Question 1: Recovery strategy for hardware/software
The company, having realized their dependence on computer systems will have to put aside a plan they will follow if the system undergoes a disaster. Many systems that are available in the company include local area network (LAN), database servers, Internet and intranet, and e-mail. The potential loss will be enormous and there should be a contingency plan in place to ensure that normalcy is attained in the shortest time possible (Smith, & Salvendy, 2007).
i. Microsoft Access Database system
ii. ADP payroll processing software
iii. AutoCAD Lite software which is used for reading blueprint
iv. Bank of Maryland system (accessed externally)
v. BRASS - a system which is used for handling claims
vi. CAS – claims adjudication system
vii. CHS – System for checking eligibility
viii. Claims EDI – Electronic data interchange
ix. CRW – Customer relations workstation
x. Disease management - a system which is part of PHCS
xi. DRG Pricing – has over 65 w/o information that pertains Medicare
xii. EDIM – a system that is used for imaging
xiii. E-mail (MS Exchange) – system that is used for communication
xiv. Facets – used for pre-certification
xv. FileNet OCR – this is a database that uses Sybase that is used to store scanned documents.
xvi. First Money Mover – EDI with Maryland bank
xvii. Goldman Sachs FILM – an account that is used or investment
xviii. HRIS – system that is used for tracking the human resource
xix. KCMG – System that is used for security
xx. KMS –
xxi. SharePoint - Used for managing documents
xxii. MAS 90 – system that is used for managing accounting, financial and information
xxiii. MetraHealth – System that is used for managing Medicare claims and pricing
xxiv. Multiplan – secondary PPO with schedules for fee
xxv. Office products – spreadsheets and word processing software
xxvi. PCS – system for prescribing drugs
xxvii. PHS – Optimed - used for pre-certification
xxviii. QDI/OCR/Indexing – imaging system
xxix. Sales control – Marketing system
xxx. SAS -used for statistical computations and analysis
xxxi. TSO – security help desk
xxxii. Wachovia Dial-Up – EDI functions
xxxiii. Workflow routing – used for claiming routing
The plan I designed so that it caters for the recovery from a worst-case scenario where it I taken that the company will have its operating environment completely destroyed. The worst-case scenario also includes any non-data process that is found near the working station. Although the design is meant for the worst-case scenario, the plan has been designed to include even the mildest interruption.
Strategies for recovery
Standby OS
This strategy will provide an alternate system that will be running parallel to the original system. The alternate system is devoid of other applications and therefore lacks these because of the fact that it rids the need to install the OS from scratch. Effort will be directed at getting the data back and ensuring that normalcy is attained. This strategy can be used together with other systems that are used traditionally. The use f this method has been found to reduce the RTO. It is important to have a system, which is running in a remote location. In case there is a problem at the original site, normalcy will be arrived at fast. This is achievable through the use of cloud computing. It is important to put into consideration the fact that cloud computing is the ultimate solution that is available for data recovery strategies.
The only strategy that will be used for computer systems that are found in Maryland Bank is by use of offsite storage. This will be the strategy that will be used to recover computer processes, which are located and hosted in remote places. Items and computer systems, which are located locally, are expected not to be salvaged at all.
It will also be necessary to establish a data recovery site, which will be used to process computer information. The timeframe that will be required to process computer information is not as necessary as timeframe that is required to recover and establish a data center.
The applications, which are operating right now, should have a mirror application in some remote location. If damage is experienced in the data center, the mirror applications will be in use. This will reduce the time that will be required to bring everything to normalcy.
Justification
Storing data in the remote areas will help to access them when there is a breakdown and complete damage of facilities in the local location. Remote backup is recommended, as it is hard to have disasters in two locations at the same time. If there is a disaster in one location, it is expected that other places will be silent (Wolf, & Halter, 2005).
There is also the need to remotely store information so that the space can be utilized. Storing data in remote places will also help to improve security, as the data in remote places is safe in case the club experiences some physical insecurity. Remote backup options are found to be safe. Data growth will be an issue with the use of various information. Data backup and recovery can be easily achieved with the use of Web based applications. The data can be stored in remote servers and locations. With the upcoming of cloud computing, it is now possible to send backup data to remote places where their safety is assured.
Advantages of the strategy
One advantage of the use of this strategy is the fact that the RPO is greatly reduced. This is attributed to the fact that the processes were already mirrored remotely and will therefore take less effort to get back to track.
Disadvantages
One of the disadvantages of the strategy is when the network is not running optimally. There will be reported absence of service if the whole computer system is lost. Another issue is that there will be new expertise required to run the system. Another disadvantage is the fact that there is need to have a secondary facility that is used for the backup and will act as the backup system. This secondary facility is required to be running. This might prove to be expensive to the company as running two parallel systems is expensive.
One probable strategy that could have been chosen apart from this strategy is that of internal relocation. The strategy entails ensuring that the staff are relocated internally and that the PC is equipped in the training rooms. One downside of this strategy is the fact that the testing capabilities are limited. These include the scope, timing and the frequency. There is also the restacking in the recovery space which adds risks and brings with it additional costs to the internal operations. Another downside is that displacement brings with it disruption and the employees will not concentrate the way they could.
