“slosh” zonecentral welcome to florida!!! are you prepared to recover from a disaster? arma...
TRANSCRIPT
“SLOSH” ZoneCentralWelcome To Florida!!!
Are you prepared to recover from a disaster?
ARMA Chapter MeetingJune 18, 2013
Donna Read, CRM, [email protected]
What is a SLOSH zone?• Sea and Lake Overland Surge from Hurricanes
• Surges of water that exceed normal height
• If coastal, then it comes with the tide and stays as long as the tide
• If near a lake, then it is the overflow from the lake after a hurricane or excess rain
Impact of Data Disasters on U.S. Companies
43% did not reopen after a disaster & 29% more closed within 3 years.
93% that suffered a significant data loss went out of business within 5 years.
Source: Disaster Recovery Journal
DefinitionsDefinitionsWhat do we mean by “disaster?”What do we mean by “disaster?”A disaster is any event that causes a A disaster is any event that causes a
loss of life, records, property, or disrupts loss of life, records, property, or disrupts business operationsbusiness operations
A disaster can be isolated and affect A disaster can be isolated and affect only one person--a car wreckonly one person--a car wreck
A disaster can affect many people--warA disaster can affect many people--war
Disaster PlanningDisaster Planning
What is the goal of disaster planning?What is the goal of disaster planning?
There are two closely related goals:There are two closely related goals: Mitigate the effects of a disaster by Mitigate the effects of a disaster by
having a tested, comprehensive having a tested, comprehensive plan in placeplan in place
Recover from a disaster as speedily as Recover from a disaster as speedily as possible possible
Disaster PlanningDisaster PlanningWhat would mitigate a disaster?What would mitigate a disaster? Having certain records protected in a Having certain records protected in a
vital records planvital records plan
Providing rapid response in a disasterProviding rapid response in a disaster contacting fire, police departmentscontacting fire, police departments knowing how to recoverknowing how to recover
Knowing who is responsible for what Knowing who is responsible for what
Disaster PlanningDisaster PlanningHow do we ensure that our records will How do we ensure that our records will
survive a disaster?survive a disaster? Create a planCreate a plan
Identify all those who have a stake in Identify all those who have a stake in recoveryrecovery
Include records management, Include records management, IT, IT, legal, safety officer, legal, safety officer, and and othersothers
Disaster Planning – Role of IT
Responsible for electronic records
Ensures backups are performed
Store backups off-site
Arranges for mirroring, hot sites, cold sites, mobile sites
Data recovery – knows the priorities
Knows hardware/software needed for access
Disaster Planning – Role of RM
Inventory records
Identify vital records
Responsible for non electronic vital records
Arranges off-site storage of non electronic vital records
Analyze The Threat Look at natural and man made
threats.
Are you sitting in a SLOSH zone, if so which one?
Next to a rail line, what is being transported on the rail cars?
How far are you from a nuclear power plant, a river?
Are you in a highly competitive business?
Levels of Disaster
Lost DocumentSubfunction affectedOne or two functions affectedDestruction of major building-nonwork hoursDestruction of major building-working hoursSevere localized natural disasterMost sever conceivable-national scope
Obvious DisastersFire - electrical, arson, lightning
Water - hurricane, sprinklers, busted pipes
Structural - tornado, termites, sink holes
Power Outage – storms, terrorist, construction workers
Quiet Disasters Pest problems
Media decay
Technology obsolescence
Food spills
Light
Temperature
Humidity
Poor Records Management
Technological Disasters Unauthorized access, alteration or theft of data
System failure
Inadequate firewalls and antivirus protection
Backup tapes not checked for integrity
Machinery used too close to computer equipment
Incompatible software
Threat Levels 1 & 2 to Digital Infrastructure
Level 1: Nontechnical threat that impacts technical resources. This includes media threats and sabotage situations that don’t involve direct infrastructure attacks.
Level 2: Nontechnical attack; technical threat. This includes the loss of sensitive media/laptops and detection of unsuccessful intrusion attempts against vital systems.
