan, 287
for workstations, 339–344
database requirements, in technical recovery plan, 154
data collection
for Business Impact Analysis, 27, 31–33
and suppliers, 359
data communications, for Emergency Operations Center, 211
data network, as facility-wide risk, 53–54
data processing support manager, for Emergency Operations Center, 218
data systems
departmental, 64
in work area recovery plan, 175–176
data systems risk(s), 57–62
communications network as, 59
hackers as, 61
shared computers as, 60
telecommunications system as, 59–60
theft as, 61
viruses as, 60–61
day of the week, 66
DDoS (Distributed Denial of Service) attacks, 278
deaths, see fatalities
“debriefing,” 373
deflector (sprinkler heads), 374
“defusing,” 373
deluge sprinkler systems, 375
Denial of Service attacks, 278
departmental recovery plans, writing, 105–110
departmental risks, 62–64
departmental support, for administrative plan, 117
Department of Homeland Security (DHS), 400, 402
Department of Labor, 400
desktop as a service (DaaS), 343
dialup connection, 273
Disaster Containment Manager, 215–216
disaster declaration, 147
disaster recovery project(s), 1–21
closing, 20–21
executing and controlling, 16–20
funding for, 8–9
initiating, 3–4
planning, 13–16
and role of Business Continuity Manager, 4–5
scope of, 5–8
selecting a team for, 9–13
Disaster Simulations, 229, 240–243
disk mirroring, 326–329, 327f, 328f
disk space requirements, in technical recovery plan, 154
disk striping, 328–329
distance, between primary and backup recovery sites, 73
Distributed Denial of Service (DDoS) attacks, 278
distribution, of administrative plan, 130–131
documentation, of computer networks, 285
document formatting guidelines, 104–105
document repository
for administrative plan, 125
creation of a, 112
domestic terrorism, 414
downtime costs, 39–40
dry pipe sprinkler systems, 375
DVD-Rs, 342
E
8 to 5 service contracts, 92
80/20 rule, 350
electrical blackouts, 251–252
electrical equipment, and vital records storage, 302–303
electrical service, 249–265
and actions steps for outages, 259–261
and building’s power system, 252
Hurricane Andrew and loss of, 385
and line conditioning, 255
loss of (example), 201–203
and power generators, 259–261
risk assessment for, 250–252
and strategy for power protection, 252–253
and surge protection, 253–255
and uninterruptible power supplies, 255–259
electricity
for Emergency Operations Center, 209
as facility-wide risk, 51–52
fires ignited by, 367
electronic keys, 90–91
electronic locks, 160
electronic vault storage, 324
e-mail updates, in pandemic plan, 190
emergency action plans
and health/safety/environmental issues, 399–400, 401f, 408–409
and vital records, 307–310
emergency equipment list, 98
emergency exits, 368
Emergency Medical Technicians (EMTs), 56, 209, 391
Emergency Operations Center(s), 199–220
administrative functions of, 207–208
command function of, 206–207
communications function of, 207, 210–214, 220
containment team and, 205–206
control function of, 207
defined, 201
essential functions of, 201
example of absence of, 201–203
location of, 203–204
materials for, 209–210
mobile, 204–205
priorities of, 218–220
recovery team and, 206
security for, 214
staffing of, 214–218
types of, 200
emergency recall list, 137
employee downtime, data loss and, 318
employee fatalities, 403–404
employee ID cards, 391
employees, 381–398
communicating with, 395–396
family assistance for, 386
labor management issues with, 384–385, 387–391
military service issues with, 391
notification of, in work area recovery plan, 171–172
and outside help, 385–386
in pandemic plan, 183
pandemic strategy with, 81
plan action steps with, 392–398
rating of, 393–394
risk assessment with, 386–391
as terrorism risk, 418
employee skills matrices, 392–395
EMTs, see Emergency Medical Technicians
end-user backups, 344
end-user vital records, protecting, 346
environmental issues, see health, safety, and environmental issues
Environmental Protection Agency (EPA), 400–403, 405, 407, 408
