The best magazine
Assess the following five scenarios:
IT and Data communication loss - Scenario One
This is a situation where you loose all IT and Data Communications, IT Infrastructure, E-Mail Service, access to information stored electronically, IT support service, inter organisation building communications, other external communications, voice communications, fixed line (Internal (Private) and PSTN (Public)) Telephone Services, mobile telephone services.
Building loss – Scenario Two
This is a situation of unavailability/loss of part or one or more buildings which can occur through environmental incidents such as fire, water damage, explosion etc.
Building Access Restrictions - Scenario Three
Normal access to buildings may be denied or restricted through a range of factors including the utility failure scenario, civil unrest in the area, police cordons from terrorist incidents, building occupation, etc. Access to the organisation's building(s) may be: temporarily accessible but not usable, not accessible at all.
Utility Failure - Scenario Four
As the organisation is dependent on water, electricity, and gas utilities. If any of these fail because of problems, then the affected building(s) could have to close (e.g. if there was no water a building may have to close on health grounds). In this circumstance, it is likely (although not guaranteed) that temporary access would be possible to retrieve equipment and documentation. Related to this utility failure scenario, the consequent effects could be lack of lighting, heating, and a usable physical access security system, thus rendering the building(s) unusable (although probably accessible temporarily).
Staff Unavailability - Scenario Five
Staff (including contract support, such as the supplier of support service/helpdesk IT support staff) may be unavailable for a number of reasons, including: significant loss of life (e.g. through fire, explosion), widespread failure of public transport through a major incident or industrial action, adverse weather conditions, widespread illness (e.g. an influenza epidemic), mass resignation or other form of industrial action.
Obtain answered to the following questions:
If the office is inaccessible, how far is the recovery site in kilometres?
Is the recovery site fully equipped with stationery, telephones, printers, PCs, TVs, desks?
Would it take less than one hour to retrieve off-site copies of critical recovery data?
Has all staff personal telephone numbers been updated for call cascade?
Can the recovery site give an assurance that separacy /diversity services are in place in the wide area network?
What is the organisation's emergency telephone number for staff to call?
How effective is the call redirection?
Can the organisation confirm, where mirror systems are used, that backup devices and software are in place to manage backups from a single replicated system when the primary has failed?
How long will it take to have recovery of all aspects of critical IT systems and restoration of connectivity to critical networks including tests of critical computer systems and associated hardware in event of a disaster?
Does the recovery site have a Disaster recovery plan?
Confirm if the organization's IT security elements include the following elements: Firewalls, encryption, Anti-virus products
Confirm if IT environment humidity, ventilation and air-conditioning are controlled.
Confirm if IT environment is protected by fire detection and suppression.
Confirm if Power can be provided by generator(s) for at least three days using on-site stored fuel.
Confirm if physical access to critical areas and floors is restricted by guards' presence.
The test result should be recorded to show whether everything worked as expected, and if it did not, what happened and why, and what deficiencies were noted in the plan and its action task lists, supporting facilities, locations, etc. Record details of any revisions required to the plan and/or supporting facilities, locations, etc.
Source: ...