Information Technology Risk Management

• Reading(s), from Gibson

  • Chapter 12: Mitigating Risk with a Business Impact Analysis

  • Chapter 13: Mitigating Risk with a Business Continuity Plan

• Review Lecture 1

• Review Lecture 2

Book:

• Information systems security & assurance series
• Jones & Barlett Learning
• Managing Risk in Information Systems – Darril Gibson-second edition

“Business Continuity Plan” Please respond to the following:

• Read the Business Continuity Plan for MIT. Then, recommend two (2) additional components to improve the plan. Justify your recommendations-Please see MIT BUSINESS CONTINUITY PLAN BELOW.

Please:

• List all references.
• Cover page is not needed.
• Number of pages needed: 4 + 1 full page summary-Total 5 pages
• Please use additional info (slides script) on this attachment and MIT BUSINESS CONTINUITY PLAN when elaborating on this subject.

MIT BUSINESS CONTINUITY PLAN

This is an external release of the MIT Business Continuity Plan.

For information on the plan or Business Continuity Planning at MIT, call Jerry Isaacson MIT Information Security Office at (617) 253-1440 or send e-mail to [email protected]

Copyright 1995 Massachusetts Institute of Technology

To Page the BCMT Duty Person:

Duty Person To just leave phone number To leave an 80 character message Number to call back dial: call and give PIN #

1

2

For recorded disaster recovery status reports and announcements during the emergency

call:

Copyright 1995 Massachusetts Institute of Technology

Table of Contents

Part I. Introduction

1Introduction to This Document 1 Part II. Design of the Plan 3

Overview of the Business Continuity Plan 3 Purpose 3

Assumptions 3

Development 4

Maintenance 4

Testing 4

Organization of Disaster Response and Recovery 4 Administrative Computing Steering Committee 4 Business Continuity Management Team 5 Business Continuity Management Team 5

Institute Support Teams: 6 Disaster Response 7

Disaster Detection and Determination 7 Disaster Notification 8

Initiation of the Institute’s Business Continuity Plan 8 Activation of a Designated Hot Site 8

Dissemination of Public Information 9 Disaster Recovery Strategy 9

Scope of the Business Continuity Plan 11

Category I Critical Functions 11 Category II Essential Functions 11 Category III – Necessary Functions 11 Category IV – Desirable Functions 11 Part III. Team Descriptions 12 Institute Support Teams 14

Business Continuity Management Team 14 Damage Assessment/Salvage 15

Campus Police 16

MIT News Office – Public Information 17 Insurance 19

Telecommunications 20

Part IV. Recovery Procedures 21 Notification List 21

To reach the BCMT Duty Person: 22

Business Continuity Management Team Coordinator 25 Damage Assessment/Salvage 26

Salvage Operations 27

Campus Police 28

MIT News Office – Public Information 29 Insurance Team 31

Telecommunications 32

Appendix A – Recovery Facilities 33

Emergency Operations Centers 33

Appendix B – Category I, II & III functions 34 Appendix C – Plan Distribution List 35 Business Continuity Management Team 37 BCMT Duty Person Procedures 38

GUIDE TO BCMT ACTIVATION 39

Part I. Introduction

Part I contains information about this document, which provides the written record of the Massachusetts Institute of Technology Business Continuity Plan.

Introduction to This Document

Planning for the business continuity of MIT in the aftermath of a disaster is a complex task. Preparation for, response to, and recovery from a disaster affecting the administrative functions of the Institute requires the cooperative efforts of many support organizations in partnership with the functional areas supporting the “business” of MIT. This document records the Plan that outlines and coordinates these efforts, reflecting the analyses by representatives from these organizations and by the MIT Information Security Officer, Gerald I. Isaacson.

For use in the event of a disaster, this document identifies the computer recovery facilities (hot sites and shell sites – see Page 33) that have been designated as backups if the functional areas are disabled.

How To Use This Document

Use this document to learn about the issues involved in planning for the continuity of the critical and essential business functions at MIT, as a checklist of preparation tasks, for training personnel, and for recovering from a disaster. This document is divided into four parts, as the table below describes.

Part Contents

1. Information about the document itself.

2. Design of the Plan that this document records, including information about the overall structure of business continuity planning at MIT.

3. General responsibilities of the individual Institute Support Teams that together form the Business Continuity Management Team, emphasizing the function of each team and its preparation responsibilities.

4. Recovery actions for the Institute Support Teams and important checklists such as the notification list for a disaster and an inventory of resources required for the environment. [Note: If a “disaster” situation arises, Section IV of the Plan is the only section that needs to be referenced. It contains all of the procedures and support information for recovery.]

Audience

This document addresses several groups within the MIT central administration with differing levels and types of responsibilities for business continuity, as follows:

1. • Administrative Computing Steering Committee
   • Business Continuity Management Team
   • Institute Support Teams
   • Functional Area Recovery Management (FARM) Teams

It should be emphasized that this document is addressed particularly to the members of the Business Continuity Management Team, since they have the responsibility of preparing for, responding to, and recovering from any disaster that impacts MIT. Part III of this document describes the composition of the Business Continuity Management Team in detail.

Distribution

As the written record of the Institute’s Business Continuity Plan, this document is distributed to each member of the Business Continuity Management Team, including members of the Institute Support Teams.( Appendix C – Distribution List Page -33)

It is also distributed to members of the Administrative Computing Steering Committee, FARM Team Coordinators, Information Systems Directors and others not primarily involved with the direct recover effort..

Part II. Design of the Plan

Part II describes the philosophy of business continuity planning at MIT generally, and the kind of analysis that produced this Plan. It also provides an overview of the functions of the Business Continuity Management Team in implementing this Plan.

Overview of the Business Continuity Plan

Purpose

MIT increasingly depends on computer-supported information processing and telecommunications. This dependency will continue to grow with the trend toward decentralizing information technology to individual organizations within MIT administration and throughout the campus.

The increasing dependency on computers and telecommunications for operational support poses the risk that a lengthy loss of these capabilities could seriously affect the overall performance of the Institute. A risk analysis which was conducted identified several systems as belonging to risk Category I, comprising those functions whose loss could cause a major impact to the Institute within hours. It also categorized a majority of Institute functions as Essential, or Category II – requiring processing support within week(s) of an outage. This risk assessment process will be repeated on a regular basis to ensure that changes to our processing and environment are reflected in recovery planning.

