Business Continuity and Disaster Recovery · 2016-11-25 · and disaster recovery plan needs to be...
Transcript of Business Continuity and Disaster Recovery · 2016-11-25 · and disaster recovery plan needs to be...
2013
Gerben Kleijn, Terence Nicholls, Kyle
Ferrera, and Will Hartman
Digiknight Technologies
4/29/2013
Business Continuity and Disaster Recovery
1
Change Management
Version Date Author Change Description
1.1 02-23-2013 Team Business as Usual Completed Risk
Assessment
1.2 03-23-2014 Team Business as Usual Added Business
Impact Analysis and
Mitigation Strategies
1.3 04-06-2013 Team Business as Usual Added
Communication plans
and templates
1.4 04-20-2013 Team Business as Usual Added Auditing and
Testing
2.0 04-29-2013 Team Business as Usual Reviewed and
Finalized BCDR
Document
2
Executive Summary
The current document outlines the Business Continuity Plan and Disaster Recovery Plan
(BCDR) for DigiKnight Technologies Inc. Business Continuity planning is a methodology used
to create and validate a plan for maintaining continuous business operations. Disaster Recovery
planning is a part of business continuity and deals with the immediate impact of an event such as
a threat or disaster. Both aspects of BCDR will be addressed in the current document and
specific scenarios and processes will be provided to ensure that DigiKnight Technologies is able
to recover from accidents or disasters.
DigiKnight Technologies is a video game printing company located in the Silicon Valley Region
of California. Its facilities include three buildings that total about 14,000 square feet of work
space. Business processes are divided up amongst eight separate departments. DigiKnight’s
critical assets which are absolutely required for business operations to continue are (1) its
buildings, (2) CD stamping machines, (3) its high-speed printer, (4) company servers, and (5)
client computers. In case of an event that compromises any of these critical assets, steps in the
BCDR plan to shift operations or initiate backups have to be taken immediately.
Included in the BCDR plan are risks assessments, loss analyses, and mitigation strategies for (1)
natural threats such as fires, earthquakes, or floods, (2) Man-made threats such as theft or
sabotage, labor disputes, and workplace violence, (3) IT and technology threats such as
intellectual property rights, damage to information resources, and viruses or malware, and (4)
environmental and infrastructure threats such as energy and fuel scarcity, material resource
scarcity, and even increases in digital media. Out of all specified threats and disaster situations,
the five prioritized threats are (1) Damage to information resources, (2) Earthquakes, (3) Viruses
and malware, (4) Theft, sabotage, and vandalism, and (5) Hardware equipment failure.
All business processes are outlined in the document and evaluated in their importance to our core
business operations. This has revealed that our IT business processes play an important role in
keeping our business going, as many of the non-IT business processes are actually dependent on
our network infrastructure. Our IT department has several mission-critical business processes
that would severely interrupt our operations if they were to be down for more than two hours.
DigiKnight would quickly lose revenue and relationships with clients and suppliers could be
damaged.
In order to mitigate these risks to our business and their impact, DigiKnight will employ a
strategy consisting of a mixture of risk transference, risk limitation, and risk avoidance. Risk
transference is accomplished by signing insurance policies that cover us is case of such
disruptions as structural damage to our buildings, damages to IT hardware, employee accidents,
fire, and many other such events. Risk limitation is accomplished by taking action that will limit
the impact of events if they do come to pass. For instance, DigiKnight has several backup servers
in place that can take over for primary servers in case they go down. All servers also have
multiple hard disks that are configured to RAID 5, so that if one hard disk fails, the information
can be easily rebuilt as soon as a replacement is inserted.
3
Another way in which we accomplish risk limitation is by having a warm backup site available
in case of a business disruption that is too severe to be dealt with at our primary site. The warm
backup site has all the critical assets that are required to continue with our core business
operations, and the site can be operational in a matter of hours. Not all DigiKnight’s assets are
available at the warm backup site so contracts have been signed with third parties to take over
certain business processes while the primary site is unavailable. As an alternative to the warm
backup site, we have also signed a contract with a mobile backup site delivery company. If a
disruption has made it impossible for our administrative staff to work from our primary site, but
the manufacturing and IT departments are still operational, then the mobile backup site will be an
ideal business continuity solution.
Risk avoidance is accomplished by having a mirrored backup site in place. Although a mirrored
backup site is a considerable investment, it is also the cheapest recovery and continuity strategy
once a business disruption happens, since all equipment is already operational and business
processes can be quickly and easily transferred over.
When a business disruption occurs, communication is a key element in quick recovery and
business continuation. The current document clearly designates certain key employees as
members of the Crisis Management Team (CMT) and how the lines of communication change
during a business disruption. Several communication plans and templates are also provided that
detail which parties need to be informed of a business disruption, what they need to be told, by
whom, and through what communication method. A business disruption can easily generate
unrest among employees and clients or suppliers, so fast and clear communication is of the
utmost importance.
Testing, training, and auditing of the current document is also included. A business continuity
and disaster recovery plan needs to be occasionally tested to make sure it’s complete and up-to-
date. Several methods for testing the plan are included, some of which are not disruptive to the
business at all and some of which are quite disruptive. Although a disruptive test will cost more
money than a non-disruptive test, the results are also much more reliable and informative.
Although a non-disruptive test is advised to be done at least twice a year, it is a good practice to
perform a disruptive test at least once every two years.
To safeguard the quality and efficiency of the BCDR plan, only authorized parties are allowed to
make changes. Other parties that would like to have changes made to the document need to
request approval, and if approval is given they then need to submit their revisions to be
incorporated into the document. Version changes will be closely monitored and documented to
ensure that every department and stakeholder has the most up-to-date version of the plan.
Finally, appendix B contains memos that have been previously sent out about change
management practices, testing of the plan, and the benefits of keeping members of the original
BCDR plan on staff. These memos contain important information and knowledge that is deemed
valuable to preserve, which is why these memos are included in the BCDR plan. It is advised
that these memos be occasionally reviewed as a reminder of good BCDR practices.
Of course, business continuity and disaster recovery strategies come at a price. In order to
incorporate the processes and strategies outlined in this plan, new hardware and equipment has to
be purchased. The insurance policies would come to $2,000 a month. The backup servers would
4
come to $15,000. The mirrored site would come to $500,000 in equipment, with a $20,000
monthly cost for rent and maintenance. The contracts with third party vendors and the mobile
backup site provider would cost $5,000 a year, with additional costs if we were to need them.
Overall, the implementation cost of the proposed BC/DR strategies would be around $515,000
initially, with an additional $269,000 a year.
Although this seems like a lot of money, management should keep in mind that DigiKnight ships
over 20 million videogames per year, with the average game selling to clients around $35. Our
total yearly revenue stream exceeds $700 million, meaning that if our business went down for a
single day we would lose on average about $2 million. The steps we take to ensure our business
continuity are well worth the price we pay for them.
5
Contents
Change Management ................................................................................................................ 0
Executive Summary .................................................................................................................. 2
Company Overview .................................................................................................................. 8
Facility ......................................................................................................................................... 8
Departments ................................................................................................................................ 9
Critical Assets ........................................................................................................................... 11
Contact Information .................................................................................................................. 12
Risk Assessment ..................................................................................................................... 13
A. Natural Threats ..................................................................................................................... 13
B. Man Made Threats ................................................................................................................ 15
C. IT and Technology Threats................................................................................................... 20
D. Environmental / Infrastructure Threats ................................................................................ 24
Prioritized list of threats ............................................................................................................ 26
Business Functions .................................................................................................................... 27
Shipping .............................................................................................................................................. 27
Manufacturing / Maintenance ............................................................................................................. 27
Security ............................................................................................................................................... 27
IT ......................................................................................................................................................... 28
Business Impact Analysis ....................................................................................................... 29
Business Processes .................................................................................................................... 29
Administration .................................................................................................................................... 29
Sales .................................................................................................................................................... 29
Marketing ............................................................................................................................................ 29
Research and Development ................................................................................................................. 29
Shipping .............................................................................................................................................. 29
Manufacturing / Maintenance ............................................................................................................. 29
Security ............................................................................................................................................... 29
IT ......................................................................................................................................................... 30
Requirements for business recovery ......................................................................................... 30
If manufacturing processes are halted: ................................................................................................ 30
If manufacturing processes are intact: ................................................................................................ 30
Resource Interdependencies ...................................................................................................... 31
Impact on Operations ................................................................................................................ 32
6
Priorities and Classification of Business Processes and Functions ........................................... 33
Recovery Point Objective: .................................................................................................................. 40
Financial, Operational, and Legal Impact of Disruption:.......................................................... 40
Insurance Quotes ....................................................................................................................... 42
FEMA ........................................................................................................................................ 43
Industry Liaison Program .......................................................................................................... 43
Suppliers .................................................................................................................................... 43
Activation of an Alternate Work Site ........................................................................................ 44
Cold Backup Site ................................................................................................................................ 45
Warm Backup Site .............................................................................................................................. 47
Hot Backup Site .................................................................................................................................. 49
Mirrored Site ....................................................................................................................................... 50
Plan to run a mobile site backup location ........................................................................................... 51
Plan to run a mirrored site backup location ........................................................................................ 53
Communication ....................................................................................................................... 54
CMT: ......................................................................................................................................... 54
Employee plan ........................................................................................................................... 57
Clients or Suppliers plan ........................................................................................................... 58
Media plan ................................................................................................................................. 58
Internal communication methods .............................................................................................. 59
External communication methods ............................................................................................. 59
Organizational Chart of Key Employees .................................................................................. 61
Emergency Response Organizations ......................................................................................... 62
Fire/Search and Rescue: ...................................................................................................................... 62
Hospital/Ambulance: .......................................................................................................................... 62
Police/Sheriff: ..................................................................................................................................... 62
Business Continuity and Disaster Recovery Activation Steps .................................................. 63
Determining Impact and Risk Template ................................................................................... 64
Emergency Testing Policies ...................................................................................................... 65
Layout of Buildings ................................................................................................................... 66
Shelter-in-place Procedures....................................................................................................... 67
Communication Templates ....................................................................................................... 67
Safety Procedures ................................................................................................................... 68
Inventory and Damage Assessment ........................................................................................ 69
Hazardous Materials and Conditions Assessment .................................................................. 70
7
IT Inventory and Damage Assessment ................................................................................... 71
Testing, Training, and Audit ................................................................................................... 72
Recommendation on Updates.................................................................................................... 73
Change Management Process ............................................................................................................. 73
Distribution of Updated Plans ............................................................................................................. 74
Nature-Based Test Scenario ...................................................................................................... 75
Man-Made-Based Test Scenario ............................................................................................... 76
Mudslide Tabletop Test ............................................................................................................. 76
Recommendations for Employee Acceptance........................................................................... 77
Managing Updates to BC/DR Documents ................................................................................ 77
Appendix A - Communication Templates ............................................................................. 79
Template 1: Employee Communications Plan (non-critical) .................................................... 79
Template 2: Employee Communications Plan (critical) ........................................................... 79
Template 3: Client and Suppliers Communications Plan ......................................................... 80
Template 4: Media Communications Plan ................................................................................ 80
In case of security breach where PII was compromised ..................................................................... 81
In case of a disaster originating from DigiKnight’s premises ............................................................. 81
Appendix B - Memos .............................................................................................................. 82
Update Memo ............................................................................................................................ 82
Test Memo................................................................................................................................. 83
Benefits of Retaining Team Memo ........................................................................................... 83
8
Company Overview
DigiKnight Technologies is a video game printing company, founded in 2000. Major video game
publishers contract DigiKnight to print their video games to CD’s and consequently distribute
them to stores around the world. The company is growing fast; going from contracting with just
one publisher in 2000 and shipping 2 million games worldwide, DigiKnight currently contracts
with more than 10 different publishers and has a distribution of over 19 million video games
worldwide.
Although DigiKnight has a computer control system in place that can automate virtually every
aspect of its manufacturing process, for efficiency reasons this is not normally done. The
manufacturing machines are operated by full time staff 24 hours a day, and seven days per week.
In total, DigiKnight currently employs 48 full-time employees.
Facility DigiKnight Technologies is a company located in the Silicon Valley region of California. Its
facilities encompass three buildings.
1. Building One houses the administration department. It is a small single story building of
roughly 2000 square feet. At its entrance is a reception desk for guests visiting the facility and
there is a security guard post at the front door. There are a total of five offices, as well as
bathrooms, and a medium sized conference room.
2. Building Two houses the Sales, R&D, Shipping, and Advertising departments. It is two stories
with usable floor space roughly double to that of the administrative building. Sales and Shipping
are located on the bottom floor, along with another security guard post. On the top floor is the
R&D Department and Purchasing Department. Instead of having individual offices for each
employee, the departments are single rooms (2 per floor), with cubicles set up to give each
employee some individual space. This helps to enhance team communication, and cuts down on
building costs.
3. Building Three is the production facility. It is 8000 square feet and consists of two rooms. In
one room the maintenance team is facilitated to quickly provide any necessary maintenance to
the machinery. The maintenance team also responds to maintenance issues in other buildings. In
the main room of the building is the production equipment. It consists of several CD Stamping
machines, each of which is capable of producing a large volume of discs. The discs then move
into a diagnostic machine which randomly checks discs for quality control. Only discs and in-
box materials are duplicated on site. The company receives pre-made boxes from another
manufacturer as well as silk-screened images to place on the CD’s. Manuals and in-box ads are
manufactured on site using a high speed printer. Once produced, a final machine places all items
in a box and the box is sent down a conveyor belt to an employee station that places the finished
boxes in a larger box for shipping to stores nationwide. Building Three also houses the IT
department, which contains the central servers for the facility.
9
Departments DigiKnight Technologies consists of the following departments:
Administration: The Administrative Departments function is to manage day to day operations
and interactions between all levels of employees and departments. Their roles in the business
include managing the calendar, maintaining files, making travel arrangements, preparing reports,
and assisting in communications with staff and outside entity’s. All administrative employees
should have a high-level understanding of the company and its goals. Additionally, the
Administrative Department will coordinate with the business to ensure we are adhering to all
federal and state regulations. The Administration department will also serve as the face of the
company for persons entering the building, and/or contacting the business via phone/email. It is
the responsibility of the Administration Department to provide excellent customer service and
represent the company in a professional matter at all times.
Sales: The Sales Department manages contacts with stories worldwide, and together with the
shipping department ensures the prompt, on time delivery of products to stores. Utilizing
shipping software developed in cooperation with its shipping partners, DigiKnight can accurately
track its shipments up to the minute. This department has a direction relationship with the
financial wellbeing of the company and regularly provides input upon the production of titles to
best assure sales. It is the responsibility of the sales department to build ongoing relationships
with publishers to maintain healthy business relationships. This department will require an
exceptional level of customer service and the ability to build rapport with business partners. The
sales department will work closely with marketing to ensure the company has a presence in the
industry. Additionally, the Sales Department will be required to coordinate with the
Manufacturing Department to ensure products are played into produce in a timely fashion in
accordance with delivery dates. Lastly, the Sales department will be responsible for
communicating with publishers throughout transactions.
Marketing: The Marketing department is constantly endeavoring to find and maintain publisher
contacts, it has proven successful in doing so, and has helped company growth with its findings.
research & Development. It is responsible for continuously creating, preparing, and establishing
marketing strategies and policies for the business. The department will coordinate efforts of
publicity, promotion, advertising, online, sales, and social media. Functions of the marketing
department include preparing presentation materials, audio recordings, fact sheets, pricing
strategies, establishing connections with new markets, and measuring the effectiveness of
strategies. For any promotional materials that connect be created in-house, it is the
responsibilities of the marketing department to hire professional copywriters, designers,
photographers, or advertising consultants to handle such tasks. The marketing department will
also act as a liaison between the company and the media, including newspapers, magazines,
television stations, radio stations, blogs, and websites. It will be the responsibility of this
department to create a business presence for DigiKnight within the industry.
Research and Development: The Research and Development team; it focuses primarily on
improvements that can be made to the production system as well as ways to cut manufacturing
costs. Its staff maintains contact with other Manufacturing locations to keep up to date with the
latest technology. The department will actively pursue no developmental ideas for the business.
10
This encompasses there entire process for the idea, including basic research, applied research,
building to prototype, testing, presenting the idea, and creating progress reports to present to the
company.
Shipping: The Shipping department is in charge of preparing the product for shipment, and in
receiving shipments for supplies and materials for producing the physical product. The
department is ultimately responsible for ensuring smooth-running operations in the warehouse
and logistics office. The department leads will make decisions about adjusting pickups, auditing,
shipping procedures, and time lines in order to improve productivity and accuracy. The shipping
department will also work closely with other departments. For example, the Shipping
Department will work with the Sales and Administration to resolve customer complaints and
provide accurate ship times, the Manufacturing to sustain proper warehouse inventory levels.
Manufacturing/Maintenance: The Manufacturing/Maintenance department is the workers that
maintain the system, and help it prevent non-planned shutdown or machine failure. The
department will also play a key role in quality control, ensuring that all products that are
packaged and sent out meet company/industry standards. It will be the responsibility of the
department heads to ensure that the facility meets all productions quotas and deadlines; this will
require coordinating with the sales and shipping departments. Lastly, the department will
maintain/enforce safety regulations and make recommendations for updating and replacing
equipment necessary for production.
