Disaster Management Plan dd mmmm yyyy 1. INTRODUCTION 1.1 Disasters come in many forms and degrees of severity. All of them have the potential for affecting an organisation’s data processing activities. Although such naturally occurring events as earthquakes, tornadoes, hurricanes, and floods cannot be prevented, their possible impact can be prepared for. In addition, the occurrence of some man-made events may be prevented, or their effect lessened, with advanced planning. 1.2 A fundamental change has taken place in the direction of information systems continuity planning. This process no longer concentrates solely on protecting just the closely defined area in which the centralised computer operates. Today it also addresses the larger environment in which an organisation functions and into which its data processing resources have been distributed. 1. BACKGROUND 2.1 THE COMPANY’s IT platform consists of combination of **** Network server and *** mail/proxy server and a number of Pentium II & IV Desktop Computers and Laptops. 2.2 The **** machine is used to run the ***** insurance application. The Insurance Application System consists of *** modules. The active modules are Claims, Premiums, and General Ledger, Cash Book, Sundry Creditors, Fixed Assets and Funding. 2.3 The Network server runs ***** Software and hosts *** Desktop Management Software, MS Office 2000, Microfile Imaging and Document management Software, GroupWise messaging software and Investment Software. 2.4 The Servers and PC’s are connected to the LAN and terminal emulation software is used to allow users to connect to the *** machine. 2. 3.1 3.2 OBJECTIVES AND SCOPE The purpose of this document is to present a set of practical guidelines and practices to assist those concerned with the preparation of a comprehensive Computer Continuity Plan for handling the emergency, stand-by operation, and recovery phases that are required in the event of a significant computer disruption. These guidelines include: a. The establishment of policies, practices, and procedures to be followed in a proactive attempt to prevent events (commonly termed disasters) that could seriously impair normal business computer operations; and b. The actions that would be taken in efforts to recover or to restore computer operations to normality after a disaster. The initial report includes: 3.3 3. a. An assessment of the Company’s computer installation continuity vulnerabilities; b. An analysis of the business processes that will be interrupted if a computer disaster occurs; and c. The identification, analysis, and development of a plan to implement actions of the recovery strategy. For the following main classes of threats which would leave the Company’s computer continuity at risk; (long or short term): a. Acts of God/nature; b. Accidents; and c. Deliberate acts of humans. APPROACH 4.1 The review was based primarily on enquiry and observation, and through discussions conducted with management. Findings were corroborated to supporting documentation and other sources considered necessary. 4.2 The review was based on discussions with: THE COMPANY Directors Senior Managers; OTHER 4. *** **** *** EXECUTIVE SUMMARY 5.1 There is general management consensus on the need for a Business Continuity Plan. 5.2 This computer installation risk assessment was performed during **** as one of the activities in the Business Continuity project. It involved the detailed physical review of the ** computer installation at the Company’s offices in *****, and a brief inspection of the office building and surrounding area. This analysis has two primary objectives: (a). Identifying specific physical risk which may be reduced or eliminated by preventative action; and (b). The overall findings of this exercise will be plotted on the vertical axis in the “RISK, IMPACT AND OPTION MATRIX” which, in turn will indicate the type of alternative processing capability. 5.3 Two general categories of “disaster” can be identified; namely: Those which may render the computer facility unusable to a greater or lesser extent and which can be relieved by the existence of action plans, which can be invoked when a disaster occurs in order to avert the trauma and facilitate the move from the base site to the “alternative processing capability”; and Those, which do not affect the functionality of the computer facility directly. Examples of such disasters are fraud, embezzlement, sanctions, loss of key staff, loss of data confidentiality and the copying of data. 5.4 This report addresses mainly the former category of disasters. It does not cover non-physical malicious damage, such as fraud and embezzlement. Risk Type Location Fire Water & flood Geological event Chemical, biological Impact Wind storm Loss of utilities Physical malicious damage Loss of data PCs’ Loss of data on servers due to inadequate backups Dependence on key staff Risk Level Low Medium Medium Low Low Low Low Medium Medium High Low High