200132 36031 1 TM C ISCP---Executive-summary

Dana C. Williams Omega Research Inc. Executive Summary 1

Omega Research Inc. Executive Summary

Dana C. Williams

Disaster Recovery - Forensics and Security

October, 20th, 2013

Eddie Wachter


Disasters happen all the time and it is extremely important that a business has a plan in place in

order to recover from the disaster and carryon with the business operations as quickly as possible.

The recovery plan of Omega Research Inc. was done using Information System Contingency

Plan (ISCP). The ISCP will provide a very accurate representation of the application, hardware,

software and other related components required for the recovery process.

Objectives

The SAP ISCP has the following objectives to be implemented in phases:

Maximize effectiveness of the contingency plan by including the following necessary

phases:

a. Activation and Notification phase - This phase will activate a plan and determine the

measure of the damage caused.

b. Recovery Phase - This phase is meant to restore SAP operations.

c. Reconstitution Phase - This phase will make sure that normal operations of system are

restored.

Activities, resources and procedures required to carry out SAP processing requirements

are identified during long interruptions to normal operations.

Omega Research Inc’s employees will be assigned certain roles and responsibilities to

carry out restoration operations in case SAP is interrupted.


There will be full coordination with other key employees for Omega Research Inc

contingency planning strategies. In addition, measures would be taken to coordinate with

SAP support team and any external consultants whenever required.

Overview

The ISCP defines a three-phased approach to recover the SAP system. The reason

behind this approach is to ensure that system recovery efforts are implemented in a

sequence to maximize the effectiveness of the recovery effort and minimize outage of

system because of errors and omissions.

The three phases includes:

Activation - This phase will activate ISCP as soon as the outage of SAP goes beyond the

RTO established.

Recovery - This phase will design and determine the notifications and awareness

escalation procedures for communicating the recovery status to system owners and users.

Reconstitution - This phase will design the actions to be taken to test and validate the

functionality of system.

The recovery process takes approximately a year from date of identification of failure to

the documentation of updated version of ISCP.

Roles & Responsibilities

The following key resources have been identified to carry out the recovery process:


Damage Assessment Team - is a technical group responsible for assessing the damage to

the Facility/System and its components

The Operations Team - has several different employees assigned to key activities,

operators are responsible for running emergency production for critical systems,

coordinating with Backup Team to ensure that applications system data and operating

instructions are correct, and with the Liaison Team to advice of the production status and

any unusual problems requiring assistance.

The Communications Team is composed of Facility/System's communications specialists

responsible for restoring voice, data, and video communications links between users and

the computers, regardless of location in the event of a loss or outage.

The Data Entry and Control Team are responsible for entering data as it is restored.

The Administrative Management Team coordinates Primary and Alternate Site security

and specialized clerical and administrative support for the Contingency Plan Coordinator

and all other teams during disaster contingency proceedings.

The Procurement Team consists of people who are aware of the information resources

and carry out the inventory and the budgetary, funding, and acquisition processes

The Configuration Management Team is composed of individuals with teleprocessing

skills.

The Facilities Team is responsible for arranging for the primary and backup facilities and

all components.


The System Software Team consists of system software programmers responsible for

providing the system software support necessary for production of critical applications

systems during recovery.

The Internal Audit Team is responsible for observation and oversight participation in the

recovery effort.

The User Assistance team is composed of individuals with application use knowledge.

Notification Procedures

Different notification standards have been established so that the appropriate team is notified of

an incident, which requires the team’s response.

Incident notification: Through this procedure, facility managers who are located at different

plants are provided with telephone numbers of SAP Emergency Team members. These are the

locations, which have critical components of Omega Research Inc.

Internal Personnel Notification: This notification will be used for notifying the Crisis

Management team and other disaster Recovery team regarding specific responses actions

meant to be taken during response operations.

External Notification: This notification procedure will be used for notifying contingency

plan service providers, agencies, external contacts, etc.

Media Release: This notification will inform Department or Component Office of Public

Affairs (OPA) about the incidents.


Recovery Procedures

a) In the event of data or system loss, first determine the possible cause of the problem.

b) If data loss or corruption of data occurred, repair the problem prior to performing any

data restore.

c) If the client has suffered a disaster or hardware failure, repairing or rebuilding the system

is necessary.

d) Once the incident is resolved, the recovered system needs to be tested for system integrity

and data validity.

i) Validation Data Testing - This phase will include test cycles to be run at regular

intervals for any hidden invalid data.

ii) Validation Functionality testing - This phase will ensure that system is back to its

status of normal operations.

e) Once the recovery procedures are completed, a full-system backup is taken according to a

pre-defined schedule. Depending on the size of the data, the data would be either stored

off-site on a remote location, or a cloud storage platform, or an internal storage platform

and if the size is too large, even Tapes are considered. The schedule of the backup is as

follows:

Day of week Type of backup


MondayIncremental backup

TuesdayIncremental backup

WednesdayIncremental backup

ThursdayIncremental backup

FridayIncremental backup

SaturdayIncremental backup

Sunday Full backup

Alternate sites for storage, processing and telecommunications in case the main site is not

functional and designed appropriate data backup schedule as well has been identified. Inventory

has been managed with tapes given a unique identifier. These sites are at located at Westford

Street, Norfolk, 23517 and 21 Lucas Street, Norfolk, 23503.


The company is currently working with many vendors. In order to have appropriate and on-time

services from them, Service Level Agreements (SLAs) have also identified. These SLAs will

help in raising the critical issue to the appropriate authorities and get them resolved with quality

results on time.

If the recovery procedures mentioned above are adhered to and followed then the company

should be able to recover from a disaster in a timely manner.

200132 36031 1 TM C ISCP---Executive-summary

Documents

Transcript of 200132 36031 1 TM C ISCP---Executive-summary