1. The DVD Shop is a small business with a vast selection of the latest videos and DVD’s, a great
assortment of snacks and light beverages. This organisation has 3 stores along NSW, the head
office is located in Parramatta which also has a shop and 2 other shops in Liverpool and
Hurstville.
The Head Office at the Parramatta store contains a “Shop Area”, “Storage Area” for inventory,
“Store Manager’s Office” which the secretary also utilises, “Finance Manager’s Office” and the
“Business Owner’s Office”.
The DVD shop employs 12 people. Each store has two retail sales assistants and a store manager,
additionally a secretary, the Finance Manager and Business Owner work from head office in
Parramatta.
There are no other IT or technical staff employed by “The DVD shop”. If part of the computing
infrastructure needs major maintenance or upgrades beyond the ability of the Parramatta store
manager, “The DVD shop” contacts a technical support service provider Big Boss Computing.
3. It is the intention of the owner to continue service to its customers in spite of any
unplanned and extended interruption of primary business functions. The purpose is to
designate who will be responsible for making critical decisions during an emergency situation
and to provide guidelines to be followed in an emergency. Plan assumptions are defined
below:
3.1 The Plan seeks to minimize the financial exposure and vulnerability of the
Organization.
3.2 The level of recovery for any specific function is determined by the critical nature of
the various business functions as well as the need to maintain public confidence and
credibility.
3.3 The Plan will be amended as changes in the business environment occur.
The Plan will be reviewed my management, internal and external auditors and regulatory
examiners as requested.
4. Critical Functions
The following areas have been identified as those critical to the overall operation of the
company and contingency or recovery plans must be maintained for these areas:
>Inventory
Essential Functions
The following areas have been identified as those essential to the operation of the company
and recovery plans may be maintained for these areas:
Recovery Priorities
Efforts will be devoted restoring Critical functions first. Once Critical functions have been
restored, efforts will be devoted to re-establishing Essential functions.
Risks - Describe relevant risks to hardware, software and data
5. Natural Causes
such as:
>damage from robbery, vandalism, human error
>malware malicious software designed to disrupt computer operation
>viruses - computer code that can copy itself and spread from one computer to another, often
disrupting computer operations
Technical threats
such as computer network failures and problems associated with using outdated equipment or
power loss or data corruption
Prioritisation of risks & rationale - List which risks are acceptable.List which risks should be
mitigated.Explain why the risks which have a high impact but low likelihood of occurring have a
low priority for mitigations.
Fire
In the event of a fire that is not an immediate danger, the following steps should be taken:
>If the fire has not advanced too far, attempt to control it with a fire extinguisher.
>If the fire is in the computer room and the manager is not present at the time of the
emergency, immediately notify him if possible.
>If the fire is located in the computer room and equipment is not in immediate danger and
accessible. Shut down equipment.
>Exit the building, closing doors and windows behind you when leaving your work area.
>When exiting the facility, check all closed doors for extreme heat before opening any doors.
Lightly touch the door to feel for extreme heat. If the door is not extremely hot, cautiously
open the door, and when deemed safe, enter the corridor and close the door behind you. If
the door is extremely hot, do not open the door, but retreat as far away from the door and
adjoining wall as possible and signal for help from a window.
Flood
The following procedures should be followed in the event of a flood or water leakage.
Natural Disaster
In case of a natural disaster such as a cyclone or earthquake, the Organization will allow
employees to return home within a reasonable time to secure themselves and their families.
Employees are to make every effort as soon as possible to notify Management of the
Organization if he/she is a victim of such a disaster, procedures for recovering business will be
followed according to Disaster prevention.
Power Failure
A loss of electrical power can prove to be a serious situation for all institutions. Not only does it
pose a security threat and loss of communication, but also physical threat with the loss of air
or heat.
As soon as a power failure has occurred, a staff will contact the power company to report the
outage and determine if there is an expected time for restoration of power. Based upon the
information obtained, a decision will be made as to the next steps to be taken.
In cases of extended loss of power, staff member may declare an emergency and the premises
vacated. If the building is to be vacated, employees should follow the basic emergency
evacuation procedures described above. A sign stating that the Organization has been closed
will be posted. The local police will be contacted to alert them of the power failure and the
evacuation of the building.
The remaining remote locations also will be notified regarding the status of the outage for
customer inquiries.
Systems that are on UPS battery backup should be monitored. If the outage is over 30 minutes,
plans should be made to shut down servers according to the best practices.
Disaster Prevention - List the strategies & procedures for disaster
prevention
Data Storage and Backup - The Backup strategy includes full the clouding backup with a
software in order to relocate and make the data immediately available to allow the company
to be efficient on all operations.
