This is the Information Systems and Technology Associate Vice Chancellor's Office page

Site links

IST Health & Safety
IST Injury and Illness Prevention Program
IST H&S Central Guidelines
IIPP training
IST Organizational Safety Coordination Committee
IST Department Safety Coordinators

News

• All IS&T Departments are currently up to date and in compliance with EH&S and Cal OSHA safety regulations. If you have an immediate safety problem please contact you supervisor.

Last revised 2003-02-12
Contact Enna Eskin

IST Health and Safety banner

Contingency and Recovery Planning : Checklist for Information Systems

INTRODUCTION

This checklist is designed to help organize and put in place an emergency recovery plan for information systems and computing groups in campus departments.

Its development was undertaken by a diverse group of MICROnet participants known as the Disaster Recovery Workgroup. Design participants came from Housing and Dining Services, Auxiliary Enterprises, Campus Police, College of Engineering, Electrical Engineering and Computer Science, Physical Plant-Campus Services, Parking and Transportation, Health Services, Letters & Science, Information Systems and Technology, UCOP and others. The purpose was to create a planning tool that would serve to guide campus information systems groups when they embark on the emergency planning process. A series of priorities, task definitions, instructions, flow charts, agreements and reference materials result from following the checklist. When organized into a document these materials become core elements of an information systems contingency and recovery plan. This information systems emergency plan should adjoin the overall department emergency plans for responding to and recovering from a disaster.

Table of Contents

I. GETTING READY

checkbox A. Obtain written commitment from top management of support for contingency planning objectives.

Example of mission statement for an information systems unit's contingency plan:

"Prepare a contingency and recovery plan for restoring the information systems that support the crucial functions performed by the Department/Unit following a catastrophic failure of current systems."

checkboxB. Assemble the contingency planning team to include one or more permanent members from:
  1. Computer support staff
  2. Operational or unit managers
  3. Facilities management
  4. Department Safety Committee
checkboxC. Provide for the planning committee to include participation on an "as needed" basis from the following campus departments:
  1. Internal Audit (compliance)
  2. Purchasing (contracts)
  3. Environmental Health and Safety (coordination)
  4. UC Police Department (coordination)
  5. Office of Emergency Preparedness (coordination)
  6. Applied Risk Management (liability/insurance)
  7. Real Estate Services (relocation)
  8. Information Systems and Technology including:
    Telecommunications, Central Computing Services, Data Communications and Network Services, Administrative Systems, and Student Information Systems.
  9. Physical Plant--Campus Services
  10. Others as required
checkboxD. Define the responsibility of planning committee members. Appoint;
  1. Group Moderator, to facilitate planning meetings
  2. Group Scribe, to take and prepare meeting notes and agenda's
  3. Group Administrator, to aggregate meeting materials
II. GATHERING NECESSARY INFORMATION - RISK ASSESSMENT
checkboxA. Prepare a written description of the mission-critical functions of the Department and Units.
checkboxB. Identify the areas impacted by an emergency:
  1. Functional Operation of the Department
  2. Service to Clients/Students/Staff
  3. Obligations to Vendors/Suppliers/Funding Agencies
  4. Relations with Other Campus Departments
  5. Department Credibility
  6. Other Departmental Impacts

checkboxC. Define and establish estimated potential losses and liability to the department due to lost or delayed functions, in order of severity of the emergency:

    Severity$ Amount or rangeDuration
    1.Catastrophic_____________________
    2.Major _____________________
    3.Serious_____________________
    4.Limited_____________________
checkboxD.Determine which critical department functions depend on information systems. List critical functions with the associated information system(s). Contingency planning for critical functions beyond their information systems components should be referred to the department recovery planning effort.
checkboxE. Establish the vulnerability of information systems by examining possible consequences and frequency of specific emergencies.

Specific EmergenciesPossible Consequences
1. Earthquake1. Prohibited Access
2. Fire 2. Disrupted Power
3. Flood 3. Ruptured Gas Mains
4. Hurricane/Tropical Storm 4. Power Outage
5. Landslide 5. Water Damage
6. Tsunami 6. Mildew or Mold damage
7. Volcano 7. Smoke Damage
8. Wildfire 8. Chemical Damage
9. Urban Fire 9. Structural Damage
10. Severe Winter Storm 10. Communication loss
11. Civil Disorder 11. Other?
12. Hazardous Material Incident
13. Nuclear Attack
14. Power Failure/surge
15. Sabotage
16. Bomb/Explosion
17. Other?
checkboxF. Using the information in A through E make a prioritized list of mission critical information system functions for restoration in an emergency.

III. GATHERING NECESSARY INFORMATION - RESOURCE ASSESSMENT
checkboxA.Survey the systems and data which are critical to the Department's functions. Develop flow charts of the results. Verify flow diagrams with appropriate system administer. The survey should ascertain;

  1. Source of all data used in the system.
  2. Nature of information or report.
  3. Frequency of need for data.
  4. How the data is obtained, paper, e-mail, remote access download, tape or disk.
  5. Who in department receives or retrieves data.
  6. Who on campus do you speak to about access to the data, will they be available in an emergency.
  7. What is the impact if this data is not available.
  8. Hardware/OS software.
  9. Network.
  10. Applications.
checkboxB.Identify the areas where the Department's responsibility for disaster recovery begins and that of the central computing facility ends.
checkboxC.Determine if the current backup plan is adequate for the completed risk assessment and includes the following features:

