IT Staff Convention 2006: Business Continuity Planning

From Provider Wiki

Jump to: navigation, search

Business Continuity Planning

9 attendees, including moderator and note taker

Facilitator: Dominic Pasqualino, Office of Audit, Compliance and Privacy

Notes: Bob Barron, ISC, Technology Support Services


Does anyone currently have DR/BC plans?

  • Housing – files stored on memory sticks in two different places, have an alternate location with forms/papers already there to enable easy movement of operations. Disaster recovery – web server run in ISC Machine Room, and also uses a third-party offsite service (IPR)
  • Business Services – most critical systems operated in ISC. For FY07 – concentrate on bus continuity. For instance, how would Penncard/Campus Mail be operated in case of a disaster?
  • Networking has utilized BC plan during planned maintenance outages. Networking's plan is mostly room based (bring up failover site). Outage is in hours, if that. Campus is notified via email of outage. How is plan funded, and how much is the funding? Networking has three people who are able to implement plan: hardware is purchased in duplicate, and synchronous real-time data copy is used. All of this is very expensive.
  • SEAS only has one machine room (duplicate servers). Offsite backups. DR will be fairly manual. Not sure how to proceed, since risk level is mitigated by fact that 1-2 day downtime is acceptable for them.


Recommendations by other group members:

  • BC plan should be tested at least once a year.
  • Instead of focusing on a complete disaster, should focus on more likely day to day scenarios (i.e. small fire, flooding on several floors)
  • Build a bc team, concentrate on diff scenarios (least likely, most likely) and prioritize. Even prioritize by diff departments (should some folks be sent home if necess?)
  • Phone trees should be documented


Office of Audit, Compliance and Privacy offered to sit with anyone and talk about its plan.


Other things to consider...

  • Is centralized funding for a DR/BC a possibility? Would there be interest in this?
  • Possible learn from other scenarios (power outage, for example).
  • Maybe offload email service to outside providers (Gmail, Yahoo).
  • Wharton utilizes a third-party hosted app to answer problems. What if third-party DR doesn’t happen? What is the backup plan (manually answering emails isn’t scalable any more). Find backup vendors? May just have to accept risk.
  • Document, document, document plan. Identify high-risk areas (i.e. one person responsible for high priority service).
  • More detailed info available? Can/should other departmental BC plans made available? Should there be a central source for info/questions? Should plans be made available – folks may not want to share them (may need to edit out personal/political info).


Link to BCP information on the OACP website [audit/bcp_ten_step_program.htm]

Retrieved from "http://prowiki.isc.upenn.edu/wiki/IT_Staff_Convention_2006:_Business_Continuity_Planning"
Personal tools