Security: The Security department is to maintain the physical security of the facilities, and
provide a safe work environment for all workers at DigiKnight. The Security Department will
perform routine patrols and inspections of the facilities to ensure no suspicious actions are taking
place. Employees of this department have the right to search through purses, backpacks, luggage,
pockets, etc., of persons on the premises. Additionally, it is the responsibility of the Security
Department to maintain audio, video, and computer equipment used to observe and monitor both
public and private areas of the business. Lastly, department will be responsible for backing up
security data, and troubleshooting the equipment when necessary.
Information Technology: The Information Technology department maintains the technology to
support DigiKnight the company, Customers, and Users. DigiKnight is dependent upon the
technologies that it uses to meet deadlines. Therefore, the information technology department
will constantly be on call. IT employees are responsible for the creating and maintenance of
application and data architecture, as well as for the architecture/design of all databases and
repositories to fit DigiKnights needs. This departments functions include managing transitions
between technological upgrades, keeping documentation up to date, reviewing designs,
maintaining applications, troubleshooting in-house user problems, investigating potential
applications, performing audits, and creating and maintain network security policy’s and
procedures.
11
Critical Assets The following is a list of assets that DigiKnight Technologies has to have access to in order to do
business. Without these assets, DigiKnight would experience severe disruptions to its business
operations:
1. Buildings: Without its three buildings, DigiKnight would not be able to perform business.
Loss of building one would severely impact DigiKnight’s business operations but the production
facility, shipping facility, and IT department would be preserved. However, if building two or
three were in some way compromised, all business operations for the company would come to a
halt.
2. CD stamping machines: These are the devices required to imprint video game software onto a
physical medium - the CD. Printed video games are the product that DigiKnight’s business
revolves around, and if its CD stamping machines were to get damaged or disabled, no product
could be generated.
3. High-speed printer: This device is used to print manuals and in-box ads for video games.
Every video game ships with a manual and therefore the high-speed printer is just as essential to
DigiKnight’s business operations as the CD stamping machines. Without the high-speed printer,
no manuals or in-box ads could be printed, meaning no video games could be sold.
4. Company servers: DigiKnight’s IT department houses ten servers that provide services to all
of DigiKnight’s departments and also house critical data and backups. If the servers were to go
down, all of DigiKnight’s departments would experience downtime due to inaccessibility of
information and services.
5. Client computers: DigiKnight’s departments collectively use 42 client computers. Without
these computers, most of the company’s 48 full-time employees would not be able to perform
their duties.
12
Contact Information CEO & Founder
415-555-7841
Carlton Smith
Department Phone number Manager Administration 415-555-8643 Mark Saunders Sales 415-555-6312 Diane Ford Manufacturing 415-555-6161 Linda Kraemer Research & Development 415-555-3223 Carlton Bowden Maintenance 415-555-3970 Michael Winters Advertising 415-555-3131 Michael Churchill Shipping 415-555-6431 Kenneth Gilliam Purchasing 415-555-3298 Katherine Cavenaugh Security 415-555-3852 Brett Kelcey IT 415-555-8352 Alicia McKellips
Role of Department Heads
In the event of any disaster, the CEO will contact the department heads with instructions, and
will coordinate all efforts. Department heads will contact each of their respective employees with
their own instructions, advising them of the situation. In the event of a theft, sabotage, or other
potential employee caused incident, the head of Security will take charge, only contacting those
who are not suspected in order to prevent further dangers. Information will be given on a need-
to-know basis, in order to ensure control over the situation, as well as extra security. Department
heads are also in charge of making sure their employees are well trained and prepared for any
disasters. Each department is required to review the Business Continuity plan with their members
bi-annually to ensure competency as well as update the plan for changes within the department.
13
Risk Assessment
The following is a list of threats that could disrupt DigiKnight Technologies’ business
operations.
A. Natural Threats 1. Fire
Threat Source:
-Internal
Likelihood of occurrence: Moderate. With help from the local fire department, fire risks can be
reduced significantly. Fire response plan should be put in place in order to reduce damages from
employees and buildings.
Upstream loss analysis: High. If one of our supplier’s buildings were to catch on fire it could
significantly affect our business operations. A lack of supplies could potentially halt our business
operations.
Downstream loss Analysis: Low. If one of the companies that we supply to has a fire, the
chances of it affecting our business are rather low. We might have a temporary decline in sales,
but the company would need to restock afterwards, leaving our business with an increase in
sales.
-External
Likelihood of occurrence: Moderate. External forces causing a fire are much less predictable as
they can start from forest fires, neighboring buildings catching on fire, and earthquakes. A fire
response plan should be in place to help reduce the damages.
Upstream loss analysis: High. If one of our supplier’s buildings were to catch on fire it could
significantly affect our business operations. A lack of supplies could potentially halt our business
operations.
Downstream loss Analysis: Low. If one of the companies that we supply to has a fire, the
chances of it affecting our business are rather low. We might have a temporary decline in sales,
but the company would need to restock afterwards, leaving our business with an increase in
sales.
Assessed impact of threat on business operations: High. Fire could have a huge impact on
business operations. From destroying machines and buildings to hurting or killing employees, if
either of those occurred it could cause long term damage to production, and could require
additional funds to replace. Production could be put at a standstill until all things are replaced.
2. Earthquake
14
Threat Source:
-External
Likelihood of occurrence: High. Being located in California opens DigiKnight Technologies up
to a very high chance of earthquakes. Earthquakes can happen at any time without warning, and
so preparing for it can be difficult. Earthquake preparedness plans should be in place to minimize
damages. Keeping up to date with building codes, handling hazardous materials, and other things
of that nature should be mandatory.
Upstream loss analysis: High. If one of our suppliers suffers from a major earthquake disaster it
could significantly hurt our business by creating a lack of supplies, which could even halt
business altogether.
Downstream loss Analysis: Low. If one of the companies that we supply to has an earthquake,
the chances of it affecting our business are rather low. We might have a temporary decline in
sales, but the company should recover, allowing us to continue to sell to them.
Assessed impact of threat on business operations: High. Being located in Silicon Valley, our
threat for earthquakes is quite high. There is the risk of machinery being broken, buildings being
damaged, gas lines breaking, and many more threats. A full scale earthquake disaster plan needs
to be implemented to prevent the amount of possible damage.
3. Flood Threat Source:
-External
Likelihood of occurrence: Low. Flooding in Silicon Valley is not a common occurrence. When it
does, it generally only occurs in low valleys. There is the risk of mudslides is also present, but
does not commonly occur.
Upstream loss analysis: High. If one of our suppliers suffers from a major flood it could
significantly hurt our business by creating a lack of supplies, which could even halt business
altogether.
Downstream loss Analysis: Low. If one of the companies that we supply to has a flood, the
chances of it affecting our business are rather low. We might have a temporary decline in sales,
but the company should recover, allowing us to continue to sell to them.
Assessed impact of threat on business operations: Moderate. Being located in Silicon Valley,
our threat for floods is rather low. If a flood did occur it could potentially destroy machinery,
buildings, and infrastructure. Machinery and buildings would have to be repaired before business
could resume.
4. Tornado Threat Source:
-External
15
Likelihood of occurrence: Low. The likelihood of a tornado in Silicon Valley is low. They
happen very rarely.
Upstream loss analysis: High. If one of our suppliers suffers from a major tornado it could
significantly hurt our business by creating a lack of supplies, which could even halt business
altogether.
Downstream loss Analysis: Low. If one of the companies that we supply to has a tornado, the
chances of it affecting our business are rather low. We might have a temporary decline in sales,
but the company should recover, allowing us to continue to sell to them.
Assessed impact of threat on business operations: Moderate. If DigiKnight was hit by a tornado
it could do significant damage to the building and the machinery, along with pose a danger to the
employees. All machinery and buildings would have to be repaired before production could
continue.
5. Storms Threat Source:
-External
Likelihood of occurrence: Low. Both the likelihood of electrical and winter storms are very low.
The amount of snowfall Silicon Valley receives is very low, and the amount of electrical storms
is also very low. The chances of a storm affecting business operations is very low.
Upstream loss analysis: High. If one of our suppliers suffers from a major storm it could
significantly hurt our business by creating a lack of supplies, which could even halt business
altogether.
Downstream loss Analysis: Low. If one of the companies that we supply to has a storm, the
chances of it affecting our business are rather low. We might have a temporary decline in sales,
but the company should recover, allowing us to continue to sell to them.
Assessed impact of threat on business operations: Moderate. If DigiKnight was affected by a
large electrical storm there could be risk of fire, power outages, and building damage. This
would require repairing of the building and/or machinery before production could resume. If
DigiKnight was affected by a winter storm, water pipes might be frozen, which could cause
problems in production.
B. Man Made Threats 1. Theft, sabotage, vandalism Threat source:
- Internal
16
Likelihood of occurrence: High. Most theft, sabotage, or vandalism occurs from internal sources
(reference) and the likelihood of DigiKnight experiencing this at some point in their lifespan is
very high.
Upstream loss analysis: High. If one of our suppliers experiences theft, sabotage or vandalism
that disturbs their business operations, this could greatly affect our business operations as well,
since our product (copies of videogames) is dependent on receiving the original video game from
our suppliers. Without the original, we cannot produce our product.
Downstream loss analysis: Low. If one of our customers experiences theft, sabotage, or
vandalism, this is unlikely to severely impact our business operations. If their business
operations are so severely disturbed that it takes a considerable amount of time for them to
continue operations, we might experience a slight decline in sales. However, this has a low
likelihood of occurrence.
- External
Likelihood of occurrence: High. (reference with theft statistics needed)
Upstream loss analysis: Same as for internal threat source.
Downstream loss analysis: Same as for internal threat source.
Assessed impact of threat on business operations: High. DigiKnight presses videogames to discs
and then releases them to video game retail stores. Some of these video games are new releases,
not yet available for purchase. If copies of these games were stolen and published (potentially
online) before the games are available for purchase in stores, this would severely affect the
market for these games. In addition, DigiKnight would take a very heavy hit to its reputation and
public image, and would likely lose clients over such an incident. Sabotage or vandalism could
also present a high impact on DigiKnight’s business operations, since operations could come to a
complete stop if the sabotage or vandalism was severe enough that no discs could be pressed.
2. Labor Disputes Threat source:
There is only one threat source for labor disputes, which is DigiKnight’s workforce.
Likelihood of occurrence: Low. Labor disputes typically happen when workers are worked too
hard, under adverse conditions, or get paid too little (including benefits). DigiKnight operates in
California, where labor laws are generally generous to employees. The most at-risk group of
employees for labor disputes would be DigiKnight’s warehouse workers.
Upstream loss analysis: High. If one of our suppliers experiences labor disputes that disturb
their business operations, this could greatly affect our business operations as well, since our
product (copies of videogames) is dependent on receiving the original video game from our
suppliers. Without the original, we cannot produce our product. There is a moderate likelihood of
this occurring, since game developers make notoriously long days for extended periods of time,
and they don’t always receive the best treatment of compensation in return.
Downstream loss analysis: Moderate. DigiKnight delivers their products primarily to chain-
17
stores, so if there is a labor dispute in one retailer then other retailers of the same chain are likely
to be affected as well. Labor disputes could keep DigiKnight from delivering their products,
resulting in reduced sales and increased idle inventory.
Assessed impact of threat on business operations: High. If DigiKnight did experience labor
disputes they would likely be highly disruptive to business operations, since that is their sole
purpose. Office workers’ refusal to work would lead to a disruption in video game discs being
presses, while warehouse workers’ refusal to work would result in none of the pressed video
games being delivered to DigiKnight’s clients. In either case, business operations would be
unable to continue.
3. Workplace Violence Threat source: - Originating internally
Likelihood of occurrence: Low. In 2011, there were 708 cases nationwide of fatal workplace
violence (Bureau of Labor Statistics, 2011). Of these, 458 of these were homicides. Snedaker
(2007) states that only 9% of workplace homicides are committed by co workers.
Upstream loss analysis: Low. If one of DigiKnight’s suppliers was to experience workplace
violence, it might disrupt business operations for a short period of time. However, it is unlikely
that their operations would come to a complete stop and if they did they would likely resume
again quickly.
Downstream loss analysis: Low. If one of Digiknight’s clients experienced workplace violence,
it is unlikely to severely impact DigiKnight’s business operations. If their business operations are
so severely disturbed that it takes a considerable amount of time for them to continue operations,
we might experience a slight decline in sales. However, this has a low likelihood of occurrence.
- Originating externally
Likelihood of occurrence: Low. Workplace violence from external sources has a higher chance
of occurring than from internal sources, but the overall chance of workplace violence is still very
low.
Upstream loss analysis: Same as for internal threat source.
Downstream loss analysis: Same as for internal threat source.
Assessed impact of threat on business operations: High. If DigiKnight did experience workplace
violence, it would have a high impact on business operations. A serious injury or death would
lead to a disruption in our work force, shock or trauma among employees, and it could even lead
to the premises being sealed off for some time as a crime scene. Equipment could be seized as
part of the investigation, productivity would suffer, employees may choose to find employment
elsewhere, and DigiKnight’s reputation in the community and among suppliers and clients would
decline.
4. Terrorism
18
Threat source:
- Terrorism through biological or chemical means
Likelihood of occurrence: Low. DigiKnight’s business operations put it at a relatively low risk as
a terrorism target. Main targets are typically airports or other busy transportation hubs,
powerplants, chemical factories, or government and political organizations. Terrorists would
have little to gain by launching an attack on a video game pressing and distribution company like
DigiKnight.
Upstream loss analysis: Moderate. DigiKnight’s suppliers are somewhat more at risk for
terrorism than DigiKnight itself. A major video game developing company could be a high-
profile target that terrorist groups typically look for. In addition, video games tend to be topics of
controversy and sometimes individuals choose misguided methods to try and make their point. If
one of DigiKnight’s suppliers was affected by terrorism through biological or chemical means,
this could seriously impact DigiKnight’s business operations because no copies of video games
can be pressed without receiving the originals from suppliers.
Downstream loss analysis: Moderate. Although DigiKnight’s clients are not the most likely
targets of terrorism, DigiKnight’s business operations could suffer if one of their clients was the
target of a terrorist attack. Video game sales would likely decline, at least for a period of time, as
the result of a terrorist attack on a video game retailer. DigiKnight might see a decline in sales
for a period of time.
Threat source:
- Terrorism through explosive means
Likelihood of occurrence: Low. DigiKnight’s business operations put it at a relatively low risk as
a terrorism target. Main targets are typically airports or other busy transportation hubs,
powerplants, chemical factories, or government and political organizations. Terrorists would
have little to gain by launching an attack on a video game pressing and distribution company like
DigiKnight.
Upstream loss analysis: Same as for terrorism through biological or chemical means.
Downstream loss analysis: Same as for terrorism through biological or chemical means.
- Terrorism through hostage situations
Likelihood of occurrence: Low. DigiKnight’s business operations put it at a relatively low risk as
a terrorism target. Main targets are typically airports or other busy transportation hubs,
powerplants, chemical factories, or government and political organizations. Terrorists would
have little to gain by launching an attack on a video game pressing and distribution company like
DigiKnight.
Upstream loss analysis: Same as for terrorism through biological or chemical means.
19
Downstream loss analysis: Same as for terrorism through biological or chemical means.
Assessed impact of threat on business operations: High. If DigiKnight did become the target of
terrorism, it would have a very high impact on its business operations. Employees could
experience physical and/ or emotional trauma, the company premises could be closed off as part
of a crime scene, and good employees might seek employment elsewhere to ensure personal
safety. Long-term effects could include a loss of clients and/ or suppliers and a decline in sales.
5. War Threat source:
- External - war fought abroad
Likelihood of occurrence: High. The United States is currently engaged in war with the Middle
East.
Upstream loss analysis: Low. The war that is currently fought abroad is not affecting most
businesses in a major way. It is unlikely that the war will impact DigiKnight’s suppliers.
Downstream loss analysis: Low. The war that is currently fought abroad is not affecting most
businesses in a major way. It is unlikely that the war will impact DigiKnight’s clients.
Threat source:
- Internal - war fought inside the United States
Likelihood of occurrence: Low. It is unlikely that another country would try to invade the United
States. Somewhat more likely is that another country might launch a long-distance attack on the
United States. For instance, North Korea has recently been performing nuclear tests and they
harbor ill will towards the US. Another possibility of war being fought within the United States
includes civil war, but the likelihood of this happening is also very low.
Upstream loss analysis: High. If a war was fought on US soil, many businesses would likely be
affected. Especially a luxury-good industry like the video game industry would suffer since
people would sooner spend their money on necessary items. If DigiKnight’s suppliers were
experiencing disruptions in their business operations, this would affect DigiKnight’s business
operations as well.
Downstream loss analysis: High. Although DigiKnight has many clients and can therefore
recover from an incident that affects one or only a few of them, a war on US soil would likely
impact all of DigiKnight’s clients and several affect sales. Demand for luxury goods like video
games would likely drop significantly.
Assessed impact of threat on business operations: High. If the United States became involved in
a war that was fought on its own soil, DigiKnight’s business operations would likely suffer
drastically. Demand for a luxury good like video games would likely drop to almost zero.
20
C. IT and Technology Threats
1. Intellectual Property Rights Threat source:
-Internal & External
Likelihood of occurrence: Medium. DigiKnight’s R&D department
is at potential risk of losing Intellectual Property. The employees who
interact with Intellectual Property on a routine bases are most likely to steal
it, so prevention and detection can be difficult.
