Data Disaster Recovery Plan

Information Technology Statement of Intent

This document delineates our policies and procedures for technology disaster recovery, as well as our process-level plans for recovering critical technology platforms and the telecommunications infrastructure. This document summarizes our recommended procedures. In the event of an actual emergency situation, modifications to this document may be made to ensure physical safety of our people, our systems, and our data. Our mission is to ensure information system uptime, data integrity and availability, and business continuity.

Policy Statement

Corporate management has approved the following policy statement:

  • The company shall develop a comprehensive IT disaster recovery plan.

  • A formal risk assessment shall be undertaken to determine the requirements for the disaster recovery plan.

  • The disaster recovery plan should cover all essential and critical infrastructure elements, systems and networks, in accordance with key business activities.

  • The disaster recovery plan should be periodically tested in a simulated environment to ensure that it can be implemented in emergency situations and that the management and staff understand how it is to be executed.

  • All staff must be made aware of the disaster recovery plan and their own respective roles.

  • The disaster recovery plan is to be kept up to date to take into account changing circumstances.

Objectives

The principal objective of the disaster recovery program is to develop, test and document a well-structured and easily understood plan which will help the company recover as quickly and effectively as possible from an unforeseen disaster or emergency which interrupts information systems and business operations. Additional objectives include the following:

  • The need to ensure that all employees fully understand their duties in implementing such a plan

  • The need to ensure that operational policies are adhered to within all planned activities

  • The need to ensure that proposed contingency arrangements are cost-effective

  • The need to consider implications on other company sites

  • Disaster recovery capabilities as applicable to key customers, vendors and others

List of responsible people

Title

Contact option

Title

Contact option

Product Development Team Lead

email, phone

Technical Support Lead

email, phone

Technical Support Rep.

email, phone

Product Development Lead for SLA Time and Report & Issue History Add-ons

email, phone

Time in Status Add-on Product Development Lead

email, phone

Infr. Security responsible

email, phone

Notification Calling Tree

  • Person Identifying Incident

    • Technical Support Rep.

      • Technical Support Lead

    • Product Development Lead for SLA Time and Report & Issue History Add-ons

      • Product Development Team Lead

      • Infr. Security responsible

    • Time in Status Add-on Product Development Lead

      • Product Development Team Lead

      • Infr. Security responsible

Recovery Preparations

A critical requirement for disaster recovery is ensuring that all necessary information is available to assure that hardware, software, and data can be returned to a state as close to “pre-disaster” as possible. Specifically, this section addresses the backup and storage practices as well as documentation related to hardware configurations, applications, operating systems, support packages, and operating procedures

Data Recovery Information

Backup/Recovery files are required to return systems to a state where they contain the information and data that was resident on the system shortly prior to the disaster.

Backup tape locations and retention periods summarized in the table below:

Type:

Location:

Type:

Location:

Daily Backup (Server)

AWS Snapshots

Daily Backup (Database)

MongoDB Atlas Snapshots

 

General Application Recovery Procedures

The following steps are guidelines to be followed for the overall restoration of systems. While the coordination and extent of personnel involved will depend on the type and severity of the disaster, the following steps may be required:

It is implied in the procedure below that steps are simply provided as a guideline. The magnitude and type of disaster, and the number of systems affected will require that certain steps be augmented (at the discretion of the Teach Support Lead), and that other steps will not be applicable to the situation at hand.

  1. Determine extent of damage and make determination as to the following:

    1. Determine extent of applications affected

      1. Webserver

      2. Database

  2. Verify most recent server or database snapshot.

  3. Upon restoration of the datacenter and servers to operational state:

    1. Restore systems using snapshot images

    2. If necessary, load application software and test/validate

    3. If necessary, load data and verify integrity

  4. Test systems, and communication equipment as required to validate physical operation and performance.

    1. Server testing

    2. Network testing

    3. Addon testing

  5. Verify overall performance of specific system(s) and report readiness to Tech Support Team, Management Team, and user community.