DISASTER RECOVERY PLAN
Northern Maine Community College
Computing and Information Technology
33 Edgemont Drive
Presque Isle ME 04769
Updated 2017
Because of the sensitive nature of this document, some information has not been included with the plan. That information is kept with the Information Technology Staff. It is requested that you do not discuss the details contained in it with persons that do not have “the need to know.”
Table of Contents
1.0 Introduction
1.1 Authority
1.2 Distribution
2.0 Basic Recovery Plan Requirements
2.1 Disaster Recovery Team
2.2 Offsite Storage of System Backup Disks
2.3 Backup Facilities (hot site)
3.0 Recovery Plans
3.1 Disaster Preparation
3.2 Emergency Response
3.3 Recovery Procedures
3.3.1 Recovery Time Table
4.0 Disaster Recovery Plan Review
5.0 Appendices
A. Disaster Recovery Team Members
B. Vendor Contracts and Insurance Information
C. Backup Schedules
D. Computer Room Equipment List
E. Computing and Information Technology Staff
1.0 Introduction
The personnel, equipment, software systems, and databases which comprise Computing and Information Technology are necessary in order for the College to function in an effective manner. The purpose of this plan is to provide guidance in recovering from any disaster which might befall these to minimize downtime and to assist users in accommodating their critical processing requirements.
1.1 Authority
The decision to implement disaster recovery procedures is the responsibility of the Dean of Technology & Facilities or his designee.
The Disaster Recovery Team will convene as soon as possible after a disaster has occurred to assess damages and make recommendations to the Dean of Technology & Facilities.
1.2 Distribution
This plan will be distributed to and used by those persons responsible for its implementation and operation. These individuals are identified in Appendix A. This document will be maintained and updated by the Information Systems Department whenever significant changes occur.
2.0 Basic Recovery Plan Requirements
The basic requirements for the Recovery plan are as follows:
A. Disaster recovery team.
B. Disaster recovery documentation.
C. Backup computer facilities (hot site).
2.1 Disaster Recovery Team
The Disaster Recovery Team (see Appendix A) has been established and organized to assess the damage to the computer facility, to control and coordinate recovery/backup actions, and to make recommendations to the Dean of Technology & Facilities. The team will consist of a cross section of persons responsible for one or more of the following functions:
A. Recovery Administration
1. insurance notification
2. supplies
3. organization
B. Systems software
C. Application software
D. Communications
E. Operations
F. Facilities
G. Hardware
The Dean of Technology & Facilities serves as the Chair. The disaster recovery team shall meet every six months to discuss the current document and make recommendations for changes to it. All changes must be submitted in writing to the team and agreed upon by the majority before they become part of the document with final review and approval by the management team. It is the responsibility of the Chair to make the necessary changes and distribute the new document to the appropriate persons.
In the event of a disaster or major failure, the team should convene with as many team members as possible. All members of the team should assess damages and report to the Chair at the earliest opportunity.
2.2 Offsite Storage of System Backup Disks
In the event that disaster befalls the current location of the computers, having backup disks stored off site is critical. The most current full system backup and the year-end backup should be stored far enough away from the computer room to be safe in the case of fire or flood. Far off site storage has been designated as a fireproof data safe located with the Manager of Information Systems and Energy.
All servers located on the NMCC campus are scheduled for back up at different run times from daily to monthly depending on the server [see Appendix C]. All MS and MY SQL databases are backed up on multiple servers daily as well as manually copied to usb drives on a 10-drive rotation and kept off site with the Manager of Energy and Information Systems.
2.3 Backup Facilities (hot site)
In case of fire or natural disaster it may become necessary to move the computer room to a backup location or hot site. The location currently designated is in the Common Building. This site has been selected because the network hub is to be located there. Recreating network functions would be facilitated by this location.
We are exploring all options including utilizing EMCC as a hot site location and will revisit this topic on a yearly basis.
3.0 Recovery Plans
Several recovery plans have been identified, depending upon circumstances.
A. Disaster Preparation. Being ready and planning ahead is the easiest way to be sure we can quickly and fully recover from a disaster.
B. Emergency Response. These are the first actions taken in an emergency situation, designed to bring the computer systems back to operation, even if not at full capacity or in a degraded state.
C. Recovery Procedures. These are the procedures designed to return the computer systems back to a fully operational state, including bringing up the hot site.
3.1 Disaster Preparation
This section outlines the minimum steps needed to insure we can fully recover from a disaster.
A. The disaster plan must be kept current and all of the personnel on the recovery team must be made aware of any changes.
B. Current copies of the insurance information and the replacement documents for systems should be and are included in this document.
C. The offsite storage area should be inspected periodically to insure it is clean, organized and that the correct backups are in storage.
