Disaster Management Plan
dd mmmm yyyy
1.
INTRODUCTION
1.1
Disasters come in many forms and degrees of severity. All of them have the
potential for affecting an organisation’s data processing activities. Although such
naturally occurring events as earthquakes, tornadoes, hurricanes, and floods
cannot be prevented, their possible impact can be prepared for. In addition, the
occurrence of some man-made events may be prevented, or their effect
lessened, with advanced planning.
1.2
A fundamental change has taken place in the direction of information systems
continuity planning. This process no longer concentrates solely on protecting just
the closely defined area in which the centralised computer operates. Today it
also addresses the larger environment in which an organisation functions and
into which its data processing resources have been distributed.
1.
BACKGROUND
2.1
THE COMPANY’s IT platform consists of combination of **** Network server and
*** mail/proxy server and a number of Pentium II & IV Desktop Computers and
Laptops.
2.2
The **** machine is used to run the ***** insurance application. The Insurance
Application System consists of *** modules. The active modules are Claims,
Premiums, and General Ledger, Cash Book, Sundry Creditors, Fixed Assets and
Funding.
2.3
The Network server runs ***** Software and hosts *** Desktop Management
Software, MS Office 2000, Microfile Imaging and Document management
Software, GroupWise messaging software and Investment Software.
2.4
The Servers and PC’s are connected to the LAN and terminal emulation software
is used to allow users to connect to the *** machine.
2.
3.1
3.2
OBJECTIVES AND SCOPE
The purpose of this document is to present a set of practical guidelines and
practices to assist those concerned with the preparation of a comprehensive
Computer Continuity Plan for handling the emergency, stand-by operation, and
recovery phases that are required in the event of a significant computer
disruption. These guidelines include:
a.
The establishment of policies, practices, and procedures to be followed in
a proactive attempt to prevent events (commonly termed disasters) that
could seriously impair normal business computer operations; and
b.
The actions that would be taken in efforts to recover or to restore
computer operations to normality after a disaster.
The initial report includes:
3.3
3.
a.
An assessment of the Company’s computer installation continuity
vulnerabilities;
b.
An analysis of the business processes that will be interrupted if a
computer disaster occurs; and
c.
The identification, analysis, and development of a plan to implement
actions of the recovery strategy.
For the following main classes of threats which would leave the Company’s
computer continuity at risk; (long or short term):
a.
Acts of God/nature;
b.
Accidents; and
c.
Deliberate acts of humans.
APPROACH
4.1
The review was based primarily on enquiry and observation, and through
discussions conducted with management. Findings were corroborated to
supporting documentation and other sources considered necessary.
4.2
The review was based on discussions with:
THE COMPANY

Directors

Senior Managers;
OTHER
4.

***

****

***
EXECUTIVE SUMMARY
5.1
There is general management consensus on the need for a Business Continuity
Plan.
5.2
This computer installation risk assessment was performed during **** as one of
the activities in the Business Continuity project. It involved the detailed physical
review of the ** computer installation at the Company’s offices in *****, and a brief
inspection of the office building and surrounding area.
This analysis has two primary objectives:
(a).
Identifying specific physical risk which may be reduced or eliminated by
preventative action; and
(b).
The overall findings of this exercise will be plotted on the vertical axis in the
“RISK, IMPACT AND OPTION MATRIX” which, in turn will indicate
the
type of alternative processing capability.
5.3
Two general categories of “disaster” can be identified; namely:

Those which may render the computer facility unusable to a greater or
lesser extent and which can be relieved by the existence of action plans,
which can be invoked when a disaster occurs in order to avert the trauma
and facilitate the move from the base site to the “alternative processing
capability”; and