Question 2: Work area strategy
Recovery needs
There are the requirements that will have to suffice in the headquarter region. There will be the need to have business continuity for all the sites which are located in the headquarter region. Other sites which are far from the headquarter will have to take longer to be fully recovered. The RTO will be 4 days and beyond. The definitions for recovery are one hour defined for one mission, which is very critical. This will cover three business units. Other fours will be assigned for all the other processes (Adie, 2003).
Definitions of seats
The whole day will be defined for utmost three seats, which will be considered to be Hot Seats. The seats will be taken to be a desk, chair, wiring or phone. There will be the definition of one hour for hot seats, which will be dedicated for business units (Dernbach, 2002). There will be the dedication of for hours to Hot Seats, which will be shared between business units and other cases. There will be the assignment of four to five seats, which will be dedicated to Warm Seats (these are the desk, chair, and no-technology) and will be shared between the various units of business (Dube, & Gulati, 2005).
Internal owned and external site (vendor)
There will be no mandate that the organization will have to own their own building. The building and infrastructure that is defined are the security facilities, infrastructure, and the balance sheet. This is considered to be cheaper than other strategies. Consequently, it lacks in functionality, as there are no control and other features. For this reason, it will be hard to meet the requirements of the RTO by just using shared solutions.
Internal owned advantages and disadvantages
One of the advantages of this is the fact that there is flexibility, as the owners will have the freedom of doing it their own way. In this case, there will be one hour RTO that will be dedicated to business units, which are critical to the business. There will also be the requirement to have a right location. There will therefore be total control. When cost is considered, it is found out that there will be reduction in expenses up to at least two and half times the cost of the vendor (EC-Council, 2010).
In the current situation, there are 311 seats whereby 166 are meant for investment. The RTO is less than fours. In less than four hours, the 53 seats will be made available. In an RTO of 8 hours, 63 seats will be available. The PCs in less than four will be 42 while that of phones will be 53 hours (Hiatt, 2000). There will be support for 100 users making use of wireless platform. There are also offices which will need to be recovered which include copiers/printers/faxes and meeting rooms. All these will have to be recovered. Apart from this, there will be the recovery of technology rooms. These are NDC, PC Build out Rooms (Argevou, 2005).
The design of the room will matter a lot, as the space will determine the number of seats, which will be used. There will be at least 55000 square feet required for the new working environment so that it can accommodate at least 700 seats. The new working environment will not need to look like a corporate site and the users will be required to take this into consideration and not expect a corporate environment.
In all the effort, there should be focus on the requirements that are required for bringing the operations back to normal. In addition, there should be no overspending as there are other requirements that will be needed in the process and overspending at the beginning can lead to lack of funds to do other projects in the end. The infrastructure should be professional. The caution to take here is that the quality and the look should not be compromised in favor of cost. They should be scalable and flexible in accordance with the production design so that the end result is much the same as that of the production design. It will also require that the physical design of the infrastructure be robust (Goh, 2005).
In the process of looking for space, it is worth considering that senior managers will need offices. Given the current situation, there will be the need to have more meeting rooms so that the current impasse can be discussed (Toigo, 2000).
In conclusion, when taking into consideration the types of natural and fabricated threats that are found in the world today, it is very important that business continuity and disaster recovery should be considered. Before the implementers of recovery strategy work on a strategy, they should quantify and approve the requirements, which include the RTO and RPO. A good recovery strategy should be in tandem with these requirements. Without regard to the strategy that has been chosen, there are some basic components that need to be included and need to be addressed. These are the facility to be used, the connectivity of the working space, and the work area space. Although there are many strategies that need to be addressed, there is needed to look for the strategy that will address the business objective that is required. There should be diligence from the start so that the right components can be developed and implemented so as to provide effective recovery strategies for the business.
QUESTION 3 TEMPLATE
I believe that the legal department has offsite data storage of information and they therefore will take less time to regain the documentation for the legal issues that are taking place in the company.
Claims Dept.
I feel the claims department should use the least time possible to claim the loss; if insurance is involved, the less time the better.
References
Adie, C. (2003). Holistic disaster recovery: Ideas for building local sustainability after a natural disaster. NJ: DIANE Publishing.
Argevou, C. (2005). Recovery strategies for IT systems. Beijing: Springer.
Dernbach, J. (2002). Stumbling toward sustainability, Washington DC: Environmental Law institute.
Dube, D., & Gulati, V. (2005). Information system audit and assurance. Chicago: Tata McGraw-Hill Education.
EC-Council (2010). Disaster recovery. NY: Cengage Learning.
Goh, M. (2005). Developing recovery strategy for your business continuity plan. Florida: BCM Institute.
Hiatt, C. (2000). A primer for disaster recovery planning in an IT environment. NY: Idea Group Inc.
Hilty, L. (2008). Information Technology and sustainability, New York: Books on Demand.
Lamb, J. (2009). Disaster recovery and IT sustainability. NJ: Pearson education.
Slote, L. (1987). Handbook of disaster management. Baltimore: Wiley.
Smith, M. & G. Salvendy, (2007). Rebuilding systems. Vol.2, NY: Springer.
Toigo, J. (2000). Disaster recovery planning: Strategies for protecting critical information. London: Prentice Hall.
Wallace, M., & Webber, L. (2010). The disaster recovery handbook: A step-by-step plan to ensure business continuity and protect vital operations, facilities and assets. NY: AMACOM Div American Mngt Assn.
Wolf, C., & Halter, E. (2005). Data recovery. Washington DC: Apress.