Upstream loss Analysis: Medium. Any disruption to our publishers would directly reflect upon
us. If a publisher were to suffer loss of business critical Intellectual Property it may provide an
unfair advantage to their competitors to whom we do not have business relationships with.
However, we are not completely reliant on one publisher to remain operational, accordingly a
devastating blow to one of them, though unfortunate, would not halt us from continuing
business.
Downstream loss analysis: Low. Intellectual Property loss to one of our retailers will mildly
effect business operations. Any damages to our customers may inhibit their abilities to make
purchases, which does affect us. However, we have a distributed customer base and retailers are
not known to have high investments in Intellectual Property.
Assessed impact of threat on business operations: Medium. The loss of Intellectual Property
may discredit our reliability to protect trade secrets and strategies. However, any losses would
most likely only affect in-house operations and would not affect business relationships unless
information was leaked to the media. However, if Intellectual Property were leaked to a
competitor we would likely see a direct effect on business operations.
2. Damage to information resources Threat source:
-Internal & External
Likelihood of occurrence: Medium. “According to the Computer Security
Institute (CSI) in San Francisco, California, approximately 60 to 80 percent of
network misuse incidents originate from the inside network.”
Upstream loss analysis( Stream to us ): Medium. Our publishers face the same obstacles of
protecting information resources from internal sources. A severe blow to their critical
infrastructure that affects their ability to conduct business would directly affect DigiKnight.
However, we are not completely reliant on one publisher to remain operational, accordingly a
devastating blow to one of them, though unfortunate, would not halt us from continuing
business.
21
Downstream loss analysis( Stream to our customers ): Low. Informational Resource loss to one
of our retailers will mildly effect business operations. Any damages to our customers may inhibit
their abilities to make purchases, which does affect us. However, we have a distributed customer
base and retailers are not known to have high investments in Information Resources.
Assessed impact of threat on business operations: High. A compromise in information resources
could disrupt business communications, affect customer information, and/or tarnish public
reputation. We have a duty to both our suppliers and our customers to protect private and
proprietary information. Any breaches internally or externally would be detrimental to business.
Therefore, this has the potential to be a serious threat.
3. Password Security Threat source:
- Internal
Likelihood of occurrence: High. Many users struggle with creating and maintaining complex
passwords. Some common errors include: writing there password down, creating simple
passwords, always using the same password, and not changing their password. Study’s such as
the one conducted by Joseph Bonneau at the University of Cambridge show that “every
identifiable group of users generated a comparably weak password distribution”.
Upstream loss analysis: Low. A password compromise in a publisher’s environment will not
generally affect us and vice versa. These are typically internal issues, and any passwords
protecting confidential and/or proprietary information are regulated more thoroughly. This threat
is more common amongst daily users.
Downstream loss analysis( Stream to our customers ): Low. A password compromise in a
customer’s environment will not affect us except for rare circumstances. Unless the compromise
inhibits their ability to conduct business with DigiKnight, it will not affect business operations.
Assessed impact of threat on business operations: Medium. Password complications will fall
into two general categories: increased workload for IT personnel, and security breaches. The first
of the two is the more common occurrence and will cause IT to spend time away from
infrastructure issues in order to reset password and educate users on appropriate password
procedures. The second scenario could be detrimental to business operations as security breaches
due to poor password practices could lead to other threats such as damage to information
resources.
4. Virus & Malware Threatsource:
-External
Likelihood of occurrence: Medium. Parts of DigiKnight’s internal network will be exposed to
the internet. Therefore, it will be possible for Virus & Malware to breach our network and affect
22
business operations.
Upstream loss analysis( Stream to us ): High. Virus & Malware compromise in a publisher’s
environment could be detrimental to business operations. We have an inherent trust with our
business partners, which is necessary to produce their products. If we were to receive infected
data from publisher and release it into our production systems, our entire business operation
could potentially be brought down.
Downstream loss analysis( Stream to our customers ): Low. Virus & Malware compromise in a
publisher’s environment will not generally affect us and vice versa. These are typically internal
issues and unless the compromise inhibits their ability to conduct business with DigiKnight, it
will not affect business operations.
Assessed impact of threat on business operations: High. Digiknight’s infrastructure is highly
reliant upon controlled computer systems. Accordingly, infection of internal infrastructure
devices would greatly impact business operations. We face threats externally from both upstream
business partners, as well as randomized and targeted attacks via publicly transmitted data.
5. Hardware Equipment Failure Threat source:
- Internal
Likelihood of occurrence: High. This threat indicates both partial and complete failure of
technical hardware equipment and cables. Equipment deteriorates over time and it is very likely
we will experience some form of hardware failure during business operations.
Upstream loss analysis: Medium. Publishers equipment failure can affect their ability to
produce us with a product to manufacture. DigiKnight is not reliant upon one supplier, however
a disruption in normal business relationships would be noticeable in DigiKnight’s operations.
Downstream loss analysis: Low. Customer hardware failure will not directly affect DigiKnight
except for rare circumstances. Unless the compromise inhibits their ability to conduct business
with DigiKnight, it will not affect business operations.
Assessed impact of threat on business operations: High. Digiknight’s infrastructure is highly
reliant upon controlled computer systems. Accordingly, failed hardware for critical services
would greatly impact business operations. Other failures such as: workstations, access points,
printers, etc., would not be as detrimental.
6. Wireless Security Threat source:
- External Likelihood of occurrence: Medium. Wireless is often used as a point of attack into a network. If
DigiKnight were to be the target of an attack, wireless may be an exploitable area of the network.
23
Upstream loss analysis: High. A breach in the wireless security of one of our publishers could
be detrimental to our business operations. Such a breach of security could lead to other threat
sources, such as Virus’s & Malware being propagated throughout the publishers and/or our
business. View the “Virus & Malware” threat section for further information.
Downstream loss analysis: Low. Wireless security compromise in a publisher’s environment
will not generally affect us. These are typically internal issues and unless the compromise
inhibits their ability to conduct business with DigiKnight, it will not affect business operations.
Assessed impact of threat on business operations: High. Digiknight’s infrastructure is highly
reliant upon controlled computer systems. Accordingly, compromise of network infrastructure
would greatly impact business operations. We face threats externally from both upstream
business partners, as well as target attack via wireless signals.
7. Data Corruption/Loss Threat source:
- Internal
Likelihood of occurrence: High. It is typically in any environment to have data loss at some
point. With the appropriate measures in place, we can minimize the effect of data loss within the
organization.
Upstream loss analysis: Medium. Our publishers face the same obstacles of data loss as we do.
Data corruption/loss from a publisher may effect their business relationship with us. However,
we are not completely reliant on one publisher to remain operational, accordingly a devastating
blow to one of them, though unfortunate, would not halt us from continuing business.
Downstream loss analysis: Low. Data corruption/loss loss to one of our retailers will mildly
effect business operations. Any damages to our customers data may inhibit their abilities to make
purchases, which does affect us. However, is such data corruption/loss put the retailer out of
business, it would affect DigiKnights business operations.
Assessed impact of threat on business operations: Medium. Even in the most severe cases, data
corruption/loss is not likely to stop DigiKnight’s business operations. The typical data kept
within DigiKnight is customer and publisher contact information and past business transactions,
which is not business critical.
8. ISP Maintenance Threat source:
- External
Likelihood of occurrence: High. It is very likely our Internet Service Provider will perform
maintenance on our connection periodically.
24
Upstream loss analysis: Low. Publishers Internet Service Providers will also periodically
undergo maintenance. Unless they have a backup provider, that means down time for them.
However, these maintenances are typically done off business hours and will not affect business
relationship.
Downstream loss analysis: Low. Customers Internet Service Providers will also periodically
undergo maintenance. Unless they have a backup provider, that means down time for them.
However, these maintenances are typically done off business hours and will not affect business
relationship.
Assessed impact of threat on business operations: Low. DigiKnight is not reliant upon the
internet to conduct business. Therefore, any downtime due to Internet Service Provider
maintenance, even if done during business hours, will only cause minimal disruption to business
activities.
D. Environmental / Infrastructure Threats 1. Energy and fuel scarcity
Likelihood of occurrence: Moderate. While the global energy demand is increasing - The
International Energy Outlook expects a 50% increase by 2035 (source) - our methods of meeting
that rising demand are increasing as well. New technologies allow us to mine energy sources that
were previously unreachable, and renewable energy sources are getting more efficient and
prevalent. It is unclear whether we’ll be able to keep up with global energy demands in the long
run, which is why we believe there is a moderate likelihood that an energy and fuel scarcity
threat will occur.
Upstream loss analysis: High. If one of DigiKnight’s suppliers experienced interruptions in
business operations due to energy and fuel scarcity, it’s likely that DigiKnight’s operations
would suffer as well. DigiKnight cannot print video games to disc without receiving originals
from suppliers.
Downstream loss analysis: Moderate: If one or a few of DigiKnight’s clients experienced
interruptions in business operations due to energy and fuel scarcity, DigiKnight might experience
a minor loss of sales. However, DigiKnight’s business operations wouldn’t suffer too much
unless a significant portion of its clients would suffer the same threat.
Assessed impact of threat on business operations: High. If there was energy and fuel scarcity,
DigiKnight’s business operations would likely suffer severely. There might be a loss of
electricity and gas to the building, which would keep DigiKnight from producing product.
Additionally, it might be impossible for deliveries to be made to DigiKnight’s clients, effectively
halting all revenue sources.
2. Material Resource Scarcity
25
Likelihood of occurrence: Low. The only material resource that DigiKnight uses in production
are CD’s to which the video games are copied. CD’s are made from polycarbonate plastic,
covered with a thin layer of aluminum. Neither of these substances are particularly scarce or are
likely to become scarce in the near future. Polycarbonate plastic is made from other raw
materials, none of which are scarce themselves.
Upstream loss analysis: Low. DigiKnight’s suppliers use very little material resources in
production, since they develop video games through software applications.
Downstream loss analysis: Low. DigiKnight’s clients use very little material resources because
they sell the products that DigiKnight and other companies like DigiKnight delivers to them.
Assessed impact of threat on business operations: High. If DigiKnight did experience a scarcity
of material resources required for production, its business operations would be severely
impacted. Either another medium for video games would need to be found, or production would
not be able to continue.
3. Urbanization and congestion of infrastructure Likelihood of occurrence: High. More people are living in cities than ever before, a trend that is
not likely to stop in the near future. Traffic congestion is high in most major cities, and it will
likely only get worse.
Upstream loss analysis: Low. All of DigiKnight’s suppliers are software development
companies which are in a perfect position to have employees work from home. They are not
likely to be heavily affected by urbanization and congestion of infrastructure.
Downstream loss analysis: Moderate. DigiKnight relies on general infrastructure to deliver
copies of video games to its clients. Increasing urbanization and traffic congestion could affect
DigiKnight’s business operations due to delays and increased costs. Late deliveries are also
likely to diminish DigiKnight’s reputation with its clients.
Assessed impact of threat on business operations: Moderate. Urbanization and congestion of
infrastructure can affect DigiKnight’s business operations but not to the point where its effects
couldn’t be adjusted for. Deliveries can be made at different times of the day, even during the
night, so that clients never have to experience late arrival of merchandise. Although most of
DigiKnight’s employees can’t work from home, they could choose to work alternative hours so
as not to be stuck in traffic. The effects of urbanizations and infrastructure congestion should be
able to be mitigated.
4. Increase in digital media Likelihood of occurrence: High. Historically video games have always been bought on a
physical medium like a cartridge, CD, or DVD. More recently video games are increasingly
distributed through the Internet, where no physical medium is required for delivery. This is a
trend likely to continue in the future.
26
Upstream loss analysis: Low. DigiKnight’s suppliers are video game developing companies, and
therefore not likely to be affected by an increase in digital media.
Downstream loss analysis: High. DigiKnight’s clients are just as likely to be affected by an
increase in digital media. Video game developers could increasingly decide to make their games
directly available to the public through the Internet, thereby bypassing both DigiKnight and its
suppliers.
Assessed impact of threat on business operations: High. If video game developers increasingly
make their games available to the public through the Internet, there is no need for companies like
DigiKnight to copy the games to any physical medium. DigiKnight’s operations would be highly
affected due to a loss of business.
Prioritized list of threats From the threats listed, the following five threats have been determined to provide the most risk
to DigiKnight Technologies:
1. Damage to information resources
2. Earthquake
3. Virus and malware
4. Theft, sabotage, and vandalism
5. Hardware equipment failure
Damage to information resources is particularly threatening because it is unspecified what kind
of damage it is or what caused it. Damage to information resources can happen at any time and
for multiple reasons, such as accidental damage by an employee, intentional damage by an
outsider, or damage due to a ceiling lamp falling down. The unknown elements of timing and
impact of business operations, combined with the statistical certainty that such damage will
occasionally occur puts this threat on top of the list.
Second on the list is an earthquake, both because the chances of earthquakes in California are so
high, plus the potential damages to company assets as a result. Of the natural threats, the
earthquake is most likely to happen because of our location.
Viruses and malware are widespread these days, and can easily spread through a company’s IT
infrastructure because an employee opened an infected file they received through email. The
potential of damage to IT systems is great, and added to that are the costs of clean-up which is
why this threat is third on the list.
Theft, sabotage, and vandalism are unfortunately very likely to occur in any company. These are
threats with sources both external and internal. Statistics show that most company theft is
performed by employees of that company. These occurrences can have a huge impact both
financially and to employee morale, which is why it’s the number four threat on the list.
Finally, hardware equipment failure. This threat is number five on the list, not so much because
it doesn’t potentially have a huge impact on business operations - because it does - but more
because it is anticipated and DigiKnight has backup hardware parts for most of its critical and
non-critical IT systems. If this threat does occur, it is likely to be easily mitigated. However, the
27
potential financial impact of the threat if not easily mitigated still puts it on the list of prioritized
threats.
Business Functions
Mission Critical Functions Vital Functions Important Functions Shipping Administration Research and Development
Manufacturing / Maintenance Sales Marketing
Security
IT
Shipping Impact from Loss
Financial: If unable to ship product, loss of incoming revenue
Customers and Suppliers: May lose future work due to missing key dates or not meeting
expectations / volume
Public Relations and Credibility: May lose credibility if unable to fulfill important orders
Threat Impact If IT systems go down, can no longer prepare shipments
If manufacturing goes down, no longer have discs to ship
Physical loss of shipping warehouse – unable to ship products
Loss of boxes from all suppliers – no longer able to package shipments
Manufacturing / Maintenance Impact from Loss
Financial: If unable to produce discs, loss of all revenue
Customers and Suppliers: May lose future work due to missing key dates or not meeting
expectations / volume
Public Relations and Credibility: May lose credibility if unable to fulfill important orders
Threat Impact Physical destruction of equipment – unable to produce discs
Maintenance Staff unable to fix – unable to produce discs
Maintenance Staff cannot travel to work – unable to produce discs
Unable to obtain discs/cases from any supplier – unable to produce discs
Security Impact from Loss
Legal: Potential for physical breach and massive data loss, possible equipment loss
Loss Exposure: Theft could occur causing property loss
Human Resources: Employees may be hesitant due to lack of security, or some may try
and take advantage of no security
28
Threat Impact Security Equipment destroyed – Have to rely on staff only, no traceable security control
Security staff cannot come to work – no longer secure workplace
IT Impact from Loss
Financial: Loss of revenue, legal liabilities in the event of data loss / breach
Customers and Suppliers: Cannot contact customers / suppliers, as well as not being able
to get new customers. Possible risk of important data getting stolen, including unreleased
discs
Employees: Loss or theft of employee data may cause many employees to leave company
Public Relations and Credibility: Large hit on credibility
Legal: Data privacy laws and data security laws
Operational: Loss of IT functions would shut down Shipping department
Loss Exposure: Data breach would cause large fines
Corporate Image: Data breach would damage image to large extent
Threat Impact Loss of Internet Connection: Shipping department, Sales department, and Marketing department
would be shut down
Data Breach: Risk of confidential data being stolen, large fines, employee resignations, and loss
of customers
29
Business Impact Analysis
Business Processes
Administration - Managing organizational calendar
- Maintaining files
- Making travel arrangements
- Preparing reports
- Communication (internal and external)
- Ensuring DigiKnight adheres to both Federal and State regulations
Sales - Client acquisition
- Client management
- Supplier acquisition
- Supplier management
- Coordination with shipping to ensure on-time delivery of products
Marketing - Creation of marketing strategies for the company
- Public Relations
- Social Media
- Measuring effectiveness of marketing strategies
Research and Development - Improvement of manufacturing process
- Acquisition and testing of new technology
Shipping - Preparing products for shipping
- Receiving deliveries of materials for production
Manufacturing / Maintenance - Operating the production machinery to create a product
- System maintenance
- Quality control
- Establishing and enforcing safety regulations
- Implementation of new manufacturing technologies
Security - Ensuring safety and security of personnel
- Safeguarding the physical facilities
30
- Routine patrols
- Maintenance of security equipment (cameras, etc.)
IT - Implementation and maintenance of technological infrastructure
- Acquisition, testing, and implementation of new IT equipment
- Creation, implementation, and maintenance of applications and software services
- Back-ups of IT systems
- IT troubleshooting and assistance.
