Information Technology Policy Manual 2022

DISASTER RECOVERY POLICY

PURPOSE AND SCOPE This Disaster Recovery Policy outlines the steps necessary to restore network operations to the City of Greensboro’s data center and connected facilities during a major degradation or a complete outage of our system architecture. The three main points to be considered with Disaster Recovery are Prevention, Anticipation, and Mitigation. Prevention is the act of avoiding those disasters that can be prevented. Anticipation is to plan and develop adequate measures to counter unavoidable disasters. Finally, mitigation is to effectively manage the disasters and thereby minimize the negative impact. The City of Greensboro’s IT Department is proactively engaged in preventing disaster recovery events from occurring through change management, firewalls, cyber security vulnerability testing, and through network operation monitoring. This policy does not attempt to modify our current prevention procedures, rather to develop adequate measures to respond to an unavoidable disaster and to mitigate the event from a possible reoccurrence.

Roles and responsibilities will be assigned to three separate teams with specific restoration and communication actions that will need to be executed during a disaster recovery event. The primary objectives of disaster recovery are to:

Minimize disruption of operations

•

• Ensure a level of security to prevent the occurrence and to protect the network before the event and to ensure a level of security to any safeguarded information after the event

Assure reliable backup systems

•

• Aid in restoration of operations with speed

• Communicate the event to all affected stakeholders

DISASTER RECOVERY ROLES AND RESPONSIBILITIES Initiating the Disaster Recovery Checklist will only occur if there is a major degradation to the data center; a complete data center outage is encountered; or as an exercise. (A major degradation is one that multiple systems and services are affected and to such a degree that the Network Services Manager deems it appropriate to assemble the disaster recovery team to mitigate the situation.) Three teams have been assigned to communicate and mitigate the event. They consist of a RED TEAM or network services staff that will provide technical expertise to restore the network to operational capability, a BLUE TEAM that will perform communication actions and to properly document the event for post mortem analysis, and a GREEN TEAM who by virtue of their position within the City would need to know of the occurrence so that they, in turn, can communicate to their staff and perform their own internal processes for mitigation and sub-system restoration. Once the event is known by any team member, a checklist of steps and protocols has been created for each team to follow. This checklist will be provided to each team member electronically and a hard-copy will be stationed in the data center for ease of access.

26 | P a g e