Anda di halaman 1dari 4

T ECH N OL O GY

Information Technology Disaster Recovery Planning


for Court Institutions
By Judge Herbert B. Dixon Jr.

The courts serve a central role in our constitutional democracy. Under the rule
of law, people rely very heavily on the courts and on courthouses, all of which
are subject to various natural, technological, or humanly caused disasters or
catastrophes. Preparedness for such events is a vital government function,
but it is particularly important for the courts because they must remain open
to the extent possible to ensure that all peoples legal rights are protected.
Emergency Management in the Courts: Trends After September 11 and
Hurricane Katrina.1

C
ourts are dependent on digital catastrophe happens, a primary deter- Recovery Phases Following a
storage of information, comput- minant of a courts readiness is whether Disaster
erized case management systems, sufficient forethought has gone into the Whether the disaster is major or minor,
electronic filing and retrieval, and commu- process of recovering from such an abyss. the NIST Planning Guide notes three
nications systems, the same as businesses, At the risk of oversimplification, I offer phases that must be addressed by the
individuals, and other branches of gov- this CliffsNotes of a disaster recovery responsible parties in the disaster recov-
ernment. When disaster strikes, however, planning process. Hopefully, this will ery planning process. First, there is
whether natural or man-made, there is cause those who have not thought about the Activation/Notification Phase. As
more for a court to resolve than finding a the possibility and effect of a natural or implied by the name, this phase involves
location to conduct trials and other court man-made disaster to start working on activating the preestablished plan and
proceedingsmuch more! such plans for their court institution. notifying the disaster recovery team. Sec-
If the truth be told, the multiple Although this article is intended to ond, there is the Recovery Phase, which
information technology (IT) systems in provide a few initial thoughts to the con- involves the recovery team identify-
every court must have a disaster recov- cerned chief judicial officer and court ing and prioritizing recovery activities,
ery plan for minor and major casualties, administrators about what is needed, all restoring operations at the same or an
including readers are cautioned to understand that alternative site, and implementing any
the creation of an IT disaster recovery other applicable preestablished con-
Natural disasters: flooding, earthquake, plan is an extremely complex, detailed, tingency plans. The third phase is the
lightning, storms, and tornadoes; and technical exercise. The essential com- Reconstitution Phase, which involves
Environmental and physical disasters: ponents of the disaster planning process restoration, testing, and validation of
fire, heating/air-conditioning failure, discussed in this article are based pri- the system; returning it to normal oper-
power loss, loss of communication marily on a publication by the National ating condition; and preparing the system
medium (e.g., a cable break), damage Institute of Standards and Technology, against future outages.
from broken water/sewer lines or fire namely, Special Publication 800-34, Revi- Since the Activation/Notification
alarm sprinkler system, and pandemic sion 1, Contingency Planning Guide for Phase involves activating the preestab-
illness or disease; and Federal Information Systems (NIST Plan- lished plan, obviously there must exist
Man-made disasters: intentional or ning Guide).2 Notwithstanding that the such a plana disaster recovery plan
unintentional destruction of a system NIST Planning Guide was prepared for (DRP). So, the first thing that the chief
or system component, lack of mainte- federal government agencies, the National judicial officer and administrators must
nance, hacking, and malware. Center for State Courts notes that the do is commission the development of
publication provides extensive contin- a plan.
The above is not an exhaustive list gency plan guidance for IT systems and A DRP, as discussed in this article,
of disaster possibilities. But, when a is an excellent resource for courts.3 refers to the plan of action following a