MIT administration recognizes the low probability of severe damage to data processing telecommunications or support services capabilities that support the Institute. Nevertheless, because of the potential impact to MIT, a plan for reducing the risk of damage from a disaster however unlikely is vital. The Institute’s Business Continuity Plan is designed to reduce the risk to an acceptable level by ensuring the restoration of Critical processing within hours, and all essential production (Category II processing) within week(s) of the outage.

The Plan identifies the critical functions of MIT and the resources required to support them. The Plan provides guidelines for ensuring that needed personnel and resources are available for both disaster preparation and response and that the proper steps will be carried out to permit the timely restoration of services.

This Business Continuity Plan specifies the responsibilities of the Business Continuity Management Team, whose mission is to establish Institute level procedures to ensure the continuity of MIT’s business functions. In the event of a disaster affecting any of the functional areas, the Business Continuity Management Team serves as liaison between the functional area(s) affected and other Institute organizations providing major services. These services include the support provided by Physical Plant, security provided by the Campus Police, and public information dissemination handled by the MIT News Office, among others.

Assumptions

The Plan is predicated on the validity of the following three assumptions:

1. • The situation that causes the disaster is localized to the data processing facility of Operations and Systems in ; the building or space housing the functional area; or to the communication systems and networks that support the functional area. It is not a general disaster, such as an earthquake or the “Blizzard of ’78,” affecting a major portion of metropolitan Boston.

It should be noted however, that the Plan will still be functional and effective even in an area- wide disaster. Even though the basic priorities for restoration of essential services to the community will normally take precedence over the recovery of an individual organization, the Institute’s Business Continuity Plan can still provide for a more expeditious restoration of our resources for supporting key functions.

1. • The Plan is based on the availability of the hot sites or the back-up resources, as described in Part IV. The accessibility of these, or equivalent back-up resources, is a critical requirement.
   • The Plan is a document that reflects the changing environment and requirements of MIT. Therefore, the Plan requires the continued allocation of resources to maintain it and to keep it in a constant state of readiness.

Development

MIT’s Information Security Officer, with assistance from key Institute support areas, is responsible for developing the Institute’s Business Continuity Plan. Development and support of individual FARM Team Plans are the responsibility of the functional area planning for recovery.

Maintenance

Ensuring that the Plan reflects ongoing changes to resources is crucial. This task includes updating the Plan and revising this document to reflect updates; testing the updated Plan; and training personnel. The Business Continuity Management Team Coordinators are responsible for this comprehensive maintenance task.

Quarterly, the Business Continuity Management Team Coordinators ensures that the Plan undergoes a more formal review to confirm the incorporation of all changes since the prior quarter. Annually, the Business Continuity Management Team Coordinators initiates a complete review of the Plan, which could result in major revisions to this document. These revisions will be distributed to all authorized personnel, who exchange their old plans for the newly revised plans. At that time the Coordinators will provide an annual status report on continuity planning to the Administrative Computing Steering Committee.

Testing

Testing the Business Continuity Plan is an essential element of preparedness. Partial tests of individual components and recovery plans of specific FARM Teams will be carried out on a

regular basis. A comprehensive exercise of our continuity capabilities and support by our designated recovery facilities will be performed on an annual basis.

Organization of Disaster Response and Recovery

The organizational backbone of business continuity planning at MIT is the Business Continuity Management Team. In the event of a disaster affecting an MIT organization or its resources, the Business Continuity Management Team will respond in accordance with this Plan and will initiate specific actions for recovery. The Business Continuity Management Team is called into action under the authority of the Administrative Computing Steering Committee which has the responsibility for approving actions regarding Business Continuity Planning at MIT.

Administrative Computing Steering Committee

1. • Senior Vice President, Chairman of the Committee. Manages and directs the recovery effort. Provides liaison with senior MIT management for reporting the status of the recovery operation.
   • Vice President for Financial Operations. Provides liaison with the Committee for support of critical business functions affected by the disaster.
   • Vice President for Information Systems. Coordinates all data processing and telecommunications systems recovery, including operational restoration of Building O&S and operations at the designated hot site.
   • Vice President for Research Provides liaison with the Committee for support of critical business functions affected by the disaster.
   • Vice President for Resource Development Provides liaison with the Committee for support of critical business functions affected by the disaster.
   • Executive Vice President Alumni Association Provides liaison with the Committee for support of critical business functions affected by the disaster.
   • Assistant to Provost Provides liaison with the Committee for support of critical business functions affected by the disaster.

Business Continuity Management Team

For the business continuity of MIT systems, two organizations are primary: the Business Continuity Management Team, with its Institute Support Teams, and the Functional Area Recovery Management (FARM) Team for the area affected. In the event of a disaster, the BCMT provides general support, while the FARM Team is concerned with resources and tasks integral to running the specific functional area.

This section provides general information about the organization of recovery efforts and the role of the Business Continuity Management Team. Part III of this document describes the Business Continuity Management Team and the responsibilities of each Institute Support Team in detail.

Business Continuity Management Team.

