Last modified: março 14, 2025
Policy No. 4204 Disaster Recovery Plan Procedure
Visão geral
Since disasters happen so rarely, management often ignores the disaster recovery planning process. It is important to realize that having a contingency plan in the event of a disaster gives PCSD an advantage.
This procedure requires management to financially support and diligently attend to disaster contingency planning efforts. Disasters include, but are not limited to, adverse weather conditions. Any event that could likely cause an extended delay of service should be considered.
Finalidade
This procedure defines the requirement for a baseline disaster recovery plan to be developed and implemented by PCSD that will describe the process to recover IT systems, applications, and data from any type of disaster that causes a major outage.
Escopo
This procedure is directed to the IT Management Staff, who is accountable for ensuring the plan is developed, tested, and kept up-to-date. This procedure is solely to state the requirement to have a disaster recovery plan; it does not provide requirements around what goes into the plan or sub-plans.
Procedimento
Contingency Plans
The following contingency plans must be created:
- Computer Emergency Response Plan: Defines who is to be contacted, when, and how. Specifies immediate actions that must be taken in the event of certain occurrences.
- Succession Plan: Describes the flow of responsibility when normal staff is unavailable to perform their duties.
- Data Study: Details the data stored on the systems, its criticality, and its confidentiality.
- Criticality of Service List: Lists all the services provided and their order of importance. It also explains the order of recovery in both short-term and long-term timeframes.
- Data Backup and Restoration Plan: Details which data is backed up, the media to which it is saved, where that media is stored, and how often the backup is done. It should also describe how that data could be recovered.
- Equipment Replacement Plan: Describes what equipment is required to begin providing services, lists the order in which it is necessary, and notes where to purchase the equipment.
- Mass Media Management: Identifies who is in charge of giving information to the mass media.
Critical Systems Instructions
Documentation must include:
- Location of installation software
- Backup frequency and storage locations
- Username and passwords
- Support phone numbers
- Steps to restart, reconfigure, and recover the system
- Power-up and power-down procedures
- Equipment age
- Model and serial numbers
- Warranty and maintenance contract information
- Software licensing information and storage location
- IP and MAC addresses
- Supplier contacts for expertise in system recovery, including vendors and manufacturers
- Website username and password
- Server username and password
- District-assigned computer username and password
- Maps, diagrams, and charts
- Any username/password for any system where relevant information exists to recover systems (e.g., manufacturer website username and password, call-in information, etc.)
Plan Testing and Review
- After creating the plans, it is important to practice them to the extent possible.
- Management should set aside time to test implementation of the disaster recovery plan.
- Tabletop exercises should be conducted quarterly to identify and correct potential failures in a controlled environment.
- The plan will be reviewed and updated at a minimum on an annual basis.
Last Update Status:
Updated January 2015
Related Policies and Procedures
- 4204 Uso aceitável
- 4204 Auditoria
- 4204 Mesa limpa
- 4204 Plano de recuperação de desastres
- 4204 E-mail
- 4204 Treinamento de conscientização de segurança para funcionários
- Criptografia 4204
- 4204 Senha
- 4204 Acesso remoto
- 4204 Segurança do roteador e do switch
- 4204 Segurança para estações de trabalho confidenciais
- 4204 Plano de resposta de segurança
- Segurança do servidor 4204
- Instalação do software 4204
- 4204 Segurança dos serviços do site
- 4204 Comunicação de dispositivos sem fio
- 4204 Comunicação de infraestrutura sem fio