36 The
Judges Journal t Vol. 52 No. 4
Published in The Judges' Journal, Volume 52, Number 4, Fall 2013. 2013 by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof
may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association.
major disruption to primary facility infra- a remote site unlikely to be affected by to whether other local institutions have
structure. This plan is designed to restore the same disaster, a storage location in made arrangements with that same facility.
operability of one or more information the cloud, or the vendor) for the Recov- Imagine the disastrous results if numerous
systems at an alternate site after an emer- ery Phase during which the team restores local institutions made arrangements with
gency. Generally, an IT DRP operates in operations at the same or an alternative the same alternative facility that is unable
conjunction with the overall Continu- site or otherwise implements the prees- to accommodate all customers if that catas-
ity of Operations Plan (COOP) for the tablished contingency plans. It cannot trophe affects enough of those customers
court institution; however, a DRP may be be overstated that the IT Contingency simultaneously. This is the type of foresee-
used even when the COOP is not acti- Planning Policy Statement must take into able problem that contingency planning is
vated, as might be the case with fire or consideration other plans associated with intended to mitigate.
water damage confined to the computer the courts institution-wide strategy.
room.4 Often the IT DRP is concerned There are other necessary steps in the Hardware and Software
with the procedures for relocation of creation of a Contingency Planning Pol- Acquisition and Replacement
information systems operations to an icy Statement that are highly technical A disaster in traditional terms means that
alternative location, after which the and include a business impact analysis and onsite equipment is probably destroyed or
contingency recovery plan for each sys- establishment of critical recovery inter- unusable. An inventory must be prepared
tem would be implemented. A DRP may vals, such as the maximum downtime that of the minimum equipment and software
include contingency recovery plans for should be tolerated (i.e., how long can necessary to resume operations. Also, the
one or more systems. The recovery plan a particular court operation continue to process for acquiring hardware and soft-
for each system may be activated in the function effectively without the support- ware to resume the courts core functions
current location or in an alternative loca- ing technology?) and the maximum time requires specific attention. This process
tion as determined by the DRP. Although it should take to recover from the failure may include accessing equipment that was
the subject of this discussion is disaster of a particular system. either stored in remote locations as a part
recovery planning, the reader should of the disaster planning process or in active
understand that a DRP is composed of Create Contingency Strategies use in locations unaffected by the disaster.
one or more contingency recovery plans Contingency strategies are created for the Additionally, as part of the contingency
for individual systems. purpose of mitigating the risk of an IT sys- planning, service agreements should be con-
tem disaster. The strategies include backup sidered with vendors for lease or purchase of
Develop a Contingency Planning methods, including whether the backup software, replacement equipment, and emer-
Policy Statement is on magnetic disk, tape, CDs, or some gency installations and maintenance. There
The first step requires court officials to other medium; the frequency and scope should be sufficient geographic diversity
create a Contingency Planning Pol- of backups, e.g., daily or weekly backup, among potential vendors to have a choice
icy Statement. This includes defining and full or incremental (files created or of vendors that are unlikely to be impacted
roles and responsibilities and the scope changed since last backup) backup; and by the same disaster, be it storm, earthquake,
of the policy, i.e., its applicability to the recovery methods to restore a system civil disturbance, or pandemic. Obviously,
telecommunications system, case man- operation as quickly as possible. And, of
agement system, etc. Another aspect of course, the backup contingency strategy
step one is an inventory of IT hardware must include consideration of an offsite
(including servers, computers, tablets, and location that is unlikely to be affected by Judge Herbert B.
smartphones), software and other applica- the local disaster. Dixon Jr. is the
tions, and digital information (especially technology
case files involving active litigation, Alternative Site columnist for The
judgments, etc.). Furthermore, with Admittedly, a major long-term disrup- Judges Journal and
respect to ongoing operations, the plan- tion is a rare event, but facing a major a member of the
ners must establish resource and training disaster without a preestablished recovery ABA Journal Board
requirements for a disaster recovery imple- plan would exponentially exacerbate the of Editors. He sits
mentation team, testing and maintenance situation. A major disruption should be on the Superior Court of the District of
schedules for existing and replacement accounted for in the contingency planning Columbia and is a former chair of the
equipment, and the frequency of data process. For instance, an offsite facility some National Conference of State Trial Judges.
and other information backups and stor- distance away must be considered so that He can be reached at Herbert.Dixon@
age. The contingency planning process the offsite location is unlikely to be affected dcsc.gov. Follow Judge Dixon on Twitter
must ensure that copies of program soft- by the same casualty that was experienced @Jhbdixon.
ware are available at a safe location (i.e., locally. Also, consideration must be given

Fall 2013 t The


Judges Journal 37
Published in The Judges' Journal, Volume 52, Number 4, Fall 2013. 2013 by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof
may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association.
The backup contingency
strategy must include
consideration of an
offsite location that is
unlikely to be affected
by the local disaster.