equipment room
mitigation plan for, 286–287
telecommunications, 278–279
errors, testing to reveal, 222
evacuation(s), 406–407
in crisis management plan, 136
due to release of hazardous materials, 405, 406
by Emergency Operations Center, 219
for fire, 377–379
and terrorist attacks, 419
exchange service contracts, 92
executive staff
in crisis management plan, 139–142
and work area recovery, 166
executive support, for administrative plan, 117
exercise participants, 228
exercise recorder, 228
exercises, tests vs., 223
exercise scenarios, 229–231
exits, emergency, 368
expressions of support, 373–374
extension cords, 303
external cabling, 280
external risk(s), 41–50
civil risks as, 49
manufactured risks as, 47–48
natural disasters as, 43–47
supplier risks as, 49–50
extreme temperatures, 45
F
Facilities Director
in crisis management plan, 139–141
damage containment by, 146
facilities engineer, for Emergency Operations Center, 218
facilities manager, 10
Facility Engineering Manager, 217
facility manager, 135
facility security, during labor unrest, 390–391
facility-wide risk(s), 50–57
climate control as, 53
data network as, 53–54
electricity as, 51–52
fire as, 54
medical concerns as, 56
security as, 55–56
structural problems as, 54, 55
telephones as, 52
water as, 52–53
families, communicating with employees’, 396–397
family assistance, 386
fatalities, 67
in crisis management plan, 143
employee, 403–404
from fire, 365
Fawkes, Guy, 415
Federal Emergency Management Agency (FEMA), 45, 66, 201
files, deleting unneeded, 340
finance personnel, as team members, 11
fire alarms, 368, 371–372, 374
fire control system, 301–302
fire damage, of paper records, 313
fire departments, 410
fire detection systems, 371–372
fire drills, 302
fire extinguishers, 302, 368–369
fire hoses, 368
fire inspectors, 367–368
fireproof containers, 302, 376–377
fire ratings, 376
fire(s), 365–380
anatomy of, 366–367
as facility-wide risk, 54
forest, 47
and media storage, 299
plan action steps for, 376–379
risk assessment for, 367–369
statistics on, 379–380
suppression strategy for, 369–376
and telecommunications equipment room, 279
and telecommunications equipment room mitigation plan, 286
types of damage caused by, 365–366
and vital records storage, 300–301
first point of contact (crisis management plan), 135
first responders, as component of interim plan, 98–99
flashlights, for Emergency Operations Center, 209
floppy disks, water-damaged, 314
flu, seasonal vs. pandemic, 181f
force majeure clauses, 351
forensic experts, data loss and need for, 319
forest fires, 47
formatting guidelines, 104–105
frame (sprinkler heads), 373
frame relay, 274
freeze-drying (of paper records), 312–313
freezing (of water-damaged documents), 310
fuel, as component of fire, 366
funding, for disaster recovery projects, 8–9
G
gas fire suppression, 302
general public, communicating with the, 397–398
generators, see power generators
GFS backup scheme, 325–326
goal, testing, 224
government buildings, as terrorist targets, 418
governments, and pandemics, 185
government-sponsored terror, 413
Grandfather-Father-Son (GFS) backup scheme, 325–326
ground eliminators, 255
guerilla warfare, 416
H
H1N1 (swine flu) pandemic, 186, 196
hackers, as data system risk, 60
hail, 45
ham radio operators, 288
hand sanitizer, 190
hard disk recovery, 344
hardware, workstation, 336
head counts, 406–407
health, safety, and environmental issues, 399–412
action steps with, 409–412
and chemical hazards, 402–403
and emergency action plan, 399–400, 401f, 408–409
and employee injuries/fatalities, 403–404
and evacuation, 406–407
and indoor air-quality problems, 405–406
mitigation of, 407–408
and off-site hazards, 404–405
with power generators, 261
risk assessment with, 400, 402–406
and vital records storage, 303
heat, as component of fire, 366
help desk support, data loss and, 318
highways, as manufactured risk, 48
HIV/AIDS, 180
Homeland Security advisory system, 421–422
hospitalizations, multiple, 403–404
hotlines, in pandemic plan, 190