Ordering these processes in terms of importance to overall operations, the following list is
obtained (the list does not include every business process):
1. Ensuring safety and security of personnel (Security)
2. Operating the production machinery to create a product (manufacturing / maintenance)
3. Shipping products for delivery (shipping)
4. Receiving deliveries of materials for production (shipping)
5. Creation, implementation, and maintenance of applications and software services (IT)
6. Implementation and maintenance of technological infrastructure (IT)
7. Back-ups of IT systems (IT)
8. Client management (Sales)
9. Supplier management (Sales)
10. Quality control (Manufacturing / maintenance)
Requirements for business recovery If manufacturing processes are halted: The requirements for business recovery are that DigiKnight is able to continue its main business
operations, meaning it can perform all of its revenue-generating activities. Since DigiKnight does
not own or operate a warehouse, the manufacturing process is among one of the most business-
critical. If manufacturing stops, DigiKnight has an extremely limited time-frame to get it back up
and running before the company starts to lose revenue. Therefore, in case of an extreme threat or
emergency where DigiKnight’s facilities or equipment are damaged to the point where
manufacturing has to stop, a back-up facility has to be in place from where business can be
continued in a short period of time. Due to the cost associated with a fully mirrored site - a
location where DigiKnight would have an identical set-up to its live site - the most practical and
cost-effective solution in this scenario would be a pre-arranged contract with another CD -
pressing facility.
If manufacturing processes are intact: In case of a less extensive threat or emergency where DigiKnight’s manufacturing processes are
not compromised or halted, the requirements for business recovery are different. For instance, if
the facilities and manufacturing equipment is intact but a threat or emergency has caused
DigiKnight’s IT infrastructure to fail, the time-frame for recovery is somewhat larger. Revenue-
generating activities can continue and shipments can still be sent out as scheduled, at least for a
period of time. There would be no way to verify what shipments need to go out at a later time or
date so eventually DigiKnight’s revenue-generating activities would still come to a halt.
31
In this case, the requirements for business recovery are to get all supporting business operations
back up and running. Software applications and services need to become accessible, shipping
schedules need to be available, and the sales and administration departments need to have access
to the client and supplier files for relationship management and customer service. If IT
equipment and infrastructure is disrupted but otherwise undamaged, these requirements can be
met through immediate system maintenance and restoring of backed-up data. However, if key
equipment or infrastructure is damaged beyond repair, the solution to recovery might be to resort
to a warm site.
If a threat or emergency arises where IT equipment and infrastructure is undamaged and remains
operational, but certain employees cannot access their workstations due to safety issues (for
instance a fire in one part of DigiKnight’s facilities or a gas leak) then the solution to recovery
might be found in a mobile site.
Resource Interdependencies DigiKnight’s ability to produce products depends heavily on the IT infrastructure. The means of
administration, marketing, research and development, shipping, and manufacturing all rely on IT
to work accurately and efficiently.
Tasks that cannot be completed without IT
Managing Organizational
Calendar
Maintaining Files Communication (internal and
external)
Social Media
Measuring effectiveness of
marketing strategies
Improvement of
manufacturing process
Acquisition and testing of new
technology
Preparing products for
shipping
Operating the production
machinery to create a product
System maintenance
Quality control
Implementation of new
manufacturing technologies
As a result, in a disaster scenario it is a priority to ensure the IT infrastructure is operational.
Additionally, the clerical departments have a few root functions that must be addressed in order
to provide support for the main business functions. These root functions are listed below in order
of priority:
1. Communication (internal and external)
2. Ensuring DigiKnight adheres to both Federal and State regulations
3. Managing organizational calendar
4. Creation of marketing strategies for the company
5. Maintaining files
32
Clerical Business Functions that are reliant on the root business functions
Making travel arrangements
Preparing reports
Client acquisition
Client management
Supplier acquisition
Supplier management
Coordination with shipping to
ensure on-time delivery of
products
Public Relations
Measuring effectiveness of
marketing strategies
Impact on Operations In a disaster scenario there are several impact points DigiKnight should be prepared to face.
These are critical areas that ensure the livelihood of the business. These areas include:
Critical Areas for our Business
Financial Loss of revenue, increase in the cost of production, financial
penalties, lawsuits, unexpected expenses.
Customers and suppliers Customers and/or suppliers may be lost of a disaster causes a
disruption of service. This may cause a shortage or surplus of
inventory, either of which would be disruptive to business operations.
Staff Catastrophic events could cause death, injury, or stress to employees.
An event causing harm to employees may leave DigiKnight
understaffed. Must meet expectations for staff safety and health
regulations
Reputation Failing to be resilient during a disaster may appear unprofessional.
This may cause the loss of business relationships. Additionally, the
loss of any proprietary or personal data during a disaster may cause
the business to lose credibility. Determine how corporate image will
be affected.
Legal & regulatory Must abide by laws and regulations during a disaster.
Environmental Avoid causing extra damage to the environment during a disaster.
Determine and mitigate the risks DigiKnight could cause to the
environment due to a catastrophic event.
Integrity A disaster should not affect the integrity of DigiKnight’s work. This
includes the quality of the product, how staff is treated, business
relationships, and customer service.
Human Resources Address issues of employee morale. Determine how staff is
personally affected by the disaster.
Credibility Determine how investors and banks will view the company in the
event of business disruption.
Systems How will critical systems be affected during a disaster, and what will
it take to make sure the systems are operational?
Delivery and service Ensuring the product can be delivered during a disaster, and uphold
the expected level of service.
33
Priorities and Classification of Business Processes and Functions
Business
Function
Business
Process
Criticality RTO WRT MTD Comment IT dependencies
Administration
Ensuring
DigiKnight
adheres to both
Federal and
State regulations
Vital 1 day 1 day 2 days Business operations must
maintain regulatory standards
File server needs to be
accessible to store reports.
Internet needs to be
accessible to look up
regulatory requirements.
Managing
organizational
calendar
Minor 4
days
1 day 5 days The organization calendar
can be recovered after other
more important processes are
recovered
File server needs to be
accessible to store
calendar. Mail server
needs to be accessible to
allow sharing the calendar.
Maintaining files Vital 2
days
1 day 3 days Administration needs to
maintain files
File server needs to be
accessible.
Making travel
arrangements
Minor 4
days
1 day 5 days Travel arrangements can be
recovered after other more
important process are
recovered
File server needs to be
accessible to store travel
reports. Internet needs to
be accessible to make
arrangements.
Preparing
reports
Important 3
days
1 day 4 days Reports need to be prepared,
but are not as important as
other processes
File server needs to be
accessible to store reports.
Communication
(internal and
external)
Mission-
Critical
2
hours
2
hours
4 hours Communication is required
especially after a disaster.
Administration needs to
ensure that other departments
are following the BC/DR
Plan
Mail server needs to be
accessible.
34
Business
Function
Business
Process
Criticality RTO WRT MTD Comment IT dependencies
Sales
Client
acquisition
Minor 2
days
1 day 3 days Acquisitioning clients isn’t an
immediate need
File server, mail server,
and database server need
to be accessible.
Client
management
Vital 4
hours
4
hours
8 hours Clients might be upset about
delayed product
Mail server, database
server, and web server
need to be accessible.
Supplier
acquisition
Minor 2
days
1 day 3 days Acquisitioning suppliers isn’t
an immediate need
File server, mail server,
and database server need
to be accessible.
Supplier
management
Vital 4
hours
4
hours
8 hours Suppliers might be concerned
about DigiKnight’s ability to
continue business processes
Mail server, database
server, and web server
need to be accessible.
Coordination
with shipping to
ensure on-time
delivery of
products
Important 12
hours
12
hours
1 day This is important, but not
more vital than other
processes and functions
Mail server and database
server need to be
accessible.
35
Business
Function
Business
Process
Criticality RTO WRT MTD Comment IT dependencies
Marketing
Creation of
marketing
strategies for
the company
Minor 5 days 2
days
1 week This can be put on hold
until other processes are
recovered
File server, mail server,
database server, print
server, web server, and
Internet need to be
accessible.
Public
Relations
Important 12
hours
12
hours
1 day If DigiKnight’s public
relations are at risk from
the incident, then they
need to be recovered
Database server, mail
server, web server, and
Internet need to be
accessible.
Social Media Minor 1 day 1 day 2 days This can wait until other
processes have recovered
Mail server and Internet
need to be accessible.
Measuring
effectiveness of
marketing
strategies
Minor 5 days 2
days
1 week This can wait until other
processes have recovered
File server, database
server, and Internet need
to be accessible.
Research and
Development
Improvement
of
manufacturing
process
Minor 5 days 2
days
1 week Improvements can be put
on hold until other
processes have recovered
File server, mail server,
and Internet need to be
accessible.
Acquisition
and testing of
new
technology
Minor 5 days 2
days
1 week This can be put on hold
until all other processes
are recovered
All IT systems need to be
accessible to properly
implement and test new
technology.
36
Business
Function
Business
Process
Criticality RTO WRT MTD Comment IT dependencies
Shipping
Preparing
products for
shipping
Vital 4 hours 4
hours
8 hours To resume business
operations, preparing
products for shipping is
mission-critical
File server and database
server need to be
accessible.
Receiving
deliveries of
materials for
production
Vital 12
hours
12
hours
1 day If materials run out for
production, the business
can’t resume
Database server needs to
be accessible to log
delivery.
Manufacturing
/ Maintenance
Operating the
production
machinery to
create a
product
Mission-
Critical
2 hours 2
hours
4 hours To restore business
continuity, operating the
machinery is one of the
biggest steps
Database server and print
server need to be
accessible.
System
maintenance
Important 1 day 1 day 2 days System maintenance often
times needs to be done to
abide by safety standards
None.
Quality control Vital 12
hours
12
hours
1 day Quality should not be lost,
no matter the incident
None. The quality control
machine is an independent
device.
Establishing
and enforcing
safety
regulations
Mission-
Critical
2 hours 2
hours
4 hours Safety is extremely
important at DigiKnight
None.
Implementation
of new
manufacturing
technologies
Minor 5 days 2
days
1 week New manufacturing
technologies can wait
until after
All IT systems need to be
accessible to properly
implement and test new
technology.
37
Business
Function
Business Process Criticality RTO WRT MTD Comment IT dependencies
Security
Ensuring safety
and security of
personnel
Mission-
Critical
1 hour 1
hour
2 hours Security is a key principle
at DigiKnight, so it is
taken very seriously.
None.
Safeguarding the
physical facilities
Important 1 day 1 day 2 days The security of the
physical facilities are
important
File server and network
access are required to
watch, store, and pull
camera feeds.
Routine patrols Important 12
hours
12
hours
1 day Routine patrols are
important to maintain
security
None.
Maintenance of
security
equipment
Important 1 day 1 day 2 days Security equipment must
be kept functioning in
order to properly secure
the company
None.
38
Business
Function
Business Process Criticality RTO WRT MTD Comment IT dependencies
IT
Implementation
and maintenance
of technological
infrastructure
Mission-
Critical
2 hours 2
hours
4 hours Without the technological
infrastructure being
recovered, the whole
system could fall apart
Various IT systems,
depending on function.
Acquisition,
testing, and
implementation
of new IT
equipment
Minor 5 days 2
days
1 week New IT equipment can be
postponed until other
processes have recovered
All IT systems need to be
accessible to properly
implement and test new
technology.
Creation,
implementation,
and maintenance
of applications
and software
services
Vital 4 hours 4
hours
8 hours Ensuring that applications
and software services are
running is vital
File server, database
server, mail server, and
web server need to be
accessible.
Making back-ups
of IT systems
Minor 2 days 2
days
4 days Backing up systems during
a threat or disaster is of
low importance.
Back-up server and WAN
need to be accessible.
Restoring back-
ups of IT systems
Mission-
critical
1 hour 1
hour
2 hours Restoring back-ups to IT
systems when necessary
needs to be done ASAP.
Back-up server and WAN
need to be accessible.
IT
troubleshooting
and assistance
Important 12
hours
12
hours
1 day If there are problems that
have a high priority then
troubleshooting those
should gain priority
All IT systems.
39
Business IT System RTO WRT MTD Comments
File Server 4 hours 4 hours 8 hours The file server is required for employees to store and pull files. It
supports two vital business processes and therefore cannot be
inaccessible for more than 8 hours.
Database Server 2 hours 2 hours 4 hours The database server stores client and order information. Mission-
critical processes depend on the database server so it can’t be down for
more than 4 hours.
Mail Server 2 hours 2 hours 4 hours E-mail is part of the backbone of DigiKnight’s internal and external
communications system. It supports mission-critical processes and
cannot be down for more than 4 hours.
Web Server 4 hours 4 hours 8 hours The web server hosts DigiKnight’s website and supports several vital
business processes. It cannot be down for more than 8 hours.
Print Server 2 hours 2 hours 4 hours The print server supports one mission-critical process, which is the
printing of in-box materials. Therefore, it cannot be down for more
than 4 hours.
Back-up Server 1 hour 1 hour 2 hours If the back-up server is down this slows down recovery for all other
systems. Therefore, the back-up server cannot be inaccessible for more
than 2 hours.
AD/DNS Servers 1 hour 1 hour 2 hours Since the AD/DNS servers make it possible for IT systems to find
each other and communicate, they support all other IT systems and
cannot be down longer than the lowest MTD, which is 2 hours.
Internet 1 hour 1 hour 2 hours Although the Internet doesn’t support any mission critical processes
when viewed as a collection of web pages, the Internet also serves as
the company’s WAN link which supports the mission-critical process
of restoring back-ups. Therefore it cannot be down for more than 2
hours.
40
Recovery Point Objective: DigiKnight’s recovery point objective (RPO) is four days. Every four days DigiKnight’s servers
and all data are backed-up to an off-site location. In case of a threat or disaster, DigiKnight can
afford to lose four days of data at most. Although certain departments and business processes
will be inconvenienced by losing data, no business critical processes would be severely affected.
Backing up more often than every four days would not be cost-effective.
Financial, Operational, and Legal Impact of Disruption:
Natural (Fire, earthquake, flood, tornado, or storms) Financial Impact: Possible loss of revenue of DigiKnight’s end-product is damaged. Cost to
replace damaged equipment and possible damage to DigiKnight’s buildings.
Operational Impact: A natural disruption would cause an evacuation of the premises, leading to
lost time and production. Depending on the damage, more time could be lost in restoring
operations. In case of severe disruption, a business continuity measure such as reverting
operations to another site or mobile site needs to be considered.
Legal Impact: Potential lawsuits in case of employee injuries. Contract disputes regarding
product delivery are also possible if operations are severely disrupted.
Theft, sabotage, vandalism Financial Impact: Costs to replace stolen or damaged equipment, if not covered by insurance.
Operational Impact: Disruptions in operations due to stolen or broken equipment. Further
disruptions may be due to investigating the issue and finding the person responsible.
Legal Impact: Filing charges and suing the responsible party. Costs for lawyers and legal fees,
and legal repercussions for firing the responsible party must also be considered. Contract
disputes regarding product delivery are also possible if operations are severely disrupted.
Labor disputes Financial Impact: Loss of revenues due to disrupted or halted production. Possible higher labor
costs as a result of the dispute.
Operational Impact: Severe operational impact due to disrupted or halted production and
possible relationship issues between management and employees.
Legal Impact: Costs for lawyers and legal fees to review labor contracts. Contract disputes
regarding product delivery are also possible if operations are severely disrupted.
Workplace violence Financial Impact: Possible loss of revenues due to disrupted production.
Operational Impact: Disrupted or halted production due to violence issue and possible
disruptions due to absence of involved employees. Additionally, further disruptions may be
caused by investigating the issue.
Legal Impact: Possible lawsuits and issues regarding firing employees of DigiKnight.
Terrorism
41
Financial Impact: Loss of revenues. Costs related to repairing or replacing broken equipment or
restoring structures.
Operational Impact: Disrupted or halted production. Possible further disruptions related to
changing work sites, if necessary. Employee absence due to injury or shock might cause further
disruptions. Additionally, further disruptions may be caused due to investigating the act of
terrorism and finding the responsible party.
Legal Impact: Possible lawsuits related to employee injuries. Contract disputes regarding product
delivery are also possible if operations are severely disrupted.
War Financial Impact: Loss of revenues.
Operational Impact: War would most certainly cause disruptions in production. Further
disruptions could be caused due to employee absence, and possibly damaged equipment.
Legal Impact: Contract disputes regarding product delivery are possible if operations are
severely disrupted.
Intellectual Property Rights Disputes Financial Impact: Potential legal liabilities with financial penalties.
Operational Impact: Disrupted production until IP dispute is resolved.
Legal Impact: Legal fees related to lawsuits.
Damage to Information Resources Financial Impact: Loss of revenues. Costs to repair or replace damaged resources.
Operational Impact: Besides disruptions in production, further disruptions would be caused by
investigating the issue and finding the responsible party.
Legal Impact: Legal fees related to lawsuits and issues in firing employees of DigiKnight.
Contract disputes regarding product delivery are possible if operations are severely disrupted.
Password Security Financial Impact: Password security threats have no directly related financial impacts.
Operational Impact: Indirectly, weak passwords can lead to compromised systems and
disruptions in production.
Legal Impact: Password security threats have no directly related legal impacts.
Virus and Malware Financial Impact: Loss of revenues. Costs related to cleaning or repairing affected systems.
Operational Impact: Viruses and malware can cause systems to stop functioning as they are
supposed to, leading to disrupted production. Additional disruptions could come from
implementing counter-measures and investigating the issue.