Types of alternative processing options to be considered are: Type Hot site Dispersed facility Warm site Cold site Bureau agreement Description These sites are fully configured and ready to operate (just power on). The total required processing capability is spread over two or more computers located at different geographical locations. These sites are partially configured, usually with connections and peripherals but without the main computer. These sites have only the basic environment (electrical wiring etc.) and are ready to receive equipment. An agreement with a computer bureau for the provision of services in the event of a disaster. Mutual aid Rebuild 5. An agreement with another company with similar computer configuration to the effect that each company will render assistance to the other in the event of a disaster. In effect - do nothing until disaster occurs. DETAILED FINDINGS 6.1 Description Of The Computer Installation 6.1.1 Physical Location: (example) Shell Petrol station Residential Area Offices Shopping Centre Offices Offices Office Offices Offices Under Construction 6.1.2 Offices under Construction Description of the computer installation THE COMPANY occupies the building at The Tenants in the building are: (example) Level Company Name Description/Nature Ground Floor **** ***** First Floor **** ***** The Severs are located in ****. This facility is bounded by ******* but an airconditioning system has/has not been installed and fans are/are not used for cooling. An uninterruptible power supply is/is not installed. A/No fire or smoke detection system exists. The Computer Room is/is not indicated by any signs from within the building and is/is not readily apparent from the street. Access to this Room, from within the building, is through ***** area The door to the Server Room is/is not always locked and a gate secures it (detail as appropriate). Back-ups are/are not performed daily and are/are not kept in a fire proof safe until they are taken offsite. 6.2 RISKS 6.2.1 Fire Fire/ smoke detectors have/have not been installed in the building and are/are not linked to a fire alarm and a red strobe light that is/is not mounted in the front entrance to the building. There is/is not a Security Guard after hours that would be altered by the warning system in case of a fire. The office is/is not equipped with a fire hose at the back of the office. Hand held fire extinguishers are/are not available for use. The accuracy of the emergency telephone numbers (ambulance, fire brigade and hospital) kept by the Reception and the Security Guard has/has not been confirmed. 6.2.2 Flood and Water (example – amend as appropriate) The first floor location of the Computer Room renders it immune from normal flood damage. The kitchen areas and the Computer Room have been inspected. No major problems areas could be identified. 6.2.3 Geological event (Earthquake, Landslide, Volcanic Activities) (example – amend as appropriate) It is not apparent that the company experiences any significant increase in risk (above the normal level of background risk) related to geological events. 6.2.4 Chemical, Biological and Nuclear Hazard (example – amend as appropriate) An investigation of the immediate vicinity of the office indicated no manufacturing activities of the type that may discharge dangerous chemical or biological substances. 6.2.5 Impact (Road Transport and Aircraft)(example – amend as appropriate) The Company’s Computer Room is on the first floor and faces the inside of the building. The building is located on a quite road just off a main road, which is very busy. No factories are in the immediate vicinity and the surrounding roads carry little heavy traffic other than buses. Security Guards control by a Security Gate and the building’s parking bays and entrance from 6 pm to 6 am on weekdays and 24 hours on weekends. Helicopters fly in the vicinity. (Used for highway patrols and traffic control). It would appear that structural damages to the building as a result of a direct road or air accident are distant. 6.2.6 Wind Storm (example – amend as appropriate) Direct or consequential (falling trees etc.) wind damage does not appear to be a significant possibility, given the location of the server room. 6.2.7 Loss of Utilities (Electricity and Data Communications)(example – amend as appropriate) Both electricity and water enter the premises via underground conduits. In the event of a power failure the server’s emergency power supply (UPS) will only provide enough processing time for a manual shutdown. All other connections will immediately terminate and physical file damage to the Insurance Application may follow if the shutdown is not completed timeously. THE Company’s LAN is configured for use at **** and **** (if appropriate). Processing is/is not therefore not dependant on the availability of Telkom data lines. 