D. The fire fighting system in the computer room should be inspected regularly.
E. As many department heads as possible should be aware of the consequences of a disaster and what they can do while recovery is in progress.
F. The safety department should have the telephone numbers of pertinent persons to contact in the case of an emergency occurring during off hours.
G. Procedures and lead times for replacement equipment and communications should be established.
H. All computing personnel should be informed of the proper emergency and evacuation procedures.
I. Procedures for informing user community should be established.
In the event that there is warning of impending disaster, e.g. potential flood situations, tornadic activity in the immediate area, fire or potential building damage, the following steps should be taken.
A. Notice should be given to as many recovery team members as possible. (see Appendix A)
B. The Dean of Technology & Facilities should be briefed and a decision should be made whether to shut down the systems.
C. The recovery team should convene and review whatever actions may be necessary.
3.2 Emergency Response
This section details the basic actions that need to be taken in the event of a disaster situation.
A. The Dean of Technology & Facilities or his assignee should be notified as soon as possible.
B. The disaster recovery team should be notified and assembled as soon as reasonable under circumstances.
C. Team members should assess damages to their individual areas of expertise.
D. Team members should advise the Dean of Technology & Facilities as to the extent of damage and recovery procedures necessary so that the decision to move the computer center can be made after the assessment of the damage done to current facility.
E. Pertinent vendors should be contacted and negotiations should be made for the delivery of equipment, delivery time should be noted. (see Appendix B)
F. All Department heads should be informed of the decision and given an estimated time to return to either full or degraded service.
G. Each member of the disaster recovery team should supervise their own area of expertise.
H. The computer facility should be secured.
3.3 Recovery Procedures
Recovery from a complete failure to a degraded mode of service may be necessary. In this case it may be possible to bring up individual departments on a pirouette basis.
The decision to operate in a degraded mode and the order in which departments are to be brought back into service should be made by the Dean of Technology & Facilities in consultation with team members.
If it is decided to transfer the computer to the hot site located at the Commons Building:
A. It is assumed that the basic emergency procedures have been followed as detailed in section 3.2.
B. An inventory of the status of existing equipment and files should be compiled.
C. The Dean of Technology & Facilities should coordinate the move.
D. Vendors should be contacted to initiate delivery of replacement equipment to the hot site. At this time, estimated time of delivery should be noted. (see Appendix B)
E. A new offsite (backup) storage facility should be located and used immediately.
F. All facility systems should be verified operational at this time.
G. Systems should be tested and loaded as soon as the vendors release them to the college.
H. Communications, networking, operations and applications software personnel should be prepared to install and or setup their individual function in the appropriate order.
I. Department heads should be made aware of progress and or setbacks on a regular basis.
J. Existing safety and emergency procedures at the backup facility should be examined for their adequacy as a computer room.
3.3.1 Recovery Timetable
The following timetable does not take into account the amount of time required to input data held on hardcopy during the recovery period, or re-inputting data which may have been lost during recovery.
Day 1 Convene the disaster recovery team and assess damages, contact vendors, discuss options.
Day 2-4 Take delivery and setup new equipment. Determine priority of data processing.
Day 5-6 Restore programs and data, test integrity of programs and data. Begin restoring communications and networking capabilities.
Day 7 Restore partial operation to priority departments.
Day 8-14 Restore full communications and networking capabilities. Work with departments to verify data and operation of applications.
4.0 Disaster Recovery Plan Review
The following steps will be taken to insure that the Disaster Recovery Plan is current, feasible and effective:
A. Every six months (in March and in September) the Disaster Recovery Team will be convened to review the Plan and Appendices. Updates or revisions will be made at this time.
B. The Dean of Technology & Facilities will subject the contents of the off-site disaster backup tape storage to unannounced periodic audits. Results of the audit will be documented and filed with the Disaster Recovery Plan addenda materials.
5.0 Appendices
Appendix A
Disaster Recovery Team Members
Barry Ingraham
Dean of Technology and Facilities
33 Edgemont Drive
Presque Isle, ME 04769
Michael Williams
Director of Finance
33 Edgemont Drive
Presque Isle, ME 04769
Betsy Harris
Registrar
33 Edgemont Drive
Presque Isle, ME 04769
Bill Egeler
Dean of Students
33 Edgemont Drive
Presque Isle, ME 04769
Robert Smith
Manager of Energy and Information Systems
33 Edgemont Drive
Presque Isle, ME 04769
David Wyman
Senior Programmer Analyst
33 Edgemont Drive
Presque Isle, ME 04769
Appendix B
Vendor Contracts and Insurance Information
HP
VMware
APC
Tripp lite
Sophos
State of Maine Risk Management (Insurance)
Microsoft
Appendix D (Not attached. Information Technology Staff have the current information.)