“hot seats,” 168
housekeeping
and fire prevention, 369
and telecommunications equipment room mitigation plan, 287
and vital records storage, 302
human-created outages, 316
Human Resources function, 143–145, 147, 381, see also employees
human resources manager, 135
for Emergency Operations Center, 217
and pandemic plan, 192–194
human resources personnel, as team members, 11
humidity
and media storage, 297–299
and telecommunications equipment room, 278
and telecommunications equipment room mitigation plan, 287
and vital records storage, 301, 303
Hurricane Andrew, 385
Hurricane Hugo, 286
hygrometer, 298
I
ice storms, and networks, 277
ID cards, employee, 391
Illinois Bell, 281
immunizations, 191
inbound communications, for Emergency Operations Center, 213
indoor air-quality problems, 405–406
industrial sites, as manufactured risk, 48
influenza pandemics, 186
information, compromised, 318
information technology (IT)
infrastructure of, 317f
recovery strategy for, 122
see also IT systems; Technical recovery plan(s)
injects, 231
injuries, 403–404
in crisis management plan, 143
from fire, 365
instructional videos, in pandemic plan, 190
insurance, 111
and sprinkler systems, 372
unemployment, 384
insurance companies
in crisis management plan, 141
and Emergency Operations Center, 212
integration testing (integrated system testing), 223, 233–235
intellectual property, 56
intelligent port selectors, 271
interactive communication, 395–396
interactive teams, in work area recovery plan, 174–175
Interactive Voice Response (IVR), 270
Interexchange Carriers (IXCs), 271–272
interim plan(s), 85–99
access to facility as component of, 88–91
access to people as component of, 87–88
asset inventory as component of, 95–96
critical business function identification as component of, 97
emergency equipment list as component of, 98
operations restoration as component of, 97–98
service contracts as component of, 91–94
software asset list as component of, 96–97
toxic material storage as component of, 98
trained first responders as component of, 98–99
vendor list as component of, 94–95
internal cabling, 279–280
internal fire barriers, 368
internal investigations, and data loss, 319
international terrorism, 414
Internet backup, 342
Internet Service Providers (ISPs), 276, 278
interoperability, of backup media, 341
inventory
and suppliers, 363
of workstations, 336
inventorying, of vital records, 293–295
ionization fire detectors, 371
Iraq War, 391
ISDN connection, 274
ISPs (Internet Service Providers), 276, 278
IT, see information technology IT Business Continuity Manager, 120–121
IT infrastructure, and data, 316, 317f
IT systems
and administrative plan, 130
identification of critical, 130
recovery strategy for, 74–78
IVR (Interactive Voice Response), 270
IXCs (Interexchange Carriers), 271–272
J
James, Jesse, 415
janitorial service, 162
Just-in-Time (JIT) suppliers, 351
K
key customers, 350–352
key operating equipment, 63–64
keys
electronic, 90–91
and network security, 284
physical, 88–89
key suppliers, 355–357
KISS principle, 359
L
labor disputes
as civil risk, 49
security during, 390–391
and suppliers, 357
labor management issues, 384–385, 387–391
labor stoppages, 387–389
labor union representatives, as team members, 11
landslides, 47
LANs, see local area networks
laptops, and data risk, 316
leadership, continuity of, 111
legally required data, 324
legal staff
in crisis management plan, 141
as team members, 11
legal team, and crisis management plan, 135
licensing requirements, in technical recovery plan, 154
life, protection of, 219
life insurance, 143
lighting
for Emergency Operations Center, 209
light sticks, 209
line conditioning (electrical service), 253, 255
line interactive UPS, 256
line managers, as team members, 11
litigation expenses, from data loss, 319
load balancing, 329
local area networks (LANs), 60, 273–275, 274f, 330
local governments, 410
location of risk, 66
location(s)
of Emergency Operations Center, 203–204
UPS, 258
