DISASTER RECOVERY & BUSINESS CONTINUITY by HC120831001657

VIEWS: 24 PAGES: 18

									CDP - Voted Best Print Manager for 2007!




74 – 82 Rose Lane           Unit 1, Tomo Industrial Estate
Mossley Hill                Packet Boat Lane, Cowley
Liverpool                   Uxbridge, Middlesex
L18 8EE                     UB8 2JP
Tel: 0151 724 7000          Tel: 01895 462462



                 Disaster Recovery

                        &

                Business Continuity
                   DISASTER RECOVERY & BUSINESS CONTINUITY

Please Note – it is CDP’s aim to avoid any emergency delivery requirements. This is
achieved by utilising the DemandBridge® System to manage a clients stock and also to
forecast future manufacturing schedules allowing for seasonal trends. This also
eliminates any stock-out’s and unnecessary wastage for all of our clients. This has
proven to work with our clients and keeps good communication avenues open, a key to
any successful relationship.

Disaster recovery can be assured by again utilising the DemandBridge® System to split
stock between our warehouses, - many of our Trade only Manufacturers allow us to
store small quantities of Stock solely for this purpose. We can identify locations and
volumes by using the DemandBridge® System.

Business Continuity Management

CDP Print Management is committed to safeguarding the interests of all stakeholders in
the event of an emergency or significant business disruption.

     o Key Personnel
The Business Continuity Manager of CDP is the Managing Director and he will ensure
systems are in place to provide effective response and reaction to a disaster that may
cause severe disruption to business processes.

To ensure full resource management, the Business Continuity Manager has a deputy,
CDP Finance Director, who can manage the situation should the Managing Director be
unavailable.

At the Uxbridge site the Business Continuity Manager is the Southern Sales Director. He
also has a deputy, Uxbridge Office Manager, to cover in case he is unavailable.

     o Overview
The main goals of the BCM process are to ensure continuity of critical business
functions and of customer service.

1. The BCM process has been designed to develop, implement and maintain a Business
Continuity Management process and plan(s) to:

      identify the impact of loss or disruption to the business and the potential
       exposures which may be present
      develop, maintain and test suitable business recovery planning for the business
      regularly review the continuity requirements and planning to ensure that it reflects
       the needs of the business

2. The BCM process addresses the following:

      Staff safety, welfare and internal communications
      Resumption of critical business functions
      Meeting contractual obligations
      Management of risk
      Maintenance of client confidence and the reputation of the business (via external
       communications)

3. All applicable legal or regulatory requirements must be complied with in addition to the
internal requirements

Current Plans

   o Insurance
   A full insurance policy covering loss of profits and our stock

   Normal Business Insurance covering clients with an indemnity value of £10,000,000

   o Logistics
   To ensure continuity, CDP operate from 2 offices: Liverpool & Uxbridge.

   CDP have 3 warehouses between which the distribution & storage of certain client
   business critical items are stored (backup stocks)

   To facilitate a complete disaster recovery situation, CDP also store specific client
   items at various supplier warehouses.

   CDP has its own delivery vehicles plus have contracts with 2 national carriers who
   operate between all sites.

   o IT
   Both offices run 2 independent networks and the main Business Application Linux
   server in Liverpool is backed up nightly to 3 separate areas:
      1. Tape backup which is stored in a fireproof safe, the tape back up is taken off
      site
      2. A windows Server at Liverpool
      3. A separate disaster recovery Unix server at our Cowley office.

   The Business Application server has an image library for additional crucial document
   storage.

   Both offices have full internet connectivity and in the event of complete disaster at
   Liverpool any user in the company can switch to use of the disaster server at Cowley
   and the separate warehouses allow for backup stocks of any crucial items.

   Should an office be affected by a disaster, their system is fully operational at the
   other office for continuity of services.

   Internet connections are monitored by an external company to allow for 24/7 running
   with emergency contact to the Managing Director.

     Crucial email systems are maintained via 3rd party hosted Exchange systems giving
full resilience.
As with all high level systems, CDP’s DemandBridge® is fully protected by various
firewalls and password entry at all locations.

