IT-240
Edward Spear
Disaster Plan
10/26/2014
Associate Level Material
Appendix G
Company A
The IST Department of XYZ Computers is located on the first floor. Payroll and all human resources records are processed daily and bi-weekly for 10,000 employees. After payroll is run, data is backed up using tapes. No firewall is in place, and e-mail is on the same server as payroll.
XYZ Computers is located in the southern part of the United States in an area that receives heavy rain. During the weekend, a major water pipe broke and flooded the first floor. The water caused extensive damage to the servers, which were also on the first floor.
After reviewing the information from XYZ Computers, we assessed its most critical deficiencies and we come to an evaluation of each of the disaster that might affect the productivity and safety of the information and employees of the company.
1. Since the company is built in an area that is affected by flooding, and this happens in a relatively risk area, the IST Department has to move their hardware and software to a second floor as well as all the servers, which have to be as far away as possible to the flooding risk areas of the premises. The most valuable information of the company is kept in this servers and they have to be taken away from any risk area, for a better performance and safekeeping.
2. Payroll and Human resources since they are processed daily and biweekly, they have to back up their systems in the same frequency, we have a high number of employees and all the information has to be kept safe and updated constantly. Tapes process can be improved if applied to a RAID array, and cannot be easily stolen putting at risk very important information about the company and its workers.
3. Email has to be created within an intranet system, creating an intern website for the internal communication, and placing firewalls for information coming from external sources. It cannot run in the same server as the payroll, because even with the firewalls in place is a very delicate area that can be hacked and introduce malware to the system, placing a great amount of information defenseless to any threat.
4. All the software and hardware that was damaged by the past flood have to be check for failure or internal damage, and if it is the possibility of recovering is possible we suggest to mirror the information to a new server, before disposing the equipment, which has to be properly formatted and destroyed. All information from the company should be back up on site, but also there should be a second copy in a low risk area for natural events or vandalism.
5. Due to the volume of employees and transactions we suggest a RAID 6 array because we need a large drive capacity, this will also minimize the probability that in the case of a failure of a drive, with its double parity, it will have more tolerance for failure. We carry a big number of processes every day, and keeping the information of more than 10000 employees, and also our customers have to be a priority and needs to take action immediately.
6. We have to establish security measures and disaster evacuation plans, creating safe areas, meeting points and backup power systems, to ensure that in case of any eventuality all the employees are well informed on how to respond to an emergency, avoiding chaos and accidents. having an specialized safety team inspect the building and the area to look for high risk areas, to evaluate the plans of action and lower the risk for any personal and technical damage.
7. Drills have to be proposed and take in place at least twice a year, and in extraordinary weather event seasons, were it might be imminent an eventuality.
8. Working with the community and government, the area has to be studied for flooding risk areas, but also to use this resources for the benefit of nearby areas, creating small levees and digging channels to guide flooding waters away