see also site, recovery
locks, electronic, 160
logical network security, 284–285
M
magnetic fields, and vital records storage, 301, 303
magnetic media
storage of, 299–300
transport of, 296
water-damaged, 313–314
maintenance
preventive, 95
of recovery site, 177
and vital records storage, 306
manufactured risks, 47–48
MAO (maximum acceptable outage), 25
maps, of network cabling, 282
marketing personnel, as team members, 11
materials, for Emergency Operations Center, 209–210
Material Safety Data Sheets (MSDS), 402
materials manager, for Emergency Operations Center, 218
maximum acceptable outage (MAO), 25
media relations, in crisis management plan, 141–142
media storage, of vital records, 292, 297–300
medical benefits, 384
medical concerns, as facility-wide risk, 56
medical director, for Emergency Operations Center, 218
medical insurance, 143
medical kits, for Emergency Operations Center, 209
meetings
for standalone testing, 232
virtual, 195
MEK (methyl ethyl ketone), 403
mental health counseling, 145, 382–383
messengers, for Emergency Operations Center, 211
metals, flammable, 367
methyl ethyl ketone (MEK), 403
microfilm
storage of, 298–299
water-damaged, 313
Microsoft Virtual PC, 343
microwave communications, 288
military personnel, as trained first responders, 98
military reserves, 391
military service issues, 391
military suppliers, as terrorist targets, 417–418
mirrored sites, 321
mirrored striping, 329
mirroring, disk, 326–329, 327f, 328f
missing steps, testing to reveal, 222
mitigation
of health/safety/environmental issues, 407–408
of suppliers, 363
telecommunications, 285–288
of vital records, 301–305
mobile data backup, 345
mobile devices, and workstations, 344–345
mobile Emergency Operations Centers, 200, 204–205
mobile recovery equipment, 171
mobile security, 344–345
mobile sites, 321
moisture sensors, 303
mold, toxic, 406
MSDS (Material Safety Data Sheets), 402
mudslides, 47
N
NAS (network attached storage), 330
National Guard, 391
natural disaster(s), 43–47
and data risk, 316
extreme temperatures as, 45
hurricanes as, 45
pandemics as, 44
tornadoes as, 43
natural hazards, with networks, 277–278
neighboring residences and businesses, communicating with, 397
network attached storage (NAS), 330
networks, 272–276
as data system risk, 60
and plan development, 284–285
risk assessment with, 276–282
network storage, 342–343
newsletters, company, 128–129
and Emergency Operations Center, 212
and terrorism, 414
noise, electrical, 251
noncompliance issues, data loss and, 319
noncritical data, 324
nonessential data, 323
notebook computers (notebook PCs)
for Emergency Operations Center, 210
security for, 345
surge protectors for, 254
notification
of customers, 349
employee, in work area recovery plan, 171–172
O
Occupational Health and Safety Administration (OSHA), 399–404, 406, 408
office supplies, for Emergency Operations Center, 209–210
off-site duplication, of key vital records, 303
off-site hazards, 404–405
Oklahoma City bombing, 418, 420
online backups, 330–331
online UPS, 256
operational control, by Emergency Operations Center, 201
operational efficiency, data loss and decreased, 319
operations restoration, as component of interim plan, 97–98
opportunities
unplanned, for testing, 244–245
orifice (sprinkler heads), 374
OSHA, see Occupational Health and Safety Administration
outbound communications, for Emergency Operations Center, 213–214
outside help, getting, 385–386
P
page layout guidelines, 104
Pandemic Emergency Manager, 122
Pandemic Plan Administrator, 182, 188
pandemic plan(s), 179–179
and business climate, 187
and business departments, 196
and communications, 188, 189f, 190–192
risk assessment for, 183–185, 184f
and role of human resources manager, 192–194
sources of information for, 187
and technology, 194–195
testing, 197
triggering of, 186–187
writing, 182–183
recovery strategy for, 81–82, 122–123
paper documents
storage of, 298
water damage to, 310–313
passwords
system, 91
in technical recovery plan, 151–152
Payroll function, 147