Legal Impact: Possible legal issues relating to firing employees responsible for the virus
infection, if anyone is determined to be at fault. Contract disputes regarding product delivery are
possible if operations are severely disrupted.
Hardware Equipment Failure Financial Impact: Loss of revenues. Costs related to repairing or replacing the equipment that
42
failed.
Operational Impact: Depending on what hardware equipment failed, operations can be
minimally or severely interrupted. Further interruptions might be caused by the repair process.
Legal Impact: If the hardware equipment failure led to any employee injuries there might be
legal fees related to lawsuits. Contract disputes regarding product delivery are possible if
operations are severely disrupted.
Data Corruption or Loss Financial Impact: Loss of revenues.
Operational Impact: Data corruption or loss is likely to cause disruptions in operations due to
employees not having access to the data they need.
Legal Impact: None.
Energy and Fuel Scarcity Financial Impact: Higher costs for energy and fuel.
Operational Impact: If there was energy and fuel scarcity, DigiKnight’s business operations
would likely suffer severely. There might be a loss of electricity and gas to the building, which
would keep DigiKnight from producing product. Additionally, it might be impossible for
deliveries to be made to DigiKnight’s clients, effectively halting all revenue sources.
Legal Impact: Contract disputes regarding product delivery are possible if operations are
severely disrupted.
Material Resource Scarcity Financial Impact: Higher costs for material resources
Operational Impact: If DigiKnight did experience a scarcity of material resources required for
production, its business operations would be severely impacted. Either another medium for video
games would need to be found, or production would not be able to continue.
Legal Impact: Contract disputes regarding product delivery are possible if operations are
severely disrupted.
Urbanization and Congestions of Infrastructure Financial Impact: Higher costs related to product deliveries to clients.
Operational Impact: DigiKnight employees might experience difficulty in getting to work,
leading to disruptions in operations. Deliveries to clients would take longer, and there might be
disruptions in receiving material resources for production.
Legal Impact: Contract disputes regarding product delivery are possible if operations are
severely disrupted.
Increase in Digital Media Financial Impact: Loss of revenues.
Operational Impact: Increases in digital media would not lead directly to disruptions in
operations, but fewer sales would indirectly lead to lower production.
Legal Impact: None.
Insurance Quotes Authorized Employees
43
Only the Board of Directors has the right to contact the insurance provider
Insurance Provider All of DigiKnight’s insurance is through Aflac. Their phone number is 1-800-882-3522
DigiKnight has general liability insurance, commercial property insurance, and disability
insurance.
Reporting Claims Be sure to gather all evidence of the situation via photographs, video, police reports (depending
on situation) and any other relevant information BEFORE contacting the insurance company. Be
as specific as possible, being sure to not leave out anything relating to what has occurred.
FEMA The Federal Emergency Management Agency provides many services to communities and small
or large businesses. They have information on preparing for disasters, including detailed
information on various natural disasters. From earthquakes to winter storms, they have
preparation information along with recovery information. They suggest having warning systems
and signals for natural disasters. Wireless Emergency Alerts are text like messages that alert
employees of potential disasters or dangers. There is also IPAWS or Integrated Public Alert and
Warning System. This system allows locals or businesses to send out warnings of potential
disasters or dangers. FEMA also awards grants to those who are prepared for disaster. If contact
needs to be made with FEMA about any FEMA programs the contact information is below:
Industry Liaison Program Kimberly C. Brown
Industry Liaison Program Manager
Phone: (202) 646-1895
Fax: (202) 646-4348
Industry Liaison Support Center
Phone: 202-646-1895
Email: [email protected]
Suppliers
DigiKnight’s Supplier Information
Primary Vendor Secondary Vendor Tertiary Vendor
Computer Systems Dell
One Dell Way
Round Rock, Texas
78682
(1-800-WWW-DELL)
HP
3000 Hanover Street
Palo Alto, CA 94304-1185
USA
(800-282-6672)
Bold Data
Technology, Inc.
48363 Fremont
Blvd.
Fremont, CA
94538
800-923-2653
Blank CD / DVD
Cases
The Tech Geek
48965 Warm Springs
DiscMakers
http://www.discmakers.com
Dub-It Media
Services
44
Blvd
Fremont, CA 94539
1-800-456-0825
7905 N. Route 130
Pennsauken, NJ 08110-
1402
Toll Free: 800-468-9353
Local: 856-663-9030
Hollywood Sales
Office
1110 North
Tamarind
Avenue
Hollywood,
California 90038
1-888-99DUB-
IT
Local: 323-993-
9570
Boxes Customized Packaging
Solutions Inc.
8333 24th Avenue
P.O. Box 278060
Sacramento, CA 95826
The Packaging House, Inc.
6330 North Pulaski Road
Chicago, Illinois 60646-
4594
800-966-1808
Paper JC Paper
47422 Kato Rd
Fremont, CA 94538
(510) 413-4700
Communications B&H Foto and
Electronics Corp
420 9th Ave
New York, NY 10001
Newegg.com
9997 Rose Hills Road
Whittier, CA. 90601
Flashlights Fry's Electronics
600 East Brokaw
San Jose, CA 95112
USA
B&H Foto and Electronics
Corp
420 9th Ave
New York, NY 10001
Batteries Fry's Electronics
600 East Brokaw
San Jose, CA 95112
USA
B&H Foto and Electronics
Corp
420 9th Ave
New York, NY 10001
First-aid kits REI
1700 - 45th St. E.
Sumner, WA 98352
Cabelas
One Cabela Dr
Sidney, NE 69160
Activation of an Alternate Work Site The leader of the activation team will be Carlton Smith, CEO of DigiKnight Technologies. Also
on the team is Mark Saunders, manager for the administration department, Linda Kraemer,
manager for the manufacturing department, Brett Kelcey, manager for security, and Alicia
McKellips, manager for IT.
Name Location Phone Number
Carlton Smith CEO - Location N/A 415-555-7841
Mark Saunders Administration 415-555-8643
45
Linda Kraemer Manufacturing 415-555-6161
Brett Kelcey Security 415-555-3852
Alicia McKellips IT 415-555-8352
Depending on the type of backup site that is transferred or activated, procedures will change.
Carlton Smith will decide when the activation of the alternate work site needs to be made.
Carlton Smith will then contact the other members and inform them. If the employees need to be
transferred to an alternative work site, Mark Saunders will handle legal and HR repercussions.
Linda Kraemer will work to secure the transfer of equipment if there is a need to do so. Brett
Kelcey will insure the safety of all employees while the process is occurring. He will also be in
charge of physical security during the transfer. Alicia McKellips will be in charge of insuring
that the server information is backed up and secured, and transferred to the backup site if need
be.
Cold Backup Site A cold backup site is an empty location on standby. In this scenario, everything required to
restore the business must be delivered to the site before the recovery process may begin. As a
result, a proper plan should be in place defining where the cold site is established. This will
prevent unnecessary confusion during a disaster and provide a smoother transition to the site. Using a cold backup site will allow DigiKnight to inexpensively resume critical business
operations at another location. In order for this option to be viable, the cold backup site must be
large enough to support all critical business functions (see section on business processes and
functions). Additionally, regular tape backups must be made of business critical data and stored
off site and manually restored at the cold site. As a result of these efforts, DigiKnight must
accept a minimum of 3-6 days’ worth of downtime before becoming completely operational. Requirements for a Cold Backup Site
1. Tape backups A contract is established with Iron Mountain® as a full solution for storing offsite tape backups.
The company will pick up and deliver DigiKnight’s tape backups to a secure facility. Here they
will be stored and managed by Iron Mountain®. The company has arranged 24/7/365 service to
ensure DigiKnight’s backups will always be available.
2. Obtain a Location The location of the site should be far enough away to avoid facing the same environmental
threats as the primary site, but close enough to transport the equipment within one day. This site
will be leased, but remain empty until needed. The cold site location is Livermore in California, about 20 miles northeast of Fremont.
Livermore is easily accessible from Fremont by highways 680 and 84, but it’s far enough
removed that any hazards affecting DigiKnight’s live site are unlikely to also affect the cold site.
The exception to this would be an earthquake, which could potentially affect both sites but any
location far enough removed from Fremont to not be affected by an earthquake is unlikely to be
accessible to DigiKnight’s employees in a timely manner, so this is a risk that must be accepted.
Livermore is further removed from the bay, meaning that if an earthquake or other disaster did
46
occur that might cause flooding, Livermore would be unlikely to be affected as much as
Fremont. The office space that has been rented as the location for the cold site is a facility at 3037
Independence Drive, Building F, Livermore, CA, 94550. At 4,729 square feet it’s smaller than
DigiKnight’s live production facility (8,000 square feet) but large enough to house all necessary
manufacturing and IT equipment and take over production for a short period of time. The
building has easy access to the parking lot through the back, where products can be made ready
for shipping and loaded into the trucks.
3. Establish a transportation company A contract is established with Machine Transport INC. to transport DigiKnight’s equipment to
the cold backup site. This equipment consists of: Manufacturing: - CD stamping machines - Diagnostic machine for quality control - High speed printer for in-box materials - Machine that places all materials in a box IT: - Five workstations (3.2 GHz Pentium 4 Processors, 1024 MB of RAM, 100 GB SATA Hard
Drive, Built-In Video Card, Gigabit Network Card, 21 Inch Monitor, Windows XP) - Ten servers (Dual core 3.2 GHz Processors, 4 GB of RAM, 3 X 500 GB Hard Drive,
(configured to RAID 5), Windows Server 2008, Dual Gigabit Network Cards, 15 Inch Monitor) - Miscellaneous equipment, this includes but not limited to: Computer Chairs, Computer Desks,
Tables, Appliances such as refrigerators, microwaves, etc., moveable Lighting fixtures, Desk
Accessories, Maintenance equipment, Spare parts, and Office files.
An SLA has been established between DigiKnight and Machine Transport INC. confirming that
Machine Transport INC. MUST be on site and begin the transportation process within four hours
from first contact. Machine Transport INC. must have agreed upon equipment at the recovery
site WITHIN 36 hours of first contact. Lastly, all equipment must be unloaded and transported
within the recovery building WITHIN 48 hours of initial contact. All efforts will be coordinated
with crisis team, and all transportation duties, as outlined in the SLA, are the responsibilities of
Machine Transport INC. unless DigiKnight’s negligence can be proven. Contact information for tape backup and transportation vendors:
Company Phone Number Home Office Website
Iron Mountain® 425-888-7821 8150 Signal Ct
Sacramento, CA 95827
www.ironmountain.com
Machine Transport 425-820-2938 12306 NE 144th Street machinetransport.com
47
INC. Kirkland, WA 98034
Warm Backup Site This site already has the necessary equipment to get the business up and running in the event of a
disaster. Backups must be delivered to the site, and then the process of restoration can begin.
This is more expensive than a cold backup site because of the cost of redundant equipment. Using a warm backup site will allow DigiKnight to quickly resume critical business operations at
another location. However, the cost of redundant equipment is substantial. Also, to provide a
smooth transition in the recovery, the warm backup site should have maintenance performed on a
bi-monthly basis. This maintenance includes: -Installing patches -Installing new software -Installing new parts and/or equipment -Testing of machinery -Miscellaneous task that ensure the site is optimal Performing this maintenance will reduce downtime during a recovery. Additionally, the warm backup site must be large enough to support all critical business
functions (see section on business processes and functions). Furthermore, nightly backups must
be made of business critical data from the primary site to the warm site. As a result of these
efforts, DigiKnight must accept a minimum of 1-3 days’ worth of downtime before becoming
completely operational. Requirements for a Warm Backup Site
1. Backup Plan DigiKnight will adopt a full recovery model that will replicate the entire database to the warm
site at the close of business each Friday. This is the most viable option because the replication
will be taking place over the WAN connection. To supplement excessive data loss between
weekly backups, DigiKnight will replicate differential backups at the close of business Monday-
Thursday. This ideally minimizes data loss to a maximum of 24 hours, a risk DigiKnight will
accept.
2. Obtain a Location The location of the site should be far enough away to avoid facing the same environmental
threats as the primary site, but close enough drive to within the RTO. This site will be leased and
most equipment will be stored and powered off. While this site is not being used for recovery, it
will act as a satellite location for the administration, sales, and marketing departments.
Employees will be able to access DigiKnight’s network via VPN tunneling in order to access
resources necessary for their job criteria. The warm site location is Livermore in California, about 20 miles northeast of Fremont.
Livermore is easily accessible from Fremont by highways 680 and 84, but it’s far enough
removed that any hazards affecting DigiKnight’s live site are unlikely to also affect the warm
site. The exception to this would be an earthquake, which could potentially affect both sites but
any location far enough removed from Fremont to not be affected by an earthquake is unlikely to
be accessible to DigiKnight’s employees in a timely manner, so this is a risk that must be
accepted. Livermore is further removed from the bay, meaning that if an earthquake or other
48
disaster did occur that might cause flooding, Livermore would be unlikely to be affected as much
as Fremont.
The office space that has been rented as the location for the warm site is a facility at 3037
Independence Drive, Building F, Livermore, CA, 94550. At 4,729 square feet it’s smaller than
DigiKnight’s live production facility (8,000 square feet) but large enough to house all necessary
manufacturing and IT equipment and take over production for a short period of time. The
building has easy access to the parking lot through the back, where products can be made ready
for shipping and loaded into the trucks.
3. Provide all equipment that live site has to the warm site The equipment that will be permanently stored and available at the warm site is the same
equipment that is used by the manufacturing and IT departments of DigiKnight’s live site. This
equipment consists of:
Manufacturing: - CD stamping machines - Diagnostic machine for quality control - High speed printer for in-box materials - Machine that places all materials in a box
IT: - Five workstations (3.2 GHz Pentium 4 Processors, 1024 MB of RAM, 100 GB SATA Hard
Drive, Built-In Video Card, Gigabit Network Card, 21 Inch Monitor, Windows XP) - Ten servers (Dual core 3.2 GHz Processors, 4 GB of RAM, 3 X 500 GB Hard Drive,
(configured to RAID 5), Windows Server 2008, Dual Gigabit Network Cards, 15 Inch Monitor) Additionally, the site is also completely furnished and provided with all necessary utilities such
as water and electricity. Workstations will only be powered on if in use by clerical employees
working at the site. Servers will always be up and running and connected to the company
network through a WAN (wide area network) link in order to receive nightly backups. Create a plan to run a hot site backup location, detail what equipment and other resources are
needed. A hot site is a fully redundant site that mirrors everything going on in the live site. Hot sites
provide the highest degree of availability and therefore risk mitigation, because every transaction
that happens on the live site is also processed on the hot site simultaneously (Snedaker, 2007). For DigiKnight technologies, a hot site would need to have exactly the same equipment as what
DigiKnight’s IT and manufacturing departments have available. The hot site does not need to
have equipment for DigiKnight’s other departments. Having a hot site that is 100% identical to
all three facilities of DigiKnight’s live site would simply be too expensive and not cost-effective.
In case of a threat or emergency that would render DigiKnight’s live site unavailable, most
employees would be able to continue their jobs from a mobile site, the plan outline for which is
49
included elsewhere in this BCDR plan. However, a mobile site would not allow DigiKnight’s IT
or manufacturing departments to continue their business processes and therefore a small hot site
is required so that DigiKnight’s revenue-generating business operations can continue regardless
of what happens.
Hot Backup Site 1. Obtain a location The location of the hot site has to be some distance away from the live site, so that whatever
threat or emergency has disabled the live site is unlikely to also have disabled the hot site.
However, at the same time the hot site cannot be so far away that employees cannot reach it in a
manageable time to continue business operations. The hot site location is Livermore in California, about 20 miles northeast of Fremont. Livermore
is easily accessible from Fremont by highways 680 and 84, but it’s far enough removed that any
hazards affecting DigiKnight’s live site are unlikely to also affect the hot site. The exception to
this would be an earthquake, which could potentially affect both sites but any location far enough
removed from Fremont to not be affected by an earthquake is unlikely to be accessible to
DigiKnight’s employees in a timely manner, so this is a risk that must be accepted. Livermore is
further removed from the bay, meaning that if an earthquake or other disaster did occur that
might cause flooding, Livermore would be unlikely to be affected as much as Fremont. The office space that has been rented as the location for the hot site is a facility at 3037
Independence Drive, Building F, and Livermore, CA, 94550. At 4,729 square feet it’s smaller
than DigiKnight’s live production facility (8,000 square feet) but large enough to house all
necessary manufacturing and IT equipment and take over production for a short period of time.
The building has easy access to the parking lot through the back, where products can be made
ready for shipping and loaded into the trucks.
2. Provide all equipment that live site has to the hot site The equipment that will be permanently stored and available at the hot site is the same
equipment that is used by the manufacturing and IT departments of DigiKnight’s live site. This
equipment consists of:
Manufacturing: - CD stamping machines - Diagnostic machine for quality control - High speed printer for in-box materials - Machine that places all materials in a box
IT: - Five workstations (3.2 GHz Pentium 4 Processors, 1024 MB of RAM, 100 GB SATA Hard
Drive, Built-In Video Card, Gigabit Network Card, 21 Inch Monitor, Windows XP) - Ten servers (Dual core 3.2 GHz Processors, 4 GB of RAM, 3 X 500 GB Hard Drive,
(configured to RAID 5), Windows Server 2008, Dual Gigabit Network Cards, 15 Inch Monitor)
50
Additionally, the site is also completely furnished and provided with all necessary utilities such
as water and electricity. Although the workstations will typically be turned off, the servers will
always be up and running and connected to the company network through a WAN (wide area
network) link. Every transaction that takes place on DigiKnight’s local area network is
duplicated to the hot site so that if it needs to be used for production, all information,
applications, and services are readily available.