6.2.8 Physical Malicious Damage (example – amend as appropriate) There is an electric gate controlling access to the property which is closed after hours and monitored by a security guard who is on duty after hours. Access to the building itself is controlled electronically by intercom which in turn is controlled by the reception. Access is also gained through the side door. Keys are kept by authorised staff members 6.2.9 Loss of Data due to inadequate Back-up The data on the Servers are/are not backed-up daily. The back-up media are rotated on a “grandfather, father, son” basis (example). Each day a back up is/is not made of all data that changes during the course of the day. These back-up tapes are/are not kept on site for a (how long) before they are moved to an offsite facility. Workstations are/are not included in the above cycle as each enduser is responsible for backing-up his/her own data. The I.T. Manager regularly inspects and tests the back-up tapes to ensure the recoverability thereof.(do they?) 6.2.10 Dependence on Key Staff The company is dependant on the ** ( - example I.T. Manger for maintenance of the Insurance Application as his knowledge is specialised and cannot be documented). Detailed job descriptions do exist for other Key Staff such as the (example - Senior Bookkeeper and the Financial Director). Detailed system documentation is/is not being made available to address the key dependency problem. On completion of the systems documentation, policies and procedures to keep the documentation current will be implemented. As our FAIS licence is dependent upon the following Key Individuals any temporary or permanent unavailability of these people may have an impact on the continuance of our licence; **** *** In the case of only one key individual being in place the following plans have been put in place to ensure continuance of the business; (details of such plans to be recorded here) 6.2.11 Sundries (lightning, etc.)(example – amend as appropriate) Lightning - Lightning protection devices are fitted on the building’s rooftop. This device will prevent damage to electrical equipment in case of a direct hit. Facsimile machines, modems and computer equipment connected to telephone lines and wall mounted power supplies are not protected by this and may be affected in a worst-case scenario. (If lightning strikes a power transformer or telephone exchange); Security Policies and Password Change Control – An IT Security Policy for the company is/is not in place. The Filing Room - Currently all insurance working papers and policies are kept in the (example - filing room). This room is/is not fire proof. In case of a fire, documents kept here could be severely damaged. Hand held fire extinguishers are/are not available for use. (example -A document imaging system/database will be installed and documents are scanned into the database on a regular basis. The Database resides on the Network). Bomb Threats - A bomb threat procedure has/has not been issued. Emergency Evacuation Procedures - Building emergency evacuation procedures have/have not been issued. This notice is/is not displayed prominently in each office. An Emergency Evacuation Box - Management does /does not keeps in this container copies of the Business Continuity Plan and other important documents. (e.g.: Insurance Contracts). This box will leave with Staff during an evacuation. Software Virus Protection - Management does/does not loads anti-virus software on all PC equipment and keeps it current. 6.3 KEY BUSINESS APPLICATION ANALYSIS This application analysis is included to document the system at a high level. From the tables, it is easy to see which function is critical during a continuity exercise. 6.3.1 Function - Financial Ledger Activity 6.3.2 Applicatio n Frequency Interruptio n Sensitivity Comments Journal capture ??? Daily 2 weeks Capture journals and sundry cashbook items. Journal authorisatio n ??? Daily 2 weeks Review and authorise journals/ sundry cashbook transactions. Turnover of G/L ??? monthly 1 month 1. Print balancing reports for G/L, VAT, Cashbook and assets. 2. Ensure that all of the above balance. 3. VAT return - Ensure that it agrees to the balancing report. 4. Reprint VAT balancing report. 5. Print audit trail of system, G/L, Cashbook. 6. Do monthly restruct G/L and assets. 7. Print trial balance. Application Frequency Interruptio n Sensitivity Run reports ??? Monthly 1 month Run UPR, IBNR, and contingency reserve reports. Interface ??? Monthly 1 month UPR, IBNR and Function - Financial Funding Activity Comments contingency reserve. 6.3.3 Reports ??? Quarterly 1 month Reports for: net liabilities, IBNR; Claims development; UPR; and Contingency provision report. Prepare STI1 ??? Quarterly 1 month Use above reports to prepare STI1 quarterly for annual reports. Function - Financial Premium Management Activity Frequency Interruptio n Sensitivity Receive disks and cheques in the mail Monthly immediate Sign mail register and cheque remittance dairy on receipt. Banking of cheques Monthly immediate Fill out deposit sheets in Nedbank deposit book for NEDBANK current account # 1908484497 and send with Messenger. ??? Monthly 1 week 1. Ensure that annexure, cheque and disk agree. 2. Enter disk and interface accept disk and do payment allocation. ??? Review penalty and unallocated payments Monthly 1 week Send penalty letters if necessary and obtain reasons for unallocated payments. Reports ??? Monthly 1 week Print premiums received and balancing report. Audit Reports ???? half yearly 6 months 1. Obtain audit reports Aug/ Dec. 2. Record date received and charge. Enter disks on the system Application Comments 3. Penalties if not received on time. 4. Capture and print reports. (make copy for audit file and file original in Agent Company file) 6.3.4 Function - Cash Management Activity Application Frequency Interruption Sensitivity Perform reconciliatio n ???? monthly Monthly Download data from Nedinform. upload data into IA, match ransactions and Print reconciliation. Transfer excess moneys to Investment manager ??? monthly Monthly Estimate expense for month e.g. Vat, claims, reinsurance. retain enough for expenses and transfer via Nedinform to Investment Managers in the ratio Prepare monthly comparisons of income and expenses to budget ??? monthly Monthly Print trial balance and compare actual expenses to budget. Yearly yearly Prepare budget for following year during October. Prepare annual budget 6.3.5 Comments Function - Fixed Asset Management Activity Acquire fixed asset Application ??? Frequency Interruption Sensitivity Monthly monthly Comments 1. Fill in acquisition form. 2. Obtain approval. 3. Enter into register. ??? Monthly monthly 1. Fill in disposal form. 2. Obtain cash. 3. Update register. ??? Run depreciation Monthly monthly Run depreciation, and integrate to G/L. Dispose fixed asset 6.3.6 Function - Creditors Activity Application Receive invoices in mail Frequency Interruption Sensitivity Daily Monthly Comments Senior Management signs invoices and hands it to the Junior Bookkeeper who in turn captures it. Enter invoices ?? Daily Monthly Payment and posting ?? Daily Monthly Select invoices for payment in IA and post payment. Remittance advice ?? Daily Monthly Print remittance advice. Requisition of cheque payment ?? Daily monthly Signed invoices for cheque to be typed. Cheques Daily monthly Get cheques from Senior Bookkeeper and enter it in the register. Type out cheques and match together with requisition, remittance and invoice. Signing of cheques daily monthly Cheques and documentation are taken to the Financial Director for 1st signature. Cheques and documentation are then authorised queried or rejected. If all is in order documentation and cheques go for 2nd signature. 6.3.7 Payment method Daily monthly Cheques are then mailed or deposited directly into creditor’s bank account. Filing Daily monthly Creditor then files original documents in alphabetical order and at the same time into a file for year-end audit. Function - Claims Registration Activity Application Frequency Interruption Sensitivity Comments of Daily 1 week Mail is opened by clerks, entered into register, date stamped. Distribution of Mail Daily 1 week Mail given to Claims Manager who signs register & also date stamps mail “THE COMPANY CLAIMS”. Sorting by Claims Manager Daily 1 week Claims and correspondence sorted alphabetically for distribution to Claims Controllers. Separated into new claims/ old/faxes. Coding Daily 1 week New mail is coded per risk class/rate/ estimate by Claims Manager and handed to Registration Clerks. Registration Daily 1 week 1. Capture data as coded by Claims Manager on Receipt Mail computer and open claim files. 2. Computer printout is attached to the file. 3. Claim is entered into manual register as well. 6.3.8 Function - Claims Review and Settlement Activity Application Return to Controller Check documents IA Frequency Interruptio n Sensitivity Comments Daily 1 week File is returned to Controller. Codes:1. F1 etc. - rating categories. 2. risk category 3. estimate given 4. excesses 5. L/A estimate 1. Catastrophe code if applicable. Daily daily Claim is repudiated/ withdrawn:1. Estimates outstanding are reversed and printout is attached to file. 2. Diary is cancelled. 3. An entry is made in the diary notebook detailing reasons for repudiation. 4. Claim file closed by writing “C” on the cover. manual registration cancelled. 5. File is filed by Clerks in the closed section. Check documents and request cheque daily daily Liability is admitted:1. Final documents checked by Controllers. Release/ invoices are put in front of file. 2. Registration Clerks stamp as “paid” (if cheques drawn the same day. 3. Controllers request cheques on computer by entering all info on screen. 4. A printout “ON Q” is obtained for each file on which a cheque is requested. 5. Clerks file file. 6. Controllers put cheque request printouts on files. 7. Controllers write cheque details on file cover. 8. Letter is drafted if applicable. 