• No results found

Business Unit CONTINGENCY PLAN

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Business Unit CONTINGENCY PLAN"

Copied!
11
0
0

Loading.... (view fulltext now)

Download now ( 11 Page )

Full text

(1)
(2)

Date Version 1.0 Page 2

1 Plan Review and Updates ... 3

2 Introduction ... 3

2.1 Purpose ... 3

2.2 Scope ... 3

2.3 Plan Information ... 4

3 Contingency Plan Overview ... 4

3.1 Objectives ... Error! Bookmark not defined. 3.2 Organization ... 4

3.3 Mission Critical Systems/Applications /Services ... 4

4 System Description ... 4 4.1 Physical Environment ... 4 4.2 Technical Environment ... 4 5 Plan ... 5 5.1 Plan Management ... 5 5.1.1 Incident Notification ... 5

5.1.2 Internal Personnel Notification ... 5

5.1.3 External Contact Notification ... 5

5.1.4 Plan Maintenance ... 5

6 Appendices ... 5

APPENDIX A – CONTINGENCY PLAN CONTACT INFORMATION ... 6

APPENDIX B – MISSION CRITICAL APPLICATONS, PROCESSES ... 7

APPENDIX C –MANUAL PROCEDURES FOR MISSION CRITICAL PROCESSES . 8 APPENDIX D – SOFTWARE INVENTORY ... 9

APPENDIX E – HARDWARE INVENTORY ... 10

(3)

Date Version 1.0 Page 3

1 PLAN REVIEW AND UPDATES

Version: 1.0 (version number)

Status: Approved

Contact: (Business Unit System Owner)

Date of review:

Reviewed and updated by: (Business Unit System Owner)

Next Scheduled Review:

2 INTRODUCTION

This document contains the Contingency Plan for (Business Unit). It is intended to serve as the centralized repository for the information, tasks, and procedures that would be necessary to facilitate management’s decision-making process and its timely response to any disruptive or extended interruption of the department's normal business operations and services. This is especially important if the cause of the interruption is such that a prompt resumption of operations cannot be accomplished by employing only normal daily operating procedures.

Since the information contained in this document management’s planning assumptions and objectives, the plan should be considered a sensitive document. All of the information and material contents of this document should be considered for limited official use by authorized personnel.

The Contingency Plan is intended to provide a framework to facilitate the safety of employees and the resumption of time-sensitive operations and services in the event of an emergency (fire, power or communications blackout, tornado, hurricane, flood, earthquake, civil disturbance, etc.) Although the Contingency Plan provides guidance and documentation upon which to base emergency response, resumption, and recovery planning efforts, it is not intended as a substitute for informed decision-making. Business process managers and executives must identify services for which disruption will result in significant financial and/or operational losses. Plans should include detailed responsibilities and specific tasks for emergency response activities and business resumption operations based upon pre-defined time frames.

2.1 PURPOSE

The purpose of this plan is to ensure continuity of mission critical processes and systems operations in the event of catastrophic loss or extraordinary circumstances. This Contingency Plan will assess the needs and requirements so that (Business Unit) may be prepared to respond to the event in order to efficiently regain operation of the systems that have been made inoperable.

2.2 SCOPE

(4)

Date Version 1.0 Page 4

2.3 PLAN INFORMATION

The Contingency Plan should be considered a living document and will always require continuing review and modification in order to keep up with the changing environment. As such, it should be updated at least annually. The completed action plan of dynamic information provides all of the necessary lists, tasks, and reports used for response, resumption, or recovery.

3 CONTINGENCY PLAN OVERVIEW

The (Business Unit) Contingency Plan is designed to be in accordance with the strategic intent of

SVCC’s functional and operational mission.

3.1 OBJECTIVES

The primary objective of this plan is to establish procedures to be used for information systems in the event of a contingency to protect and ensure functioning of those assets. The individual business unit will define the specific procedures for updating and maintaining this plan.

