Probably twice a year is sufficient -- when very cold or harsh weather is imminent and when very hot or stormy conditions are on the horizon.
Why
A contingency plan identifies the activities, resources and
procedures needed to carry on your systems' processing requirements
during prolonged interruptions to normal operations. When outside
elements affect operations, you need a mechanism that enables you to
shut down, secure the equipment and grab what you need to continue
operations elsewhere. It's important to remember that alternate power
sources aren't for continuing operations as normal -- they allow you
to transition to your hot/warm/cold backup site. Also note that if
systems are switching to backup power regularly, this could indicate
a problem, such as the local circuit grid not being able to carry all
of your power requirements under certain conditions. You'll need to
diagnose the problem then decide how to solve it.
Strategy
Your backup power source should sustain your operations
long enough to shut down all equipment in a known secure state. If
your building or site loses power, does your backup power source give
you the necessary amount of time? Work with the building manager or
local authorities to simulate a power outage. Follow your contingency
plan, verifying the plan works, the appropriate people are notified
and you have the wherewithal to continue operations. If you don't
have the ability to continue operations with
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
your present equipment,
determine which systems are critical and your maximum acceptable
downtime. You may also want to get your organization's legal counsel
to review your company's business operations insurance to ensure the
organization is protected.
More information
Most U.S. government organizations have
comprehensive contingency plans -- using it as a template is a place
to start. Web sites with good contingency plans or templates include
NIST's Contingency Plan Guide SP 800-34 for
IT-related issues and FEMA's U.S. Government Interagency Domestic Terrorism Concept of Operations Plan, which explains the Government's procedures in a national disaster. Several professional
organizations may help too: http://www.drii.org and
http://www.thebci.org.
Last week: Restore a back-up tape and recover usable data
Next week: Licensing and seat management
About the author
Shelley Bard, CISSP, is a senior security network engineer with Verizon Federal Network Systems (FNS). An infosecurity professional for 17 years, Bard has briefed and written infosecurity assessments and technical reports for the White House and Department of Defense, special interest groups, industry and academia. Please e-mail any comments to securityplanner@infosecuritymag.com.
Opinions expressed in this column are those of Shelley Bard and don't necessarily reflect those of Verizon FNS.
This was first published in January 2004