payroll issues, following a disaster, 384–385
payroll policy, 144–145
PBXs, see Private Branch Exchanges
PCs, see personal computers
PDAs (personal digital assistants), 336, 345
peer pressure, 387
performance reviews, 394
Persian Gulf War, second, 391
personal computers (PCs)
for Emergency Operations Center, 210
risks associated with, 65
in work area recovery plan, 172–173
see also networks; workstations
personal digital assistants (PDAs), 336, 345
personal protective equipment (PPE), 408, 410
personnel
acquiring additional, 144
borrowing, 386
tracking of, in technical recovery plan, 157
see also employees
photoelectric smoke detectors, 371
physical keys, 88–89
physical security
of property, 55
of workstations, 338–339
see also security
picket signs, 390
pipelines, as manufactured risk, 48
pipes, 55
overhead water, 278–279
for sprinkler systems, 374
planning disaster recovery projects, 13–16
Plowshares Eight, 417
point of presence (POP), 271–272
police
reporting suspicious activity to, 420
reporting threats to, 421
as terrorist targets, 417–418
policies and procedures, data, 323–324
POP (point of presence), 271–272
posttraumatic counseling, 145
power generators, 259–261
environmental/regulatory issues with, 261
sizing of, 259–260
switching time of, 260
testing of, 260–261
and working with your public utility, 261
power loss (power outages)
action steps for, 261–265
and telecommunications equipment room, 278
power shedding, 264–265
PPE (personal protective equipment), 408, 410
preaction sprinkler systems, 375
preventive maintenance, 95
printers, in work area recovery plan, 173–174
Private Branch Exchanges (PBXs), 59, 269–271
problem, identification of, in crisis management plan, 134
productivity, lost, 39, 40, 318
professional storage facilities, 292
program backups, for workstations, 339–344
progressive testing, 225
proofreading, of technical recovery plan, 155
property, physical security of, 55
PSTN (Public Switched Telephone Network), 268–269
public information officer, as team member, 11
public relations coordinator, for Emergency Operations Center, 217
Public Switched Telephone Network (PSTN), 268–269
public utility, working with your, 261
punch blocks, 275–276
purchasing agent, for Emergency Operations Center, 217
Purchasing function, in crisis management plan, 145, 147
purchasing manager, 135
purchasing personnel, as team members, 11
Q
quarterly tests, 226
questionnaire, for Business Impact Analysis, 28–31
R
radio communications, for Emergency Operations Center, 211
RAID (redundant array of inexpensive/independent disks), 327–329
rain, and networks, 277
ratings, employee, 393–394
reassignments, 143–144
recall rosters, 159
record keeping, and strikes, 389–390
recovery, of vital records, 310–314
Recovery Activity Log, 157–158
Recovery Gantt Chart, 158–159
recovery planning, 110–112, 201
recovery point objective (RPO), 26, 73, 324
Recovery Site Manager, 156–157
recovery strategy, 71–83
in administrative plan, 122–123
business continuity, 82–83
definition of, 71
IT, 74–78
pandemic, 81–82
selection of, 72–74
work area, 78–80
recovery time objective (RTO), 25–26, 72, 158
in data recovery plan, 324
in work area recovery plan, 167
redundant array of inexpensive/independent disks (RAID), 327–329
reference materials (reference section)
in administrative plan, 131
in work area recovery plan, 174
regulatory issues, with power generators, 261
reporting
of Business Impact Analysis results, 33–34
in technical recovery plan, 160–161
using communications plan, 18–19
reports, after-action, 244–245
respiratory illnesses, 405
response time (surge suppressors), 254
restoration policy, 168
rest plans, 162
retention, of vital records, 296–297
reviews, performance, 394
riots, 49
risk analysis
building a, 37–39
definition of, 37
risk assessment, 15–16, 35, 37
in administrative plan, 123
creation of, 68–69
with customers, 352
with data, 316–319
for electrical service, 250–252
with employees, 386–391
for fire, 367–369
