Planned and Unplanned Outages Policy Created by or for the SANS Institute. Feel free to modify or use for your organization. If you have a policy to contribute, please send e-mail to stephen@sans.edu 1.0 Purpose <Company Name> is a worldwide enterprise whose business requires that its systems remain available 24 hours a day, 7 days a week, 365 days a year. When a system become unavailable, those who might fix the problem need to be notified as soon as possible; information about the outage needs to be made available to those who can most readily minimize the effects of the outage. Senior management needs to be made aware of significant outages of long duration. 2.0 Scope This policy pertains to outages of all networked servers, circuits, and network devices of <Company Name>. It does not pertain to workstations or to stand-alone servers. 3.0 Policy The Network and Security Operations Center (NOSC) shall monitor <Company Name>'s networks at all times. It will have access to tools that will enable it to see the status of the devices on <Company Name>'s networks. 3.1 Notification lists 3.1.1. Outage List: This will be the list of people and groups who can act to end outages or minimize their effects on users. 3.1.1.1. It will include the enterprise systems administrators and network personnel, the help desk, and others as requested. 3.1.1.2. It will include the points of contact (POCs) for all systems at <Company Name>. 3.1.1.3. This list will be created and maintained by the NOSC. 3.1.2. Senior Leadership List: This list will be of senior managers who need to be informed of serious outages, 3.1.2.1. It will also be created and maintained by the NOSC. 3.2 Detection of an outage 3.2.1. System owners must inform the NOSC when a planned outage will occur. 3.2.1.1. System owners will also notify the NOSC when an unplanned outage has been detected. 3.2.2. The NOSC will maintain and observer the tools needed to observe outages on the network. 3.3 Notification and Documentation 3.3.1. On learning of an outage, the NOSC will inform the POC of the system in question. 3.3.2. The NOSC will then inform the Outage List of the outage and provide information, if available, on the time it occurred, the cause, the measures taken to repair it, and an estimate of the time it will end. 3.3.3. The NOSC must inform senior management when a significant unplanned outage has lasted more than 12 hours. 3.3.3.1.These notifications will contain a summary of the information sent to the Outage List. 3.3.3.2.Thereafter, the NOSC must update senior management on the status of the outage. 3.3.4. The NOSC is also responsible for updating all notifications. 3.3.5. The NOSC will maintain a log of all outages, planned and unplanned. 5.0 Definitions Outage: A server, network device, system, or service becomes unavailable to users at <Company Name>. System: Information resources under the same direct management that together provide a common functionality. A system will normally include hardware, software, and data. System Owner: The person designated responsible for ensuring that a system continues to serve its functions. 6.0 Revision History 4/20/2009 – Draft Completed, James Voorhees