cost-benefit considerations must be a part Operating system administration team, Testing and Training
of this contingency planning process to Server recovery team, Each discrete part of the DRP should be
work effectively with available personnel Local area network/wide area network maintained in a state of readiness. This
and within financial resources. The plan- (LAN/WAN) recovery team, includes having trained personnel ready
ners must recognize that an alternative site Database recovery team, to fulfill their roles and responsibilities
fully ready and prepared to commence oper- Network operations team, within the plan. Testing of the systems
ations may be financially prohibitive, and Application recovery team, should occur at regular, predefined inter-
that consideration must be given for alter- Telecommunications team, vals to ensure that the plan is not deficient
native site, equipment, and software plans Testing team, or outdated and to confirm the accuracy
of a bare-bones nature merely to get through Physical/personnel security team, and of the process needed to recover each
the crisis until the local site can be restored. Procurement team.5 system that has suffered from the disaster
disruption. Indeed, the disaster recov-
Establishing Roles and Moreover, the DRP and its included ery implementation team must test the
Responsibilities strategies must recognize the possible various systems after recovery to ensure
It is not enough merely to make con- need for multiple teams performing sim- that a DRP has performed as expected.
tingency strategy plans for information ilar functions, for example, specialized In this regard, end-to-end disaster recov-
backup, alternative sites, and hardware application and software systems that ery exercises should be considered to
and software acquisition and replacement; each needs its own dedicated team. And, provide a realistic readiness status and
the planning must also include designated assuming the occasion for activating the bring out any complexities, intricacies,
teams to implement the various strate- team is a disaster that disrupts communi- or imperfections in the plans for recov-
giesteams that are trained and ready to cations through normal office channels, ering multiple systems in the case of a
respond to the minor or major incident the disaster recovery team coordinators widespread catastrophe.6 Thorough prep-
that has triggered implementation of the must have alternative means to contact aration and coordination involve a great
DRP. These teams may include, but are members of their teams, such as home deal of planning from all the participating
not limited to: address, cell phone, personal e-mail, and teams. Mini tests and some end-to-end
contact information for a close friend or testing of various components will give
Management team, relative that is likely to have access to the best opportunity of identifying poten-
Outage assessment team, the member. tial issues before they occur and provide

38 The
Judges Journal t Vol. 52 No. 4
Published in The Judges' Journal, Volume 52, Number 4, Fall 2013. 2013 by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof
may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association.
some reasonable basis to assure the ade- tested, and training material and DRP doc- However, this article is intended to encour-
quacy of the DRP for multiple systems. umentation must be updated. It is essential age discussion about the process to develop
Training for each person assigned that formalized change control procedures be such a plan so that the courts are ready to
disaster recovery implementation respon- adopted and maintained under control of the protect the communitys legal rights, even
sibilities is critical to ensure that each IT department and the IT DRP coordinator. during the time of a catastrophe.
member of the team is prepared to partici- Distribution of each aspect of the DRP
pate in testing, simulated exercises, and, must be carefully considered. Each coordi- Endnotes
should the worst happen, actual disaster nator for each system covered by the DRP 1. T. Birkland & C. Schneider, Emergency Man-
recovery implementation. should have a copy of the plan. A copy agement in the Courts: Trends After September 11
should be stored at the alternative site (if and Hurricane Katrina, 28 Natl Ctr. for State
Plan Maintenance an alternate site is predetermined), at a Courts Justice Sys. J., no. 1, 2007.
The overall DRP itself must be maintained secured location onsite, and at a secured 2. Natl Inst. of Standards & Tech, NIST
in a constant state of readiness. Each part of offsite location (i.e., perhaps where the SP 800-34 Rev. 1, Contingency Planning
the plan, for each system, must be regularly backup data and information are stored). Guide for Federal Information Systems
reviewed and updated to ensure that new Also note that the plan, or parts of it, (NIST Planning Guide), available at http://
information is documented and that up- may contain sensitive operational and csrc.nist.gov/publications/nistpubs/800-34-rev1/
to-date contingency measures are in place. personnel information, in which case sp800-34-rev1_errata-Nov11-2010.pdf.
The DRP is not an autonomous plan. It is the planning process should ensure the 3. Natl Ctr. for State Courts, A Comprehen-
interrelated with the courts overall COOP, protection of that sensitive information. sive Emergency Management Program: A Model
and a change in one IT system or element for State & Territorial Courts 28 (2007).
might affect another IT system or some other Conclusion 4. Id. at 27.
part of the institution. Accordingly, the plan As mentioned at the beginning of this arti- 5. NIST Planning Guide, supra note 2, at 26.
must be reviewed frequently for accuracy and cle, the creation of an IT disaster recovery 6. S. Subramaniyan, How to Conduct an End-to-
completeness at an organizational and institu- plan is an extremely complex, detailed, End Disaster Recovery Exercise in Real Time, Disaster
tional level, including the plans part within and technical exercise. This article is Recovery J. (Apr. 3, 2013), http://www.drj.com/
the institutional COOP. Whenever changes not intended to outline all the steps that articles/online-exclusive/how-to-conduct-an-end-
are made to the plan, they must be fully are necessary to create an effective DRP. to-end-disaster-recovery-exercise-in-real-time.html.

Fall 2013 t The


Judges Journal 39
Published in The Judges' Journal, Volume 52, Number 4, Fall 2013. 2013 by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof
may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association.