Mirrored Site Mirrored sites contain a fully redundant infrastructure that mirrors everything on the live site. A
mirrored site is essentially a hot site with the capability of load balancing network traffic
between the two sites. For DigiKnight, this solution will provide active-active sites for the network infrastructure.
During normal business operations network traffic will be load balanced between the primary
site and the mirrored site. This will effectively improve network efficiency. However, in a
disaster scenario all traffic will be routed to the mirrored site, or vice versa. Additionally, having
a mirrored site allows DigiKnight to completely shift its operations to one site or the other in
order to perform maintenance or upgrades. For DigiKnight technologies, a hot site would need to have exactly the same equipment as what
DigiKnight’s IT and manufacturing departments have available. The hot site does not need to
have equipment for DigiKnight’s other departments. Having a hot site that is 100% identical to
all three facilities of DigiKnight’s live site would simply be too expensive and not cost-effective.
In case of a threat or emergency that would render DigiKnight’s live site unavailable, most
employees would be able to continue their jobs from a mobile site, the plan outline for which is
included elsewhere in this BCDR plan. However, a mobile site would not allow DigiKnight’s IT
or manufacturing departments to continue their business processes and therefore a small hot site
is required so that DigiKnight’s revenue-generating business operations can continue regardless
of what happens. Requirements for planning a mirrored site:
1. Obtain a location The location of the mirrored site has to be some distance away from the live site, so that
whatever threat or emergency has disabled the live site is unlikely to also have disabled the
mirrored site. However, at the same time the mirrored site cannot be so far away that employees
cannot reach it in a manageable time to continue business operations. The mirrored site location is Livermore in California, about 20 miles northeast of Fremont.
Livermore is easily accessible from Fremont by highways 680 and 84, but it’s far enough
removed that any hazards affecting DigiKnight’s live site are unlikely to also affect the mirrored
site. The exception to this would be an earthquake, which could potentially affect both sites but
any location far enough removed from Fremont to not be affected by an earthquake is unlikely to
be accessible to DigiKnight’s employees in a timely manner, so this is a risk that must be
accepted. Livermore is further removed from the bay, meaning that if an earthquake or other
disaster did occur that might cause flooding, Livermore would be unlikely to be affected as much
as Fremont.
51
The office space that has been rented as the location for the mirrored site is a facility at 3037
Independence Drive, Building F, and Livermore, CA, 94550. At 4,729 square feet it’s smaller
than DigiKnight’s live production facility (8,000 square feet) but large enough to house all
necessary manufacturing and IT equipment and take over production for a short period of time.
The building has easy access to the parking lot through the back, where products can be made
ready for shipping and loaded into the trucks.
2. Provide all equipment that live site has to the mirrored site The equipment that will be permanently stored and available at the mirrored site is the same
equipment that is used by the manufacturing and IT departments of DigiKnight’s live site. This
equipment consists of: Manufacturing: - CD stamping machines - Diagnostic machine for quality control - High speed printer for in-box materials - Machine that places all materials in a box IT: - Five workstations (3.2 GHz Pentium 4 Processors, 1024 MB of RAM, 100 GB SATA Hard
Drive, Built-In Video Card, Gigabit Network Card, 21 Inch Monitor, Windows XP) - Ten servers (Dual core 3.2 GHz Processors, 4 GB of RAM, 3 X 500 GB Hard Drive,
(configured to RAID 5), Windows Server 2008, Dual Gigabit Network Cards, 15 Inch Monitor) Additionally, the site is also completely furnished and provided with all necessary utilities such
as water and electricity. Although the workstations will typically be turned off, the servers will
always be up and running and connected to the company network through a WAN (wide area
network) link. Every transaction that takes place on DigiKnight’s local area network is
duplicated to the mirrored site so that if it needs to be used for production, all information,
applications, and services are readily available.
3. Synchronize Data DigiKnight’s infrastructure is built upon virtualized servers. In order to effectively run active-
active sites in which either could take over as the primary, the sites must synchronously mirror
data between one another. In the event of failure, all virtual machines will be transferred and
reloaded at the alternative site. Since the data is synchronized on the alternative site, there will
not be an interruption of service.
Plan to run a mobile site backup location Background A mobile site is a self-contained unit that can be transported to establish an alternate computing
or working site. They are often contained within a mobile trailer that is delivered by truck to a
specified location (Snedaker, 2007).
A mobile site provides backup office space in case the offices at the live site become unusable
52
for any reason. A mobile site comes equipped with certain standard features such as built-in plan
tables, built-in desks with file cabinets and heating and air conditioning. However, it will be
DigiKnight’s responsibility to supply chairs, computers and devices to use.
A mobile site will only be a BCDR solution in situations where the business processes of both
manufacturing and IT are not compromised. If no CD’s can be printed and DigiKnight’s
revenue-generating processes are halted, a mobile site will not provide an acceptable solution
because it doesn’t allow manufacturing to continue their operations. In such a situation, a hot or
mirrored site would be more acceptable, although due to costs associated with these solutions it
is more likely that DigiKnight would instead sign contracts with other CD-printing facilities to
take over (part of) the company’s workload.
Similarly, if the business processes of DigiKnight’s IT department were halted, a mobile site
would not be an acceptable solution because even though employees would gain access to a
workspace and a computer, they would not be able to use the applications and services they
require IT to provide for them. Only if the mobile site could be combined with another BCDR
solution where the IT department could also continue their business process such as a warm or
hot site would it make sense for a mobile site to be ordered.
Contract for mobile site DigiKnight has established a contract with Pacific Mobile Structures for delivery of one or more
mobile sites when needed. Pacific Mobile Structures offers mobile offices in different sizes but
the contract states that one or more mobile offices of 8’ by 24’ will be rented, depending on
DigiKnight’s needs. An 8’ by 24’ mobile office will fit twelve employees.
Permits to house one or more mobile offices at DigiKnight’s site have been obtained from the
city as well as from the utility provider. Every mobile office needs to be connected to electricity
and data feeds, as well as to plumbing or the sewage system at the local site. Permits for these
connections have been obtained and once a mobile site is delivered to DigiKnight’s facilities it
should be possible to have it up and running in a short time.
Contracts for computers and other required equipment Since the mobile offices provided by Pacific Mobile Structures don’t come equipped with
computers or other devices, these need to be separately obtained from a third party if
DigiKnight’s own computers cannot be used or accessed. A contract has been signed with
Rentacomputer.com who will provide technological rental equipment.
Since the mobile offices provided by Pacific Mobile Structures don’t come equipped with
furniture, these need to be separately obtained from a third party if DigiKnight’s own office
furniture cannot be used or accessed. A contract has been signed with Brook Furniture Rental
who will provide rental office furniture.
Contact information for mobile site:
Company Phone number Email address Website
53
Pacific Mobile
Structures
(800) 225 - 6539 pmsi@pacificmobile.
com
Pacificmobile.com
Rentacomputer.com (800) 736 - 8772 rentals@rentacomput
er.com
Rentacomputer.com
Brook Furniture
Rental
(866) 276 - 6547 office_customerservic
Bfr.com
Plan to run a mirrored site backup location Background A mirrored site is a fully redundant site that mirrors everything going on in the live site. Mirrored
sites provide the highest degree of availability and therefore risk mitigation, because every
transaction that happens on the live site is also processed on the mirrored site simultaneously
(Snedaker, 2007).
For DigiKnight technologies, a mirrored site would need to have exactly the same equipment as
what DigiKnight’s IT and manufacturing departments have available. The mirrored site does not
need to have equipment for DigiKnight’s other departments. Having a mirrored site that is 100%
identical to all three facilities of DigiKnight’s live site would simply be too expensive and not
cost-effective. In case of a threat or emergency that would render DigiKnight’s live site
unavailable, most employees would be able to continue their jobs from a mobile site, the plan
outline for which is included elsewhere in this BCDR plan. However, a mobile site would not
allow DigiKnight’s IT or manufacturing departments to continue their business processes and
therefore a small mirrored site is required so that DigiKnight’s revenue-generating business
operations can continue regardless of what happens.
The location of the mirrored site has to be some distance away from the live site, so that
whatever threat or emergency has disabled the live site is unlikely to also have disabled the
mirrored site. However, at the same time the mirrored site cannot be so far away that employees
cannot reach it in a manageable time to continue business operations.
Location The mirrored site location is Livermore in California, about 20 miles northeast of Fremont.
Livermore is easily accessible from Fremont by highways 680 and 84, but it’s far enough
removed that any hazards affecting DigiKnight’s live site are unlikely to also affect the mirrored
site. The exception to this would be an earthquake, which could potentially affect both sites but
any location far enough removed from Fremont to not be affected by an earthquake is unlikely to
be accessible to DigiKnight’s employees in a timely manner, so this is a risk that must be
accepted. Livermore is further removed from the bay, meaning that if an earthquake or other
disaster did occur that might cause flooding, Livermore would be unlikely to be affected as much
as Fremont.
The office space that has been rented as the location for the mirrored site is a facility at 3037
Independence Drive, Building F, Livermore, CA, 94550. At 4,729 square feet it’s smaller than
DigiKnight’s live production facility (8,000 square feet) but large enough to house all necessary
54
manufacturing and IT equipment and take over production for a short period of time. The
building has easy access to the parking lot through the back, where products can be made ready
for shipping and loaded into the trucks.
Equipment The equipment that will be permanently stored and available at the mirrored site is the same
equipment that is used by the manufacturing and IT departments of DigiKnight’s live site. This
equipment consists of:
Manufacturing: - CD stamping machines
- Diagnostic machine for quality control
- High speed printer for in-box materials
- Machine that places all materials in a box
IT: - Five workstations (3.2 GHz Pentium 4 Processors, 1024 MB of RAM, 100 GB SATA Hard
Drive, Built-In Video Card, Gigabit Network Card, 21 Inch Monitor, Windows XP)
- Ten servers (Dual core 3.2 GHz Processors, 4 GB of RAM, 3 X 500 GB Hard Drive,
(configured to RAID 5), Windows Server 2008, Dual Gigabit Network Cards, 15 Inch Monitor)
Additionally, the site is also completely furnished and provided with all necessary utilities such
as water and electricity. Although the workstations will typically be turned off, the servers will
always be up and running and connected to the company network through a WAN (wide area
network) link. Every transaction that takes place on DigiKnight’s local area network is
duplicated to the mirrored site so that if it needs to be used for production, all information,
applications, and services are readily available.
Communication
If or when a crisis occurs, it is of the utmost importance that the crisis communication command
center is notified immediately. Not everyone in the office will know exactly how to respond to a
particular threat or emergency, but members of the crisis communication command center will
have had special training and they will also have access to the BCDR plan. This team of people
will be the Crisis Management Team (CMT)
CMT: The CMT is the team responsible for making the high-level decisions; for coordinating efforts of
internal and external staff, vendors, and contractors; and for determining the most appropriate
responses to situations as they occur.
The leader of the CMT will be Carlton Smith, CEO of DigiKnight Technologies. Also on the
CMT is Mark Saunders, manager for the administration department, Linda Kraemer, manager for
the manufacturing department, Brett Kelcey, manager for security, and Alicia McKellips,
55
manager for IT.
In the event of a threat or disaster, Carlton Smith will contact the members of the CMT with
instructions and will coordinate all efforts. Carlton will also reach out to managers and
employees of other departments that are not represented in the CMT, so that there is a company-
wide understanding of what is happening. During the crisis, all communication must pass
through the CMT so as to avoid multiple sources of communication. Although a communication
bottleneck is undesirable, it is equally if not more important that there is correct and consistent
communication and that the CMT is in the loop on everything going on in all departments.
Mark Saunders, as manager of administration, will be in charge of human resource and legal
issues. He will need to specifically address the needs of employees and maintain communication
with employees. This includes keeping track of employees who may have been injured from the
event and providing support to them including facilitating access to emergency or ongoing
medical or psychological services. Depending on the nature of the event, he will also need to
contact legal counsel and investigate any liabilities in contracts with suppliers or clients or in
employment contracts when it comes to injury or even death.
Linda Kraemer, as manager for the manufacturing department, will be in charge of ensuring the
continued revenue-generating business operations for DigiKnight Technologies. She will need to
assess the state of all machinery and the facilities to determine if production can continue or if it
needs to shift to DigiKnight’s mirrored site.
Brett Kelcey, manager of the security department, will be in charge of employee safety and will
need to asses if employees can continue using DigiKnight’s facilities. If any hazardous
conditions exist he will need to decide if employees should perform their duties from a different
site, such as a war or hot site or even a mobile site. If employees need to be evacuated quickly he
will also be in charge of making that happen in an ordered and smooth manner, and making sure
that every employee is accounted for.
Alicia McKellips, manager of the IT department, will be in charge of ensuring that IT equipment,
infrastructure, and network remain intact and operational. If any applications or services become
unavailable due to the event, Alicia will need to decide if it can be brought back up in an
acceptable timeframe or if IT processes need to be moved to the company’s mirrored site.
Below is a flow chart of how communication will take place during a crisis, including names and
telephone numbers for key personnel.
56
57
Communication plans
In case of a threat or emergency certain parties need to be notified. The following
communication plans describe what needs to be communicated and to whom, who is responsible
for this communication, and when these plans need to be executed. During a threat or
emergency, all communications must always go through CMT first to be approved for release.
Employee plan Responsible
party for
executing the
plan
Contacts and
phone
numbers
Plan Objectives Triggers
CMT
Carlton Smith
415 - 555 -
7841
(1) State the nature of the
threat or emergency
(2) If available, state the
cause
(3) State what areas or
processes of the
company are affected
(4) If the threat is not
limited to the
company, state the
impact area of the
threat
(5) If necessary, urge
employees to contact
their families to ensure
their safety
(6) State when the threat
or emergency is
expected to be
resolved
(7) State who to contact
for further information
(1) If IT services or
applications for
employees are
affected
(2) If employees might
be personally
affected
(3) If employees’
families might be
affected
Mark
Saunders
415 - 555 -
8643
Linda
Kraemer
415 - 555 -
6161
Brett Kelcey
415 - 555 -
3852
Alicia
McKellips
415 - 555 -
8352
58
Clients or Suppliers plan Responsible party for executing the plan
Contacts and phone numbers
Plan Objectives Triggers
Marketing
(Through CMT)
Michael
Churchill
415 - 555 -
(1) State the nature of the
threat or emergency
(2) If available, state the
cause
(3) State what areas or
processes of the
company are affected
(4) State how the threat or
emergency might
affect our ability to
meet contractual
obligations
(5) State when the threat
or emergency is
expected to be
resolved
(6) State who to contact
for further information
(1) If a threat or
emergency is
expected to impact
deliveries to clients
(2) If a threat or
emergency is
expected to impact
DigiKnight’s
manufacturing
process
Media plan Responsible party for executing the plan
Contacts and phone numbers
Plan Objectives Triggers
Marketing
(Through CMT)
Michael
Churchill
415 - 555 -
(1) State the nature of the
threat or emergency
(2) If available, state the
cause
(3) State how the threat of
emergency might
affect the public
(4) State when the threat
or emergency is
expected to be
resolved
(5) State who to contact
for further information
(1) If a threat or
emergency has been
caused by
DigiKnight, or
originated on
DigiKnight’s
premises
(2) If a threat or
emergency affects
the public
59
Communication distribution methodology In case of a threat or emergency the leader of the crisis management team - Carlton Smith - will
be contacted first. If Carlton Smith in unreachable, another member of the CMT will be
contacted instead. This initial member of the CMT will contact the other members of the CMT
with instructions. The CMT will also reach out to managers and employees of other departments
that are not represented in the CMT, so that there is a company-wide understanding of what is
happening. During the crisis, all communication must pass through the CMT so as to avoid
multiple sources of communication.
Internal communication methods (1) If email is available All internal communications will be done by email to employee
email accounts if possible.
(2) If email is down The CMT will contact each department head through phone.
The department heads will then inform their teams.
(3) If phone is down The CMT will contact security personally, and security
personnel will contact each department head. The department
heads will then inform their teams.
External communication methods (1) If phone is available All external communications will be done by phone if possible
(2) If phone is down If phone lines are down but email is up, external
communications will be done by email
(3) If email is down If both phone and email are down, external communications
will need to be done from an employee mobile phone
Regulatory constraints on communication Since DigiKnight is a privately owned company there are not many regulatory constraints
regarding threats or emergencies that have to be followed. DigiKnight does not collect or store
medical information, so HIPAA (Health Information Portability and Accountability Act) does
not apply. DigiKnight is also not classified as a financial institution, so the GLB (Gramm-Leach-
Bliley) Act also does not apply. The only regulations that DigiKnight has to follow regarding
communication of company threats or emergencies are California State laws on security breaches
where PII (personally identifiable information) was compromised.
California data security breach notification law SB 1386, Cal. Civ. Code 1798.82 and 1798.29:
SB1386, amending civil codes 1798.29, 1798.82 and 1798.84 is a California law regulating the
privacy of personal information. Essentially, it requires any agency, person or business that
conducts business in California and owns or licenses computerized 'personal information' to
disclose any breach of security to any resident whose unencrypted data is believed to have been
disclosed.