Threat Levels 3 & 4
Level 3: Technical attack; potential for data loss. This includes failing hardware, successful intrusion attempts, and virus alerts.
Level 4: Data loss; small-scale system outage. This includes the loss of a single server, a single data system taken offline, and multiple nonvital services lost.
Threat Level 5
Level 5: Severe technical disaster. This includes data center destruction, a widespread virus attack, and multiple failures of vital data systems.
Why Have Threat Levels?Everyone in the organization will be on
same page.
You won’t waste vital time and resources disseminating information to staff.
A definitive systems for disaster response gives you an edge when it is time to document systems and procedures.
There are 5 levels of HurricanesCategory 1 storms have winds of 74-95 miles
per hour, making them the weakest of hurricanes. Even these storms can generate a storm surge of 4 or 5 feet above normal high tide.
Category 2 storms have winds of up to 110 miles per hour, and can push a storm surge of 6 to 8 feet.
Category 3 storm winds can reach 130 miles per hour. This is the cutoff for "major" hurricanes, with commensurate storm surge potential of 9 to 12 feet.
Hurricane Categories cont.Category 4 winds can be as high as 155 miles
per hour, and such a storm brings a 13 to 18 foot storm surge.
Category 5 storms, with winds greater than 155 miles per hour, are very rare. These monsters can have storm surges of over 30 feet. Only 2 such hurricanes have hit the U.S. this century - Camille in 1969 and Andrew in 1992. Katrina was downgraded to a Cat. 4/3
Recent History - 2004Charlie was a category 4
14 foot storm surge in Tampa Bay
Frances was a category 413 to 18 foot storm surge.
Ivan reached category 5 storm surges of over 20 feet
Does Your Disaster Plan Have Levels?
Depending upon your location the difference between a category 1 and category 5 hurricane might be placing the CPU on the desk or removing it from the building.
Critical Business Functions
What would put you out of business?
What critical functions does your organization perform?
What records and infrastructure are needed to support those functions?
Vital Records--What are They?Vital Records--What are They?
Vital Records provide the means for Vital Records provide the means for your your business to resume business to resume operations after a operations after a natural or natural or human disasterhuman disaster
Two Types:Two Types: Emergency operatingEmergency operating
records records Legal and financialLegal and financial
rights records rights records
Vital Records Needed During Emergency
Staff Contact and Assignment InformationEmergency/Continuity of Operations PlanOrders of Succession and Delegations of
AuthorityPolicy, Procedural, and Systems ManualsBuilding BlueprintsSoftware Documentation List of Who has the Credit Cards so Emergency
Purchases can be madePayroll and Accounts Receivable (if emergency
is of long duration)
Vital Records Not Needed Immediately During the
Emergency Payroll and Accounts Receivable (If
emergency is of short duration)
Social Security and Retirement
Public Safety Records
Titles, Deeds, and Contracts
Licenses and Long-term Permits
Vital Records--Vital Records--ProtectionProtection
Ensure that Vital Records are Ensure that Vital Records are identified identified and included in disaster and included in disaster planplan
Include electronic records Include electronic records
Involve upper management in this Involve upper management in this program; support is keyprogram; support is key
Vital Records--ProtectionVital Records--Protection
Four methods to protect Vital Records. Four methods to protect Vital Records. All have advantages and All have advantages and disadvantages. Choose carefullydisadvantages. Choose carefully
Vaults/fire resistant cabinets Vaults/fire resistant cabinets Off-Site Storage/Records CenterOff-Site Storage/Records Center Planned DispersalPlanned Dispersal Routine DispersalRoutine Dispersal
Inside TX HHS Bldg
Disaster Planning– Elements of a Disaster Planning– Elements of a PlanPlan
Create a plan – based on risk Create a plan – based on risk assessmentassessment
First and foremost--human safetyFirst and foremost--human safety Ensure everyone understands that Ensure everyone understands that
safety safety comes firstcomes first
Galveston Hurricane, 1900
Disaster Planning - Elements of a Disaster Planning - Elements of a PlanPlan
Appoint a team to be Appoint a team to be responsibleresponsible
Elements include Elements include prevention, prevention, preparation, action during preparation, action during disaster, & disaster, & recoveryrecovery
Assign prioritiesAssign priorities Know what needs to be Know what needs to be
saved first, saved first, second, second, third, etc.third, etc.