9. All files on which cheques are requested are handed to Claims Manager 10. Cheques are collected from strong room by Claims Manager and signed for. 11. Claims Manager enters onto IA the computer cheque # 6.3.9 Function - Claims Administration Activity Recoveries credits mostly salvage Application Frequency Interruptio n Sensitivity daily 2 weeks Comments 1. Receipt of cheques - entered into dual register. 2. Cheque handed to Claims Manager with file and signed and stamped “received”. 3. Claims Manager distributes cheques to relevant Controller with file. 4. Controller photocopies cheque and attaches original to photocopy and hands it back to Claims Manager. 5. Claims Manager completes deposit slip book. 6. Deposit slip details captured on computer by Claims Manager. 7. Deposit slip # is written on copy and handed to Controller. 8. Controller captures recovery deals on file and computer. 9. Cheque and deposit book given to Messenger for deposit. 10. Claims Manager reconciles deposit slip book with computer printout at end of month. 11. Claims Manager prints out cheques. 12. Cheques are separated and placed into drawn files. 13. # of cheque is written onto front of file. 14. Claims Manager prints printout of daily cheque run in triplicate. 15. Printout copy distributed to bookkeeper, clerk and then filed by Clerk. (separate file). 16. Unused cheques returned to safe and register is signed. Claim files with cheques handed to Signatories. 17. Signatories approve per stamp and hand back to Controllers. Cheque distribution Daily 2 weeks 1. Files with cheques given back to clerks. 2. Clerk checks against own list that all cheques are returned. 3. Clerk photocopies cheque for cc to Agent Company. 4. Cheque is given to Clerk if it is to be collected or deposited directly. 5. Mailed cheques clerk fills out reg. form and put reg. stickers on envelopes. Cheques given to Messenger for post copy of reg. slips stamped by P.O. is checked against distribution. Close file Daily 2 weeks Files are closed. Claims files and mail to handlers Daily 2 weeks Registration Clerks give claim files with mail (drawn files to Controllers). Legal & Claims R250, 000 & Over – Ms T. Mahlangu A-Z (less than R250, 000 and nonlitigation) – New Claims Daily one week 1. Check documentation and follow up on missing documents, incorrect documents by means of letter Diarise on system (normally for 2 -3 months). File is signed by Controller. 2. Letters sent to Typist. Sundry Claims Daily one week Check mail and follow up by means of letter and update diary. Daily one week Every morning Controllers check Diary check Controllers ?? diary screen. Diary Check ?? clerks Daily one week Registration Clerks access diary every morning and print out diary and draw out files. Diary list submitted with files to Controllers. Update Daily one week Estimates and diaries are updated if necessary and printout is attached to file. End of administratio n Daily one week All above processes are followed until all necessary documents are received. Claim is repudiated or liability is admitted. Claim is ready to be settled. Reporting daily one week Board reporting:1. Printout every second month of claims over R250, 000 by Claims Manager. Alternate meeting manually done for all o/s claims and new records. 2. Month-end reporting include: movements last 3 months; STI 1 Payments and recoveries; STI 1 Outstanding; detailed payments; payment summary; recovery schedule; recovery summary; O/S claims. VAT; O/s R250,000 & over claims. Duplicate of the above is handed to the Financial Director. 6. 7.1 DEVELOPMENT OF A BUSINESS CONTINUITY PLAN BACKGROUND A Business Continuity Plan should be direct and factual and clearly define the steps that should be taken to pinpoint responsibility for the execution of each step. To be effective, procedures for each and every aspect of recovery should be written by the people who will be executing those procedures in the recovery process. These people are the most knowledgeable about their own area of operation. The Co-ordinator (BCP Champion) has the responsibility of collection of the raw material from the operating functions to build the team interfaces and to incorporate these into the overall plan. The objectives of this section are threefold: 7.2 it consolidates into one single source all the necessary information to guide the company through the emergency and recovery processes; it provides a means to determine that all the necessary preparations have been considered and carried out in advance of a potential contingency by a number of teams; and it provides key documentation to help preserve continuity of knowledge. THE BASICS OF RECOVERY (how to recover) DATA skills resource In order to recover the vital data processing operations it is essential to have access to THE COMPANY’s data, the skills and the resources to make it all happen: without the resource THE COMPANY has little chance of a successful recovery; without the skill THE COMPANY has no chance of recovery; and without the data THE COMPANY would have nothing to recover. In the development of a Business Continuity Plan certain procedures need to be identified and documented. 7.3 KEY DECISION PERSONNEL (RESOURCES) In order to implement the strategy that has been developed for business continuity, key decision making personnel should be identified. The plan should contain a notification directory of key decision-making THE COMPANY management and end user personnel required to initiate and carry out continuity efforts. This is usually a telephone directory of persons to be notified in the event of a disaster. This directory should at least contain the following information: prioritised list of contacts, i.e. who gets called first; primary and emergency telephone numbers and addresses for each critical contact person; hone numbers and addresses for representatives of equipment, software and office supply vendors; home numbers of contact persons at Safeguard IT Services; phone numbers of contact people at off-site media storage facilities and the contact persons within the company who are authorised to retrieve media from off-site facility; phone numbers of Insurance Company Agents; phone numbers of contacts at contract personnel services. The key decision personnel usually lead teams that have been created in response to a critical function or task defined in the plan. Depending on the size of the operation to be restored these teams may be designated as single person teams. Business Continuity planning requires the support and involvement of representatives from every function of THE COMPANY. It is a process that requires detailed knowledge of specific business processes, the information technologies employed in these processes and functional staff processes. This planning demands the teamwork of Senior Management, end users and support staff personnel. A proposed team is represented in the following chart: Project leader (BCP Champion) Support team member 1 member 2 etc. Notes to diagram: Recovery team member 1 member 2 etc. 7.4 The BCP Champion - a person designated by Senior Management to have the primary responsibility for co-ordinating team member efforts, creating the initial business resumption plan by setting and meeting task milestones and objectives, and possibly maintaining the document and coordinating team activities following the development of BCP document. The BCP champion is responsible for managing the relocation project and business continuity effort. The Management Team - this team provides guidance to the BCP project in several areas. The team must convey and communicate its support of the business resumption process and should issue a formal policy statement emphasizing its commitment. The team should periodically review the recovery assumptions, and strategic considerations. In addition, the team should ensure that adequate resources are devoted to the project by approving recovery strategies, possible alternatives, funding and the projects progress and ongoing maintenance. System Recovery Team - which is responsible for re-routing wide area voice and data and fax communications traffic and the co-ordination for THE COMPANY’s efforts to re-establishing network connectivity to THE COMPANY’s LAN from the user recovery site (backup site). Transportation Team - who is responsible for co-ordinating the transport of THE COMPANY employees to the distant user recovery site. They also may assist in contacting employees to inform them of new work locations; User Hardware Team - they should contact vendors and co-ordinate logistics for on-going supply of necessary office and computer supplies; (PC equipment, printers, type writers, photocopiers, fax machines and other necessary equipment) to the user recovery site; Administrative Support Team - provides clerical support to other teams and serves as a message centre for the user recovery site. PROCEDURES (SKILLS) Most business continuity plans are compiled as procedures which are developed to accommodate system, user and network recovery strategies. These procedures should include but not be limited to the following: Emergency Action - procedures on how to react to a crisis, ranging from fire alert activation procedures to emergency evacuations; Notification - procedures on how to notify relevant managers in the event of a disaster; Disaster Declaration - procedures pertaining to the assessment of damage following a disaster, criteria for determining whether the situation is a disaster, and procedures for declaring a disaster and invoking of the plan; Systems and Network Recovery - procedures that need to be followed to restore critical and vital systems to emergency service levels within a specified time frame; User Recovery - procedures needed for recovery of critical user functions within a specified time frame. This includes the documentation of instructions for processing data manually while computer systems are not available; Salvage Operations - procedures for salvaging facilities, records and hardware, often including the filing of insurance claims and the determination of the feasibility of reoccupying the disaster site; and Relocation - procedures for relocating emergency operations (system, network and user) to the original or an alternate location for the computer system restoration to normal service levels. The above mentioned procedures should be allocated to the applicable recovery teams (resources). 