Those, which do not affect the functionality of the computer facility directly.
Examples of such disasters are fraud, embezzlement, sanctions, loss of key
staff, loss of data confidentiality and the copying of data.
5.4
This report addresses mainly the former category of disasters. It does not cover
non-physical malicious damage, such as fraud and embezzlement.
Risk Type
Location
Fire
Water & flood
Geological event
Chemical, biological
Impact
Wind storm
Loss of utilities
Physical malicious damage
Loss of data PCs’
Loss of data on servers due to inadequate
backups
Dependence on key staff
Risk Level
Low
Medium
Medium
Low
Low
Low
Low
Medium
Medium
High
Low
High
Types of alternative processing options to be considered are:
Type
Hot site
Dispersed facility
Warm site
Cold site
Bureau agreement
Description
These sites are fully configured and ready to operate
(just power on).
The total required processing capability is spread over
two or more computers located at different geographical
locations.
These sites are partially configured, usually with
connections and peripherals but without the main
computer.
These sites have only the basic environment (electrical
wiring etc.) and are ready to receive equipment.
An agreement with a computer bureau for the provision
of services in the event of a disaster.
Mutual aid
Rebuild
5.
An agreement with another company with similar
computer configuration to the effect that each company
will render assistance to the other in the event of a
disaster.
In effect - do nothing until disaster occurs.
DETAILED FINDINGS
6.1
Description Of The Computer Installation
6.1.1
Physical Location: (example)
Shell
Petrol
station
Residential
Area
Offices
Shopping
Centre
Offices
Offices
Office
Offices
Offices Under
Construction
6.1.2
Offices under
Construction
Description of the computer installation
THE COMPANY occupies the building at
The Tenants in the building are: (example)
Level
Company Name
Description/Nature
Ground Floor
****
*****
First Floor
****
*****
The Severs are located in ****. This facility is bounded by ******* but an airconditioning system has/has not been installed and fans are/are not used for
cooling. An uninterruptible power supply is/is not installed. A/No fire or smoke
detection system exists.
The Computer Room is/is not indicated by any signs from within the building and
is/is not readily apparent from the street. Access to this Room, from within the
building, is through ***** area The door to the Server Room is/is not always
locked and a gate secures it (detail as appropriate). Back-ups are/are not
performed daily and are/are not kept in a fire proof safe until they are taken offsite.
6.2
RISKS
6.2.1
Fire
Fire/ smoke detectors have/have not been installed in the building and are/are
not linked to a fire alarm and a red strobe light that is/is not mounted in the front
entrance to the building. There is/is not a Security Guard after hours that would
be altered by the warning system in case of a fire.
The office is/is not equipped with a fire hose at the back of the office. Hand held
fire extinguishers are/are not available for use.
The accuracy of the emergency telephone numbers (ambulance, fire brigade and
hospital) kept by the Reception and the Security Guard has/has not been
confirmed.
6.2.2
Flood and Water (example – amend as appropriate)
The first floor location of the Computer Room renders it immune from normal
flood damage. The kitchen areas and the Computer Room have been inspected.
No major problems areas could be identified.
6.2.3
Geological event (Earthquake, Landslide, Volcanic Activities) (example – amend
as appropriate)
It is not apparent that the company experiences any significant increase in risk
(above the normal level of background risk) related to geological events.
6.2.4
Chemical, Biological and Nuclear Hazard (example – amend as appropriate)
An investigation of the immediate vicinity of the office indicated no manufacturing
activities of the type that may discharge dangerous chemical or biological
substances.
6.2.5
Impact (Road Transport and Aircraft)(example – amend as appropriate)
The Company’s Computer Room is on the first floor and faces the inside of the
building. The building is located on a quite road just off a main road, which is very
busy. No factories are in the immediate vicinity and the surrounding roads carry
little heavy traffic other than buses.
Security Guards control by a Security Gate and the building’s parking bays and
entrance from 6 pm to 6 am on weekdays and 24 hours on weekends.
Helicopters fly in the vicinity. (Used for highway patrols and traffic control).
It would appear that structural damages to the building as a result of a direct road
or air accident are distant.
6.2.6
Wind Storm (example – amend as appropriate)
Direct or consequential (falling trees etc.) wind damage does not appear to be a
significant possibility, given the location of the server room.
6.2.7
Loss of Utilities (Electricity and Data Communications)(example – amend as
appropriate)
Both electricity and water enter the premises via underground conduits. In the
event of a power failure the server’s emergency power supply (UPS) will only
provide enough processing time for a manual shutdown. All other connections
will immediately terminate and physical file damage to the Insurance Application
may follow if the shutdown is not completed timeously.
THE Company’s LAN is configured for use at **** and **** (if appropriate).
Processing is/is not therefore not dependant on the availability of Telkom data
lines.
6.2.8
Physical Malicious Damage (example – amend as appropriate)
There is an electric gate controlling access to the property which is closed after
hours and monitored by a security guard who is on duty after hours. Access to
the building itself is controlled electronically by intercom which in turn is
controlled by the reception. Access is also gained through the side door. Keys
are kept by authorised staff members
6.2.9
Loss of Data due to inadequate Back-up
The data on the Servers are/are not backed-up daily. The back-up media are
rotated on a “grandfather, father, son” basis (example). Each day a back up is/is
not made of all data that changes during the course of the day. These back-up
tapes are/are not kept on site for a (how long) before they are moved to an offsite facility. Workstations are/are not included in the above cycle as each enduser is responsible for backing-up his/her own data. The I.T. Manager regularly
inspects and tests the back-up tapes to ensure the recoverability thereof.(do
they?)
6.2.10 Dependence on Key Staff
The company is dependant on the ** ( - example I.T. Manger for maintenance of
the Insurance Application as his knowledge is specialised and cannot be
documented). Detailed job descriptions do exist for other Key Staff such as the
(example - Senior Bookkeeper and the Financial Director). Detailed system
documentation is/is not being made available to address the key dependency
problem. On completion of the systems documentation, policies and procedures
to keep the documentation current will be implemented.
As our FAIS licence is dependent upon the following Key Individuals any
temporary or permanent unavailability of these people may have an impact on
the continuance of our licence;
****
***
In the case of only one key individual being in place the following plans have
been put in place to ensure continuance of the business;
(details of such plans to be recorded here)
6.2.11 Sundries (lightning, etc.)(example – amend as appropriate)
Lightning - Lightning protection devices are fitted on the building’s rooftop. This
device will prevent damage to electrical equipment in case of a direct hit.
Facsimile machines, modems and computer equipment connected to telephone
lines and wall mounted power supplies are not protected by this and may be
affected in a worst-case scenario. (If lightning strikes a power transformer or
telephone exchange);
Security Policies and Password Change Control – An IT Security Policy for
the company is/is not in place.
The Filing Room - Currently all insurance working papers and policies are kept
in the (example - filing room). This room is/is not fire proof. In case of a fire,
documents kept here could be severely damaged. Hand held fire extinguishers
are/are not available for use. (example -A document imaging system/database
will be installed and documents are scanned into the database on a regular
basis. The Database resides on the Network).
Bomb Threats - A bomb threat procedure has/has not been issued.
Emergency Evacuation Procedures - Building emergency evacuation
procedures have/have not been issued. This notice is/is not displayed
prominently in each office.
An Emergency Evacuation Box - Management does /does not keeps in this
container copies of the Business Continuity Plan and other important documents.
(e.g.: Insurance Contracts). This box will leave with Staff during an evacuation.
Software Virus Protection - Management does/does not loads anti-virus
software on all PC equipment and keeps it current.
6.3
KEY BUSINESS APPLICATION ANALYSIS
This application analysis is included to document the system at a high level.
From the tables, it is easy to see which function is critical during a continuity
exercise.
6.3.1
Function - Financial Ledger
Activity
6.3.2
Applicatio
n
Frequency
Interruptio
n
Sensitivity
Comments
Journal
capture
???
Daily
2 weeks
Capture journals and
sundry cashbook items.
Journal
authorisatio
n
???
Daily
2 weeks
Review and authorise
journals/ sundry
cashbook transactions.
Turnover of
G/L
???
monthly
1 month
1. Print balancing
reports for G/L,
VAT, Cashbook and
assets.
2. Ensure that all of
the above balance.
3. VAT return - Ensure
that it agrees to the
balancing report.
4. Reprint
VAT
balancing report.
5. Print audit trail of
system,
G/L,
Cashbook.
6. Do monthly restruct
G/L and assets.
7. Print trial balance.
Application
Frequency
Interruptio
n
Sensitivity
Run
reports
???
Monthly
1 month
Run UPR, IBNR, and
contingency reserve
reports.
Interface
???
Monthly
1 month
UPR, IBNR and
Function - Financial Funding
Activity
Comments
contingency reserve.
6.3.3
Reports
???
Quarterly
1 month
Reports for:

net liabilities,

IBNR;

Claims
development;

UPR; and

Contingency
provision report.
Prepare
STI1
???
Quarterly
1 month
Use above reports to
prepare STI1 quarterly
for annual reports.
Function - Financial Premium Management
Activity
Frequency
Interruptio
n
Sensitivity
Receive
disks and
cheques
in the mail
Monthly
immediate
Sign mail register and
cheque remittance dairy
on receipt.
Banking of
cheques
Monthly
immediate
Fill out deposit sheets in
Nedbank deposit book
for NEDBANK current
account # 1908484497
and send with
Messenger.
???
Monthly
1 week
1. Ensure that annexure, cheque and disk
agree.
2. Enter disk and
interface accept disk
and do payment
allocation.
???
Review
penalty
and
unallocated
payments
Monthly
1 week
Send penalty letters if
necessary and obtain
reasons for unallocated
payments.
Reports
???
Monthly
1 week
Print premiums received
and balancing report.
Audit
Reports
????
half yearly
6 months
1. Obtain audit reports
Aug/ Dec.
2. Record date received
and charge.
Enter
disks on
the
system
Application
Comments
3. Penalties
if
not
received on time.
4. Capture and print
reports. (make copy
for audit file and file
original in Agent
Company file)
6.3.4
Function - Cash Management
Activity
Application Frequency Interruption
Sensitivity
Perform
reconciliatio
n
????
monthly
Monthly
Download data from
Nedinform. upload data
into
IA, match ransactions
and
Print reconciliation.
Transfer
excess
moneys to
Investment
manager
???
monthly
Monthly
Estimate expense for
month e.g. Vat, claims,
reinsurance.
retain
enough
for
expenses
and
transfer
via
Nedinform
to
Investment
Managers in the ratio
Prepare
monthly
comparisons
of income
and
expenses to
budget
???
monthly
Monthly
Print trial balance and
compare actual
expenses to
budget.
Yearly
yearly
Prepare budget for
following year during
October.
Prepare
annual
budget
6.3.5
Comments
Function - Fixed Asset Management
Activity
Acquire
fixed asset
Application
???
Frequency Interruption
Sensitivity
Monthly
monthly
Comments
1. Fill in acquisition
form.
2. Obtain approval.
3. Enter into register.
???
Monthly
monthly
1. Fill in disposal form.
2. Obtain cash.
3. Update register.
???
Run
depreciation
Monthly
monthly
Run depreciation, and
integrate to G/L.
Dispose
fixed asset
6.3.6
Function - Creditors
Activity
Application
Receive
invoices in
mail
Frequency Interruption
Sensitivity
Daily
Monthly
Comments
Senior Management
signs invoices and
hands it to the Junior
Bookkeeper who in
turn captures it.
Enter
invoices
??
Daily
Monthly
Payment
and posting
??
Daily
Monthly
Select invoices for
payment in IA and
post payment.
Remittance
advice
??
Daily
Monthly
Print remittance
advice.
Requisition
of cheque
payment
??
Daily
monthly
Signed invoices for
cheque to be typed.
Cheques
Daily
monthly
Get cheques from
Senior Bookkeeper
and enter it in the
register. Type out
cheques and match
together with
requisition,
remittance and
invoice.
Signing of
cheques
daily
monthly
Cheques and
documentation are
taken to the Financial
Director for 1st
signature. Cheques
and documentation
are then authorised
queried or rejected. If
all is in order
documentation and
cheques go for 2nd
signature.
6.3.7
Payment
method
Daily
monthly
Cheques are then
mailed or deposited
directly into creditor’s
bank account.
Filing
Daily
monthly
Creditor then files
original documents in
alphabetical order
and at the same time
into a file for year-end
audit.
Function - Claims Registration
Activity
Application Frequency Interruption
Sensitivity
Comments
of
Daily
1 week
Mail is opened by
clerks, entered into
register, date
stamped.
Distribution of
Mail
Daily
1 week
Mail given to Claims
Manager who signs
register & also date
stamps mail “THE
COMPANY
CLAIMS”.
Sorting by
Claims
Manager
Daily
1 week
Claims and
correspondence
sorted alphabetically
for distribution to
Claims Controllers.
Separated into new
claims/ old/faxes.
Coding
Daily
1 week
New mail is coded
per risk class/rate/
estimate by Claims
Manager and handed
to Registration
Clerks.
Registration
Daily
1 week
1. Capture data as
coded by Claims
Manager on
Receipt
Mail
computer and
open claim files.
2. Computer printout
is attached to the
file.
3. Claim is entered
into manual register as well.
6.3.8
Function - Claims Review and Settlement
Activity
Application
Return to
Controller
Check
documents
IA
Frequency Interruptio
n
Sensitivity
Comments
Daily
1 week
File is returned to
