© Minerva Software Limited 2000
Computer systems are used in a wide variety of businesses, ranging from those having their own experienced computer staff to small shops and offices with nobody formally trained to look after the system operations. Irrespective of whether the company is a huge multinational or a corner shop, to prevent minor problems turning into full scale disasters both need to prepare plans for when the computer system is unavailable.
These action plans form the basis of your company Contingency Plan. Drawing up and implementing the plans can be quite daunting and does require specific knowledege but you must do it properly and then you MUST test them.
This document is intended as a basic guide to what is involved in the process of drawing up plans for your company but obviously could not show every step required for every business type or specific processes or locations. Depending upon your own business complexity you may need outside expertise to produce a plan of sufficient coverage.
Limitation of liability
This document is provided as is and is provided free as guidance only. No warranty as to fitness or suitability is intended or implied. For assistance in creating specific plans and processes to protect your business please contact Minerva Software Limited.
The steps involved in devising a contingency plan can be broken down into logical steps. The most important first step is to ensure that the decision to draw up such a plan is taken at the highest level of the company, preferably at Board level. Recent statistics reveal that over half of the companies affected by a serious computer disaster have ceased trading within three years. The evidence of such worrying statistics must be brought home to senior management. More and more company auditors are insisting that full disaster recover plans be drawn up and TESTED before the auditors can accept that they are fulfilling their obligations under law.
This document will help you create your plan, based upon the way your own company works. No single plan could be used by every company, each one operates using it’s own processes and methodologies devised over a number of years. Each section in this document may highlight things you should consider carefully. They may seem minor in details but do have an enormous effect if ignored or overlooked.
1.1. What is Contingency Planning
Contingency Planning is the way a business plans to overcome any and all serious computer-related events that affect it’s ability to trade.
At its simplest a Contingency Plan is a written description of the steps that should be taken when the computer system is not available for 1 day, 1 week and prolonged unavailability. The plan should cover, but not be limited to, the following areas:
1.1.3. Computer Hardware / System
Once the decision has been taken, a team should be chosen and should include a senior representative of each department that uses the computer system. Each team member should know the outline of the overall plan, his own part in the plan together with that part of the plan covered by another member. The idea of sharing information is to prevent problems caused by members being absent. A senior person should be put in overall charge of the plan.
The next step should be an audit of all the computer operations showing if any operations are terminal or device dependent. This may show that a certain type of printer is required to do remittance advice slips, or that only a certain terminal can do specific operations. Any specific stationery requirements should also be noted so that spares can be stored away from the site.
Next produce a process time-line document which shows the running order and precedence of the applications. The actual days that programs are run, together with the duration of run must also be noted to give an idea of system usage and program interdependency. All programs should be cross-referenced to show which files they affect.
Any procedures used to backup data and programs should be examined, together with those procedures that restore the data. Check when they were last used or updated.
These steps will allow the user to draw up a list of critical operations and procedures.
The next step will be to define alternative actions that are to be undertaken when different interruptions occur. Interruptions can be broken down to such things as power failure, loss of a device, system fault or total disaster such as fire or flood. The stops involved obviously depend upon individual site requirements.
Break down these actions into short-term problems, i.e. a 2-hour power cut in the office when production lists need to be run or the payroll has to be produced. Every company has a different workload for its computers and staff. You have to decide the effect it could have on your business and plan recovery actions accordingly.
The next problem to be assessed should cover more serious actions such as a flood or fire in the office that prevents its use for several days. How can you prevent loss of production or loss of revenue? Consider the likelihood of such an event occurring and how you may recover from it. If your establishment is large it may be possible to locate the computers in another part of the building, providing of course that any network cables go to the temporary location.
The final set of problems cover events where a catastrophe occurs such as major fire or accident or loss of the entire computer system. It may be that under these circumstances that the only option is shutting the company down until the premises are rebuilt and sales and production are back to normal. Even under these trying circumstances you will still need access to your data to recover monies owed to you. How can you recover that data?
Having gone through the various steps involved in setting out your plan of action the next step is to test it. You must test it or you have no way of evaluating the effectiveness of your plans. To do the test correctly you are going to need access to another system and possibly an alternative site. If you are not covered by a full disaster recovery agreement that includes testing your plans, you may find that you can hire another system and site to perform your tests.
