Disaster Recovery Plan
Purpose
The purpose of this document is to establish policies which will safeguard the integrity of Atrieve services 24/7/365. It is mandatory that all executives and employees be familiar with this plan and that they understand that every disaster will be different and require a different response. The objective of this guide is to provide information to allow Senior Management to respond in an appropriate manner to a disaster. A copy of this guide has been distributed to each Senior Manager and is digitally stored in the PowerSchool central document repository.
Scope
This policy covers all employees, vendors, and contractors.
Applicability
This plan is applicable to all Atrieve employees including contractors and third-party users of Atrieve corporate assets.
Responsibility for Implementation
PowerSchool Cloud Operations or one of their designees, are responsible for the implementation of this Plan.
Process for Declaring a Disaster
Notifying Senior Management
The first employee who hears of a possible disaster must contact the first person on the list who can declare a disaster. If that person is not available the employee must work down the list quickly until they contact a senior manager.
Assessing the Situation
The senior manager must assess the impact that the situation may have on the normal operations of the business. If the situation is temporary, then only parts of this guide may be necessary. There is a chart giving possible interruptions with possible responses that may assist in making a decision.
However, it must be noted that not all emergency situations can be anticipated and therefore the senior manager must rely upon their judgment. Use the following table as a guideline for assessing the situation and before declaring a disaster.
|
Key Information to Consider |
Details |
|
Every critical system has a backup no less than 24 hours old stored in its alternate data center. |
If the problem can be resolved by restoring this critical backup it may not be necessary to declare a disaster. |
|
Critical Support and Engineering Staff are located remotely. Each location is immediately capable of taking over the critical functions of the other. |
All systems are remotely accessible by the required PowerSchool stakeholders. PowerSchool Hosting operations has the ability to re-route traffic if required. |
|
If service can be restored within 6 hours it is unlikely that declaring a disaster will restore services sooner and is likely to cause more downtime to restore normal operations. |
In these circumstances, follow the 4-stage Major Incident Playbook. |
|
Try to conference with as many senior managers as possible before declaring a disaster. |
Discuss options. |
Steps After Declaring a Disaster
Checklist
|
Summarized Tasks |
Assigned Role |
|
Contact key Managers, Employees and key Vendors to participate in war room. In war room, discuss course of action and assign tasks to gather more information about the disaster. |
Major Incident Manager Major Incident Team |
|
Send communications to all internal and external stakeholders of disaster |
Communicator |
|
Once full information on the severity of the disaster is identified, determine the course of action to take, based on restoration playbooks. |
Major Incident Team |
|
Contact the Key Managers and Employees and inform them of the course of action, the communication strategy and the message to be transmitted both internally and externally. |
Major Incident Manager |
|
Devise the communication strategy and the message to be transmitted both internally and externally. |
Communicator |
|
Contact and inform all staff of the situation. |
Communicator |
|
Contact impacted Customers. |
Communicator Major Incident Team |
|
Contact required Vendors. |
Major Incident Team |
|
Execute course of action. |
Major Incident Team |
|
Assign staff member(s) to answer all inquiries. |
Major Incident Manager |
|
Assign each Disaster Recovery Team member to organize their staff as to who will be working during the disaster and where they will work from. |
Major Incident Manager |
|
Upon conclusion, inform all internal and external stakeholders |
Communicator |
|
Create incident report |
Major Incident Manager |
|
Complete post incident review |
Major Incident Manager |
Types of Interruptions and Possible Responses
|
Types of Interruptions |
Possible Responses |
|
Total Destruction of Data Center |
|
|
Datacenter Power/Cooling/Network Failure < 1 day |
|
|
Datacenter Power/Cooling/Network Failure > 1 day |
|
|
Office Power/Cooling/Network Failure < 1 day |
Not applicable – all staff work from remote offices |
|
Office Power/Cooling/Network Failure > 1 day |
Not applicable – all staff work from remote offices |
|
Staff placed into Quarantine |
|
|
Need to evacuate DC / Office for < 1 day |
|
|
Need to evacuate DC / Office for > 1 day |
|
Alternate Office Site Requirements
Description
An alternate office site is a temporary site where all of the staff can work until either the office can be re-occupied, or a new permanent office is created. An alternate site should be up and running within 7 days of a disaster or less.
Physical Requirements
There are no physical requirements to setup a centralized office for the Distaster Recovery Team. The Atrieve hosting operations staff work from home offices across Canada and have the ability to communicate using various available technologies.
Communication Requirements
Internet access is essential for email communications and remote access to company and clients’ systems. The disaster recovery team has access to multiple providers’ communication tools, including Zoom, Teams, Skype and Slack so that communications can quickly be re-established. Alternatively cell phones can be used.
Hardware and Software Requirements
The primary emergency computing systems are corporate “owned” electronic devices (Laptops, Smart Phones etc.) via secure remote access to web-based systems. This equipment is distributed across the organization in home offices.
Emergency Vendor Contacts
Contact vendors as per the emergency contact list referenced in internal PowerSchool document.