We are registered for Data Protection with the Information Commissioner

CDP’s DemandBridge® system has complete recovery due to the fact that there are
3 separate mainframes situated in secure locations in the USA. These sites can be
accessed by the BCM team should both CDP offices be affected by a disaster.

In addition to the above, CDP have 12 lap top computers at different locations which
have access to these external sites so as to facilitate business continuity.

CDP also have a structure for mobile phone (Blackberry) communications should
both offices be affected.

 o Supplier Management
All CDP key suppliers have documented Business Continuity Plans to ensure that
should disruption occur, they have procedures in place for swift and seamless
recovery.

A key part of CDP’s BCM system is that for all services and products supplied CDP
will always ensure that there are 2 further suppliers capable of supplying the same
product, service and price.

With key suppliers, CDP have arrangements for CDP staff to operate from their
premises should a CDP office be out of use for a period of time.

All key suppliers, and 100% of mailing houses and data companies, have signed
Confidentiality Agreements with CDP. This ensures complete security of business
sensitive data and processes.

  o Knowledge Management
To back up the existing systems, at the KM (Knowledge Management) level, at all
times more than 1 person is involved and has knowledge of all client orders and
requirements.

In addition to the above, at the KM level CDP have duplicate skills between both
offices to back up the client service proposal.

    o Current Experiences

As with all BCM plans, they are subject to actual real life disasters to fully appreciate
their resilience.
CDP in the past have experienced the following incidents and the severity and
variety of these disasters has helped develop our current plans

     Fire at a production site – resulting in the total loss of £100,000+ of client stock
      and use of a warehouse. All client requirements were met through switching
      supply base to two similar suppliers plus the utilisation of additional warehouses.
   Loss of staff – key staff have not been available for long periods of times without
    any notice due to accident or death. Services have been maintained as a result
    of the plan to ensure that a minimum of 2 staff are involved in all functions.
   Explosion – resulting in loss of use of main offices – services maintained due to
    additional office connectivity.
   Loss of telephone lines – this has occurred in the past at both offices and
    services were maintained by re-routing calls immediately to another office.
                      BUSINESS CONTINUITY MANAGEMENT

CDP Print Management is committed to safeguarding the interests of all stakeholders
in the event of an emergency or significant business disruption.

             o      Key Personnel
The Business Continuity Manager of CDP is the Managing Director and he will ensure
systems are in place to provide effective response and reaction to a disaster that
may cause severe disruption to business processes.

To ensure full resource management, the Business Continuity Manager has a deputy,
CDP Finance Director, who can manage the situation should the Managing Director
be unavailable.

At the Uxbridge site the Business Continuity Manager is the Southern Sales Director.
He also has a deputy, Uxbridge Office Manager, to cover in case he is unavailable.

              o       Overview
The main goals of the BCM process are to ensure continuity of critical business
functions and of customer service.

1. The BCM process has been designed to develop, implement and maintain a
Business Continuity Management process and plan(s) to:

              identify the impact of loss or disruption to the business and the
       potential exposures which may be present
              develop, maintain and test suitable business recovery planning for the
       business
              regularly review the continuity requirements and planning to ensure
       that it reflects the needs of the business

2. The BCM process addresses the following:

             Staff safety, welfare and internal communications
             Resumption of critical business functions
             Meeting contractual obligations
             Management of risk
             Maintenance of client confidence and the reputation of the business
       (via external communications)

3. All applicable legal or regulatory requirements must be complied with in addition
to the internal requirements

Current Plans

               o       Insurance
A full insurance policy covering loss of profits and our stock

Normal Business Insurance covering clients with an indemnity value of £10,000,000
             o       Logistics
To ensure continuity, CDP operate from 2 offices: Liverpool & Uxbridge.

   CDP have 3 warehouses between which the distribution & storage of certain client
   business critical items are stored (backup stocks)

   To facilitate a complete disaster recovery situation, CDP also store specific client
   items at various supplier warehouses.

   CDP has its own delivery vehicles plus have contracts with 2 national carriers who
   operate between all sites.

               o      IT
    Both offices run 2 independent networks and the main Business Application Linux
    server in Liverpool is backed up nightly to 3 separate areas:
1. Tape backup which is stored in a fireproof safe, the tape back up is taken off site
2. A windows Server at Liverpool
3. A separate disaster recovery Unix server at our Cowley office.