Controller. Codes:1. F1 etc. - rating
categories.
2. risk category
3. estimate given
4. excesses
5. L/A estimate
1. Catastrophe
code
if
applicable.
Daily
daily
Claim is repudiated/
withdrawn:1. Estimates
outstanding are
reversed and
printout is
attached to file.
2. Diary is
cancelled.
3. An entry is made
in the diary
notebook
detailing reasons
for repudiation.
4. Claim file closed
by writing “C” on
the cover. manual
registration
cancelled.
5. File is filed by
Clerks in the
closed section.
Check
documents
and request
cheque
daily
daily
Liability is admitted:1. Final documents
checked by
Controllers.
Release/ invoices
are put in front of
file.
2. Registration
Clerks stamp as
“paid” (if cheques
drawn the same
day.
3. Controllers
request cheques
on computer by
entering all info
on screen.
4. A printout “ON Q”
is obtained for
each file on which
a cheque is
requested.
5. Clerks file file.
6. Controllers put
cheque request
printouts on files.
7. Controllers write
cheque details
on
file cover.
8. Letter is drafted if
applicable.
9. All files on which
cheques are requested are
handed to Claims
Manager
10. Cheques are
collected from
strong room by
Claims Manager
and signed for.
11. Claims Manager
enters onto IA the
computer cheque
#
6.3.9
Function - Claims Administration
Activity
Recoveries
credits mostly
salvage
Application
Frequency Interruptio
n
Sensitivity
daily
2 weeks
Comments
1. Receipt of
cheques - entered
into dual register.
2. Cheque handed
to Claims
Manager with file
and signed and
stamped
“received”.
3. Claims Manager
distributes
cheques to
relevant
Controller with
file.
4. Controller
photocopies
cheque and
attaches original
to photocopy and
hands it back to
Claims Manager.
5. Claims Manager
completes deposit
slip book.
6. Deposit slip
details captured
on computer by
Claims Manager.
7. Deposit slip # is
written on copy
and handed to
Controller.
8. Controller
captures recovery
deals on file and
computer.
9. Cheque and
deposit book
given to
Messenger for
deposit.
10. Claims Manager
reconciles deposit
slip book with
computer printout
at end of month.
11. Claims Manager
prints out
cheques.
12. Cheques are
separated and
placed into drawn
files.
13. # of cheque is
written onto front
of file.
14. Claims Manager
prints printout of
daily cheque run
in triplicate.
15. Printout copy
distributed to
bookkeeper, clerk
and then filed by
Clerk. (separate
file).
16. Unused cheques
returned to safe
and register is
signed. Claim
files with cheques
handed to
Signatories.
17. Signatories
approve per
stamp and hand
back to
Controllers.
Cheque
distribution
Daily
2 weeks
1. Files with
cheques given
back to clerks.
2. Clerk checks
against own list
that all cheques
are returned.
3. Clerk photocopies
cheque for cc to
Agent Company.
4. Cheque is given
to Clerk if it is to
be collected or
deposited directly.
5. Mailed cheques clerk fills out reg.
form and put reg.
stickers on
envelopes.
Cheques given to
Messenger for post
copy of reg. slips
stamped by P.O. is
checked against
distribution.
Close file
Daily
2 weeks
Files are closed.
Claims files
and mail to
handlers
Daily
2 weeks
Registration Clerks
give claim files with
mail (drawn files to
Controllers).
Legal & Claims R250,
000 & Over –
Ms T. Mahlangu
A-Z
(less than
R250, 000 and nonlitigation) –
New Claims
Daily
one week
1. Check
documentation
and follow up on
missing
documents,
incorrect
documents by
means of letter Diarise on system
(normally for 2 -3
months). File is
signed by
Controller.
2. Letters sent to
Typist.
Sundry
Claims
Daily
one week
Check mail and follow
up by means of letter
and update diary.
Daily
one week
Every morning
Controllers check
Diary check
Controllers
??
diary screen.
Diary Check ??
clerks
Daily
one week
Registration Clerks
access diary every
morning and print out
diary and draw out
files. Diary list
submitted with files to
Controllers.
Update
Daily
one week
Estimates and diaries
are updated if
necessary and
printout is attached to
file.
End
of
administratio
n
Daily
one week
All above processes
are followed until all
necessary documents
are received. Claim
is repudiated or
liability is admitted.
Claim is ready to be
settled.
Reporting
daily
one week
Board reporting:1. Printout every
second month of
claims over
R250, 000 by
Claims Manager.
Alternate meeting
manually done
for all o/s claims
and new records.
2. Month-end
reporting include:

movements
last 3 months;

STI 1
Payments
and
recoveries;

STI 1
Outstanding;

detailed
payments;

payment
summary;

recovery
schedule;

recovery
summary;

O/S claims.

VAT;

O/s R250,000
& over claims.
Duplicate of the
above is handed to
the Financial Director.
6.
7.1
DEVELOPMENT OF A BUSINESS CONTINUITY PLAN
BACKGROUND
A Business Continuity Plan should be direct and factual and clearly define the
steps that should be taken to pinpoint responsibility for the execution of each
step.
To be effective, procedures for each and every aspect of recovery should be
written by the people who will be executing those procedures in the recovery
process. These people are the most knowledgeable about their own area of
operation. The Co-ordinator (BCP Champion) has the responsibility of collection
of the raw material from the operating functions to build the team interfaces and
to incorporate these into the overall plan.
The objectives of this section are threefold:
7.2

it consolidates into one single source all the necessary information to guide
the company through the emergency and recovery processes;

it provides a means to determine that all the necessary preparations have
been considered and carried out in advance of a potential contingency by a
number of teams; and

it provides key documentation to help preserve continuity of knowledge.
THE BASICS OF RECOVERY
(how to recover)
DATA
skills
resource
In order to recover the vital data processing operations it is essential to have
access to THE COMPANY’s data, the skills and the resources to make it all
happen:

without the resource THE COMPANY has little chance of a successful
recovery;

without the skill THE COMPANY has no chance of recovery; and

without the data THE COMPANY would have nothing to recover.
In the development of a Business Continuity Plan certain procedures need to be
identified and documented.
7.3
KEY DECISION PERSONNEL (RESOURCES)
In order to implement the strategy that has been developed for business
continuity, key decision making personnel should be identified. The plan should
contain a notification directory of key decision-making THE COMPANY
management and end user personnel required to initiate and carry out continuity
efforts. This is usually a telephone directory of persons to be notified in the event
of a disaster. This directory should at least contain the following information:

prioritised list of contacts, i.e. who gets called first;

primary and emergency telephone numbers and addresses for each critical
contact person;

hone numbers and addresses for representatives of equipment, software
and office supply vendors;

home numbers of contact persons at Safeguard IT Services;

phone numbers of contact people at off-site media storage facilities and the
contact persons within the company who are authorised to retrieve media
from off-site facility;

phone numbers of Insurance Company Agents;

phone numbers of contacts at contract personnel services.
The key decision personnel usually lead teams that have been created in
response to a critical function or task defined in the plan. Depending on the size
of the operation to be restored these teams may be designated as single person
teams. Business Continuity planning requires the support and involvement of
representatives from every function of THE COMPANY. It is a process that
requires detailed knowledge of specific business processes, the information
technologies employed in these processes and functional staff processes. This
planning demands the teamwork of Senior Management, end users and support
staff personnel.
A proposed team is represented in the following chart:
Project leader
(BCP Champion)
Support team
member 1
member 2
etc.
Notes to diagram:
Recovery team
member 1
member 2
etc.
7.4

The BCP Champion - a person designated by Senior Management to
have the primary responsibility for co-ordinating team member efforts,
creating the initial business resumption plan by setting and meeting task
milestones and objectives, and possibly maintaining the document and coordinating team activities following the development of BCP document. The
BCP champion is responsible for managing the relocation project and
business continuity effort.

The Management Team - this team provides guidance to the BCP project
in several areas. The team must convey and communicate its support of
the business resumption process and should issue a formal policy
statement emphasizing its commitment. The team should periodically
review the recovery assumptions, and strategic considerations. In addition,
the team should ensure that adequate resources are devoted to the project
by approving recovery strategies, possible alternatives, funding and the
projects progress and ongoing maintenance.

System Recovery Team - which is responsible for re-routing wide area
voice and data and fax communications traffic and the co-ordination for
THE COMPANY’s efforts to re-establishing network connectivity to THE
COMPANY’s LAN from the user recovery site (backup site).

Transportation Team - who is responsible for co-ordinating the transport
of THE COMPANY employees to the distant user recovery site. They also
may assist in contacting employees to inform them of new work locations;

User Hardware Team - they should contact vendors and co-ordinate
logistics for on-going supply of necessary office and computer
supplies; (PC equipment, printers, type writers, photocopiers, fax machines
and other necessary equipment) to the user recovery site;

Administrative Support Team - provides clerical support to other teams
and serves as a message centre for the user recovery site.
PROCEDURES (SKILLS)
Most business continuity plans are compiled as procedures which are developed
to accommodate system, user and network recovery strategies. These
procedures should include but not be limited to the following:

Emergency Action - procedures on how to react to a crisis, ranging from
fire alert activation procedures to emergency evacuations;

Notification - procedures on how to notify relevant managers in the event
of a disaster;

Disaster Declaration - procedures pertaining to the assessment of
damage following a disaster, criteria for determining whether the situation
is a disaster, and procedures for declaring a disaster and invoking of the
plan;

Systems and Network Recovery - procedures that need to be followed to
restore critical and vital systems to emergency service levels within a
specified time frame;

User Recovery - procedures needed for recovery of critical user functions
within a specified time frame. This includes the documentation of
instructions for processing data manually while computer systems are not
available;

Salvage Operations - procedures for salvaging facilities, records and
hardware, often including the filing of insurance claims and the
determination of the feasibility of reoccupying the disaster site; and

Relocation - procedures for relocating emergency operations (system,
network and user) to the original or an alternate location for the computer
system restoration to normal service levels.
The above mentioned procedures should be allocated to the applicable recovery
teams (resources).
7.5
INSURANCE
Insurance will be the primary source of funding for the continuity effort.
7.6
CONTRACTS WITH THIRD PARTIES
As THE COMPANY is dependant on a third party (***** ) for disaster recovery
services, to ensure the success of continuity planning the following should at
least be contractual agreed:

Configurations - to ensure that replacement hardware, software and LAN
configurations are adequate to meet THE COMPANY’s needs, as these
will vary over time;

Speed of Availability - to ensure the LAN facilities are speedily available
after the event of a disaster at ******

Subscribers per site or area - to ensure that the necessary network
bandwidth is available on the LAN for the number of users who will be
accessing the system;

Warranties - to establish the warranties Safeguard IT will make regarding
the availability of the systems. THE COMPANY should check the
limitations and determine if it is willing to live by them; and

Testing - THE COMPANY should be able to test the reliability of the
services offered at least annually.
1.
EMERGENCY CO-ORDINATOR AND TEAMS
Emergency Co-ordinator:
Full Name
Job Title
Home
Address
Home
telephone
Cellular
phone
Work
extension
Team Leaders:
BCP Champion
(
System recovery
team
2.
Transportation
team
User hardware
team
Administrative
support team
EMERGENCY EVALUATION (SCHEDULE 1)
Staff should report all types of disasters/interruptions to the BCP champion or
THE COMPANY’s Managing Director.
The prevalent situation should be summarised. Note the following:





type of disaster (explosion, fire, etc.);
the number of staff (and their names) in the building;
staff with injuries (if any) and their extent;
status of the office (e.g. files, computer media and other important documents
that might be exposed to fire). If the office needs to be evacuated follow the
existing evacuation procedures; if it is possible perform a system shutdown.
Try to prevent damage to computer equipment and person. If the disaster is out
of control, it is the BCP champion’s responsibility to declare a disaster.
3.
DAMAGE ASSESSMENT (SCHEDULE 2)
Perform an inventory on all damaged equipment. Do the same for salvaged
equipment.
4.
RECOVERY CONTROL


Initiation of access to the alternative site - contact ***. ** address is ***;
Transfer staff to the alternative site. Inform all THE COMPANY employees
that a disaster has occurred at THE COMPANY and that they should go to
the alternative site and not THE COMPANY’s offices. The address of the
alternative site is: *******
Transfer back-up data to the alternative site; backup tapes for the Servers are
kept with ***. Their telephone number is (011)-***** and after hours it is (011)**** . We need to supply them with a password to identify ourselves. This
password is kept with the BCP champion and the I.T. Manager.
Transfer other resources to alternative site. The site at ***** will be equipped
with the following (example):


-
6 desks;
6 chairs;
6 Desktop Computers;
Facsimile Machine;
a Photocopy Machine;
a Mobile PABX System: THE COMPANY would need to contact Telkom to
reassign the existing
THE COMPANY telephone numbers to the new site;
Laser Printers;
Cups, saucers & teaspoons, etc. THE COMPANY would have to supply
tea, coffee, sugar, etc.
-
THE COMPANY need to arrange for the following:
5.

A Modem and Software from *** to connect a PC for EFT transfers;

Cheque Printer;

General Stationery;

Tea, coffee, sugar, etc.;

Contact Telkom to reassign the existing THE COMPANY telephone
numbers to the new site.
CRITICAL APPLICATIONS
The critical applications THE COMPANY needs to recover are:

The **** Insurance System;

MS Office Outlook 2003;

MS Office Word 2003 and Documents;

6.
Border Manager Fire Wall.
TEAM ORGANISATION
BCP champion
System recovery
team
Transportation
team
User hardware team
Administrative
support team
The teams responsibilities and procedures are:
a)
System Recovery Team:
To ensure complete recovery of all data and applications to same state as
immediately prior to the disaster.
Notify *** as to need for an alternative site and equipment required.
Obtain latest backup tapes from *** including applications.
Recover computer documentation from ***.
Restore all data and applications on to machine at **** and test.
b)
Transportation Team:
To ensure all staff are notified of alternative site and are transported there as
soon as possible.
As soon as BCP champion notifies team of a disaster, ascertain new site address
from **** and notify all staff of new address.
Arrange for staff with transportation problems to be picked up at a central,
convenient point.
Transport any relevant equipment salvaged from damaged premises.
General transport duties as required.
c)
User Hardware Team:
To ensure all hardware is configured correctly and all
equipment is available at alternative site.
necessary computer
Liaise with **** as to equipment required.
Liaise with *** regarding the assistance of an Engineer to setting up the Servers at
the alternate site at Safeguard.
Test all machines and functions prior to staff utilising them.
d)
Administrative Support Team:
To ensure full administrative capacity of THE COMPANY is resumed within
as little time as possible.
Ensure safety of all staff as first priority.
Summarise the situation e.g. type of disaster, number of staff and names in the
building at the time of the disaster, injuries (if any).
Perform an inventory on all damaged and salvaged equipment.
Arrange removal of all salvageable equipment (including storage thereof).
Ensure *** Insurance Brokers/Insurers are notified.
Notify all relevant parties i.e. as per DRP document as well as Directors, Agents
and Creditors.
Make necessary arrangements for any items that need to be purchased e.g. tea,
milk, paper, etc.
Operating telephones for general enquiries.
Assist in administrative procedures to ensure, as far as possible, continuance of day
to day running of the business.
7.
DIRECTORY OF SERVICES, VENDORS AND CONTRACTS
LIST ALL AS REQUIRED
8.
INVENTORY
DETAIL AS REQUIRED
9.
FIRE DRILL
FIRE MARSHALLS:
IN THE EVENT OF A FIRE:
1.
IMMEDIATELY REPORT THE FIRE TO ONE OF THE FIRE MARSHALLS WHO
WILL INITIATE DRILL PROCEDURES.
2.
IF TIME IS PERCEIVED TO BE OF EXTREME ESSENCE:
A)
B)
IMMEDIATELY ACTIVATE THE FIRE ALARM;
REPORT THE FIRE TO ONE OF THE FIRE MARSHALLS.
OR
IF THE FIRE IS LOCALIZED AND SMALL, ATTEMPT TO EXTINGUISH THE
FIRE WITH THE USE OF A FIRE EXTINGUISHER. DO NOT OTHER-WISE
ATTEMPT TO EXTINGUISH THE FIRE.
3.
CLOSE WINDOWS AND DOORS (IF POSSIBLE) AS YOU LEAVE YOUR
OFFICE.
4.
EVACUATE THE OFFICE, IN A QUICK, CALM AND ORDERLY MANNER, BY
USE OF THE FIRE ESCAPE OR IF POSSIBLE, THE FRONT DOOR.
5.
ASSIST ANY INJURED PERSON.
DO NOT:
A)
B)
C)
D)
NOTE:
DELAY EVACUATION BY ATTEMPTING TO GATHER PERSONAL ITEMS.
RUN DOWN PASSAGES.
OBSTRUCT PASSAGES.
OPEN DOORS FROM WHERE SMOKE IS COMING OR WHICH ARE HOT TO
TOUCH.
EACH FIRE MARSHALL IS TRAINED IN THE USE OF FIRE FIGHTING
EQUIPMENT AND EVACUATION PROCEDURES. STUDY THE
ATTACHED OFFICE DIAGRAM AND NOTE CRITICAL POINTS.
FIRE DRILL PROCEDURES TO BE FOLLOWED BY FIRE MARSHALLS
IN THE EVENT OF A LOCALIZED AND SMALL FIRE:
1.
IMMEDIATELY ACTIVATE THE FIRE ALARM.
2.
ATTEMPT TO EXTINGUISH FIRE WITH THE USE OF FIRE-FIGHTING
EQUIPMENT.
IN THE EVENT OF A LARGE FIRE:
1.
IMMEDIATELY ACTIVATE THE FIRE ALARM.
2.
ATTEMPT TO EXTINGUISH THE FIRE AND/OR RENDER ASSISTANCE TO
ANOTHER FIRE MARSHALL.
3.
IF POSSIBLE: ASSIST STAFF TO EVACUATE PREMISES AND RENDER ANY
ASSISTANCE TO INJURED PERSONS.
4.
IF YOUR ATTEMPTS AT EXTINGUISHING THE FIRE FAILS:-
A)
RECOVER THE EVACUATION BOX FROM THE SAFE.
B)
EVACUATE THE PREMISES.
WHERE PREMISES HAVE BEEN FULLY EVACUATED:
A)
TAKE A ROLL CALL OF STAFF MEMBERS.
B)
RENDER ASSISTANCE TO ANY INJURED STAFF MEMBERS. CALL
EMERGENCY SERVICES IF NECESSARY.
Emergency Telephone Numbers:
National Fire Dept.
10177 (107)
Telkom:
Cell phone:
1022
112
ER 24:
084 124
Netcare 911:
082 911
South African Police Services:
10111





State your emergency/crisis (office fire etc);
Give exact address, suburbs, cross-roads and landmarks;
Report any complications (people trapped inside building, explosives or
flammable materials nearby);
Give your name and telephone number;
Wait for operator to end off and report back to the scene of the fire/other.
C)
REPORT MISSING PERSONS TO EMERGENCY SERVICES.
D)
INITIATE DISASTER RECOVERY PROCEDURES.
10.
BOMB THREAT PROCEDURE:
A.
REMAIN CALM: DO NOT PANIC!
B.
REPLY TO CALLER IN A CALM, COURTEOUS AND RESPECTFUL MANNER.
DO NOT ANTAGONIZE, INSULT OR OTHERWISE AGGRAVATE THE
CALLER.
C.
TRY TO KEEP THE CALLER ON THE LINE FOR AS LONG AS POSSIBLE TO
OBTAIN AS MUCH INFORMATION AS POSSIBLE. TELL THE CALLER YOU
DON’T UNDERSTAND, YOU CANNOT HEAR, ETC., OR USE ANY
OTHER MEANS TO KEEP HIM ON THE LINE.
D.
ATTEMPT TO WRITE DOWN EVERYTHING THE CALLER SAYS.
E.
IN ATTEMPTING TO KEEP CALLER ON LINE ASK AS MANY QUESTIONS AS
POSSIBLE AND IN PARTICULAR TRY TO ESTABLISH:
1)
WHEREABOUTS OF BOMB OR DEVICE.
2)
PROPOSED TIME OF DETONATION.
3)
IDENTITY OF CALLER.
4)
ANY OTHER INFORMATION.
WRITE DOWN ANY AND ALL DETAILS NO MATTER HOW INSIGNIFICANT THEY
MAY SEEM. THIS INCLUDES ANY BACKGROUND NOISES.
F.
WHEN CALLER IS OFF-LINE, IMMEDIATELY NOTIFY POLICE.
TELEPHONE 10111.
G.
IMMEDIATELY NOTIFY MANAGING DIRECTOR, OR IN HIS ABSENCE, ANY
SENIOR STAFF MEMBER WHO WILL ARRANGE FOR IMMEDIATE
EVACUATION.
H.
IF YOU PERCEIVE TIME TO BE OF EXTREME ESSENCE ACTIVATE FIRE
ALARM IMMEDIATELY AFTER CALL.