Information Technology Policy Manual 2022

COMMUNICATION

During a disaster recovery event, three communications will be sent by the BLUE TEAM. In the event that a BLUE TEAM member is not present, a RED TEAM member will be designated to perform this task. The three communications that will occur are: (A) An initial communication to the RED AND BLUE TEAM to assemble in the data center. (B) A communication to the GREEN TEAM that an event is taking place (either real-world or as an exercise). (Note: the GREEN TEAM may effectively cascade their communication to respective staff members that may have an internal need to know that a disaster recovery event is in progress). (C) A final communication of the outcome to the GREEN TEAM stating the event is either over and normal operations of the outage have been completely restored, -OR- that a temporary fix has been applied but operations may still be degraded until a permanent solution can be implemented.

POST MORTEM ACTIVITIES AND MITIGATION

Upon completion of a real-world or exercise disaster recovery event, the following post mortem activities will occur.

(A) Team Members will be dismissed by the RED TEAM Lead. (B) The BLUE TEAM Lead will acquire snapshots of the checklist and the status board used to document system degradation, up, or down status. (C) The BLUE TEAM Lead will provide the material to the IT Project Manager for analysis and post mortem review by all team members. (D) A determination will be made as to the primary reason the event occurred. In cases of actual or suspected security breaches, the IT Project Manager or designee will contact the AIG Security Hotline in accordance with the instructions within the checklist, and they will contact the IT Department’s Cyber Security and Compliance Division Manager and conduct an out -brief of the occurrence. (E) A review of contact information will take place and an analysis of restoration times will be performed.

ENFORCEMENT AND COMPLIANCE

In the absence of a real-world disaster recovery event, the CIO, D-CIO, Network Services Manager, or the IT Project Manager will conduct a quarterly exercise of the Disaster Recovery Checklist. The purpose of this quarterly exercise is to maintain the checklist to its best operational capability. Scenario-based training will also occur so that each team member can maintain checklist proficiency and to review changes to the checklist should they be encountered. Finally, there is a current need to establish an alternate site at Justice should the MMOB Data Center encounter a catastrophic event that would prevent its usage. The IT Department will effectively plan for system restoration capability at the alternate site and perform a real-world fail over test to this location annually.

27 | P a g e