The Business Application server has an image library for additional crucial document
storage.

   Both offices have full internet connectivity and in the event of complete disaster
   at Liverpool any user in the company can switch to use of the disaster server at
   Cowley and the separate warehouses allow for backup stocks of any crucial
   items.

   Should an office be affected by a disaster, their system is fully operational at the
   other office for continuity of services.

   Internet connections are monitored by an external company to allow for 24/7
   running with emergency contact to the Managing Director.

Crucial email systems are maintained via 3rd party hosted Exchange systems giving
full resilience.

   As with all high level systems, CDP’s Demand Bridge is fully protected by various
   firewalls and password entry at all locations.

We are registered for Data Protection with the Information Commissioner

   CDP’s Demand Bridge system has complete recovery due to the fact that there
   are 3 separate mainframes situated in secure locations in the USA. These sites
   can be accessed by the BCM team should both CDP offices be affected by a
   disaster.

   In addition to the above, CDP have 12 lap top computers at different locations
   which have access to these external sites so as to facilitate business continuity.

   CDP also have a structure for mobile phone (Blackberry) communications should
   both offices be affected.
          o      Supplier Management
All CDP key suppliers have documented Business Continuity Plans to ensure that
should disruption occur, they have procedures in place swift and seamless
recovery.

A key part of CDP’s BCM system is that for all services and products supplied CDP
will always ensure that there are 2 further suppliers capable of supplying the
same product, service and price.

With key suppliers, CDP have arrangements for CDP staff to operate from their
premises should a CDP office be out of use for a period of time.

All key suppliers, and 100% of mailing houses and data companies, have signed
Confidentiality Agreements with CDP. This ensures complete security of business
sensitive data and processes.

For examples of supplier BCM please see Appendix 1 / 2 / 3 / 4 / 5 / 6 below.

          o      Knowledge Management
To back up the existing systems, at the KM (Knowledge Management) level, at all
times more than 1 person is involved and has knowledge of all client orders and
requirements.

In addition to the above, at the KM level CDP have duplicate skills between both
offices to back up the client service proposal.

          o      Current Experiences

As with all BCM plans, they are subject to actual real life disasters to fully
appreciate their resilience.
CDP in the past have experienced the following incidents and the severity and
variety of these disasters has helped develop our current plans

          Fire at a production site – resulting in the total loss of £100,000+ of
   client stock and use of a warehouse. All client requirements were met through
   switching supply base to two similar suppliers plus the utilisation of additional
   warehouses.
          Loss of staff – key staff have been not been available for long periods
   of times without any notice due to accident or death. Services have been
   maintained as a result of the plan to ensure that a minimum of 2 staff are
   involved in all functions.
          Explosion – resulting in loss of use of main offices – services
   maintained due to additional office connectivity.
          Loss of telephone lines – this has occurred in the past at both offices
   and services were maintained by re-routing calls immediately to other office.
Appendix 1

Supplier: Business Forms
Subject: Disaster Recovery & Business Continuity


I have pleasure in enclosing our current Disaster/Continuity Plan 2009

           CDP currently runs two separate sites at Liverpool & London
           Copies of the DR Plan are held in both sites and an additional copy is
          held off site
           The DR Plan consists of an organisation chart, employee details, phone
          numbers & next of kin details. IT & systems/server information, back up
          procedures. Copies of key contact details ie; IT system engineers,
          insurance details, major customers, company details if out sourcing work.
          First Aid information & trained staff. Physical Asset Inventory including
          serial numbers [if applicable] of machinery & computers also including
          details of who to contact for service/replacement. Supplier details. Power
          supply areas/instructions.

       IT
       Maintenance/back up assistance is supplied by two separate companies.
       The standard & estimating server have a back up server and data is backed
       up nightly off site.
       The security of the system is fully protected by fire wall anti virus systems.

       OFFICE
       The company is located over two sites, therefore we have suitable re location
       space.
       Offices could commence operations within 24hrs.

       EMPLOYEE
       All personal information is listed, home telephone numbers, next of kin details
       & their chosen contact numbers [reviewed quarterly]

       TELEPHONE
       Customers will be e mailed with emergency/new company contact numbers
       within 24hrs.

       REPRO
       Back up nightly off site.
       Plates to be made at similar company to ensure continuity.

       MACHINERY
       The company is located in two separate sites, both with suitable presses.
       Consequently we would be able to continue to produce stationery at either
       location.

       INSURANCE
       We are covered for all areas including stock, machinery, goods in transit &
       public/employers liability.
GENERAL:
           All CDP data kept for 3 yrs
           Artwork is securely stored on our own server
           The % of business we would be able to accept would depend on
     the extent of the disaster
           Our insurance does cover CDP stock
           We would be willing to assist CDP should a disaster occur at a
     CDP site
Appendix 2

Supplier: Manufacture
Subject: Disaster Recovery & Business Continuity – Manufacturing Process

This contingency, is designed to cover CDP Print Management in case of a major
disaster that eliminates the manufacturing capacity in its present location.

The plan consists of two elements, both of which are designed to maintain CDP
principal customers continuity of supply.

ELEMENT ONE

CDP’s supplier base provides the company with access to manufacturing capacity in
numerous plants throughout Europe and in particular, one plant that is situated
within half a mile distance in the UK.
This means that priority work could be transferred quickly and efficiently to nearby
companies and the least pressing work to plants across Europe.
In addition to this, an agreement has been reached with some of these companies,
for the immediate transfer of skilled staff. This would enable either plant to utilise
the extra skills to increase production by the introduction of continental shifts.


ELEMENT TWO

Element two of the plan is designed to run in conjunction with element one.
In the event of a major disaster, it would be assumed that production would not be
possible due to the scale of the damage.
To counter-act this eventuality, CDP would switch production to a finished goods
warehouse that is situated a safe distance from the production building.
This building has all of the necessary infrastructure to support the manufacture and
any surviving machinery from the production plant could be rapidly brought on line.
Finally our geographical position means that we are part of two large industrial
estates that have an abundance of warehousing space to call upon.
Appendix 3

Supplier: Envelope Manufacture
Subject: Disaster Recovery & Business Continuity - IT


Objectives
         - Set up replacement emergency network hardware.
         - Configure network connections
         - Establish incoming and outgoing email connections.
         - Restore data to stand by server as prior to disaster
         - Organise external and internal telecommunications and ADSL link.
         - Set up networked pc’s to continue the processing of sales orders,
         purchase orders, quotes, work orders and access to all accounting data.

Contingency plan for major disasters

          A. Detection and Reaction.
               i.Contact Emergency Management Team.
                        i.David Sears
                       ii.John Jackson
                      iii.Mark Sears
                     iv.Stuart Bromley
                       v.Ian Walmsley
                     vi.Trevor Whittaker
                     vii.Martyn Salt
                    viii.David Parker
                     ix.Richard Lucas
                       x.Lindsay McDonnell
                     xi.Graham Black
                     xii.Stephen Holmes
                    xiii.John Sears

               ii.Establish emergency control centre
              iii.Establish remote office location. Depending on severity and
                  circumstances this will be either set up at:-
                         i.Rescue House
                        ii.XXXXX Envelopes Ltd
                       iii.Manufacturing Co. Ltd
              iv.Contact Telecom’s company to organise internal, external and
                  ADSL line. Contact is: -
             xxxxx


          B. Begin disaster recovery team operations.
               i.Gather first level hardware.
                       i.Backup server, located at Address 1
                      ii.Remote backup tape taken by Stephen Holmes.
                     iii.Backup Router located at Address 1.
                     iv.Amass local area users’ laptops for network       ready
                         machines.
                      v.Purchase extra required hardware: -
                             1.   Cat 5 ethernet cable reel.
                             2.   Pack of RJ45 connectors.
                             3.   Tanberg SDLT220 tape unit.
                             4.   24 Port Switches, Netgear F5S720T
                             5.   HP Laserjet 4200N
                             6.   Cisco PIX Firewall

              ii.Electrical team to examine power requirements and prepare power
                 basis for the IT network.

             iii.Configure hardware and restore software.
                       i.Restore previous nights backup tape.
                      ii.Make up required number of Ethernet cables for emergency
                         network.
                     iii.Connect up server, switch, pc’s and printer to the network.
                     iv.Update laptops desktops and install software from the
                         network for specific users requirements, depending on
                         department.
                      v.Configure firewall and ADSL Router for Internet and email
                         safe external connection.
                     vi.Test working network processing and communications.
                    vii.Users to catch up data entry from time lag of remote tape
                         back up to the time of the disaster.

         C. Prepare mid term recovery plan and forecast.
               i.Emergency Management team to prepare plan.
              ii.Replace hardware. Suppliers.
             iii.Replacement Software suppliers and software support.
                       i.Isis Software
                      ISIS Distribution Ltd
                      8 Ranmore Road
                      Dorking
                      Surrey
                      RH4 1HA
                      Tel: 01306 740525
                      Fax: 01306 740515
                      ii.SageCover
                         Serial number xxxxx
                         Sage UK Ltd
                         Benton Park Road
                         Newcastle Upon Tyne
                         NE7 7LZ
                         Support Line Tel. 01912550602

         D. Spring Valley
               i.Spring Valley has it’s own hardware and software procedures.
              ii.Hardware support is run by Granthams,
             iii.Backup system is a nightly tape backup of networked data, with
                 remote storage of tape.


Standard Procedures for facilitating Contingency Plan.
A. Protecting network security.
      a. Secure password structure policy for all networked users, with
      frequent changes. Copy of complete password list, including the
      Administrator password, is held remotely and in the Accounts
      department fireproof safe.
      b. Nightly update of anti virus signatures.
      c. Monitoring and updating attack signatures of installed firewall.
      d. Secure restricted VPN access for remote users.
      e. Scheduled nightly virus sweep.
B. Hardware redundancy.
      a. Backup      Windows    2000    and    exchange   2000      server,
      preconfigured with a monthly dump of data, stored off site.
      b. Backup pc to hotswap on single machine failure.
C. Standard Backup Procedures
      a. Daily full network backup. Previous nights backup being held
      off-site, store of backups, stored in fireproof safe, in accounts
      department.
      b. Monthly backup stored off-site.
      c. Annual backup tape stored off-site.
D. Hardware and Software Maintenance.
      a. Weekly defragmentation and disk scan of PCs.
      b. Regular patch checking on software.
      c. Server room air-conditioned to retain temperature at optimal
      18˚C.
      d. Servers all powered through UPSs
Appendix 4

Supplier: B1, B2, & Digital Printer
Subject: Disaster Recovery & Business Continuity – IT & Manufacturing

IT
Onsite IT manager and back up support when necessary from Evertech Solutions.
IT personnel have MCSE/Cisco training accreditations
Legato backup for prepress systems
Retrospect backup for PC systems.

Backup firstly to hard disc then to tape.

Tapes are kept in fire proof safes, plus copies taken off site each night.

Cisco PIX firewalls, Websense intrusion detection.

Data is processed/stored on a dedicated windows domain. A

Access is controlled via Group Policy. Only IT Manager and two DP operatives have
full access, read only access is granted for laser ops.

Manufacturing
Our business is spread over 5 separate sites and our operations would not be
impaired by the loss of any one facility

As an example: We had a major fire in our IT/comms room in 2002 and we were
fully operational within 2 hours, routing all work through another site. This resulted
in a 99% immediate production restoration.

As a full print services group we would be able to offer our complete range of
services to cover any problems you might have in the short term which
implementing your own BCM plan

Data
Data is kept on the server until it has been lasered, a copy if requested would be
returned to the client.

The Monday-Friday tapes are recycled every 4 weeks.

With Weekend backup tapes recycled every 12 weeks.

Therefore the maximum time would be 12 weeks after completion of the work.

We are registered for Data Protection with the Information Commissioner

ARTWORK
Artwork is stored on a San Data Director, this offers full redundancy in case of hard
disc failure.

Every evening a further backup off the San is taken to tape.
When the job is finished it is backed up to permanent tape, then removed from the
San.

We could keep tapes indefinitely if requested. Most data is kept for 5 years unless
directed otherwise by clients.

INSURANCE
We maintain a full commercial insurance programme on a Commercial "All Risks"
basis for Material Damage and Business Interruption risks. Additionally, a specialist
Computer policy is in place for our hardware plus Reinstatement of Data and
Increased Cost of Working.
Appendix 5

Supplier: Mailing House & Digital Printer
Subject: Disaster Recovery & Business Continuity - Backup Hardware and
Procedures

Backups/ server down time

Daily backups are produced using a tape drive.
Each backup contains all the information stored on the server’s hard disk array.
On the Friday of each week a weekly backup is created.
The weekly back-up are held on-site in a fire proof safe, whilst the daily backups are
securely held off site. These tapes contain an exact duplicate of the server’s hard
disk memory.

CDP Print Management also employs the services of an external company who
support all the hardware at 24/7, as part of our agreement contract.
They have also agreed to hold on their site a clone server (created using ghost
software). This will guarantee, in the event of a server break, the installation of a
new server within the twenty four hour agreement.
The external company technicians are qualified and hold PhD’s in Computer Science.
To test the system, this breakdown procedure was evoked this year without any prior
notification to the company. The second server was operational within hours.
It is programmed to test again in September 2008

We also keep a copy of the server’s hard disk array on an external hard disk. The
hard disk is portable and can be installed and attached to any PC via plug and play.
This will give immediate access to the relevant files.
This hard disk is password protected under a 64 bit encryption.

Software providers

We use such software as Cygnus. This software is widely used in our sector and is
mirrored by our contingency partners. This ensures compliance on our mutually
agreed disaster recovery plan...

PreS is the second software provider we use. This again is mirrored by our
contingency partners. The software we use is not only supported by the personnel in
the data department, but also as the added value of external support from the
providers. This ensures we have the ability to offer a wide wingspan of possibilities
for our customers.
Appendix 6

Supplier: Mailing House & Digital Printer
Subject: Disaster Recovery & Business Continuity – Site Security

CDP Print Managements measures of security necessary to protect all internal
supplies and machinery are crucial.
We have taken many steps to ensure we identify how we can protect ourselves from
any outside influences etc.
The following measures are
               Chubb security are our main key holder (this gives us 24/7 attendance
        to site on any alarm activation within the average attendance record of
        7mins)
               If two sensors are activated anywhere in the building police presence
        is made. (this is additional to normal alarm system installation and requires
        certified sensors for the compliance)
               The system is controlled through a telephone line connection point.
        (This system is called red care, and is monitored via a pulse sent down the
        phone line system.)
               The external outer walls are protected by 2 meter high 1” plate steel,
        with vibration sensors attached to them. (If the plates were in anyway
        tampered with or hit in anyway the sensors would automatically activate the
        alarm system.)
               The shop floor is protected on both levels by movement sensors and
        beam barriers.
               The two fire escape doors at the rear of the building are protected by
        solid wood doors, covering roller shutter doors and both sensors and beam
        barrier protection.
               There are movement sensors positioned on all the internal walls 3ft
        from the roof to protect any unauthorized entry from this point.
               All lower floor windows and doors are protected with metal roller
        shutter covers and triple alarm sensors.
               The upper floor windows are protected by steel bar grills and vibration
        bars across each window.
               The front door stock door is scissor galvanized steel and protected by
        the sensors on the door and a 1 meter internal break beam across both walls.
               The front access door is protected by a 3” solid wood door with sensor
        activation. The door is then accessed by a coded keypad. The door is then
        locked with Chubb brass three point locks. The door is then protected by an
        external safety steel cover which is bolted and locked with two pad locks
        capable of withstanding 300 pounds psi of pressure.
                The system is protected by internal battery backup in the case of any
        power cut, with automatic trigger if the battery fails.
               The system is serviced on a six monthly service plan with Chubb. This
        is covered as part of our contract with them.
               The internal stock insurance at XXXXX is valued at £750,000 pounds.
                We are insured for plant and machinery to the value of £1,500,000.

								
To top