60
To determine if DigiKnight should disclose a security breach, the following checklist should be
used:
1. Does the compromised data include personal information?
2. Does that personal information relate to a California resident?
3. Was the personal information unencrypted?
4. Was there a breach of the security of the data?
5. Was the personal information acquired, or is reasonably believed to have been acquired,
by an unauthorized person?
If the answer to all of these questions is ‘yes’, then all affected clients have to be notified of the
security breach.
Threat
Did the threat originate on
DigiKnight’s premises?
Yes
No
Employee
communications plan
(critical)
Client and Suppliers
Communications PlanMedia
Communications Plan
Is the general public
affected in any way?
Are deliveries affected in
any way?
Yes
Do we have to shift
operations to a backup
site?
Are IT systems
affected?
Is manufacturing
affected?
Employee
communications plan
(non-critical)
YesNo
Yes
Yes
Yes
No
No
No
No
Template 3 Template 2 Template 1 Template 4
61
Organizational Chart of Key Employees Mangers of each department have key access to all areas of their department. The person listed below them also has an emergency key
to all areas. If neither person is contactable, security has keys to all departments, along with Carlton Smith.
Carlton SmithPhone:
415-555-7841
Mark SaundersPhone:
415-555-8643Ext. 0180
Diane FordPhone:
415-555-6312Ext. 0200
Linda KraemerPhone:
415-555-6161Ext. 0150
Carlton BowdenPhone:
415-555-3223Ext. 0100
Michael WintersPhone:
415-555-3970Ext. 0400
Michael ChurchillPhone:
415-555-3131Ext. 0610
Kenneth GilliamPhone:
415-555-6431Ext. 0130
Kathy CavenaughPhone:
415-555-3298Ext. 0120
Brett KelceyPhone:
415-555-3852Ext. 0170
Alicia McKellipsPhone:
415-555-8352Ext. 0190
Rod HatherlyPhone:
415-555-8643Ext. 0181
Jessica TalenPhone:
415-555-6161Ext. 0151
Kurt GossardPhone:
415-555-3223Ext. 0101
Bell RosenburgPhone:
415-555-3970Ext. 0141
Aaron McDowelPhone:
415-555-0161Ext. 0161
Shay RobertsonPhone:
415-555-3298Ext. 0121
Frank ArronsPhone:
415-555-3852Ext. 0171
Luke McDowelPhone:
415-555-8352Ext. 0191
Administration Sales ManufacturingResearch &
Development Maintenance Advertising Purchasing Security IT
CEO & Founder
62
Emergency Response Organizations With the following organizations, managers are trained on whether incidents in their departments
are emergency or non-emergency. They will then make appropriate actions to contact the various
organizations on whichever line is most appropriate. This alongside FEMA’s IPAWS system, all
disaster organizations should be notified.
Fire/Search and Rescue: 3300 Capitol Ave., Building A
Fremont, CA 94538
Non-Emergency: (510) 494-4200
Emergency: 911
Hospital/Ambulance: Washington Hospital
2000 Mowry Ave.
Fremont, CA 94538
Non-Emergency: (510) 797-1111
Emergency: 911
Police/Sheriff: 2000 Stevenson Blvd.
Fremont, CA 94538
Non-Emergency: (510) 790-6800
Emergency: 911
63
Business Continuity and Disaster Recovery Activation Steps
One Two
Three Four
Five
Six
Injuries?
Yes No
Minor Injuries:
__________
Severe Injuries:
__________
Casualties:
__________
Still Operational?
Yes No
State of Facilities:
Usable Not Usable
State of Servers:
Usable Not Usable
CMT notified?
Yes No
Time Notified:
__________
Hot Site Activated?
Yes No
Time Contacted:
__________
Estimated Recovery Time:
__________
Cause of Disaster:
___________________________________________________________
___________________________________________________________
___________________________________________________________
Employees Contacted?
Yes No
Community Contacted?
Yes No
Vendors Contacted?
Yes No
Contractors Contacted?
Yes No
Customers Contacted?
Yes No
Business Partners Contacted?
Yes No
Legal & Regulatory Agencies Contacted?
Yes No
Media Contacted?
Yes No
Date of Event:
__________
Time of event:
__________
Classification:
Mild Major
Severe
Emergency Responders notified?
Yes No
Time Notified:
__________
64
Determining Impact and Risk Template This section overviews the procedure for assessing a catastrophic event. All critical business
operations are contained within building 3, so this will be the focus for the assessment. Although
building 2 contains the shipping department, which is necessary to complete transactions, the
service can be temporarily supplemented by a third party. However, failure of production and/or
IT departments would cause critical failure in the process chain. In regards to IT, the main threats
are structural damage, fire, water, and user error. The following chart can be used to assess the
level of damage:
Can the Servers Receive Power?
Yes No
Is the network online?
Yes No
Can the Servers Communicate with
eachother?
Yes No
Can transactions be performed?
Yes No
Can users access the systems necessary for
there job?
Yes No
Are the phones usable?
Yes No
Can users access the internet??
Yes No
If no, catastrophic
If no, catastrophic
If no, catastrophic
If no, catastrophic
If no, major
If no, major
If no, minor
65
Emergency Testing Policies
Fire Alarm Systems Digiknight is equipped with an electronic fire alarm system, that performs self-tests regularly.
Fire Suppression Systems Digiknight has standard (ABC) fire extinguishers in each room, along with a sprinkler system
that is automatically triggered by ceiling temperature sensors, and can also be manually
triggered.
Emergency Signals Each room has multiple exits, each with visible Exit signs that glow. Loud alarms sound
automatically in the event of alarm trigger (whether that is fire or burglary). Alarms can be
manually triggered by pull-down alarms in each room.
CPR and First Aid Equipment There are first aid kits in every room, with a visible sign overhead. Digiknight also has an AED
(automated external defibrillator) in each building.
Hazardous Material Safety Digiknight Technologies does not work with any hazardous materials
Facility Shutdown Procedure Facility Shutdown is only for extreme circumstances which it is dangerous to continue operations.
Servers and other essential technology Servers, networking equipment, and other essential equipment is only to be shut down in dire situations. If the need arises, it should be done in a proper fashion, not by disconnecting the power.
Non-Essential Equipment Individual workstations, telephone equipment, and other non-essential equipment will be disconnected at the first sign of adverse effects.
Evacuation Points In the event of a facility evacuation, we will meet in the far corner of the Northern and Southern parking lots. If there is a more serious threat, or a situation that requires farther distance, department heads will coordinate a proper evacuation point.
66
Layout of Buildings
67
Shelter-in-place Procedures This section explains the procedures necessary if a disaster is inhibited employees from leaving
the work place. The first course of action is to have employees meet inside of buildings 3. This
building was chosen as the hub because it is the largest, and contains a storage area with
necessities. Items that can be found within the storage closet include: water, water purification
tablets, shelf-stable food supplies, clothing, blankets, and other materials. Examine the layout
below for the location of the storage closet. Once in building 3, staff may lounge within the hall
ways.
In the event power goes out, the circuit breaker may need to be flipped. The buildings power
consolidates into the building at the exterior North West corner; this is also where the circuit
breaker is located. Examine the building layout below for the location of the breaker. Lastly the
utility lines such as water, electric, and gas, consolidate in the center of the north exterior wall.
Similarly the utility closet can be found near the center of the north wall inside the building.
Contacting a Disaster Recovery Specialist Only the Board of Directors can contact disaster recovery providers.
Checklist:
Contact information and location of provider
Information on pre-negotiated contracts
How to access emergency funding
Information regarding disaster and needs
Contact information for IT Department
Priorities for Recovery
Contacting Suppliers Only members of the Purchasing department or the Board of Directors can contact suppliers.
Suppliers need to be notified of the following information:
Disaster that occurred
How supplier is affected by disaster
How supplier can assist with disaster recovery
How supplier can contact Digiknight during recovery
Timeframe for recovery
What information can be distributed to others (for example, their suppliers)
Communication Templates See appendix A
68
Safety Procedures
During a critical disaster employees should follow these specific steps to ensure safety. It is
important to understand that disaster scenarios such as floods, earthquakes, mudslides,
equipment malfunction, fire, etc., may cause severe injury or death. The priority in any situation
is the preservation of life. Secondly, critical infrastructure should be protected, if possible. In
order to mitigate unnecessary risks and damages, the following procedures should be taken:
1. Assess the situation. It is possible that a disaster brings a sudden catastrophic shock to the
business, invoking panic/chaos. It is important to take a moment to understand what is
going on and collect yourself. Look toward your team leads and work collectively as a
group to get everyone to safety.
2. If your safe and are able to, call 9-11. Additionally, contact the Crisis Management Team.
3. Evacuate the building if appropriate. If asked to leave the building, do so immediately.
First responders may already be there or on route, leaving the building frees up space for
them. Additionally, shut off water, gas, and electricity if possible without risking injury.
All personnel should meet at the designated post-evacuation point. Lastly, take
emergency medical supplies with you on the way out if possible.
4. If the disaster requires you to stay within the building, close all doors and windows.
Prepare medical supplies, food, and water. Take a head count and assess any injuries.
Tune into the local news stations and/or radio for additional information. Lastly, prepare
for evacuation.
5. Secure critical files and data
6. Anyone who knows the building well should work with emergency responders and help
them assess the situation.
7. Contact alternate site in begin the recovery process
8. Contact customers, vendors, contractors, and other third parties to make them aware of
the situation.
9. Communicate with staff. Ensure that appropriate medical care is received before
returning home.
10. Work diligently with the Crisis Management Team to help DigiKnight recover and
resume business processes.
Following the above procedures will mitigate damages during a disaster. During a disaster, it is
likely there will not be time to go over documentation, so it is important that all staff read and
understand these procedures beforehand. If there are any questions, discrepancies, or clarification
is required for these procedures, please contact the Crisis Management Team.
69
Inventory and Damage Assessment
Device New cost Status Operational Financial loss Time to recover
Example device $2,000 damaged no $750 12 hours
Generator $25,000
Power Supply Unit $5,000
Circuit Breaker $2,500
Electrical Wiring $10,000
Water Lines $10,000
Hot Water Heater $2,500
Water Filtration $3000
Gas Lines $10,000
Gas for Generator $500
After any threat or emergency, the above inventory and damage assessment checklist needs to be filled out immediately. Specifically, it
needs to be documented which assets are operational and which are not. An asset shall only be marked operational if every aspect is fully
functional. How long does it take for the device to be recovered? These assets should only be analyzed if the building is safe to be in. In
the case of a gas leak, loose electrical wiring, or extreme water conditions, the building should not be entered until the threats have been
contained. Extreme damages to any of these areas may be conclusive to a catastrophic event, and the recovery site should be brought up.
70
Hazardous Materials and Conditions Assessment
Condition Status Severity Operational Financial loss Time to
recover
Comments
Air Conditioning
System (Example) All
components
destroyed
in flood
High Cannot
perform any
operations
in building
$600,000 1 Week Without system, any
equipment would overheat,
and would cause even more
damage
Chemical Spill
(Example) Ammonia
spilled on
warehouse
floor
Medium Cannot
operate in
building
until after
cleanup
Undetermined 1 Day It is unsafe for any workers
to breath in the harmful
fumes
71
After any threat or emergency, the above hazardous materials and conditions assessment checklist needs to be filled out immediately.
Specifically, it needs to be documented where the conditions or materials are. While looking for these dangerous conditions, you must
also be sure not to endanger yourself.
IT Inventory and Damage Assessment
Device New cost Status Operational Financial loss Time to
recover
Comments
Example device $2,000 damaged no $750 12 hours Minor fire damage. Hard
drives need to be replaced.
New power cord needed.
File Server $4,000
Database Server $4,000
Mail Server $4,000
Web Server $4,000
Print Server $4,000
Back-up Server $4,000
AD/DNS Servers $4,000
IT workstations
(5) $1,200 each
Cabling $2,000 total
Air conditioning $15,000
Switches (5) $1,600 each
Routers (3) $1,800 each
Firewall $4,500
DSU/CSU $500
After any threat or emergency, the above inventory and damage assessment checklist needs to be filled out immediately. Specifically, it
needs to be documented which assets are operational and which are not. An asset shall only be marked operational if every aspect is
fully functional. If a device is not operational, can it be salvaged? Can any parts of it be salvaged? How long does it take for the device
to be recovered? These questions need to be answered immediately so the CMT can decide if operations need to be switched to a backup
site.
72
Testing, Training, and Audit
There are several different ways in which the BCDR plan can be tasted, reviewed, and if
necessary - modified. The four basic ways are:
1. Paper walk-through
2. Functional exercises
3. Field exercises
4. Full interruptions
To test and review the BCDR plan it is not recommended to go from plan creation directly to a
full interruption review training. More than likely, the plan is still suffering from certain
omissions or errors that would render a full interruption training unsuccessful, leading to time
and money being wasted.
Instead, after the BCDR plan has been initially created it should be subjected to a paper walk-
through. This type of test is the least disruptive to normal business operations. The results will
also be less accurate than from some of the other training and review methods but they can still
be very helpful in incrementally improving the BCDR plan. They key to running a successful
paper walk-through test is to develop realistic scenario’s and evaluation criteria. How well did
participants able to follow and utilize the plan? How well were participants able to
communicate? These criteria will show if the plan needs certain adjustments before moving on
to another type of testing and review.
Functional exercises are used to actually test some of the plan’s functionality and train staff in
critical procedures or functions needed to respond to and address a disruption. These functional
exercises go hand in hand with a paper walk-through, which would provide the scenario. The
functional exercise would simply add a practical element, but they are restricted to one specific
function so they don’t share the scope of a field exercise or a full interruption.
Field exercises involve realistic exercises based on likely scenarios. They require much more
time and effort, and are more interruptive than paper walk-through’s or functional exercises.
However, they also provide much better information on which sections of the BCDR plan might
need to be adjusted.
Full interruptions are similar to field exercises but are more disruptive to the business
operations. Rather than provide simulations while normal business operations continue in the
background, the full interruption will interrupt business operations just like a real threat or
emergency situation would. Often, full interruption exercises happen unannounced, so to many
employees there is no difference between the full interruption and a real emergency. Because of
that, they provide the best feedback on BCDR plan performance and areas for review and
adjustment. However, for obvious reasons they are also the most costly exercises to perform.
In order to acquire accurate testing and review of the BCDR plan, the recommendation that is
made to DigiKnight Technologies is to perform a paper walk-through of the plan upon
73
completion. This should provide some suggestions as to where the plan needs to be reviewed
and possibly adjusted. Once adjustments are made, the plan should undergo another paper walk-
through, accompanied by several key functional exercises. These exercises should be those
functions and processes that are most likely to be affected by a real emergency scenario, and
those that are most critical to the company’s business operations.
Paper walk-through’s with function exercises should be done at least once every year to ensure
that the BCDR plan is still up to date. Additionally, if budget and resources allow it, it is also
recommended to perform a field exercises at least once every two years. Based on the results
from these training exercises, the plan should be reviewed and adjusted as needed.
Recommendation on Updates DigiKnight believes that an updated Business Continuity and Disaster Recovery Plan is a must.
The plan will be reviewed twice a month. The first week and the third week of each month the
managers of each department will meet to discuss any recommended or needed changes. If
changes are made it will further be evaluated to decide if a new plan will need to be distributed
and the old plans destroyed. If so all managers are responsible for the collection and destruction
of the business continuity and disaster recovery plans in their departments. All vendors, partners,
or alternative work sites will be handled by either the administration department or the sales
department. Once all plans are collected, the managers will then distribute the new plans to their
department. Emergency meetings may be needed if drastic changes have been made.
This biweekly evaluation will allow for quick turnaround in business continuity changes while
still ensuring the integrity of it. Rather than constantly testing, managers are responsible for
keeping up to date on the procedures of the business continuity plan. This ensures safety in
implementation in case of disaster, as well as allows for a more cost effective method than
constant testing. Though testing is still a needed aspect of the business continuity and disaster
recovery plan.
Quarterly tests will be held to evaluate the efficiency and effectiveness of the business
continuity plan. The tests will change depending on the quarter, cycling through various
disasters or possible incidents; allowing for different aspects of the business continuity and
disaster recovery plan to be evaluated. After tests conclude the business continuity and disaster
recovery plan will be updated to be more accurate if need be.
Change Management Process Documentation
The BCDR plan will have a section at the start of the document where its version is displayed.
Along with the current version, there will also be documentation of the previous five versions
and changes that have been made from one version to another. It is very important that every
department has a copy of the most recent version on the BCDR plan so that no unnecessary
mistakes are made when a threat or disaster occurs.
The version of the BCDR plan will be documented in the format of ‘version 1.0’. Any time a
minor change is made to the document, the decimal will increase. ‘Version 1.0’ would change to
74
‘version 1.1’. Any time a major change is made to the document, the unit number increases by
one and the decimal is reset to 0. ‘Version 1.1’ would change to ‘version 2.0’. A minor change
would include such changes as an update of assets, personnel and contact information changes,
changes in vendors, and any other changes that only require small rewrites of sections of the
document. A major change would include such changes as new BCDR processes, changes in
backup sites and equipment, and other changes that require large sections of the document to be
rewritten.