An alternative site should be capable of housing all staff needed for normal use plus the actual computer system. If you use telecommunications arrange for sufficient telephone lines to be available, together with a way or re-routing calls to the new site. The site itself should have sufficient power points, on a clean ring main, to enable all the devices to be installed without any long extension leads being trailed over the floor. Heating, lighting, ventilation and toilet facilities, adequate for the number of staff envisaged to be using the site, must be available. Canteen facilities must also be appropriate under the Shops, Offices and Railway Premises Act.
Once the alternative site is organised and the equipment is delivered the first operation is to install the operating system to match your existing system. You do still have the original system build disks; tapes and patches for it don’t you. Having restored the system and set up all the users and passwords you then need to restore your data to it. Does it have the same disk drive as yours so that you can perform a straight disk to disk copy? If the disks are of a difference size, are the standby system's disks big enough to hold all your applications and data? If you are using magnetic tapes, can the replacement machine read your tapes and does it have the capability to use the same density?
Now that the data is restored without error prove that you can still use all the devices in the same manner as on your own system. Test every screen, printer and modem etc before starting your system tests.
Use your normal command libraries and check the no errors are apparent. Beware that they may show up in different ways. Check the system log file for errors as well as any listing devices mentioned in the procedures.
Now that your tests have worked correctly it is time to consider what actions will be necessary to keep the plan to date.
In the normal course of events, there will always be staff changes, either promotions, departures or sickness/holidays. The prime consideration in keeping the plan current is to have at least one extra person capable of standing in for people who are not available for any reason. If any person assigned a particular responsibility leaves, that person must be replaced without delay and all copies of the printed plan must have amendment sheets inserted showing the new team members. The replacement member must be fully trained in his relevant responsibilities as soon as possible.
Any system or software changes must also be reflected in the plan. It is also recommended that all changes be tested on the standby machine as soon as is reasonable.
Keep all the notes made during any earlier test runs showing any possible areas of problems and all steps taken to produce a working system. It is no use relying upon memory as when the disaster does occur, you are going to be much too busy to recall all the minor amendments that made the system work perfectly last time.
One important step in planning for contingency operations is to reduce the chances of a disaster happening in the first place. Take a common sense approach to this step and ensure that the users are aware of potential dangers on their own site.
Have all fire extinguishers been regularly serviced and are they in easy reach of the computer
Are there any water pipes going over, through or under the computer room; if so can they be diverted?
Is it necessary or possible to restrict access to the computer system itself or to some of the more powerful system commands?
Are there sufficient power outlets or are double/treble adapters used for devices, which can lead to overloaded circuits and higher fire risk.
Have a separate PC, not connected to the network, running an anti-virus package to check floppy disks before they are allowed onto the network.
Keep the anti-virus software up-to-date. New viruses appear frequently and may not be found by older software.
Prevent the contamination of your system by computer viruses by prohibiting the use of personal floppy disks from unknown sources.
Remember – it is easy to reconstruct your Purchase Ledger, your Suppliers will rush to tell you how much you owe them. Now consider the Sales Ledger. A lot of your Customers pay on the monthly statement so if it is not produced on time…
Remember – Laser printers cannot use self-duplicating or carbon paper
Remember – Just because you have copy of your data does not necessarily mean it will do you any good. If the application that produces and uses it has been modified from the original it may be that the current version of the application cannot use your data.
Remember – How long did it take you to get the computer system set up and working the way you want it to, not the way the installers thought you wanted it to work.
Remember – Most businesses have mailing lists, customer lists and other items of information stored on their computer, but not all of it is a part of the regular applications e.g. that route planning utility. It is of little use holding copies of data files if the programs cannot be recovered.
Remember – Not all your data may be stored where you think it is. Lots of small but critical programs may have been written on somebody’s computer that may not be backed up.
Remember – The system manager should decide the priority of applications based on importance to business survival, not the user who thinks theirs is the most important work.
| Contingency Planning – Current equipment list |
| System Unit |
Model |
Memory |
Processor |
Disk Size(s) |
Operating System |
O/S Version & Patch level |
IP Address |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Terminals |
Model |
Memory |
Processor |
Disk Size |
Operating System |
O/S Version & Patch level |
IP Address |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Printers / Others |
Model |
Memory |
Type |
Location |
Network Name |
|
IP Address |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Contingency Planning – User and Application List |
| User |
Location |
Application |
Priority |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
© Test Team Limited 2000