Business continuity/disaster Recovery Procedure

Last Updated
May 31, 2022

1. Introduction

The Division’s Business continuity/disaster recovery procedure is used to help the Division recover from a disaster and continue routine operations. Business continuity addresses the availability of essential operational functions and processes during and after a disaster and may include the replacement of personnel, service availability issues, operational impact analysis, and change management. The Division’s disaster recovery portion of the procedures includes, as applicable, server and network restoration, hardware replacement, and restoring access to backup data from backup systems.

2. Business continuity/disaster recovery Procedures

2.1. Introduction

To help the Division recover from a disaster and continue routine operations thereafter, the following sets of procedures may be used.

2.2. Disasters That Prevent Access to Physical Infrastructure

In the event of disasters That prevent access to Physical infrastructure (e.g. earthquakes, fire, flooding, etc.), IT Services will:

  1. If safe to do so, send staff replacement computers from other parts of the organization, including the COBD technology loan bank, that have at minimum accessible: office software, email client software , web browsing software, screen reading software, and softphone software.
  2. If possible, ensure staff have the necessary resources to connect to the internet using any available mechanisms, which may include cellular modem access or connecting a temporary office to the local internet service provider.
  3. Take inventory of any salvageable technology that can be recovered from the affected site.
  4. Develop and implement a plan to replace damaged technology.
  5. Develop and implement a plan to restore regular technology operations at the affected site when safe to do so.

2.3. Extended Network Outages

In the case of an extended network outage, herein defined as a network outage lasting longer than 2 hours, IT Services will:

  1. Contact the local internet service provider(s) to report the outage, determine whether the connectivity is with the provider’s network, and, if the problem is with the provider’s network, determine a time for service restoration.
  2. If the site is not served by redundant internet service or both services will be offline for longer than 24 hours, authorize the use of cellular connectivity for essential network functions.
  3. If the network problem is not with the local internet service provider’s network, dispatch a contractor to troubleshoot and fix the issues.

2.4. Extended System Outages

In the case of an extended outage of an essential system, herein defined as a network outage lasting longer than 2 hours, IT Services will:

  1. Contact the provider(s) to report the outage, determine whether the issue is with the provider’s system, and, if the problem is with the provider’s system, determine a time for service restoration.
  2. If the network problem is not with the provider’s system, attempt to fix the issue using remote access.
  3. If resolving the issue via remote access fails, dispatch a contractor to troubleshoot and fix the issue.

2.5. Hardware Replacement

In the case that organization-owned hardware breaks, IT Services will:

  1. Determine and document the extent of the problems with the affected hardware.
  2. Determine the minimum requirements a temporary replacement system must meet.
  3. Prepare and deliver a temporary replacement system.
  4. Request the broken hardware to be sent to IT Services for repair.
  5. Assess the broken hardware for any parts that may be salvageable.
  6. Develop and implement a plan for permanent replacement of the hardware.

2.6. Server Outage

In the event that a server operated by IT Services goes offline, IT Services will:

  1. Determine the problem.
  2. If the server is hosted by a provider, contact the provider to obtain additional information about the reason the server is offline if appropriate.
  3. Develop and implement a plan based on the problem to fix the server, including recovering data from backups.

2.7. Data Loss or Corruption

The Division uses cloud storage to backup all Division-related files. The recovery functionality of the cloud provider is used to recover files in the event of accidental file deletion, data loss, or data corruption. If needed, IT Services will advise on the procedure for recovering files through the individual cloud provider’s interface.

2.8. Unannounced Departure of Employees

In the case of an unannounced departure of an employee, IT services will:

  1. Determine if the employee has actually departed by contacting the employee’s supervisor.
  2. Upon confirmation that the employee has departed, immediately revoke their access to all email, information, and communication systems, as well as any organization-controlled networks, sites, and devices.
  3. Monitor systems to see if the employee’s credentials are used to attempt to gain access to systems and report such attempts to the employee’s supervisor, who can then report them to law enforcement if appropriate.
  4. Work with the employee’s supervisor to develop and implement a plan for the return of any organization-owned technology the employee has in their possession.
  5. Work with the employee’s supervisor to develop and implement a plan for transferring the employee’s data to an appropriate person, including the person replacing the employee in their role.

3. Reporting Incidents to IT Services

Report all incidents to IT Services. IT Services can be contacted using the information in the staff directory.

4. Testing

Testing of this procedure is carried out, analyzed, and documented at least annually. Analysis covers the effectiveness, any areas needing improvement, any actions to address the improvements needed identified in the previous test,. any implementation of the actions identified in the previous test, whether the actions taken accomplished the intended results, and any necessary education and training of staff that may be required.

5. Review

This policy will be reviewed at least annually and updated as needed.