7.5 INSURANCE Insurance will be the primary source of funding for the continuity effort. 7.6 CONTRACTS WITH THIRD PARTIES As THE COMPANY is dependant on a third party (***** ) for disaster recovery services, to ensure the success of continuity planning the following should at least be contractual agreed: Configurations - to ensure that replacement hardware, software and LAN configurations are adequate to meet THE COMPANY’s needs, as these will vary over time; Speed of Availability - to ensure the LAN facilities are speedily available after the event of a disaster at ****** Subscribers per site or area - to ensure that the necessary network bandwidth is available on the LAN for the number of users who will be accessing the system; Warranties - to establish the warranties Safeguard IT will make regarding the availability of the systems. THE COMPANY should check the limitations and determine if it is willing to live by them; and Testing - THE COMPANY should be able to test the reliability of the services offered at least annually. 1. EMERGENCY CO-ORDINATOR AND TEAMS Emergency Co-ordinator: Full Name Job Title Home Address Home telephone Cellular phone Work extension Team Leaders: BCP Champion ( System recovery team 2. Transportation team User hardware team Administrative support team EMERGENCY EVALUATION (SCHEDULE 1) Staff should report all types of disasters/interruptions to the BCP champion or THE COMPANY’s Managing Director. The prevalent situation should be summarised. Note the following: type of disaster (explosion, fire, etc.); the number of staff (and their names) in the building; staff with injuries (if any) and their extent; status of the office (e.g. files, computer media and other important documents that might be exposed to fire). If the office needs to be evacuated follow the existing evacuation procedures; if it is possible perform a system shutdown. Try to prevent damage to computer equipment and person. If the disaster is out of control, it is the BCP champion’s responsibility to declare a disaster. 3. DAMAGE ASSESSMENT (SCHEDULE 2) Perform an inventory on all damaged equipment. Do the same for salvaged equipment. 4. RECOVERY CONTROL Initiation of access to the alternative site - contact ***. ** address is ***; Transfer staff to the alternative site. Inform all THE COMPANY employees that a disaster has occurred at THE COMPANY and that they should go to the alternative site and not THE COMPANY’s offices. The address of the alternative site is: ******* Transfer back-up data to the alternative site; backup tapes for the Servers are kept with ***. Their telephone number is (011)-***** and after hours it is (011)**** . We need to supply them with a password to identify ourselves. This password is kept with the BCP champion and the I.T. Manager. Transfer other resources to alternative site. The site at ***** will be equipped with the following (example): - 6 desks; 6 chairs; 6 Desktop Computers; Facsimile Machine; a Photocopy Machine; a Mobile PABX System: THE COMPANY would need to contact Telkom to reassign the existing THE COMPANY telephone numbers to the new site; Laser Printers; Cups, saucers & teaspoons, etc. THE COMPANY would have to supply tea, coffee, sugar, etc. - THE COMPANY need to arrange for the following: 5. A Modem and Software from *** to connect a PC for EFT transfers; Cheque Printer; General Stationery; Tea, coffee, sugar, etc.; Contact Telkom to reassign the existing THE COMPANY telephone numbers to the new site. CRITICAL APPLICATIONS The critical applications THE COMPANY needs to recover are: The **** Insurance System; MS Office Outlook 2003; MS Office Word 2003 and Documents; 6. Border Manager Fire Wall. TEAM ORGANISATION BCP champion System recovery team Transportation team User hardware team Administrative support team The teams responsibilities and procedures are: a) System Recovery Team: To ensure complete recovery of all data and applications to same state as immediately prior to the disaster. Notify *** as to need for an alternative site and equipment required. Obtain latest backup tapes from *** including applications. Recover computer documentation from ***. Restore all data and applications on to machine at **** and test. b) Transportation Team: To ensure all staff are notified of alternative site and are transported there as soon as possible. As soon as BCP champion notifies team of a disaster, ascertain new site address from **** and notify all staff of new address. Arrange for staff with transportation problems to be picked up at a central, convenient point. Transport any relevant equipment salvaged from damaged premises. General transport duties as required. c) User Hardware Team: To ensure all hardware is configured correctly and all equipment is available at alternative site. necessary computer Liaise with **** as to equipment required. Liaise with *** regarding the assistance of an Engineer to setting up the Servers at the alternate site at Safeguard. Test all machines and functions prior to staff utilising them. d) Administrative Support Team: To ensure full administrative capacity of THE COMPANY is resumed within as little time as possible. Ensure safety of all staff as first priority. Summarise the situation e.g. type of disaster, number of staff and names in the building at the time of the disaster, injuries (if any). Perform an inventory on all damaged and salvaged equipment. Arrange removal of all salvageable equipment (including storage thereof). Ensure *** Insurance Brokers/Insurers are notified. Notify all relevant parties i.e. as per DRP document as well as Directors, Agents and Creditors. Make necessary arrangements for any items that need to be purchased e.g. tea, milk, paper, etc. Operating telephones for general enquiries. Assist in administrative procedures to ensure, as far as possible, continuance of day to day running of the business. 7. DIRECTORY OF SERVICES, VENDORS AND CONTRACTS LIST ALL AS REQUIRED 8. INVENTORY DETAIL AS REQUIRED 9. FIRE DRILL FIRE MARSHALLS: IN THE EVENT OF A FIRE: 1. IMMEDIATELY REPORT THE FIRE TO ONE OF THE FIRE MARSHALLS WHO WILL INITIATE DRILL PROCEDURES. 2. IF TIME IS PERCEIVED TO BE OF EXTREME ESSENCE: A) B) IMMEDIATELY ACTIVATE THE FIRE ALARM; REPORT THE FIRE TO ONE OF THE FIRE MARSHALLS. OR IF THE FIRE IS LOCALIZED AND SMALL, ATTEMPT TO EXTINGUISH THE FIRE WITH THE USE OF A FIRE EXTINGUISHER. DO NOT OTHER-WISE ATTEMPT TO EXTINGUISH THE FIRE. 3. CLOSE WINDOWS AND DOORS (IF POSSIBLE) AS YOU LEAVE YOUR OFFICE. 4. EVACUATE THE OFFICE, IN A QUICK, CALM AND ORDERLY MANNER, BY USE OF THE FIRE ESCAPE OR IF POSSIBLE, THE FRONT DOOR. 5. ASSIST ANY INJURED PERSON. DO NOT: A) B) C) D) NOTE: DELAY EVACUATION BY ATTEMPTING TO GATHER PERSONAL ITEMS. RUN DOWN PASSAGES. OBSTRUCT PASSAGES. OPEN DOORS FROM WHERE SMOKE IS COMING OR WHICH ARE HOT TO TOUCH. EACH FIRE MARSHALL IS TRAINED IN THE USE OF FIRE FIGHTING EQUIPMENT AND EVACUATION PROCEDURES. STUDY THE ATTACHED OFFICE DIAGRAM AND NOTE CRITICAL POINTS. FIRE DRILL PROCEDURES TO BE FOLLOWED BY FIRE MARSHALLS IN THE EVENT OF A LOCALIZED AND SMALL FIRE: 1. IMMEDIATELY ACTIVATE THE FIRE ALARM. 2. ATTEMPT TO EXTINGUISH FIRE WITH THE USE OF FIRE-FIGHTING EQUIPMENT. IN THE EVENT OF A LARGE FIRE: 1. IMMEDIATELY ACTIVATE THE FIRE ALARM. 2. ATTEMPT TO EXTINGUISH THE FIRE AND/OR RENDER ASSISTANCE TO ANOTHER FIRE MARSHALL. 3. IF POSSIBLE: ASSIST STAFF TO EVACUATE PREMISES AND RENDER ANY ASSISTANCE TO INJURED PERSONS. 4. IF YOUR ATTEMPTS AT EXTINGUISHING THE FIRE FAILS:- A) RECOVER THE EVACUATION BOX FROM THE SAFE. B) EVACUATE THE PREMISES. WHERE PREMISES HAVE BEEN FULLY EVACUATED: A) TAKE A ROLL CALL OF STAFF MEMBERS. B) RENDER ASSISTANCE TO ANY INJURED STAFF MEMBERS. CALL EMERGENCY SERVICES IF NECESSARY. Emergency Telephone Numbers: National Fire Dept. 10177 (107) Telkom: Cell phone: 1022 112 ER 24: 084 124 Netcare 911: 082 911 South African Police Services: 10111 State your emergency/crisis (office fire etc); Give exact address, suburbs, cross-roads and landmarks; Report any complications (people trapped inside building, explosives or flammable materials nearby); Give your name and telephone number; Wait for operator to end off and report back to the scene of the fire/other. C) REPORT MISSING PERSONS TO EMERGENCY SERVICES. D) INITIATE DISASTER RECOVERY PROCEDURES. 10. BOMB THREAT PROCEDURE: A. REMAIN CALM: DO NOT PANIC! B. REPLY TO CALLER IN A CALM, COURTEOUS AND RESPECTFUL MANNER. DO NOT ANTAGONIZE, INSULT OR OTHERWISE AGGRAVATE THE CALLER. C. TRY TO KEEP THE CALLER ON THE LINE FOR AS LONG AS POSSIBLE TO OBTAIN AS MUCH INFORMATION AS POSSIBLE. TELL THE CALLER YOU DON’T UNDERSTAND, YOU CANNOT HEAR, ETC., OR USE ANY OTHER MEANS TO KEEP HIM ON THE LINE. D. ATTEMPT TO WRITE DOWN EVERYTHING THE CALLER SAYS. E. IN ATTEMPTING TO KEEP CALLER ON LINE ASK AS MANY QUESTIONS AS POSSIBLE AND IN PARTICULAR TRY TO ESTABLISH: 1) WHEREABOUTS OF BOMB OR DEVICE. 2) PROPOSED TIME OF DETONATION. 3) IDENTITY OF CALLER. 4) ANY OTHER INFORMATION. WRITE DOWN ANY AND ALL DETAILS NO MATTER HOW INSIGNIFICANT THEY MAY SEEM. THIS INCLUDES ANY BACKGROUND NOISES. F. WHEN CALLER IS OFF-LINE, IMMEDIATELY NOTIFY POLICE. TELEPHONE 10111. G. IMMEDIATELY NOTIFY MANAGING DIRECTOR, OR IN HIS ABSENCE, ANY SENIOR STAFF MEMBER WHO WILL ARRANGE FOR IMMEDIATE EVACUATION. H. IF YOU PERCEIVE TIME TO BE OF EXTREME ESSENCE ACTIVATE FIRE ALARM IMMEDIATELY AFTER CALL.