with health/safety/environmental issues, 400, 402–406
with networks, 276–282
for pandemic plan, 183–185, 184f
sources of information on, 66
with suppliers, 357–358
with telecommunications, 276–282
with terrorism, 416–421
with vital records, 300–301
with workstations, 336–338
Risk Management Plan (RMP), 404–405
risk(s)
attributes of, 37f
data systems, 57–62
departmental, 62–64
external, 41–50
facility-wide, 50–57
layers of, 41
scope of, 39–40
severity of, 65–66
types of, 36
your desk’s, 64–65
RMP (Risk Management Plan), 404–405
role players
in administrative plan, 119–122
in crisis management plan, 134–135
roll calls, 406–407
route separation (network cabling), 281–282
RPO, see recovery point objective
RTO, see recovery time objective
S
SaaS (software as a service), 330, 343
safety issues, see health, safety, and environmental issues
safety person, for Emergency Operations Center, 217
safety personnel, 11
Sago, West Virginia, coal mine disaster, 142
sags, voltage, 250–251
sales, lost, 39–40
Sales function, in crisis management plan, 145
sales personnel, as team members, 11
sandstorms, 47
sanitary facilities, for Emergency Operations Center, 209
sanitation
as pandemic technique, 185
and water risk, 53
sanitizing, and pandemic plan, 190, 195–196
SANs (storage area networks), 330, 332
SARS (severe acute respiratory syndrome), 81
satellite communications, 288
scenarios, exercise, 229–231
scope
of administrative plan, 117–118
of technical recovery plan, 153
scope statements, 6–7
scoring, of risk assessment, 68
seasonal flu, 181f
security
for computer networks, 284–285
in crisis management plan, 139
for electrical support equipment, 253
for Emergency Operations Center, 214
for employees, 418
as facility-wide risk, 55–56
during labor unrest, 390–391
mobile, 344–345
in technical recovery plan, 160
for telecommunications equipment room, 279, 286–287
and vital records storage, 303
for vital records transport, 296
in work area recovery plan, 176
of workstations, 338–339
security guards, 419
security manager, for Emergency Operations Center, 217
security personnel, 11
sensitive data, 324
September 11, 2001 terrorist attacks, 74, 204, 288, 356, 421
sequencing, 15
servers
backup to, 342–343
in technical recovery plan, 154
service contracts
as component of interim plan, 91–94
in technical recovery plan, 154
severe acute respiratory syndrome (SARS), 81
shifts, alternate, 194
sick leave, 384
sickness, 67
simulations, 223, 229, 237–238, 240–243
sinkholes, 47
skilled labor, finding, 144
smartphones, 316
smoke, and vital records storage, 300
smoke alarms, 301–302
smoke detectors, 371
social distancing (pandemic technique), 185
software
backup, 341
and data risk, 316
off-site storage of, 285
standardization of, 285
updates to, 319
workstation, 336–337
software as a service (SaaS), 330, 343
software asset list, as component of interim plan, 96–97
solution, identification of, in crisis management plan, 134
space heaters, 368
Spanish Influenza pandemic, 180
spikes, voltage, 251
Spill Prevention Control and Countermeasures (SPCC), 403
spills, chemical, 407–408
sponsor
of business continuity program, 119–120
and testing team, 228
sprinkler systems, 302, 372–376
staffing, of Emergency Operations Center, 214–218
staff reassignments, 143–144
stakeholders, project, 10
standalone testing, 223, 231–233
state terrorism, 413
status boards, for Emergency Operations Center, 212–213
status reports
in pandemic plan, 190
in technical recovery plan, 160–161
stock price, data loss and decreases in, 319
storage
of data, 325–331
fire-resistant, 376–377
network, 342–343
recovering backup media from, 161–162
storage area networks (SANs), 330, 332
storage facilities, professional, 292
storm shelters, 419
strategy
for power protection, 252–253
for recovery, see recovery strategy
stress, employees and, 382–384, 387
stress management techniques, 382–383
strikes, 387–389
striping, 328–329
structural damage, from fire, 365
structural problems
and vital records storage, 300
