Business Continuity Plan for Riordan Manufacturing
A limited time offer! Get a custom sample essay written according to your requirements urgent 3h delivery guaranteedOrder Now
Riordan Manufacturing is in need of a new network, this plan will develop a network that will benefit the business, the employees and the customers in a manner that will provide all of them with a smooth operating experience as well as to future proof the entire network. The Network will handle all incoming and outgoing traffic for both the employees on the intranet, as well as the customers on the external internet web site. Quality of Service (QoS) will be implemented to assist in data tracking for use of the bandwidth to determine and plan how much bandwidth is needed and to determine where congestion issues are as they arise. The plan is to implement all of the locations into one wide area network (WAN). The locations are in San Jose, California; Albany, Georgia; Pontiac, Missouri and Hangzhou, China. All of these locations will be backed up and implemented to run together as one unit while maintaining the flexibility of the local area networks (LAN’s) that they are. All access will use VPN’s for the added security layer using the client CITRIX. Security measures will also be implemented to ensure that the network is secure for the business, its employees and of course, the customers. This plan will outline and identify the information team, from the Chief Information Officer (CIO), to the programmer analyst to show the order of the IT team and the roles they are currently in.
Business Continuity Organization
Name Job Title Roles/Responsibilities Reports To
Maria Castillo Database Analyst Designs logical and physical databases and coordinates database development. Network Administrator Gary Tucker Stacey Jones Manager IT Services (Albany) Directs and coordinates local area computer network activities. Chief Information Officer Dirk Kort Manager IT Services (Pontiac) Directs and coordinates local area computer network activities. Chief Information Officer John Lefever Network Administrator Installs, configures, and troubleshoots local area computer networks and associated assemblies. Manager IT Services (Albany) Gilbert Lofaro Program/Analyst Analyzes requirements and develops computer programs. Network Administrator Gary Tucker Bill McConnell CAM Support Specialist Support computer-aided manufacturing processes within assigned plant. Provide technical assistance to computer system users. Answer questions or resolve computer problems for clients in person, via telephone or from remote location. May provide assistance concerning the use of computer hardware and software.
Network Administrator John Lefever & Bill Mosterd Patricia Miller Manager IT Services (San Jose) Directs and coordinates local area computer network activities. Chief Information Officer Bill Mosterd Network Administrator Installs, configures, and troubleshoots local area computer networks and associated assemblies. Manager IT Services (Albany) Vinh Nakaajima Network Administrator Installs, configures, and troubleshoots local area computer networks and associated assemblies. Manager IT Services (San Jose) Don Peterson Program/Analyst Analyzes requirements and develops computer programs. Network Administrator Vinh Nakaajima Young-Sook Phin Program/Analyst Analyzes requirements and develops computer programs. Network Administrator Vinh Nakaajima Vongpaka Phouthaphone Database Analyst Designs logical and physical databases and coordinates database development. Network Administrator Vinh Nakaajima Bounmy Rattanavong Program/Analyst Analyzes requirements and develops computer programs. Network Administrator Gary Tucker Julie Saagman Administrative Assistant Provides administrative support (copying, word processing, scheduling, etc.) for one or more managers.
Aimee Samus CAD/CAM Support Specialist Work with CAD systems creating, modifying and releasing drawings and word drawings under direct supervision of a supervisor for use by other departments and customers. In addition, support computer-aided manufacturing processes as they are designed. Network Administrator Vinh Nakaajima Mary Tran Web Support Specialist Supports Web-based products and services through email support, desktop support and telephone support. Interacts with customers and troubleshoots problems to provide a high level of customer satisfaction. Network Administrator Vinh Nakaajima Kim Tran Database Analyst Designs logical and physical databases and coordinates database development. Network Administrator John Lefever & Bill Mosterd Maria Trinh Chief Information Officer Chief IS/IT officer of organization. Develops strategy for information systems department based on long term corporate goals.
Chief Operating Officer Hugh McCauley Phan Trinh CAM Support Specialist Support computer-aided manufacturing processes within assigned plant. Provide technical assistance to computer system users. Answer questions or resolve computer problems for clients in person, via telephone or from remote location. May provide assistance concerning the use of computer hardware and software. Network Administrator Gary Tucker Robert Trinh Program/Analyst Analyzes requirements and develops computer programs. Network Administrator John Lefever & Bill Mosterd Gary Tucker Network Administrator Installs, configures, and troubleshoots local area computer networks and associated assemblies. Manager IT Services (Pontiac) Dan Tully Telecommunications Specialist Installs and repairs telecommunications systems and equipment. Network Administrator Vinh Nakaajima N/A Contract Employees Contract Labor Manager IT Services (China – Chinese National) N/A Manager IT Services (China – Chinese National) Directs and coordinates local area computer network activities. Chief Information Officer Business Impact Analysis
The business impact analysis will assist in the development of a contingency and disaster recovery plan for Riordan Manufacturing’s wide area network. The purpose for this business impact analysis is to predict the consequences of disruption of Riordan’s function and processes and gather the necessary information to develop recovery strategies.
Riordan Manufacturing should list servers and personal computers because multiple applications may reside on each device. According to AIMS, Inc., (n.d.), “It is recommended that all critical server and critical personal computer data be backed up. Copies of the personal computer files can be uploaded to a server just before a complete save of the system is done. Personal computer backups are then saved with the normal system save procedure” (Backup Details). As a result, this provides Riordan Manufacturing a more secure back up of personal computers-related systems if a local area disaster occurs at any of the locations of the WAN (AIMS, Inc., n.d.). Priority Applications Storage Location Amount of Data Type of Device Storage Media Approximate Restoration time
Business Continuity Strategies & Requirements
Business continuity strategy is following these areas:
“Business resumption planning – The operation’s piece of business continuity planning Disaster recovery planning – The technological aspect of business continuity planning; the advance planning and preparations necessary to minimize loss and ensure continuity of the critical business functions of an organization in the event of disaster Crisis management – The overall coordination of an organization’s response to a crisis in an effective, timely manner, with the goal of avoiding or minimizing damage to the organization’s profitability, reputation or ability to operate (“ISACA: About IISACA”, 2014)” Risk management and disaster recovery planning work together to produce value to each risk that could affect Riordan and then designing a disaster recovery plan that address each risk base on the value of risk to Riordan. For instances, a Riordan employee use a USB flash drive to transfer documents from other employees. Somehow a virus was downloaded onto the USB flash drive and one of the employee’s executes the virus on computer while connected to the internal network.
The virus starts to encrypt shared folders on the network. Though there might not be a direct policy against using USB drive for file transfer, Riordan must have a recovery plan that can address a crisis like this. Crisis management is where Riordan can organize to implement a disaster recovery plan which would be in place for such an attack. Virus attacks are common and preventive measure can reduce the damage of such an attack. In addition, preventive measure might only warn of an issue not directly address the issue so having a plan that includes: Contact Management
Address: who is doing what
Isolating the issue
Implementing Disaster Recovery Plan
Riordan should have backups off all shared document that can be restored after an attack has been naturalized and removed. All data should be available even if the internal networks of servers are down because of an attack. Backups and cloud base file storage helps for, “act of God,” disasters where employees might have to work offsite because of physical damage to the infrastructure at Riordan.
Training, Testing & Exercising
Training Riordan Employees
All Riordan employees will be trained in understanding business recovery plan and how it affects them directly. “…training refers only to informing personnel of their roles and responsibilities within a particular IT plan, such as decision making, and teaching those skills related to those roles and responsibilities (“NIST: Guide To Test, Training, And Exercise Programs For IT Plans And Capabilities”, 2006).” Training Riordan employees on roles and responsibilities prepares employees in how to act and what to do in case of a disaster. Implementing a disaster recovery plan relies on employees knowing what to do and how to act. Training, testing, and exercising are important to the success of a disaster recovery plan. Testing schedule, procedures, and business recovery strategies “Test are evaluation tool that use quantifiable metrics or expected outcomes to validate the operability of a system or system component …that are identified as critical in an IT plan (“NIST: Guide To Test, Training, And Exercise Programs For IT Plans And Capabilities”, 2006).” In creating a disaster recovery plans, testing the plan is ideal in insuring when the plan is implemented it work as planned. Building a testing schedule involves first creating a need for a test and then insuring all elements that are being testes are ready, like: Training of employees
Orientation to over the exercise
All system are ready
Procedures have been created and defined
All legal requirements are met
Tabletop and full-scale exercises
“Tabletop exercises are discussion-based exercise where personnel meet in a classroom setting or in a breakout groups to discuss their roles during an emergency and their responses to a particular emergency situation (“NIST: Guide To Test, Training, And Exercise Programs For IT Plans And Capabilities”, 2006).” Tabletop exercises help when training for a full-scale exercise and insure all employees are prepared to perform their role. A full-scale exercise is to execute a disaster recovery plan to insure all aspect work properly. “Functional exercises allow staff to execute their roles and responsibilities as they would in an actual emergency situation, but in a simulated manner (“NIST: Guide To Test, Training, And Exercise Programs For IT Plans And Capabilities”, 2006).” Program Maintenance and Improvement
Preparing for disasters
Disasters can strike in many forms and manners from accidental data theft to a natural disaster and anything in between; Riordan Manufacturing needs to be prepared to recover any data and to get an offline network online as soon as possible in one of these events To ensure this happens, the protocols need to be in place to outline what triggers will create an additional backup as well as to ensure that if the main network is detected offline or flooded with a high amount of traffic to cut the main network off and run off the backup locations. During routine maintenance, there will be multiple checks for viruses, malware and unusual activity; this will be in accordance with the Intrusion Protection System (IPS) that will also be installed with monitoring for our ecommerce side to protect that side as well.
This will give the business the added edge needed to ensure that the data is protected and safe, and able to be online at all times to prevent excessive downtime. To do this, a schedule will be set up to sync all data within the network, at least once a night. Bi-weekly maintenance will be performed to ensure that all codes and web applications are up to code and not corrupted. Data shall be backed up at a scheduled time each night to ensure that all systems are reserving the same data incase disaster does strike. There is a method to each business backing the data up, as well as to maintaining the QoS system (“Cisco”,2014). QoS can be affected when data is backed up, bogged down, and not maintained correctly. This is just one of many QoS affecting statistics, and should always be kept in line. Preventing the overloading data directly affects QoS, giving just one more reason to maintain the backup of the networks (“Techtarget”, 2014).
With Riordan Manufacturing’s new network, all data form all sources will be protected against all threats internal and external. The network will be set up and maintained on a schedule to ensure that all errors are caught and corrected before they become problems. An IPS system will be in place with external monitoring to protect the data on the ecommerce site to give the added protection for the business to know that all transactions, both internal and external are secure and backed up in the case of disaster. A back up dynamic network will be put in place in a separate location to ensure that if disaster strikes, there becomes too much traffic on the network, or any other reason deemed worthy, the backup network will take over and allow the main network to be reviewed and repaired. All of the changes will benefit anyone using the network from the IT team to the customers and employees, this is a change for the better.
AIMS, Inc., (n.d.). Application / Hardware – Business Impact Analysis Template. Retrieved from http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCcQFjAA&url=http%3A%2F%2Fwww.aims1.com%2FFiles%2FRepository%2FBusinessImpactAnalysisTool.pdf&ei=OFNMVIzYMYWsyAS9tYKgDQ&usg=AFQjCNGfaUC6ihAIDen3rLsv_OY7YAkp6w Cisco. (2014). Retrieved from http://www.cisco.com/c/en/us/products/ios-nx-os- software/quality-of-service-qos/index.html
Federal Emergency Management Agency (2014). Business Continuity Plan. Retrieved from http://www.fema.gov/media-library/assets/documents/89510 Federal Emergency Management Agency (2014). Business Impact Analysis Worksheet. Retrieved from http://www.fema.gov/media-library/assets/documents/89526ISACA: About ISACA. (2014). Retrieved from http://www.isaca.org/about- NIST: Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities. (2006). Retrieved from http://csrc.nist.gov/publications/nistpubs/800-84/SP800-84.pdf TechTarget. (2014). Retrieved from http://searchdatacenter.techtarget.com/tip/Five- ideas-for-setting-up-a-data-center-disaster-recovery-plan isaca/Pages/default.aspx