1. • The Business Continuity Management Team is composed of upper-level managers in MIT administration. The following is a list of each position on the Business Continuity Management Team, and a brief overview of each member’s responsibilities:
   • Information Security Officer. As Co-Coordinator of the Business Continuity Management Team, with the Coordinator of the O&S -FARM team, provides liaison between the Institute’s operational and management teams and the FARM teams in affected areas. Also responsible for ongoing maintenance, training and testing of the Institute’s Business Continuity Plan. Coordinates the Institute Support Teams under the auspices of the Business Continuity Management Team.
   • Director, Operations and Systems. Coordinates support for data processing resources at the main data center and the designated recovery sites.
   • Director, Telecommunications Systems. Provides alternate voice and data communications capability in the event normal telecommunication lines and equipment are disrupted by the disaster. Evaluates the requirements and selects appropriate means of backing up the MIT telecommunications network.
   • Chief, Campus Police. Provides for physical security and emergency support to affected areas and for notification mechanisms for problems that are or could be disasters. Extends a security perimeter around the functional area affected by the disaster.
   • Director, Physical Plant. Coordinates all services for the restoration of plumbing, electrical, and other support systems as well as structural integrity. Assesses damage and makes a prognosis for occupancy of the structure affected by the disaster.
   • Director of Insurance and Legal Affairs. Provides liaison to insurance carriers and claims adjusters. Coordinates insurance program with continuity planning programs.
   • Director, MIT News Office. Communicates with the news media, public, staff, faculty, and student body who are not involved in the recovery operation.
   • Personnel Department. Provides support for human resources elements of recovery and staff notification through the emergency broadcast service.
   • Director, Distributed Computing & Network Services. Provides network support for Administrative and Academic Computing and other distributed services and networks.
   • Assistant to the Vice President, for Information Systems. Represents the Office of the President. Liaison to FARM Teams in the President’s Office.
   • Associate Comptroller, Comptroller’s Accounting Office . Represents the Vice President for Financial Operations. Liaison to Financial Operations FARM Teams.
   • Manager, Audit Division. Provides audit support during the emergency. Makes recommendations on changes to the normal control procedures necessitated by the recovery process.
   • Safety Office – Coordinates risk reduction and avoidance activities and emergency response with the BCMT
   • Emergency Response Team – This unit, headed by the Physical Plant Mechanical Engineering Manager, provides the initial response to the majority of campus emergencies.

Institute Support Teams:

Under the overall direction of the Business Continuity Management Team, support is provided to assist a functional area’s recovery by Institute Support Teams. These teams, described below,

work in conjunction with the FARM Team of the area affected by the problem condition to restore services and provide assistance at the Institute level. In many cases, the organizations comprising these support teams have as their normal responsibility the provision of these support services. This support is generally documented in a procedures manual for the organization. The Business Continuity Plan is an adjunct to that documentation and highlights, in particular, the interfaces between the campus level service and the individual FARM Team operations requirements. In cases where the documentation in this Plan and the organization’s documents differ, the organization’s documentation has precedence.

1. • · Damage Assessment/Salvage Team. Headed by the Administrative Officer for Physical Plant and activated during the initial stage of an emergency, the team reports directly to the Business Continuity Management Team, evaluates the initial status of the damaged functional area, and estimates both the time to reoccupy the facility and the salvageability of the remaining equipment. This team draws members from the Physical Plant Office, from Operations and Systems, Telecommunications Systems, Distributed Computing & Network Services and from the FARM team of the affected area as well as appropriate vendors supporting our environment.
   • Following the assessment of damage, the team is responsible for salvaging equipment, data and supplies following a disaster; identifying which resources remain; and determining their future utilization in rebuilding the data center and recovery from the disaster. The members of the Damage Assessment Team become the Salvage Team
   • Transportation Team. A temporary Institute Support Team headed jointly by the Computer Operations Manager in Operations and Systems and by the Associate Director of Operations for Physical Plant, responsible for transporting resources personnel, equipment, and materials to back-up sites as necessary. This team draws members from two organizations: Information Systems personnel who normally operate the shuttle bus between and Physical Plant personnel who normally transport heavy equipment within the Institute.
   • Public Information The interface with the media, the general public and faculty, staff and students who are not participating in the recovery process is handled by the MIT News Office, working closely with the Personnel Department.

   • Telecommunications Team Headed by the Director of the Information Systems Telecommunications Department, is responsible for establishing voice and data communications between the affected site and the remainder of the campus.

Disaster Response

This section describes six required responses to a disaster, or to a problem that could evolve into a disaster:

1. Detect and determine a disaster condition

2. Notify persons responsible for recovery

3. Initiate the Institute’s Business Continuity Plan
4. Activate the designated hot site

5. Disseminate Public Information

6. Provide support services to aid recovery

Each subsection below identifies the organization(s) and/or position(s) responsible for each of these six responses.

Disaster Detection and Determination

The detection of an event which could result in a disaster affecting information processing systems at MIT is the responsibility of Physical Plant Operations (PPO), Campus Police, Information Systems, or whoever first discovers or receives information about an emergency situation developing in one of the functional areas , Building other building on campus housing major information processing systems or about the communications lines between these buildings.

Disaster Notification

PPO will follow existing procedures and notify the individuals who are acting as the Business Continuity Management Team Duty Persons (DP)). The DP on call will monitor the evolving situation and, if appropriate, will then notify the Business Continuity Management Team representative based upon a predefined set of notification parameters. (Page – 22)

When a situation occurs that could result interruption of processing of major information processing systems of networks on campus, the following people must be notified:

• Normally, Physical Plant Operations and /or the Campus Police receive the initial notice through their alarm monitoring capabilities. If the problem does not activate a normal alarm system, immediately notify these two areas.

• Chairman of the Administrative Computing Steering Committee

• Vice President for Information Systems

• The Business Continuity Management Team Coordinator (Information Security Officer)

• The Operations and Systems FARM Team Coordinator

• The Telecommunications and Distributed Computing & Network Services FARM Team Coordinators (if the situation affects the data or voice transmission lines or facilities)

Initiation of the Institute’s Business Continuity Plan

Initiation of this Plan is the responsibility of the Business Continuity Management Team Coordinator or any member of the Business Continuity Management Team or the Administrative Computing Steering Committee.

Activation of a Designated Hot Site

The responsibility for activating any of the designated hot sites or back-up resources is delegated to the Vice President for Information Systems. In the absence of the Vice President, responsibility reverts to the Director of Information Systems Operations & Systems or the Coordinator of the O&S Functional Area Recovery Management Team. Within hours of the occurrence, the Vice President for Information Systems, or alternate, determines the prognosis for recovery of the damaged functional area through consultation with the Information Security Officer and the Damage Assessment Team, headed by Physical Plant, which also includes representatives from Operations and Systems, Telecommunications Systems and the functional areas affected.

If the estimated occupancy or recovery of the damaged functional area cannot be accomplished within hours, the usual occupants of the designated back-up site are notified of the intention to occupy their facility.

Dissemination of Public Information

The Director of the MIT News Office is responsible for directing all meetings and discussions with the news media and the public, and in conjunction with the Personnel Department, with MIT personnel not actively participating in the recovery operation. In the absence of the MIT News Office representative, the responsibility reverts to the senior official present at the scene.

Recovery Status Information Number (617) has been established as a voice mail information number for posting recovery status and information notices. All reports will be placed by the Continuity Planning Coordinators or the Telecommunication FARM team leader.

Provision of Support Services to Aid Recovery

During and following a disaster, Institute Support Teams, as described on page 14, are responsible for aiding the FARM Teams. They operate under the direction of the Business Continuity Management Team through the Recovery Coordinator (the Information Security Officer).

Disaster Recovery Strategy

The disaster recovery strategy explained below pertains specifically to a disaster disabling the main data center. This functional area provides mainframe computer and major server support to MIT’s administrative applications. Especially at risk are the critical applications those designated as Category I (see below) systems. The O&S FARM Team Plan provides for recovering the capacity to support these critical applications within hours. Summarizing the provisions of the O&S Plan, subsections below explain the context in which the Institute’s Business Continuity

Plan operates. The Business Continuity Plan complements the strategies for restoring the data processing capabilities normally provided by Operations & Systems.

This section addresses three phases of disaster recovery:

• Emergency

• Backup

• Recovery

Strategies for accomplishing each of these phases are described below. It should be noted that the subsection describing the emergency phase applies equally to a disaster affecting the Adminstration Building or other building on campus, the functional area that provides support for the maintenance of the critical system.

Emergency Phase

The emergency phase begins with the initial response to a disaster. During this phase, the existing emergency plans and procedures of Campus Police and Physical Plant direct efforts to protect life and property, the primary goal of initial response. Security over the area is established as local support services such as the Police and Fire Departments are enlisted through existing mechanisms. The BCMT Duty Person is alerted by pager and begins to monitor the situation.

If the emergency situation appears to affect the main data center (or other critical facility or service), either through damage to data processing or support facilities, or if access to the facility is prohibited, the Duty Person will closely monitor the event, notifying BCMT personnel as required to assist in damage assessment. Once access to the facility is permitted, an assessment of the damage is made to determine the estimated length of the outage. If access to the facility is precluded, then the estimate includes the time until the effect of the disaster on the facility can be evaluated.

If the estimated outage is less than hours, recovery will be initiated under normal Information Systems operational recovery procedures. If the outage is estimated to be longer than hours, then the Duty Person activates the BCMT, which in turn notifies the Chairman of the Administrative Computing Steering Committee and Vice President for Information Systems and the Business Continuity Plan is activated. The recovery process then moves into the back-up phase.

The Business Continuity Management Team remains active until recovery is complete to ensure that the Institute will be ready in the event the situation changes.

Back-up Phase

The back-up phase begins with the initiation of the appropriate FARM Team Plan(s) for outages enduring longer than hours. In the initial stage of the back-up phase, the goal is to resume processing critical applications. Processing will resume either at the main data center or at the designated hot site, depending on the results of the assessment of damage to equipment and the physical structure of the building.

In the back-up phase , the initial hot site must support critical (Category I) applications for up to

weeks and as many Category II applications as resources and time permit. During this period, processing of these systems resumes, possibly in a degraded mode, up to the capacity of the hot site. Within this -week period, the main data center will be returned to full operational status if possible.

However, if the damaged area requires a longer period of reconstruction, then the second stage of back-up commences. During the second stage, a shell facility (a pre-engineered temporary processing facility that we have contracted to use for this purpose) is assembled on the parking lot and equipment installed to provide for processing all applications until a permanent site is ready. See Page 33 for a list of the designated recovery sites.

Recovery Phase

The time required for recovery of the functional area and the eventual restoration of normal processing depends on the damage caused by the disaster. The time frame for recovery can vary from several days to several months. In either case, the recovery process begins immediately after the disaster and takes place in parallel with back-up operations at the designated hot site. The primary goal is to restore normal operations as soon as possible.

Scope of the Business Continuity Plan

The object of this Plan is to restore critical (Category I) systems within hours, and Essential (Category II) systems within week(s) of a disaster that disables any functional area and/or essential equipment supporting the systems or functions in that area.

The initial Risk Assessment of the computer applications that support MIT administration assigned systems to Category I Critical. This risk category identifies applications that have the highest priority and must be restored within hours of a disaster disabling a functional area. Specifically, each function of these systems was evaluated and allocated a place in one of four risk categories, as described below.

Category I – Critical Functions Category II – Essential Functions Category III – Necessary Functions Category IV – Desirable Functions

Note: Category IV functions are important to MIT administrative processing, but due to their nature, the frequency they are run and other factors, they can be suspended for the duration of the emergency.

The administrative systems in Categories I – IV are those that provide Institute wide services. There are many departmental and laboratory systems as well as non-information processing systems (such as ) that are also either essential for the Institute or the local area(s) they support. Recovery for these systems too must be based upon an assessment of the impact of their loss and the cost of their recovery. See the Departmental FARM Team Plan document for further information on assessing risk at the departmental level.

Part III. Team Descriptions

Part III describes the organization and responsibilities of the Business Continuity Management Team. Composed of sub-teams (the Institute Support Teams), the Business Continuity Management Team as a whole plans and implements the responses and recovery actions in the event of a disaster disabling either a functional area, Central Administration or the main data center. It’s primary role is to provide Institute level support services to any functional area affected by the problem.

• Information Security Officer. As Business Continuity Management Team Co-coordinator, provides liaison between the Institute’s operational and management teams and the FARM teams in affected areas. Also responsible for ongoing maintenance, training and testing of the Business Continuity Plan. Coordinates the Institute Support Teams under the auspices of the Business Continuity Management Team. The Co-coordinator of the BCMT is the Coordinator of the O&S FARM Team, who will take responsibility for recovery in the absence of the Information Security Officer.

• Director, Operations and Systems. Provides for support for data processing resources with primary responsibility for restoration for O&S processing. Recovery plans for the computing facilities are the responsibility of the Coordinator of the O&S FARM Team and are described in the O&S FARM Team plan

• Director, Telecommunications Systems. Provides alternate voice and data communications capability in the event normal telecommunication lines and equipment are disrupted by the disaster. Evaluates the requirements and selects appropriate means of backing up the MIT telecommunications network. Recovery plans for the primary 5ESS telephone switching equipment in and satellite facilities in other buildings on campus are described in the Telecommunications FARM Team plan.

• Chief, Campus Police. Provides for physical security and emergency support to affected areas and for notification mechanisms for problems that are or could be disasters. Extends a security perimeter around the functional area affected by the disaster. Provides coordination with public emergency services (Cambridge Police, etc.) as required.

• Director, Physical Plant. Coordinates all services for the restoration of plumbing and electrical systems and structural integrity. Assesses damage and makes a prognosis for occupancy of the structure affected by the disaster.

• • Director, Safety Office. Coordinates safety and hazardous materials related issues with other organizations involved in recovery planning and response as well as governmental and other emergency services.

Director, Personnel Department. Coordinates all activities of the recovery process with key attention to the personnel aspects of the situation. This includes releasing staff from areas

affected, initiating emergency notification systems and working with the MIT News office on dissemination of information about the recovery effort

• • Director, Distributed Computing & Network Services. Coordinates all services in support of the restoration of network services and support facilities. This icludes support for Athena communications services and external network service support.

• Director, MIT News Office. Communicates with the news media, public, staff, faculty, and student body who are not involved in the recovery operation.

• Assistant to the Vice President, for Information Systems. Represents the Office of the President.

• Associate Comptroller, Comptroller’s Accounting Office. Represents the Vice President for Financial Operations.

• Audit Manager, Audit Division Provide consultation on compensating controls and suggestions on maintaining the appropriate level of controls during the recovery process.

Institute Support Teams

Business Continuity Management Team

1. Function

To oversee the development, maintenance and testing of recovery plans addressing all Category I and II business functions. In the event of a “disaster” to manage the backup and recovery efforts and facilitate the support for key business functions and restoration of normal activities.

2. Organization

The BCMT is co-chaired by the MIT Information Security Officer and the Coordinator of the O&S FARM Team, who serves in the absence of the Security Officer. The Team is composed of key management personnel from each of the areas involved in the recovery process.

3. Interfaces

The team interfaces with and is responsible for all business continuity plans and planning personnel at MIT.

Preparation Requirements

On a quarterly basis, the team will meet to review FARM Team plans that have been completed in the last quarter.

On an annual basis, the Team will review the overall status of the recovery plan, and report on this status through the Information Security Officer, to the Administrative Computing Steering Committee.

Individual Team members will prepare recovery procedures for their assigned areas of responsibility at MIT. They will ensure that changes to their procedures are reflected in any interfacing procedures.

The BCMT will ensure that continuing levels of support are available for the FARM Teams that require it.

The BCMT will also review and approve FARM Team plans as they are submitted, re-evaluate the criticality of MIT operating functions at regular intervals and provide for awareness and training in recovery planning. They will also participate in emergency preparedness drills initiated by the Safety Office or other appropriate campus organizations.

Damage Assessment/Salvage

1. Function

To report to the Business Continuity Management Team (BCMT), within two to four hours after access to the facility is permitted, on the extent of the damage to the affected site, and to make recommendations to the BCMT regarding possible reactivation and/or relocation of data center or user operations. Existing Physical Plant emergency procedures are documented in a manual known as the “Black Book” maintained by Physical Plant. The Business Continuity Plan procedures supplement, and are subordinate to those in the Black Book, which takes precedence in the case of any difference. Following assessment of the damage, the team is then responsible for salvage operations in the area affected.

2. Organization

Headed by the Administrative Officer for Physical Plant and activated during the initial stage of an emergency, the team reports directly to the Business Continuity Management Team, evaluates the initial status of the damaged functional area, and estimates the time to reoccupy the facility and the salvageability of the remaining equipment. During an emergency situation, the individual designated in the Black Book will take operational responsibility for implementation of damage assessment. This team draws members from the Physical Plant Office, from Operations and Systems, and from the FARM team of the affected area. Following assessment, the team is responsible for salvaging equipment, data, and supplies following a disaster; identifying which resources remain; and determining their future utilization in rebuilding the data center and recovery from the disaster.

3. Interface

The Damage Assessment/Salvage Team will interface with other Physical Plant operations groups, the Campus Police and Information Systems operations functions, including vendor and

insurance representatives, to keep abreast of new equipment, physical structures, and other factors relating to recovery.

4. Preparation Requirements

Identification of all equipment to be kept current. A quarterly report will be stored off-site. The listing will show all current information, such as engineering change levels, book value, lessor, etc. Configuration diagrams will also be available. Emergency equipment, including portable lighting, hard hats, boots, portable two-way radios, floor plans and equipment layouts will be maintained by Physical Plant.

A listing of all vendor sales personnel, customer engineers and regional sales and engineering offices is to be kept and reviewed quarterly. Names, addresses and phone numbers (normal, home, and emergency) are also to be kept.

Campus Police

1. Function

To provide for all facets of a positive security and safety posture, to assure that proper protection and safeguards are afforded all MIT employees and Institute assets at both the damaged and backup sites.

2. Organization

The team will consist of the Campus Police Department Supervisor and appropriate support staff. The team will report through the Chief who is a member of the Business Continuity Management Team.

3. Interfaces

The Campus Police Team will interface with the following teams or organizational units, relative to security and safety requirements:

Personnel Physical Plant Safety office

Environmental Medical Services MIT News office

Other appropriate departments as required

4. Preparation Requirements

Provide emergency medical services, if necessary.

Identify the number of Campus Police personnel needed to provide physical security protection of both the damaged and backup sites.

Identify the type of equipment needed by Campus Police personnel in the performance of their assigned duties.

Coordinate and arrange for additional security equipment and manpower, as applicable, if needed.

Identify and provide security protection required for the transport of confidential information to and from both off-site and backup sites. Coordinate with the appropriate MIT Department.

Periodically review the level of security needed at both the damaged and backup sites.

MIT News Office – Public Information

1. Function

The most difficult time to maintain good public relations is when there is an accident or emergency. Public relations planning is required so that when an emergency arises, inquiries from the news media, friends and relatives of staff, faculty, and students can be handled effectively. While we cannot expect to turn a bad situation into a good one, we can assist in making sure facts presented to the public are accurate and as positive as possible given the situation.

It is in our best interest to cooperate with the media as much as possible, so that they will not be forced to resort to unreliable sources to get information that could be untrue and more damaging to the Institute than the facts.

Therefore, it is the policy of MIT in time of emergency, to:

Have the MIT News Office serve as the authorized spokesperson for the Institute. All public information must be coordinated and disseminated by their staff.

Refrain from releasing information on personnel casualties until families have been notified. Once families have been notified, names of those personnel should be released quickly to alleviate the fears of relatives of others.

Provide factual information to the press and authorities as quickly as facts have been verified, and use every means of communications available to offset rumors and misstatements.

Avoid speculating on anything that is not positively verified, including cause of accident, damage estimates, losses, etc. (Fire Officials normally release their own damage estimates.)

Emphasize positive steps taken by the Institute to handle the emergency and its effects.

Situations calling for implementation of the Emergency Public Information Plan may include, but are not limited to:

Systems malfunctions disrupting the normal course of operations. Accidents, particularly when personal injury results.

Natural disasters, such as fires, floods, tornadoes and explosions. Civil disorders, such as riots and sabotage.

Executive death.

Scandal, including embezzlement and misuse of funds. Major litigation initiated by or against the Institute.

2. Organization

The Director of the MIT News Office, a member of the Business Continuity Management Team, will act as the Public Information Officer for the Institute. The News Office alternates are listed in Appendix A. In their absence the responsibility will revert to the Senior Manager on the scene.

3. Interfaces

The MIT News Office will be the interface between MIT and the public or news media. Copies of all status reports to the Business Continuity Management Team or Administrative Computing Steering Committee will be forwarded to the Public Information Officer for potential value in information distribution for good public relations. They will work with the Personnel Department in dissemination of information to staff.

4. Preparation Requirements

Existing relationships with local media will be utilized to notify the public of emergency and recovery status. The Public Information Officer will maintain up-to-date contact information for the media and other required parties.

A facility will be identified to be used as a press room. Arrangements will be made to provide the necessary equipment and support services for the press. Coordination with the Telecommunications Team for additional voice communication, if required, will also be made.

Insurance

1. Function

To provide for all facets of insurance coverage before and after a disaster and to ensure that the recovery action is taken in such a way as to assure a prompt and fair recovery from our insurance carriers.

2. Organization

The team will consist of the Director of Insurance and Legal Affairs and required staff and insurance carrier personnel. The team reports through the Business Continuity Management Team, of which it is a member.

3. Interfaces

The Insurance Team will interface with the following teams, relative to insurance matters: MIT News Office

Campus Police

Damage Assessment/Salvage Information Systems Operations Appropriate FARM Teams

This team will be activated upon the initial notification of a disaster.

4. Preparation Requirements

Determine needs for insurance coverage. Identify the coverage required for both hardware, media, media recovery, liability and extra expense.

Prepare procedure outlining recommended steps to be followed by Damage Assessment/Salvage Team during initial stage of disaster (Appendix A)

List appropriate contacts in (Appendix B).

Arrange for availability of both still and video recording equipment to record the damage.

Ensure that an equipment inventory is available, to include model and serial number of all devices.

Evaluate all new products and services offered by MIT for potential liability in the event of a disaster.

Telecommunications

1. Function

To provide voice and data communications to support critical functions. Restore damaged lines and equipment.

2. Organization

The team will consist of appropriate Telecommunications Systems staff. Telecommunications Systems will also coordinate with and supervise outside contractors as necessary. The team will report through the Director of Telecommunications Systems, who is a member of the Business Continuity Management Team.

3. Interfaces

The Telecommunications Systems team will interface with the following teams or organizational units, relative to telecommunications requirements:

Physical Plant Campus Police

Distributed Computing & Network Services

Other Information Systems departments as necessary

Other MIT departments requiring emergency telecommunications Outside contractors and service providers as necessary

4. Preparation Requirements

Provide critical voice and data communications services in the event that normal telecommunications lines and equipment are disrupted or relocation of personnel is necessary.

Consult with outside contractors and service providers to ensure that replacement equipment and materials are available for timely delivery and installation.

Utilize available resources, such as the MIT Cable Television network and voice mail system, to broadcast information relevant to the disaster.

Part IV. Recovery Procedures

Notification List

This appendix contains the names and telephone numbers of managers and personnel who must be notified in the event of a disaster. The Business Continuity Management Team Coordinator is responsible for keeping this notification list up-to-date.

Administrative Computing Steering Committee Chairman

Members

Business Continuity Management Team

Two individuals are assigned responsibility for the interface with other campus organizations, such as Physical Plant Operations, to monitor emergencies as they occur. These Early Warning Duty people are then responsible for activation of the full Business Continuity Management Team and necessary Functional Area Recovery Management Teams.

The BCMT Duty People are equipped with Pagers, activated either by Physical Plant Operations or they can be paged directly.

In addition, each Duty Person is equipped with a cellular phone for emergency use.

To reach the BCMT Duty Person:

By Pager:

Duty Person To leave phone number To leave an 80 character text Number call: message call:

and give PIN # of pager 1

2

By Cellular Phone:

1

2

Note: these numbers are to be used only in emergencies or for testing.

The people on duty will monitor the situation and determine if it has the potential to impact our processing ability. [See Duty Person procedure for details]

Coordinators Members

I/S Operations & Systems Telecommunications Campus Police

MIT News Office – Public Information

Insurance Physical Plant:

Emergency Response Team Operations Center

Safety Office

President’s Office

Comptrollers Accounting Office Personnel Office

Distributed Computing & Network Services

BCMT Liason Housing: Nuclear Reactor

Plasma Fusion Lab Medical Department

FARM Team Coordinators Bursar’s Office Category

Financial Planning & Management Category Freshman Admissions Category

Operations & Systems Category Payroll Category

Physical Plant Category Property Office Category Purchasing & Stores Category Registrar’s Office Category Resource Development Category

Technology Licensing Office Category Telecommunications Category

Business Continuity Management Team Coordinator

This appendix contains instructions to the Business Continuity Management Team Coordinators for overseeing disaster response and recovery efforts.

Action Procedures Player Action

Coordinator Ensure entire Business Continuity Management Team (BCMT) has been notified. Then notify Vice President for Information Systems and Chairman of Administrative Computing Steering Committee.

Coordinator Activate the Emergency Operations Center (See Page 33) and notify staff to meet there.

Coordinator Meet with Damage Assessment Team to review their findings and present results to BCMT.

Coordinator Present recommendations to BCMT for next steps in recovery effort.

Coordinator Begin notification of all recovery teams. Check to ensure all recovery participants have been notified.

Coordinator Monitor the activities of the recovery teams. Assist them as required in their recovery efforts.

Coordinator Report to BCMT on a regular basis on the status of recovery activities. Report to Administrative Computing Steering Committee as appropriate on recovery status.

Coordinator On an hourly basis, or other appropriate interval, update the Recovery Status information message on .

Damage Assessment/Salvage

This appendix contains instructions to the Damage Assessment/Salvage Team for disaster response and recovery efforts.

Action Procedures Player Action

Building Services Notify team members, and vendors to report to the site for initial damage assessment and clean-up.

Physical Plant AO Notify insurance representative

Operations Center Issue Work Orders and call appropriate personnel.

Team Leader Request permission to enter site from Fire Department (if required).

Take a service representative from each of the appropriate vendors, the insurance claims representative and appropriate Physical Plant and Information Systems personnel into the site.

Team Members Review and assess the damage to the facility. List all equipment and the extent of damage. List damage to all support systems (power, A/C, fire suppression, communications, etc.).

Team Leader Notify the BCMT as to the severity of the damage and what can potentially be salvaged.

Team Leader Notify the BCMT if the area be restored to the required level of operational capability in the required time frame.

Salvage Operations

Player Action

Team Leader Initiate the Emergency Notification List and have all members report to the Staging Area.

Salvage Team Have the Building Services Supervisor determine which equipment and furniture can be salvaged. Photograph all damaged areas as soon as possible for potential insurance claims.

Salvage Team Important ** Prior to performing any salvage operation contact Insurance Team to coordinate with possible insurance claims requirements and appraisals.

Have the Physical Plant Supervisor and staff start salvaging any furniture and equipment.

Based upon advice from Insurance Team and customer engineering, contact computer hardware refurbishers regarding reconditioning of damaged equipment

Team Leader Meet with the Business Continuity Management Team Coordinator to provide status on salvage operations.

Configuration List

A sample of the configuration and full equipment inventory report from the Fixed Asset Control Systems or other automated equipment inventories should be inserted here. The Continuity Plan Masters in off-site storage will contain the full listing.

Blueprints

Complete sets of blueprints of the buildings housing critical processing and the data center are maintained at [ ] and in off-site storage.

Campus Police

This appendix contains instructions to the Campus Police for disaster response and recovery efforts.

Action Procedures Player Action

Campus Police Duty Sgt. An MIT Police Case Report will be completed upon stabilization of the disaster situation. As per standard police procedure, this report will detail the names of all victims, witnesses, injuries, facility damage description, etc., as well as list all notifications

Campus Police Duty Sgt. Initiate the notification listing of appropriate Campus Police Department Command Staff and personnel (App. A)

Campus Police Day/Night Notify the Business Continuity Management Team if the emergency affects Data Processing or Telecommunications operations in any way.

Campus Police Duty Sgt. Assign Campus Police personnel to both the damaged and backup sites, as required.

Campus Police Duty Sgt. Ensure that all Campus Police personnel are properly equipped at each affected location and the recovery sites. (Page 33)

Campus Police Duty Sgt. Coordinate the need for additional manpower and equipment as required.

Campus Police Command Periodically submit status reports to the Staff Continuity Coordinator at the Emergency Control Center.

Campus Police Command Ensure that all facets of security protection Staff are afforded, relative to entry/exit controls, transportation of information, etc. at both the damaged and backup sites.

MIT News Office – Public Information

Action Procedures Player Action

Campus Police Notify MIT News Office when an emergency occurs.

Public Information Officer Assess the public relations scope of the emergency, in consultation with senior management if necessary, and determine the appropriate public relations course of action.

In instances where media are notified immediately, due to fire department or police involvement, the Public Information Officer will proceed to the scene at once to gather initial facts. Emphasis must be placed upon getting pertinent information to the news media as quickly as possible.

PIO Staff Assistant Maintain a log of all incoming calls to ensure a quick response to media and other requests.

Public Information Officer Maintain a log of all information which has been released to the media.

Public Information Officer When appropriate, prepare news releases on a periodic basis for distribution to the local media list.

Public Information Officer If employee injuries or fatalities are involved, notify Personnel to send appropriate management personnel to the homes of the involved families.

Personnel Notify Public Information Officer as soon as families have been informed. This will permit the release of names and addresses of victims so that families of those not involved can be relieved of anxiety.

Public Information Officer Contact the public relations director(s) at the hospitals where injured have been taken to coordinate the release of information.

Public Information Officer In cases where long-term media coverage is anticipated, establish a Press Room in the ( location to be selected) Provide for telephone requirements of the press.

Public Information Officer Schedule periodic press conferences, taking into consideration Management personnel who will be participating.

Public Information Officer If media wants to photograph physical damage, Clear request with Campus Police prior to approving request. Then accompany all photographers.

Public Information Officer Coordinate follow-up news releases after the immediate emergency has passed to present the Institute in as positive light as possible. Possible topics could include: What has been done to prevent recurrence of this type of emergency?

What are plans for reconstruction?

What has been done to express gratitude to the community for it’s help? What has been done to help employees, students and faculty?

Insurance Team

This appendix contains instructions to the Insurance Team Coordinator for disaster response, salvage and recovery efforts.

Action Procedures Player Action

Insurance Team Leader Contact appropriate Insurance people upon first advice of disaster. Insurance Team Leader Meet with Damage Assessment/Salvage team at site.

Insurance Team Leader Go through disaster scene with Damage Assessment/Salvage team and advise on matters relating to insurance and claims. Ensure that nothing is done to compromise recovery from insurance carrier. Photograph all applicable areas.

Insurance Team Leader File all appropriate claims forms with all involved insurance carriers. Report status of claims activity to the Business Continuity Management Team.

Telecommunications

This appendix contains instructions to the Telecommunications Systems team for disaster response and recovery efforts.

Action Procedures Player Action

HELP Line Personnel or Receives report of disaster from Physical

after-hours Duty Person Plant or Campus Police and notifies appropriate telecommunications Systems and other personnel.

Director, Telecommunications Systems Oversees assessment of damage to telecommunications facilities. Directs contingency and recovery efforts. Provides updates to Business Continuity Management Team and MIT administration.

Operations and Customer Service Arranges for voice and dial-up data communications services to support critical functions. Procures stock to repair or replace damaged equipment. Restores full services in a timely manner.

Transmission Services Provides data communications facilities or circuits to support critical functions. Assists with restoration of cable and wire plant, as needed. Assists Information Systems and other departments with relocation and restoration of data facilities.

Appendix A – Recovery Facilities

The following facilities have been identified as designated recovery sites for restoration of processing under the MIT Business Continuity Planning strategy.

Emergency Operations Centers

The Emergency Operations Center is the location to be used by the Business Continuity Management Team and their support staff as a location from which to manage the recovery process. As such, the specific location will be selected by the Coordinator at the time of the occurrence. The following are the locations available:

Emergency Operations Center is located in

Central Administration building out of service – Immediately after evacuation of building, the BCMT will convene in Building to coordinate intial response to the event. If the problem appears to be long term – or affects the local area, the BCMT will activate the primary EOC in

.

Hot Sites (Operational data centers providing emergency computing resources)

Facilities provided: (See O&S FARM Team Plan)

Shell Sites (Computer conditioned space available to install equipment)

Facilities provided: (See O&SFARM Team Plan)

Appendix B – Category I, II & III functions

For details about each of these functions see the appropriate FARM Team Plan

Appendix C – Plan Distribution List

PLAN DISTRIBUTION MATRIX

ORGANIZATION RECIPIENT LOCATION MIT PLAN FARM

COPIES TEAM

COPIES

Business Continuity Management Team

Coordinators 2 1

Audit Division 2 1

Campus Police 2 1

Comptrollers 2 1

Accounting Office

CAO – Payroll 2

Emergency 2 1

Response Team

Insurance 2 1

I/S Operations & 2 1

Systems

MIT News Office 2 1

Personnel Office 2 1

Physical Plant 2 1

President’s 2 1

Office

Safety Office 2 1

Business Continuity Management Team

EARLY WARNING DUTY PROCEDURES

For information call:

BCMT Duty Person Procedures

This booklet contains instructions for the individuals currently assigned to be the active Business Continuity Management Team contact for emergency situations that may develop. The Duty Person is on call 24 hours a day for the one month assignment. The two people assigned as Duty Persons (DP) will be equipped with a pager and a cellular phone – both to be used for BCMT testing and emergencies only. Each person will pass the equipment to the next person on the Duty Person roster when the one month assignment ends. The equipment information is as follows:

Duty Person To just leave phone number To leave an 80 character message Number to call back dial: call and give PIN #

1

2

To reach by cellular phone: 1

2

Preparation Procedures

Upon receipt of the equipment, read the directions for the equipment and familiarize yourself with the pager and the phone. Ensure that phone batteries are charged properly (see instructions). Note: the pager takes one AAA battery, which lasts about a month.

Call the other duty person to ensure the phone is operable. Send a page to your own unit to ensure it is also functioning correctly.

At the end of your assignment, pass the equipment and documentation to the next person on the duty roster. Notify the BCMT coordinators, and by e-mail that the duty has been transferred. If an individual cannot serve, for a temporary period (i.e.. going to a conference) it is their responsibility to provide a trained alternate as their replacement. The BCMT Coordinators and the other person on duty are to be notified in advance about the replacement.

If there is a need to contact all the people on the Duty Roster send e-mail to:

, an Athena mail list maintained by the Information Security Officer for this purpose.

GUIDE TO BCMT ACTIVATION

1. The first indication of a problem will probably be a page alert from Physical Plant Operations. This will be a short text message outlining the problem. Unless it’s obvious that the problem is long term and severe, wait 30 minutes (for things in the Operations Center to quiet down) and call them at . Tell them you’re calling for the BCMT and get the latest status about the problem reported by the page.

2. Does the problem prevent normal access, occupation or usage of any part of any of the areas listed under the FARM Team Contact List, or does the disaster disrupt service provided by telephones, the network, or the mainframe computers?

If no, go back to sleep!

If yes, continue.

3. Will expected recovery of the affected area last into normal business hours?

If no, go back to sleep!

If yes, continue.

4. Does the FARM Team Coordinator of the affected service indicate that the disaster will affect that service? The FARM Team Contact List below provides the phone numbers of the FARM Team coordinators and the buildings their functions operate in.

If no, go back to sleep!

If yes, continue.

5. ACTIVATE THE BCMT!

Call the coordinators first:

If they can’t be reached, call the BCMT members directly. The numbers are on the list attached. The BCMT has three possible assembly points:

If the problem is related, meet in the meeting room.

If related, meet in the Conference Room

All other problems, meet in the Emergency Operations Center

Business Continuity Management Team Duty Roster

Name MIT Home From To Pager No

Phone ID

1

24

2

10

FARM Team Contact List

# Area(s) FARM Team Contact Ext. Home E-mail Phone

10

Business Continuity Management Team

BCMT Contact Office Ext. Home Phone E-mail # BCMT 04 Coordinator BCMT 05 Coordinator Physical 02 Plant Campus 03 Police Operations 40 Center Supervisor Emergency 41 Response

Team 42 Safety 43 Office Safety 44 Office DCNS 45 DCNS 11 CAO 46 I/S O & S 06

Telecomm 47 14 MIT News 48 Office 49 Insurance 50 Physical 51 Plant

Cellular Phone Memory Assignments

# Contact Phone

00

01

02

Slide scripts