Disaster Planning - Elements of a Disaster Planning - Elements of a PlanPlan
Develop a list of supplies you will Develop a list of supplies you will needneed
Have a sheet of contacts, who will Have a sheet of contacts, who will contact whom, and whencontact whom, and when
Have multiple copies of this Have multiple copies of this information and keep in multiple information and keep in multiple locationslocations
Disaster Planning - Elements of a Disaster Planning - Elements of a PlanPlan
Know your buildingKnow your building Floor plansFloor plans Emergency cut off switches for Emergency cut off switches for
utilitiesutilities
Know your neighborhoodKnow your neighborhood Hazards around youHazards around you Flood plain, etc.Flood plain, etc.
Disaster Planning - Elements of a Disaster Planning - Elements of a PlanPlan
Keep it updatedKeep it updated Current telephone Current telephone
numbers, etc.numbers, etc.
Re-examine Re-examine yearly--at leastyearly--at least
Disaster Planning - Elements of a Disaster Planning - Elements of a PlanPlan
Test the planTest the plan Mock disastersMock disasters
Make them Make them meaningfulmeaningful
Disaster will Disaster will strike, strike, so be so be readyready
Arlington, TX Tornado March 2000
Disaster Planning – Testing Disaster Planning – Testing Cont.Cont.
Is plan out of date Bottlenecked data links Test becomes a disaster Acceptable down-time
changes Needed personnel were
not available Personnel was not trained
to recover data Equipment not available
Disaster Planning – Testing Disaster Planning – Testing Cont.Cont.
Identify areas that need modification
Review reliability of backup systems, facilities & procedures
Assure backup & duplication systems are adequate & appropriate
Assure training is adequate
Ensure that recovery & salvage procedures are adequate
Disaster RecoveryDisaster RecoveryWhat would help a rapid recovery?What would help a rapid recovery? Knowing how records will be Knowing how records will be
salvagedsalvaged
Knowing vendors for Knowing vendors for supplies/services and having supplies/services and having some supplies on handsome supplies on hand
Reducing confusionReducing confusion after a disaster after a disaster
Knowing where recordsKnowing where records are located are located
Priorities in the Recovery Process
People First – find and account for your people
Physical environment – stabilize it
It Systems (This should be documented so well that anyone can restart systems, etc.)
Paper, film, and other media
Assess the Damage
How much damage?Kind? (Document on paper & photo)Confined?Records affected – vital or not?Media?Replaceable?Outside help needed?
Is Paper Relevant?It is estimated that 90% of information is still
retained on paper
2.7 billion sheets generated daily
Average document is copied 19 times
200M documents filed daily
World-wide consumption of paper has tripled in the last 3 decades.
Freezing Records Immediate stabilization of
affected records
Protects most damaged records until they can be treated
Freezer trucks or coldplants for big volumes
Chest freezer or lunchroom fridge for small volumes
Disaster Planning--Disaster Planning--SummarySummary
Know who will do what whenKnow who will do what when
Plan to provide recovery suppliesPlan to provide recovery supplies
Ensure safetyEnsure safety
Prevent or mitigate disastersPrevent or mitigate disasters
Plan for the worst, hope for the bestPlan for the worst, hope for the best
Disaster Planning--Disaster Planning--SummarySummary
Disaster planning mitigates your Disaster planning mitigates your losses if losses if disaster strikes disaster strikes
A good plan allows you to recover A good plan allows you to recover and and to deliver your services quicklyto deliver your services quickly
A disaster plan is always evolving; A disaster plan is always evolving; update frequentlyupdate frequently