Request for change evaluation and change implementation
When a department requests for a change to be made to the BCDR plan this request will be
evaluated by members of the Crisis Management Team. Approval depends on the necessity of
the revision being implemented. To keep change management and BCDR plan distribution
manageable, not every request can be approved. However, if a key department member has left
the company, if a significant update to a BCDR process in the department needs to be included,
or if denial of the request could compromise the effectiveness of the BCDR plan then the
evaluation will be approved.
If the CMT decides that the request shall be approved, the right department is notified to draft a
revision to the section in question. Since most BCDR documentation requires significant
research and data gathering, the department shall be granted two weeks to provide the draft.
Testing and auditing revisions
If a major change to the BCDR plan is made, these changes need to be tested to ensure that they
will work reliably during a threat or disaster situation. The CMT will organize for a test situation
to be created within four weeks of the draft submission date. If the test goes well and the change
proves to be effective, the revision will be included in the BCDR plan.
Notifying stakeholders and distributing updated copies
When a change has been made to the BCDR plan, stakeholders have to be notified immediately.
Email communication to plan stakeholders should be sent out, informing them that the BCDR
plan has been updated and that they will receive a copy in the next two days. If they don’t
receive a copy in the next two days, stakeholders are encouraged to contact the CMT to request
a copy of the document.
BCDR plan deliveries will be made to al stakeholders and departments. Key personnel will have
to sign off on receiving a copy of the plan, and the old version of the plan has to be handed off
to the person making the delivery to ensure that the new copy will in fact replace the old one. In
a crisis situation, there cannot be multiple copies circulating around the company.
Standard update If no change requests and approvals are made to the BCDR document, a new version will go out
regardless every six months to ensure that every department has a copy of the document.
Distribution of Updated Plans
75
There are various ways that plan updates can be distributed ranging from using the intranet to
paper. The use of multiple distribution methods can lead to increased redundancy, but that isn’t
always a bad thing. With multiple methods, maintenance can be difficult as all variations have to
be updated. With multiple distribution methods you can insure that there is always a copy at
hand if need be. Each method has its advantages and disadvantages. Paper copies of the business
continuity and disaster recovery plan gives access to the plan when the power or internet is out,
but requires a lot more work when it comes to collecting and destroying old copies. Hosting it on
the intranet allows for ease of use, access to all employees, and business partners; on top of that
it has a lower maintenance cost. The downside of the intranet is a required intranet access to get
to it, which means if the server is down, you wouldn’t have access. Having a third party website
server host the business continuity and disaster recovery plan means that if DigiKnight servers
go down, the plan is still accessible, though if internet is down, or the web server hosting it, then
you cannot access it. With these options being outlined, DigiKnight has decided that they will
have two distribution methods.
An updated copy of the business continuity and disaster recovery plan will be available on the
intranet as well as a paper copy. This will mean that it will be easy for business partners and
employees to see the updated plan, while still maintaining physical copies means if power is out
or the server down, the business continuity and disaster recovery plan is still easily accessible.
Biweekly meetings with managers allow for constant updating, and the procedure for collecting
and destroying outdated plans is entailed in that section.
Nature-Based Test Scenario Nature-based disasters can happen at any time, and business continuity and disaster recovery
plans need to be able to handle them. Tests allow for business continuity and disaster recovery
plans to be improved without the actual incident occurring.
The objective of this test is to find errors and improve upon the business continuity and disaster
recovery plan as a whole.
All managers will be notified of the time of the upcoming test. All tests are held on a real time
basis unless discussed by management beforehand. Dependent on the scenario being tested
various steps will need to be taken:
Notify stakeholders of the test, and the objectives that we hope to be fulfilled by the tests
Before the test scenario clarify the objectives of the test
Choose dedicated employees to collect data on how the tests run
Encourage employee feedback after the test
For example, if the test was for an earthquake, personnel would be told beforehand that the
objective of the scenario would be to find possible faults or improvements to the business
continuity and disaster recovery plan in terms of earthquake recovery. Over the intercoms there
would be an announcement that the earthquake was happening. Employees would be expected to
follow safety precautions and then implement recovery of procedures. After the test would be
completed documentation of faults or improvements would be filled out.
The test team would need to evaluate certain criteria:
76
Did the employees follow correct safety procedures?
Was machinery shutoff according to emergency procedures?
Were recovery plans executed?
Where could the plan be improved?
Man-Made-Based Test Scenario The procedure for man-made test scenarios is very similar to the procedure for nature-based.
Man-made disasters can range from riots to network outage. Tests allow for business continuity
and disaster recovery plans to be improved without the actual incident occurring.
The objective of this test is to find errors and improve upon the business continuity and disaster
recovery plan as a whole.
All managers will be notified of the time of the upcoming test. All tests are held on a real time
basis unless discussed by management beforehand. Dependent on the scenario being tested
various steps will need to be taken:
Notify stakeholders of the test, and the objectives that we hope to be fulfilled by the tests
Before the test scenario clarify the objectives of the test
Choose dedicated employees to collect data on how the tests run
Encourage employee feedback after the test
For example, if the test was for an bomb threat, personnel would be told beforehand that the
objective of the scenario would be to find possible faults or improvements to the business
continuity and disaster recovery plan in terms of bomb threat recovery. Over the intercoms there
would be an announcement that there was a fake bomb threat happening. Employees would be
expected to follow safety precautions and then implement recovery of procedures. After the test
would be completed documentation of faults or improvements would be filled out.
The test team would need to evaluate certain criteria:
Did the employees follow correct safety procedures?
Was machinery shutoff according to emergency procedures?
Were recovery plans executed?
Where could the plan be improved?
Mudslide Tabletop Test DigiKnight faces the threat of many natural disasters, including mudslides. Although threats
cannot be eliminated, their level of damage can be minimized through individual and business
preparedness. The company must understand the risks of a mudslide and throughly prepare
reactive and proactive measures to mitigate the risks. Overall, this will reduce the threat
mudslides pose to business operations and employee wellbeing. To prepare for this event, a
tabletop test will be run. The test will be conducted as follows:
1. All members of the CMT notified, and a date will be set for the test. The entire CMT
should be present for the test, this includes: Carlton Smith, Mark Saunders, Linda
Kraemer, Brett Kelcey, and Alicia McKellips. Additionally, department leads along with
77
at least one representative from each department should be present.
2. Building three will be occupied during the test. A memo will be sent out notifying
employees of the test. Employees should understand this will be ran as if it is a live event.
Accordingly, business processes may be interrupted.
3. Each participant in the tabletop test may help in any area in addition to having specific
tasks. The specific tasks are as follows:
a. Carlton Smith – Coordinate with all members of the CMT and act as a central
point of contact. In the event Carlton Smith is unavailable, Mark Saunders will act
as the central point of contact.
b. Mark Saunders – Verify the well-being of administration employees. Verify the
integrity of administrative workstations, and files. Communicate with 3rd
parties
c. Linda Kraemer – Verify the well-being of manufacturing employees. Verify the
integrity of manufacturing equipment. Ensure proper safety regulations are being
followed.
d. Brett Kelcy – Verify the well-being of manufacturing employees. Inspect the
building for safety hazards. Identify any damages that may cause security
breaches and act appropriately.
e. Alicia McKellips – Verify the well-being of IT employees. Verify the integrity of
IT systems. Coordinate with Carlton Smith to determine if business operations
should be transferred to the recovery site.
4. Department heads – Oversee department employees during the recovery process. Record
all relevant actions taken during the recovery process.
5. Department representatives – Follow department heads instructions to get the business
operational. If unable to receive contact from department heads, assess the situation and
act appropriately.
6. Time should be recorded from the instant of the event. With respect to the RTO, the CMT
will decide if and when the recovery process should begin at the alternate site.
7. After the simulation, all participants will meet to discuss the events. During this meeting,
all documentation recorded during the process will be reviewed. This will be an open
floor meeting where all members are encouraged to provide feedback and criticism.
8. A memo will be sent out to all employees summarizing the event.
Recommendations for Employee Acceptance Not all employees are interested or find the importance in business continuity and disaster
recovery. In order to peak their interests some simple things that can be done. Providing
breakfast / lunch for employees, offering them an increased wage for the days of attendance, or
offering incentives, such as a bonus if you attend all the meetings for a quarter.
Managing Updates to BC/DR Documents BC/DR documents will be kept on CD-ROM, on-site and off-side servers, and paper documents.
There will be a list of everywhere the documents are, and when updates are made, we can go
through the entire list, making sure each copy is replaced with the new version.
Rank of Importance
1. Off-Site Server Copy
2. Paper Copies
78
3. On-Site Server Copy
4. CD-ROM Copies
When creating CD-ROM copies, be sure to label the version number, date it was released, and
when the next update is scheduled for. Also be sure to run SHA512 hashes on the CD to verify
the integrity.
The same rules apply to Off-site and On-site server copies.
The Network Administrator receives a text message when any server is offline for more than 30
minutes, so this will ensure that our server copies are always online.
Paper copies will have the version, date, and next update release on the front cover, allowing fast
verification to be sure it is the newest.
79
Appendix A - Communication Templates
Template 1: Employee Communications Plan (non-critical)
Message Distributor: CMT
Priority Communications Channel: Email
Backup Communications Channel: Phone
Frequency of Communication: Once when threat has been detected and identified
Once when threat has been solved
To all of DigiKnight’s employees,
Management has been notified of a current threat to our business operations. Do not be alarmed -
you are not in any danger. However, the threat may impact some of your work activities. If you
are unable to access certain information sources, applications, or services, please refrain from
contacting our IT department at this time as they have been notified and are working to correct
the issue. We expected the issue to be resolved shortly, and we’ll let you know immediately if
any new developments occur.
Please direct any further questions do your immediate supervisor.
Regards,
DigiKnight’s Threat Management Team.
Template 2: Employee Communications Plan (critical)
Message Distributor: CMT
Priority Communications Channel: Email
Backup Communications Channel: Phone
Frequency of Communication: Once when threat has been detected and identified
Every ninety minutes until threat has been solved
To all of DigiKnight’s employees,
DigiKnight is declaring a state of emergency, effective immediately. A recent event has caused a
critical outage which is affecting our business operations. As a result, DigiKnight is in the
process of shifting the infrastructure to the backup site.
Please evacuate the premises immediately to ensure your personal safety. Cooperate with all
emergency and security personnel. Do not re-enter the facilities unless access has been granted
80
by the crisis management team and you are escorted by emergency personnel. To effectively
recover from this event, it will require a full team effort. Your personal wellbeing is the first
priority, after that has been established; please work diligently with the crisis management team
to help the recovery process.
Further updates will be sent out every ninety minutes until DigiKnight is recovered and is stable.
Please contact your immediate supervisor with any further questions.
The Crisis Management Team.
Template 3: Client and Suppliers Communications Plan Message Distributor: Marketing, through CMT
Priority Communications Channel: Phone
Backup Communications Channel: Email
Frequency of Communication: Once when threat has been detected and identified
Every three hours until threat has been solved
Dear sir/madam,
This message is to inform you that DigiKnight has experienced a business threat. A recent event
has caused a critical outage at the primary site located in Silicon Valley, California. This event is
critical and has rendered the facilities and equipment unusable and they have to will to be
repaired or replaced. As a result, DigiKnight is in the process of shifting the infrastructure to the
backup site.
Effective immediately, production is at a temporary halt. To ensure your safety please refrain
from coming to our facility or delivering any products. Do not enter the facilities at the primary
site. DigiKnight is working vigorously to transition to the backup site to resume our business
processes. There is no immediate action necessary on your behalf but please understand we are
temporarily unable to process or deliver products. We kindly ask for your understanding in this
matter.
Further updates will be communicated every three hours until DigiKnight is recovered and is
stable. If you have any further questions, please contact us at
Regards,
DigiKnight’s Crisis Management Team
Template 4: Media Communications Plan Message Distributor: Marketing, through CMT
Priority Communications Channel: Email
Backup Communications Channel: Phone
Frequency of Communication: Once when threat has been detected and identified
Every two days until threat has been solved
81
In case of security breach where PII was compromised Dear sir/madam,
This message is to inform you that DigiKnight has experienced a business threat. A breach by
outsiders of DigiKnight’s IT systems has caused a compromise of personally identifiable
information (PII) that was stored on our systems. We are notifying you because there is a
possibility that your information might have been compromised.
We are currently working with state and federal agencies to determine the impact of the security
breach and to indentify and prosecute the responsible parties. We will send out a follow up email
every two days with further information on this situation.
We would like to offer our sincere apologies for this incident. If you have any further questions,
please contact us at [email protected].
Regards,
Carlton Smith,
CEO of DigiKnight Technologies
In case of a disaster originating from DigiKnight’s premises To whom it may concern,
DigiKnight is declaring a state of disaster, effective immediately. A recent event has caused a
critical situation at the primary site located in Silicon Valley, California. This event is
catastrophic and has rendered the facilities and equipment unusable and unsafe. Unfortunately,
the incident was of such magnitude that buildings are areas surrounding DigiKnight might also
be affected.
To ensure your safety, please do not venture onto or near DigiKnight’s premises until the
situation has been restored. DigiKnight is working with state and federal agencies to determine
the impact of the incident and discover its cause. We will send out a follow up email every two
days with further information on this situation.
If you have been injured or otherwise affected by this incident, please contact our legal and
regulatory team for further information at [email protected].
The DigiKnight Crisis Management Team
82
Appendix B - Memos
Update Memo To: Department Heads
From: Carlton Smith
Date: 11/5/2013
Re: Keeping the DR plan up-to-date
It is important for all of us to work as a team to keep the Disaster Recovery plan up to date. As a
result, we need to implement a policy for maintaining documentation. To do this effectively, it
will take a full team effort. I am putting forth a policy for review by the team, it can be found in
the BCDR document. Provided below is a brief outline of how we can maintain the BCDR
documentation.
Documentation will be reviewed on a bi-weeky basis, meaning the first and third week of every
month. The DR plan will be divided up and delegated between departments to be reviewed.
Department heads will be responsible for maintaining documentation for their department, and
may disperse tasks throughout their department. The process of reviewing the documentation
should not be a severely time consuming process. However, during this time we will be able to
spot discrepancies and submit necessary changes for policy. Additionally, the sections to be
reviewed by each department will be rotated periodically.
Furthermore we will conduct tests simulating disaster scenarios on a quarterly basis. This will
provide team members with hands on experience with DR. After each tests the process will be
evaluated, and the plan can be updated if necessary. Consequentially we will all constantly gain a
better understanding of the disaster recovery process and be prepared for a real DR.
This will be an ongoing process and will require considerable communication and cross
departmental teamwork. Therefore, I encourage you to respond and present any ideas, criticism,
suggestions, etc., with all team members. My contact information is provided below for your
convenience; please let me know what you think.
Regards,
Carlton Smith
415-555-7841
83
Test Memo To: Carlton Smith
From: BC/DR Team
Date: 11/5/2013
Re: Testing Strategy of BC/DR Plan
The BC/DR Team will be running through some testing to better prepare for a disaster scenario
and to be sure the plan we have created applies properly in a real event. We will start by
completing multiple evacuation and disaster scenarios. We will also perform a full restore
during the weekend, to avoid interfering with business. I will buy the team food and make it a
full team-building event.
The plan will need to be reviewed after testing is complete. We will conduct Root Cause
Analysis (RCA) for any problems we encountered and complete with both individual and team
post-mortems. After these events I would like to schedule time with you to sit down and review
the results, along with what can be done to improve the plan.
Thank you for your support throughout the entire process of developing and testing this plan, as
this will ensure we will have everything prepared if disaster ever strikes.
BC/DR Team
Benefits of Retaining Team Memo To: Carlton Smith
From: BC/DR Team
Date: 11/5/2013
Re: Testing Strategy of BC/DR Plan
The following paragraphs contain information on certain advantages and disadvantages of
retaining members of the original BCDR planning team. When personnel decisions such as
hiring or firing employees are made, this information needs to be taken into account when it
comes to employees who contributed to the BCDR plan documentation and employees who are
members of the Crisis Management Team.
BCDR documentation is mainly created per department. Employees in the IT department are
responsible for the creation of BCDR documentation related to IT, just as employees of the HR
department are responsible for the HR section of the BCDR document. Although each of these
84
sections go through a central approval process, it is important to realize that there typically is no
one employee in the company who knows the all the fine details of each department’s BCDR
plan.
Because of the decentralized nature of BCDR knowledge, when an original plan member leaves
the company he or she likely takes much knowledge about the BCDR process with them.
Although this knowledge is saved and retained within the BCDR document, there is a vast
difference between reading a plan and researching or designing a plan. Even if a new employee
takes over these responsibilities, they might not be able to completely grasp all the finer details
of the BCDR plan which were acquired through intensive research and planning.
On the other hand, an employee who was a member of the original BCDR planning team might
be resistant to changes in the BCDR plan. After all, they likely spent much time and effort on
the research and design process of the original BCDR plan and they might not wish to see it
changed, even if the proposed changes could be very beneficial and effective. Over the course of
time, a BCDR plan might become outdated simply by not keeping up with new developments
and recovery techniques. For instance, why backup to the cloud when the BCDR plan has a
detailed tape backup procedure?
It is for these reasons that a close eye needs to be kept on the development of the BCDR plan in
regards to who contributes to it. The expertise of original members cannot be overlooked, but at
the same time the BCDR planning committee needs to include fresh members as well. Original
members know the finer details of the BCDR processes and why they are documented the way
they are, but new members will bring a fresh perspective on these processes and might be able to
suggest changes that original members have overlooked.
BC/DR Team