  1. Routine periodic backups,
  2. Clear backup "strategy" (full vs. incremental backups, frequency, etc.),
  3. Off-site storage and retrieval procedures,
  4. Alternate processing site (hot, warm, or cold site).
checkboxD.Complete a resource inventory in each of the following areas (items that might have to be replaced):

  1. Equipment

    1. Computer hardware
    2. Network hardware
    3. Other equipment

  2. Documentation

    1. Procedure manuals/handbooks
    2. Software
    3. Accounting procedures
    4. Communication documentation

  3. Supplies

    1. Current inventory
    2. Outstanding orders
    3. Special items, (e.g., toxic or hazardous materials)
checkboxE. Define the responsibilities of emergency response team(s).
checkboxF.Complete staff responsibility chart for emergency response:

  1. Disaster evaluation team (management level)
  2. Interim operations team
  3. Recovery team
IV. INTEGRATION WITH DEPARTMENT RESPONSE AND RECOVERY PLANNING
checkboxA. Specify who is authorized to declare a disaster and activate the information systems emergency Plan.
checkboxB. Define the department's immediate response actions by referring to the Department Safety Plan for evacuation and notification of staff.

  1. Accounting for staff and others in the building.
  2. Meeting location of disaster evaluation team.
  3. Reaching staff needed for emergency response.
    1. List of home telephone numbers
    2. Cellular phone or radio contact
checkboxC. The Department Recovery Plan should define "manual" processes that can be used until computer resources are recovered. This need for parallel paper process is beyond the planning scope of information systems group. It needs to be defined by a department administrative recovery team. This plan should:

  1. Stock the required forms.
  2. Pre-assign job numbers, PO numbers, work order numbers, service request numbers, etc.
  3. Document procedures to merge the manually tracked data with the information on the system once it is restored.
  4. Document all manual procedures.
  5. Prescribe how the impact of changes in procedures will be clear to customers, suppliers, and vendors.
V. INTERIM OPERATION PLAN - PREARRANGED AGREEMENTS FOR RESOURCE REPLACEMENT
checkboxA. Possibilities for alternate sites:

  1. Other company with similar facilities
  2. Other company in the immediate geographical area
  3. Computer manufacturer's facilities (or other suggestions from them)
  4. Service bureaus in the immediate area
checkboxB. Considerations for alternate site selection:

  1. Building type
  2. Floor capacity - space and load
  3. Raised flooring
  4. Electric circuits/ capacity/ special connectors
  5. Air conditioning and humidity control
  6. Chilled water
  7. Fire protection and suppression
  8. Security - personnel
  9. Security - physical
  10. Security - data
  11. Staff accommodations
  12. Communications
    1. Telephones
    2. Network between departmental systems and access to other data
    3. Physical access to systems with critical data which are not accessible remotely
checkboxC.Back-up agreements:

  1. Written guarantee or contract with other companies
  2. Reciprocal agreements
  3. Service bureau commitments
  4. Vendor commitments
checkboxD. Alternate hardware:

  1. Computer and components
    1. CPU model
    2. Memory
    3. Operating system
    4. Options
    5. Peripherals
  2. Network equipment and wiring
  3. Terminals
  4. Off-line equipment
  5. Furniture
  6. Office machines (including phones, fax, etc.)
checkboxE. Supplies:

  1. Paper
  2. Forms
  3. Disks
  4. Tapes
    1. Reel
    2. Cartridge (type)
checkboxF. Off-site moving plans:

  1. Transportation of staff
  2. Transportation of data and supplies
  3. Staff phone list
  4. Other ____
VI. TEST, EVALUATE AND UPDATE THE PLAN
checkboxA. Specify periodic testing of the contingency plan to assure processing compatibility:

  1. Frequency
  2. Scope
  3. Test data
  4. Test evaluation team
checkboxB. Periodically review and update of emergency response documentation:

  1. Staff responsibility charts
  2. Staff telephone numbers
  3. Vendors
  4. Software license agreements
  5. Alternate site agreements
  6. Inventory of computer hardware and software
  7. interim operations procedures
checkboxC. Periodically review and drill emergency response and recovery teams:

  1. Tabletop exercise to test documentation and communication in controlled environment.
  2. Functional exercise to test documentation, communication and procedures in controlled environment
  3. Field exercise to test documentation, communication, procedures and logistics in a simulated"real" environment.

VII. RECOVERY AND RESTORATION
checkboxA. Permanent site preparation:

  1. Building
  2. Floor capacity - space and load
  3. Raised flooring
  4. Electric circuits/ capacity/ special connectors
  5. Air conditioning and humidity control
  6. Chilled water
  7. Fire protection and suppression
  8. Security - staff
  9. Security - physical
  10. Security - data
  11. Communications
    • Telephones
    • Network between departmental systems and access to other data
    • Physical access to systems with critical data which are not accessible remotely
checkbox B. Procurement of hardware:

  1. Acquisition
    1. Purchase
    2. Lease
    3. Donation
    4. Loan

  2. Computer and components
    1. CPU model
    2. Memory
    3. Operating system
    4. Options
    5. Peripherals
  3. Network equipment and wiring
  4. Terminals
  5. Off-line equipment
  6. Furniture
  7. Office machines (including phones, fax, etc.)
checkboxC. Supplies:

  1. Paper
  2. Forms
  3. Disks
  4. Tapes
    1. Reel
    2. Cartridge (type)
checkboxD. Parallel operations plans.
checkboxE.Migration plan.
checkbox F. Procedures to close down the interim operation.