3.2 ORGANIZATION

In the event of a disaster or other circumstances which bring about the need for contingency operation, individuals with specific responsibilities or tasks which must be completed to fully execute the contingency plan must be identified. Additionally, orders of succession within the department should be defined here.

The individuals who will support functions developed to respond, resume, recover, or restore operations or facilities of the affected systems are listed in Appendix A, Plan Contact

Information.

3.3 MISSION CRITICAL SYSTEMS/APPLICATIONS/SERVICES

Define essential mission critical systems/applications/services that must be recovered at the time of disaster in the following order due to critical interdependencies.

(Business Unit) has identified the applications and services given in Appendix B, Mission Critical Applications, Processes, and Services, as mission critical.

Define manual processes for critical services as well as technical and procedural problems and their solutions. Written procedures for each mission critical business process are located in Appendix C, Manual Procedures for Mission Critical Business Processes.

4 SYSTEM DESCRIPTION

In this section include information for each system under ownership or controlling authority of the (Business Unit. For example: Business Unit Name, System Owner, Activity Owners, Data Owners, Data Custodians, and Primary Users.

4.1 PHYSICAL ENVIRONMENT

(5)

Date Version 1.0 Page 5

4.2 TECHNICAL ENVIRONMENT

Identify specific software applications and hardware inventories, Service Level Agreements, and vendor contacts. These are given in Appendixes D, E and F.

5 PLAN

5.1 PLAN MANAGEMENT 5.1.1 INCIDENT NOTIFICATION

The System Owner for the (Business Unit) will be responsible for incident notification to all

applicable parties.

5.1.2 INTERNAL PERSONNEL NOTIFICATION

The System Owner for the (Business Unit) will be provided with the contact information of

applicable employees. This information may be found in Appendix A, Plan Contact Information. Multiple copies of this information may be maintained internally within the department, provided the information contained therein remains current and accessible.

5.1.3 EXTERNAL CONTACT NOTIFICATION

Contact information for Contingency Plan service providers, agencies, external contacts, vendors, suppliers, etc. will be provided in Appendixes A, Plan Contact Information and F,

Vendor Contact List.

5.1.4 PLAN MAINTENANCE

There should be at least two copies of current system security documentation. Documentation should be duplicated either in hard copy or compatible media format. Because confidential and sensitive information may be contained in the plan, all team members should be instructed to house copies the plan in a secure manner. The Business Unit System Owner should maintain a list of all employees who have copies of the plan and the specific physical location of the same.

One copy should be stored on site and be immediately accessible (give location), while a back- up copy should be stored off site. It is recommended that copies of the Contingency Plan be distributed to the SVCCContingency Plan Coordinator, and Business Unit System Owner. Updates to documentation should be performed at least annually and on an as-required basis by the individual Business Unit.

6 APPENDICES

(6)

Date Version 1.0 Page 6

APPENDIX A – PLAN CONTACT INFORMATION

This appendix should include all points of contact of positions described in the Contingency Plan and key organizational personnel. Include home and mobile telephone numbers. Include

emergency location assignments. Include a telephone tree, which lists the order of contact when a contingency situation or disaster is declared.

The contact list should indicate the system each individual is associated with.

(7)

Date Version 1.0 Page 7

APPENDIX

B

MISSION

CRITICAL

APPLICATIONS,

PROCESSES AND SERVICES

(8)

Date Version 1.0 Page 8

APPENDIX C

MANUAL PROCEDURES FOR MISSION

CRITICAL BUSINESS PROCESSES

Include a list of all documentation pertinent to the operation and maintenance of each system. This list should include but is not limited to system architecture, manual procedures for mission critical processes, and standard operating procedures.

(9)

Date Version 1.0 Page 9

APPENDIX D – SOFTWARE INVENTORY

(10)

Date Version 1.0 Page 10

APPENDIX E – HARDWARE INVENTORY

(11)

Date Version 1.0 Page 11

APPENDIX F – VENDOR CONTACT LIST

References

Download now ( PDF - 11 Page - 217.59 KB )

Related documents