Physical Security - The entire system will be improve by new surveillance security cameras to
avoid thieving. Also servers location will be secure implementing a Data Centre procedures
adding a proper security lock.
Antivirus and Firewall - The actual antivirus is free version, the strategy is to install a server
antivirus which allow to get the information of the latest databases.
Also a firewall which will detect intrusions and keep the information safe.
Internal security and confidentiality - Strong password policy and user education
Hot Site - Key business processes will be in a fully mirrored recovery site outside the office in
Parramatta, this hot site will be in Perth. This strategy entails the maintenance of a fully
mirrored duplicate site which will enable instantaneous switching between the live site and
the backup site.
- Identification and reporting of a disaster situation - Keeping alert for incidents and report
the nature of disaster to all staff if is necessary.
If fire is involve working with the fire service to establish how much damage has been done
and how the fire broke out
- Salvage strategy - One person, preferably the manager or a person with expertise in the
field, should be appointed to oversee the disaster response programme, them will be train
to response in any type of disaster to maintain the people and critical information on
salve.
- The activities for all the staff should be co-ordinated by a team leader. Persons should be
nominated to fill these roles. The teams should be responsible for the following broad
areas:
Assess damage
- Technology strategy - Backup and Hot site strategies will be run, in this case if the system
fails for any reason, the full backup of the information will be restored by the proper staff.
On the other hand if is a major disaster, the hot site strategy starts, in this case, the personal in
Perth will continue with the operations for the critical processes before determined.
In the event of a disaster, different groups will be required to assist the IT department in their
effort to restore normal functionality to the employees of DVD SHOP, different groups and
their responsibilities are as follows:
Management Team
Network Team
Server Team
Data Storage and Backup Systems team
Security and insurant
Management Team
Disaster Management Team that will lead the entire disaster recovery process. They will be the
first team that will need to take action in the event of a disaster. This team will evaluate the
disaster and will determine what steps need to be taken to get the organization back to
business as usual.
Network Team will be responsible for assessing damage specific to any network infrastructure
and for provisioning data and voice network connectivity including WAN, LAN and data
connections with outside world
Role & Responsibilities
If multiple network services are impacted, the team will prioritize the recovery of
services in the manner and order that has the least business impact.
If network services are provided by third parties, the team will communicate and co-
ordinate with these third parties to ensure recovery of connectivity.
In the event of a disaster that does require migration to standby facilities the team will
ensure that all network services are brought online at the secondary facility
Install and implement any tools, hardware, software and systems required in the
standby facility
Install and implement any tools, hardware, software and systems required in the
primary facility
Server Team
If multiple servers are impacted, the team will prioritize the recovery of servers in the manner
and order that has the least business impact. Recovery will include the following tasks:
If multiple applications are impacted, the team will prioritize the recovery of applications in
the manner and order that has the least business impact. Recovery will include the following
tasks:
The Disaster Recovery Co-ordinator, with input from upper management, is responsible for
deciding when to activate the disaster recovery plan. If the co-ordinator is not available,
responsibility flows down the chain of command. This is why it is important for roles and
responsibilities to be clearly defined in the Disaster Recovery Plan. A contact list should be
created and maintained containing details of all employees with afterhours phone numbers. The
organisation’s internal directory listing, it can be modified accordingly.
Disaster Plan Update - State how often the plan should be updated
and by whom
The DRP will be reviewed ones a year and it could be updated at any time if a major system
update or upgrade is performed, any whichever is more often.
The Disaster Recovery Manager will be responsible for updating the entire document, and so is
permitted to request information and updates from other employees and departments within
the organization in order to complete this task.
Maintenance of the plan will include (but is not limited to) the following:
Ensuring that call trees are up to date
Ensuring that all team lists are up to date
Reviewing the plan to ensure that all of the instructions are still relevant to the
organization
Making any major changes and revisions in the plan to reflect organizational shifts,
changes and goals
Ensuring that the plan meets any requirements specified in new laws
Other organizational specific maintenance goals
During the Maintenance periods, any changes to the Disaster Recovery Teams must be
accounted for. If any member of a Disaster Recovery Team no longer works with the company,
it is the responsibility of the Disaster Recovery Lead to appoint a new team member.
Disaster Plan Testing – State how often the plan will be tested, how
the plan will be tested and who will be responsible for testing?
The DVD Shop is committed to ensuring that this DRP is functional. The DRP should be tested
every six months in order to ensure that it is still effective. Testing the plan will be carried out
as follows: