INFORMATION TECHNOLOGY DISASTER RECOVERY PLAN
The business world is tormented with a broad array of revolting likelihoods. To be specific, disasters are still positioned as the most distressing advances that are capable of cropping up in any firm at any time. Normally, disaster manifestation impacts the business and continuity by messing with the organizational, operational mechanisms. Consequently, most businesses have embraced the idea of creating business continuity plans purposely to efficaciously manage disasters that may prospectively recur. Undoubtedly, effective IT disaster recovery plans are of the greatest imperative to all firms, hence the necessity of promptly creating such plans. This IT disaster recovery plan is specifically established for Standard Chartered Bank.
Programs addressing both dangers and natural disasters are put in place to make the overall plan. The plan provides a recovery outline by anticipating impending disasters and threats that are likely to take place within the firm (Sahebjamnia, Torabi, & Mansouri, 2015). Considerations regarding the security and safeguard of both the firm’s employees and its clients have been made during the recovery plan development. Moreover, the plan looks into the condensed degree of commercial breaks often linked with disasters. Without a doubt, Standard Chartered Bank encounters numerous threats, including natural disasters and strikes. Certainly, the organization faces many threats, some of the most prominent of which include natural disasters, IT malpractices, and Strikes.
Standard Chartered Bank is among the leading firms globally, and I look forward to working with its team. The firm has branches in nearly all cities in the world, obtaining a multinational position. Financial institutions are considered susceptible to disasters and contain crucial data that has to be perfectly secured. Its crisis management team directs the response to and recovery from disasters at Standard Chartered Bank. Thus, this IT Disaster Recovery Plan offers the necessities and procedures required to respond to and recover from any threats and disasters impacting IT operations at Standard Chartered Bank to ensure that business operations go on even after an incident since systems will be easily restored.
Presently, cybersecurity issues have been immense, and cybercrimes have taken advantage of coronavirus to attack IT systems since most individuals are conducting online transactions (Probershteyn, 2020). Financial institutions, including Standard Chartered Bank, need always to be ahead of cybercrimes to win their clients’ trust. This IT disaster recovery plan is annually reviewed and restructured by the IT specialists under the chief information officer’s guidance to accommodate the current organizational needs.
A copy of this plan is stored in the following areas:
-
Department of Information Technology Office
-
Office and home of the Chief Information Officer
As a result of the uncertainties concerning the intensity of probable disasters at Standard Chartered Bank, this plan’s focus is to handle the recovery of systems utilized in controlling the bank’s operation. This plan’s key objective is to ensure that the firm endures disasters and upholds the usual business operations. To subsist, the firm has to ascertain that crucial operations can go on. The scope of this IT disaster recovery plan defines actions to recuperate all crucial services upon the occurrence of a chief disaster that constrains Standard Chartered Bank to offer essential services. The design of this plan is grounded on the outlined instances;
- The Standard chartered IT facility, including ATMs in certain countries, are inaccessible, rendering the firm branches in this location unable to go on with its routine operations.
- An austere incident resulting in the failure of IT-supported infrastructures at Standard Chartered Bank impacting the ability to recover and uphold the usual operations.
The plan looks into all stages of IT-related disasters at Standard Chartered Bank, including incident response, evaluation and disaster declaration, incident planning and retrieval, and post-incident assessment.
When coming up with the IT disaster recovery plan, the following assumptions were made:
· The Standard Chartered Bank is inoperable and can hardly be recovered from its unique location within 48 hours.
· Once an incident addressed by this plan is named a disaster, the suitable precedence must be given to the recovery exertion and the resources coupled with the necessary backing as charted in the IT Disaster Recovery Plan.
- The chosen computer system at the nearest operating Standard Chartered Bank branch has been configured to begin processing the failed IT system information.
- A lawful contract subsists that entitles the nearest operating Standard Chartered Bank branch as an alternate operating facility.
- The nearest Standard Chartered Bank branch will be utilized to uphold the IT system recovery and processing throughout the disruption period until the operations are normalized.
- Standard Chartered Bank will utilize the alternate branch building, and IT resources to recover the failed branch’s functionality in emergency circumstances that hinder its accessibility.
- Updated backups of the failed application software and information are whole and present at an offsite storage location.
- There are established and maintained service contracts regarding software, hardware, and communication experts to back the alternative system recovery.
- The adequate capacity of equipment and network are present at the alternate branch.
- This plan’s content may be changed, and extensive deviation may be necessitated in unpredicted situations. Such situations have to be dogged by the specified disaster recovery teams and approved by the incident commander.
Backup: A procedure through which information, both electronic and manual, is copied in a manner that it can be availed in case the original copy gets stolen or destroyed.
Application Recovery: A disaster recovery constituent that handles the restoration of business system software and information after replacing the processing platform.
Disaster Recovery Team: This is a group of people who are knowledgeable about disaster recovery.
Disaster: An IT incident dogged to have probable effects on business continuity and other Standard Chartered Bank operations.
Web Services: Services concerned with the internet and intranet web operations of Standard Chartered Bank.
Enterprise Applications Recovery Team: People tasked with the recovery and enterprise applications testing duties. For offsite hosted systems, the team works on their integration, authentication, and reestablishment of connectivity.
Crisis Management Team: A group of individuals who are foremost in responding to incidents they may be police, firefighters, IT experts, and security.
Network and Telecommunications Recovery Team: People in charge of data and voice network testing and recovery.
Desktop, Lab, and Classroom Recovery Team: People accountable for the testing and recovery of desktop computers, classrooms, and labs in impacted expanses of Standard Chartered Bank.
Datacenter Recovery: People in charge of creating a functional datacenter either through placing the primary center back to a functional condition or putting a cold site online for utilization.
Incident Commander (IC): Person who takes charge of all exertions during an initial incident assessment along with the Incident Command Team. Upon the declaration of a disaster, the incident commander is accountable for the general harmonization of all IT correlated recovery undertakings.
Infrastructure and Web Recovery Team: People in charge of recovery and testing of Standard Chartered Bank infrastructure systems, including servers and emails. In instances where such services are hosted offsite, these individuals are accountable for system authentication, reestablishing connectivity, and integration.
Routine Incident: An IT failure that is restricted in scope and can be handled and resolved by a specified team or people as their routine operations.
Cold/Hot/ Warm Site: these are diverse recovery sites and each phase represents the amount of time required to fail over and initiate operations from. Cold sites take more time to get operational especially when the hardware is limited.
Incident Command Team: A group of all-round skilled and knowledgeable individuals in IT firms. They are responsible for the initial evaluation of damage to tell if an official disaster declaration is necessary to harmonize the happenings of different IT DRTs.
Disaster Recovery Plan: A management authorized document that explains the resources, tasks, information, and actions necessary for managing a technology recovery exertion.
Minor Disaster: This is featured by an anticipated downtime of 48 hours or less, and limited damage to software, hardware and the operating surroundings.
Incident: A non-routine happening that is capable of distracting IT services to Standard Chartered Bank.
Major Disaster: This is featured by an anticipated downtime of more than forty-eight hours but less than seven days. Typically, such disasters have a widespread impairment to the system software, hardware, and the operating surrounding.
| Chief Information Officer | |
| Home Phone: | |
| Cell Phone:. |
| Chief Information Officer | |
| Manager, User Support | |
| Manager, Infrastructure Services | |
| Manager, Information Systems | |
| Manager, Classroom and Media Services |
All Contact Information is located in Appendix A
The Standard Chartered Bank Datacenter Recovery Team entails individuals within the Information Technology Department that upholds the Bank’s computing surrounding and where the key IT services and resources are situated. This team is responsible for the reinstatement of the current datacenter and instigation of a secondary datacenter based on the rigorousness of a disaster. Besides, the team aids in the reinstatement of a datacenter to a state where personalized recovery teams can attain their tasks regarding server setting up and application reestablishment. The team ought to be prepared amid the occurrence of a disaster that affects the ability of the current computing facilities to back the running applications and server. The team leader is in charge of informing the IT Incident Commander on the type of disaster and the actions instigated to handle the circumstances. A harmonization of this recovery exertions is usually attained before other recovery exertions at the bank including having a primary computing facility.
| Team Lead: | Manager, Infrastructure Services |
| Team Members: | System Administrators (2) |
| Desktop Systems Administrator | |
| Network Communications Technicians (2) |
5.2 Desktop, Lab, and Classroom Recovery Team
All Contact Information is located in Appendix A
This team entails individuals within the IT department that offer backing to desktop hardware, labs, and classroom. The key responsibility of this team is to restore the desktop systems to a functioning state. Amid the preliminary recovery exertion, the team is irresponsible for reinstating data that users may have stored in the desktops. Standard Chartered Bank acclaims its employees to store all clients’ data on the file servers which are regularly backed up. The team needs to be prepared in case an anticipated disruption occurs in the desktop services and necessitates recovery exertions beyond the normal encounters. It is the duty of the team leader to update the IT Incident Commander on the type of disaster and the instigated actions to handle the circumstance. The harmonization of this recovery exertion will be attained with other recovery exertions on the bank by the IT incident.
Commander.
| Team Lead: | Manager, User Services |
| Team Members: | Manager, Classroom and Media Services |
| Desktop Systems Administrator | |
| Computing Coordinators (7) | |
| Lab and Student Computing Coordinator | |
| Equipment Systems Specialist |
5.3 Enterprise Systems Recovery Team
All Contact Information is located in Appendix A
This team entails individuals from the IT department that support the enterprise and other banking systems. The key obligation of these individuals is to restore all modules of Banner applications to the current pre-disaster configuration in instances where information is essential. In less brutal situations the team takes charge of reinstating the functional status of the system as required by any network outages, or hardware and software failures. In case the Banner or other enterprise systems encounter a crucial service distraction that necessitates recovery exertions that are dissimilar from the usual encounters, this team has to be equipped. It is the duty of the team leader to update the IT Incident Commander on the type of disaster and measures taken when handling the interruption.
| Team Lead: | Manager, Information Systems |
| Team Members: | Manager, Infrastructure Services |
| Programmer/Analysts (4) | |
| Web Programmer/Analyst | |
| System Administrator | |
| Computing Coordinators supporting affected areas (business services, payroll, enrollmentservices, etc.) | |
| Key Business Unit Personnel as needed by type of incident (payroll clerk, accountant,registrar, etc.) |
5.4 Infrastructure and Web Recovery Team
All Contact Information is located in Appendix A
This team entails individuals from the IT department who back up the network structure of the bank such as server virtualization and network storage. The prime responsibility of this team is the reinstatement of the network infrastructure and servers to their updated pre-disaster configuration in instances where information is crucial. In situations that are less brutal, the team takes charge of system restoration to an operational status as required by any conditions which could lead to a reduced operation. In instances where unpredictable disruption occurs on the network infrastructure constituents and needs recovery exertions that are beyond the normal encounters this team has to be equipped. If there are any offsite services, the team will harmonize reinstatement of such services with the extrinsic vendors. It is the obligation of the team leader to frequently update the IT Incident Commander on the type of disaster and actions taken when handling the circumstance.
Commander.
| Team Lead: | Manager, Infrastructure Services |
| Team Members: | System Administrators (2) |
| Desktop Systems Administrator | |
| Web Programmer/Analyst |
5.5 Telecommunications, Network, and Internet Services Recovery Team
All Contact Information is located in Appendix A
This team is made up of individuals from the IT department that back up the voice and information network cables within the bank. The sole responsibility of these individuals is the reinstatement of the information networks, internet and voice services to an updated pre-disaster conformation in instances where operational loss is essential. The team restores information network, internet and voice services to an operational condition as required by any failures that could limit its operations amid less brutal situations. In instances where the information network, internet or voice services are interrupted by unpredicted situations that necessitate recovery exertions beyond the usual encounters this team has to be mobilized. The team leader is obligated to keep the IT Incident Commander informed of the type of disaster and measure taken when handling the circumstance. The harmonization of this recovery exertion will be achieved with other recover exertions on bank by the IT Incident.
Commander.
| Team Lead: | Manager, Infrastructure Services |
| Team Members: | Communications Technicians (2) |
| System Administrator |
Section 6: Recovery Preparations
A crucial necessity for disaster recovery in making sure that all required data in accessible to ensure that software, hardware, and information can be put back to the pre-disaster state. This bit concentrates on how the backing up documentation, and storage procedures are carried out.
6.1 Data Recovery Information:
Backup files re needed to put back affected systems to a condition where they entail information that pre-existed before a disaster. Standard Chartered bank has installed systems which aid in backing up its information regularly. However, the information backed up is only that which has been stored in the bank systems, manual information which is recorded on paper or slips may get lost in the event of a disaster. The IT department emphasizes on the usage of on servers when storing crucial information.
6.2 Central Datacenter and Server Recovery Information
If at all the datacenter happens to be interrupted during a disaster, then it would be given the topmost reestablishment priority. The IT department should have comprehensive data on datacenters and server’s conformation which ought to be updated in the monitoring system and infrastructure website by the infrastructure staff.
6.3 Network and Telecommunication Recovery Information:
When the telecommunication is disrupted by an unpredicted disaster, re-establishing the connectivity would be the topmost priority. Recovery of these services will be attained in conjunction with that of the datacenter. Therefore, the IT department needs to have comprehensive data on the conformation of the networking equipment. It is the responsibility of the infrastructure and telecommunication personnel to ensure that the hardware inventory is updated.
6.4 Application Recovery Information:
To ascertain that applications are retrieved as they were before the disaster, information regarding their conformation is crucial. Comprehensive data on essential prime applications will be noted in the monitoring system and the infrastructure personnel will take charge in updating the infrastructure website.
6.5 Desktop Equipment Recovery Information:
To assure that client systems can be reinstated to how they were before a disaster, essential data concerning its appropriate conformation is necessary. This has to be updated in the monitoring system and the Microsoft System Center Configuration Management database where the infrastructure personnel will ensure that the hardware inventory is updated.
Section 7: Disaster Recovery Processes and Procedures
The need for engaging a Crisis Management Team and its membership relies on the incident type and size. Any circumstances that necessitate the engagement of the crisis management team will require an authorization from the CMT leader for the team members to access the building.
An IT Incident Command Team is obligated to harmonize events from preliminary notification to recovery finishing point. in case of an incident impacting the Standard Chartered Bank IT operations, the bank manager will be informed by the security team and offer a detailed evaluation of the spread of the disruption. grounded on this data, the incident commander will inform other ICT members and give them a brief incident overview. After the incident command team meeting, the ICT will evaluate the incident and determine whether it is a disaster or a routine. Areas impacted by the incident will be spotted and the appropriate personnel informed to work on the situation if it is a routine occurrence. However, in case of a disaster, the incident commander will contact the crisis management team and brief them on the disaster. The ICT will then spot the affected IT infrastructures and reach out to the specific disaster recovery teams which will address the situation.
This team is systematized to act upon diverse disasters since the teams are usually mobilized according to the disaster parameters. Upon the Crisis management team notification, the ICT is obligated to decide on the required disaster recovery teams to equip. Each team will make use of their disaster recovery data, expertise, procedures, and tools to promptly reinstate the system to a functional status
7.4 General System/Application Recovery Procedures/Outline:
- Take suitable steps to protect staff and reduce damage to the system.
- Evaluate damage and recommend for recovery.
- Recover most recent on-site or offsite backup media for preceding three backups. Organize backup media for transmission to primary or secondary datacenter, as dogged during the preliminary evaluation.
- Authenticate functional ability of all equipment on-site in the affected zone. In case of dysfunctional equipment, instigate repair and replacement actions.
- Test systems, and communication equipment as necessitated to validate physical operation and performance.
- Upon reinstatement of the datacenter and servers to operational state, reinstate systems using virtualized images
- Authenticate general performance of specific system and report gameness to Incident Command Team, Management Team, and user community.
8.0 Network & Telecommunication Recovery Guidelines:
• Take suitable steps to protect staff and reduce damage to the system.
• Evaluate damage and recommend for recovery.
• Spot other personnel necessary for helping in this service recovery and report this data to the IC for action.
• Establish a general recovery plan and plan, concentrating on the topmost priority infrastructures for the bank.
• Harmonize hardware and software substitutions with vendors.
• Supervise recovery of the voice and infrastructure based on the set priorities.
• Harmonize voice and infrastructure recovery with other recovery exertions in the bank
• Afford a planned recovery status updates to the Incident Commander to ascertain maximum comprehension of the circumstance and the recovery exertion.
• Authenticate and verify reinstatement of the voice network to pre-disaster functionality
Appendix A. IT Contact List
Appendix B. Crisis Management Team Contact List
Appendix C: IT Recovery Priority List
The following priorities have been established by the department of Information Technology with consultation from the campus community.
C.1 IT Infrastructure Priorities:
C.3 Consortium, Outsourced, and Cloud-based IT System Priorities:
| Application/System Name | Priority | RTO | RPO |
| SAP | 3 | SLA | SLA |
| Oracle EBS | 3 | SLA | SLA |
| Corniche | 2 | SLA | SLA |
| EBANQ: | 3 | SLA | SLA |
| Moneyman | 3 | SLA | SLA |
| LeaseWave Suite | 1 | SLA | SLA |
| zeb.control | 2 | SLA | SLA |
| Cashbook | 1 | SLA | SLA |
- Critical – Basic infrastructure and must be restored as soon as
- High – Systems of extreme importance, but do not provide
- Medium – Important systems and applications, but do not have university-wide
- Low – Systems important to specific departments or specific small populations of
- Full –Systems that may not be restored to functional status until normal operations are reestablished.
Note: RTO is recovery time objective, RPO is recovery point objective
| Building Name | Priority |
Note: building list continues on next page.
- Critical, needed for maintenance of public health and safety,
- High, needed for income maintenance for students, employees; payments to vendors; requirements for compliance or regulation; effect on cash flow; effect on production and delivery of services (housing, dining, student services).
- Medium, needed for mission of university, delivery of
- Low, everything else
Appendix D: Vendor Information
Appendix E: Disaster Recovery Signoff Sheet
I have been briefed and given an overview of the Disaster Recovery Plan and I am familiar with my responsibilities.
| Name | Signature | Date |