subpoenas, data loss and resulting, 319
substitutes, trained, 193
success, criteria for, 7–8
suicide terror attacks, 414
supplier risks, 49–50
suppliers, 355–364
agreement with, 362
assessment of, 361–362
and data collection, 359
dialogue with, 360–361
and Emergency Operations Center, 212
Just-in-Time (JIT), 351
key, 355–357
mitigation of, 363
in pandemic plan, 184–185
and plan action steps, 358
risk assessment with, 357–358
see also vendors
support, expressions of, 373–374
support software, in technical recovery plan, 154
surge protection, 253–255, 337
surges, voltage, 251
surge suppressors (surge protectors), 253–255
suspicious activity, reporting, 420
switching time (power generators), 260
synchronous mirroring, 327f
system costs, data loss and increased, 319
system passwords, 91 “Systems Requirements” (technical recovery plan), 154
system support charts, 152
system users, 153
T
T-1 connection, 274
T-3 connection, 274
table of contents
for administrative plan, 117
for technical recovery plan, 153
Table-Top drills, 411
table-top testing, 223, 238–240
tape drives, 341
tapes
water-damaged, 313
team(s)
at assembly points, 136
collocating interactive, 174–175
for disaster recovery projects, 9–13
for handling vendor loss, 357
recovery, 146–148
technical recovery, 121
in technical recovery plan, 160
technical recovery plan(s), 149–163
determining focus of, 149–150
and recovery team leader, 156–162
steps to creation of, 150–152
template for creating, 152–156
technical recovery team, 121
technical support charts, 159
Technician Tracking Log, 157
technology, in pandemic plan, 194–195
tech support, 153
telecommunications, 267–272
and Interexchange Carriers, 271–272
and plan actions steps, 288–289
and plan development, 282–288
and Private Branch Exchanges, 269–271
and Public Switched Telephone Network, 268–269
risk assessment with, 276–282
and testing, 289
in work area recovery plan, 175–176
see also networks
telecommunications equipment room, 278–279
telecommunications mitigation plan, 285–288
telephone circuits, identifying critical, 283–284
telephone company
central office of, 271
working with the, 287
telephone line support (surge suppressors), 254
telephone lists, maintaining, 137
telephones
for Emergency Operations Center, 210–211
as facility-wide risk, 52
and Public Switched Telephone Network (PSTN), 268–269
in work area recovery plan, 173
telephone service, disrupted/limited, 396
televisions, in Emergency Operations Center, 211
temperature fire detectors, 371
temperature(s)
extreme, 45
and media storage, 297–299
and telecommunications equipment room, 278
and telecommunications equipment room mitigation plan, 287
for transport of magnetic recordings, 296
and vital records storage, 301, 303
template training, for technical recovery plan, 155
as civil risk, 49
definition of, 413
history of, 414–416
and Homeland Security advisory system, 421–422
risk assessment with, 416–421
types of, 413–414
testing, 221–247
benefits of, 221–222
of data support plan, 333–334
developing a strategy for, 224–227
of disaster recovery plan, 19–20
and Disaster Simulation, 240–243
and exercise scenarios, 229–231
of health and safety plan, 411–412
integration, 233–235
of pandemic plan, 197
of power generators, 260
progressive, 225
and recovery time objective, 223
and RTO capability, 246
and simulations, 237–238, 240–243
standalone, 231–233
and suppliers, 363
table-top, 238–240
of technical recovery plan, 162–163
of telecommunications, 289
types of, 222–223
unplanned opportunities for, 244–245
of UPS, 258–259
walk-through, 235–236
of work area recovery plan, 176–177
testing calendar, 226, 227f, 228
tests, exercises vs., 223
theft
of computers, 338–339
and data risk, 316
as data system risk, 60
and vital records storage, 301, 304
thermal linkage (sprinkler heads), 373
thermograph, 298
threats
analyzing, see risk assessment
reporting, 421
time and materials service contracts, 92
time goals, for recovery strategy, 73
time of the day, 65–66
“time to data,” 322
