IFSM 432 Phase 2 Draft Plan (Group) Assignment

This is the second assignment of the phased group activity. The objective is to develop a draft BC/DR Plan according to researched industry standards and best practices.

Please use the detailed template provided as a separate attachment as an outline. Each group will complete all components of the assignment by the due date indicated in the syllabus schedule. Since this is a draft, you may only have some preliminary data in several sections. This is fine with the expectations that you will be maturing these sections. However, please strive to arrive at some preliminary information for each section.

There are five primary (or high level) sections to this draft plan that is detailed in the rubric:

1) Section 12-16 Communications

Please complete all areas of the plan realizing that you will be maturing these sections as you proceed through the course. Always keep in mind the business scenario (OptiPress) and your group risk assessment exercise to complete the sections of the plan. You can tailor each of the sections as you deem appropriate.

Important: Because this is a draft plan, you need not provide graphics (i.e., charts, measures) or references. However, you do need to provide at least a preliminary outline of your flow diagrams for Section 14. These are not expected to be mature at this point, but there should be a basic set of diagrams provided. Any additional graphics, charts or measures you wish to provide should be included with your final product in phase 4.

Weekly conference discussions will highlight concepts related to incident-response handing, disaster-recovery planning, and business continuity planning and processes.

Please stay aligned to the sections. However, you may include a discussion of later technologies that may reside in the template. One example is section 11 – Emergency management standards. The Tape retention policies may be dated (or still appropriate for use). You can refresh this section as appropriate to address how OptiPress would address this policy.

  1. Please ensure that the draft plan incorporates the key elements identified in Phase 1 (except for graphs and references), complete with mitigation strategies demonstrating an understanding of course concepts, analysis, and critical thinking.
  2. Ensure that the draft plan contains response scenarios that align well with identified risks.
  3. Ensure that your paper is well organized and presented in a professional format.

Grading Rubric:

The following grading rubric applies:

BC – DR Plan Scenarios

Use the following scenarios (both) to evaluate the assigned BC-DR plan. Your assignment is to create a document that identifies the weaknesses and strengths of the plan and provides recommendations based on best practices (provide references). The document should have a cover page with the group names, the result of the exercise, and references, as appropriate.

Over the last three months, Anita Diamond has worked diligently to get BC and DR plans into place. The HQ plan is finished but not all the details are worked out for the operational data centers. Anita has decided to conduct a tabletop exercise designed to assess the effectiveness of what has been accomplished thus far. She chooses two scenarios to work through simultaneously.

Please perform a tabletop exercise on both scenarios as follows:

Scenario 1: In Philadelphia, PA – the data center has been partially damaged as a result of a flood that has breached the building and entered the main data center floor. No one was injured, but the water continues to pool into one corner of the mainframe room and, due to the weather forecast, threatens the entire floor housing the equipment. More flooding is expected over the next several days. Does the BC-DR Plan cover this scenario and address all aspects of what is necessary to contain and recovery operations?

Scenario 2: In Annapolis, MD – the manager for the server farm calls for assistance, when audit logs indicate there has been a breach of customer personally identifiable data (PII) on the server that holds the information for promotional products ordered through the Internet. Not knowing what else to do to ensure no additional data was breached, the manager yanked the power supply on the servers that supported this process and now the whole OptiPress Intranet/LAN seems down. Does the BC-DR plan address what to do if internal communications are lost? Does the BC-DRP address how to handle sensitive information during an event that may require investigative support as well as cause a full blown DR process to begin?

  1. Response Scenarios

Instructor note: Please refer to your group risk assessment assignment as a guide for completing this section.

In the event of a fill in with risk or the process area Note – keep it simple. For example. In the event of a fire….. or, In the event of a flood…..

In the event of a major catastrophe affecting facility, immediately notify the .




In the event of risk area









In the event of a risk area

In the event of a network service provider outage to any location, the guidelines and procedures in this section are to be followed.




In the event of a [risk area]

In the event of a flood or broken water pipe within any computing facilities, the guidelines and procedures in this section are to be followed.






In the event of a [risk area]

In the event of a flood or broken water pipe within any computing facilities, the guidelines and procedures in this section are to be followed.






  1. Plan review and maintenance

This plan must be reviewed semiannually and exercised on an annual basis. The test may be in the form of a walk-through, mock disaster, or component testing. Additionally, with the dynamic environment present within , it is important to review the listing of personnel and phone numbers contained within the plan regularly.

Instructor note: Please provide additional insights on the testing of this plan. Often scenarios are defined to be reviewed and tested.

The hard-copy version of the plan will be stored in a common location where it can be viewed by site personnel and the EMT and DRT. Electronic versions will be available via network resources as provided by IT. Each recovery team will have its own directory with change management limited to the recovery plan coordinator.

  1. Alert/Verification/Declaration phase (x-x hours)

Create a workflow diagram for each risk area based on the identified steps in your procedures and based on what needs to be done within the first X-X hours, including decision points in the workflow.

Instructor note: For the draft plan (phase 2), please provide a high-level set of flow diagrams, realizing that these diagrams will be matured (and may change) when you submit the final plan (phase 4). You will want these to match your risks identified in your group risk assessment assignment.

Plan checklists

Instructor Note: Develop a list of what you would need to have available to you in order to address each risk area. For example, if you are addressing a natural disaster, you would need floor diagrams for a building.

Risk or process area

Step Required data, forms, or other tools or information

Risk or process area

Step Required data, forms, or other tools or information

Risk or process area

Step Required data, forms, or other tools or information

  1. Notification of incident affecting the site

On-duty personnel responsibilities

If in-hours:

Upon observation or notification of a potentially serious situation during working hours at a system/facility, ensure that personnel on site have enacted standard emergency and evacuation procedures if appropriate and notify the EMT and DRT.

If outside hours:

IT personnel should contact the EMT and DRT.

Provide status to EMT and DRT

Contact EMT and/or DRT and provide the following information when any of the following conditions exist:

Instructor note: Please provide a list of information for contact purposes

  • Any problem at any system or location that would cause the above condition to be present or there is a certain indication that the above condition is about to occur.

The EMT will provide the following information:

Instructor note: The plan defaults to EMT and/or DRT but you can tailor this as you have defined your teams. If not change, that is fine.

  • Location of disaster
  • Type of disaster (e.g., fire, hurricane, flood)
  • Summarize the damage (e.g., minimal, heavy, total destruction)
  • Meeting location that is a safe distance from the disaster scene
  • An estimated time frame of when a damage assessment group can enter the facility (if possible)
  • The EMT will contact the respective market team leader and report that a disaster involving voice communications has taken place.

The EMT and/or DRT will contact the respective team leader and report that a disaster has taken place.

  1. Decide the course of action

Based on the information obtained, the EMT and/or DRT need to decide how to respond to the event: mobilize IT, repair/rebuild existing site (s) with location staff, or relocate to a new facility.

