Planned and Unplanned Outages Policy
Created by or for the SANS Institute. Feel free to modify or use for your organization. If you
have a policy to contribute, please send e-mail to stephen@sans.edu
1.0 Purpose
<Company Name> is a worldwide enterprise whose business requires that its systems
remain available 24 hours a day, 7 days a week, 365 days a year. When a system become
unavailable, those who might fix the problem need to be notified as soon as possible;
information about the outage needs to be made available to those who can most readily
minimize the effects of the outage. Senior management needs to be made aware of significant
outages of long duration.
2.0 Scope
This policy pertains to outages of all networked servers, circuits, and network devices of
<Company Name>. It does not pertain to workstations or to stand-alone servers.
3.0 Policy
The Network and Security Operations Center (NOSC) shall monitor <Company Name>'s
networks at all times. It will have access to tools that will enable it to see the status of the
devices on <Company Name>'s networks.
3.1 Notification lists
3.1.1. Outage List: This will be the list of people and groups who can act to end
outages or minimize their effects on users.
3.1.1.1. It will include the enterprise systems administrators and network personnel,
the help desk, and others as requested.
3.1.1.2. It will include the points of contact (POCs) for all systems at <Company
Name>.
3.1.1.3. This list will be created and maintained by the NOSC.
3.1.2. Senior Leadership List: This list will be of senior managers who need to be
informed of serious outages,
3.1.2.1. It will also be created and maintained by the NOSC.
3.2 Detection of an outage
3.2.1. System owners must inform the NOSC when a planned outage will occur.
3.2.1.1. System owners will also notify the NOSC when an unplanned outage has
been detected.
3.2.2. The NOSC will maintain and observer the tools needed to observe outages on
the network.
3.3 Notification and Documentation
3.3.1. On learning of an outage, the NOSC will inform the POC of the system in
question.
3.3.2. The NOSC will then inform the Outage List of the outage and provide
information, if available, on the time it occurred, the cause, the measures taken to
repair it, and an estimate of the time it will end.
3.3.3. The NOSC must inform senior management when a significant unplanned
outage has lasted more than 12 hours.
3.3.3.1.These notifications will contain a summary of the information sent to the
Outage List.
3.3.3.2.Thereafter, the NOSC must update senior management on the status of the
outage.
3.3.4. The NOSC is also responsible for updating all notifications.
3.3.5. The NOSC will maintain a log of all outages, planned and unplanned.
5.0 Definitions
Outage: A server, network device, system, or service becomes unavailable to users at
<Company Name>.
System: Information resources under the same direct management that together
provide a common functionality. A system will normally include hardware, software, and
data.
System Owner: The person designated responsible for ensuring that a system
continues to serve its functions.
6.0 Revision History
4/20/2009 – Draft Completed, James Voorhees