timing, as pandemic technique, 185
TJX, 318
toxic materials, storage of, 98
toxic mold, 406
trailers, mobile recovery equipment on, 171
trained first responders, as component of interim plan, 98–99
training
and administrative plan, 125–128
and employee skills matrix, 395
transport (transportation)
as manufactured risk, 48
of vital records, 295–296
travel
and notebook PC theft, 345
and terrorism, 418–419
trespassing, 55
triggering, of pandemic plan, 186–187
24/7 service contracts, 92
U
Underwriters Laboratory (UL), 376
unemployment insurance, 384
Uninterruptible Power Supply (UPS), 202–203, 253, 255–259
and telecommunications equipment room mitigation plan, 286
for workstations, 337
updates, administrative plan, 130
upgrades, software, 337
UPS, see Uninterruptible Power Supply U.S. Centers for Disease Control and Prevention, 186
utility services, in crisis management plan, 140
V
VA (volt-amps), 257
vacation, 384
vaccines, 191
VDI (Virtual Desktop Infrastructure), 343
vendors
computer-network-related, 285
and data risk, 317
and fire, 366
pandemic strategy with, 81
see also suppliers
videotaped reports, in pandemic plan, 190
videotaping, of entry gate, during strikes, 389–390
Virtual Desktop Infrastructure (VDI), 343
virtualization
data, 332–333
of workstations, 343
virtual meetings, 195
Virtual Private Networks (VPNs), 79, 275
and pandemic plan, 194–195
and work area recovery plan, 167
virtual tape library (VTL) technology, 332
virtual workers, 192
vital records, 291–314
definition of, 292
emergency actions with, 307–310
fire and loss of, 365, 376–377
inventorying, 293–295
media for storage of, 292
and media storage, 297–300
mitigation of, 301–305
and plan action steps, 305–307
recovery techniques with, 310–314
retention of, 296–297
risk assessment with, 300–301
transporting, 295–296
vital records manager, in Emergency Operations Center, 218
VMware Workstation, 343
voice mailboxes, 396
voltage sags, 250–251
voltage spikes, 251
voltage surges, 251
volt-amps (VA), 257
VPNs, see Virtual Private Networks
VTL technology, 332
Vulnerable Zone Indicator System (VZIS), 405
W
walk-through testing, 223, 235–236
WANs, see wide-area networks
“warm seats,” 168
warm sites, 321
water
as facility-wide risk, 52–53
for sprinkler systems, 373–374
and vital records storage, 300, 310–313
water-based fire extinguishers, 370
water mains, 52
water mist sprinkler systems, 376
water pipes
for sprinkler systems, 374
in telecommunications equipment room, 278–279
Web site(s)
for Emergency Operations Center, 211
in pandemic plan, 190
wet pipe sprinkler systems, 375
whiteboards, in Emergency Operations Center, 212
WHO (World Health Organization), 81, 186
wide-area networks (WANs), 273, 275, 275f
winds, high, 45
wireless connections, 275
wood, combustion of, 366
word processing guidelines, 104–105
Work Area Recovery Manager, 121–122
work area recovery plan(s), 165–178
and employee notification, 171–172
and maintaining the recovery site, 177
options in, 170f
security issues in, 176
and selection of recovery site, 167–171
telecommunications issues in, 175–176
testing, 176–177
tools for, 172–174
using interactive teams in, 174–175
writing, 166–176
work areas, recovery strategy for, 78–80, 122
workplace stress, 387
workspace, minimum, 167–168
workstations, 335–347
end-user backup issues with, 344
and end-user vital records, 346
and mobile devices, 344–345
physical security of, 338–339
and program/data backups, 339–344
risk assessment with, 336–338
special-purpose, 340
virtualization of, 343
work surfaces, minimum, 168
World Health Organization (WHO), 81, 186
World Trade Center bombing (1993), 416, 420
writing the plan, 101–113
and administrative plan, 123–124
and choosing a standard format, 102–103
and creation of document repository, 112
for departmental recovery, 105–110
and including recovery considerations, 110–112
and pandemic plan, 182–183
and use of plan, 103–104
word processing guidelines for, 104–105
and work area recovery plan, 166–176
Z
Zip cartridges, 342