r>
ADAMS STATE COLLEGE COMPUTING SERVICES DEPARTMENT INFORMATION TECHNOLOGY DISASTER RECOVERY PLAN





ADAMS STATE COLLEGE

COMPUTING SERVICES DEPARTMENT





INFORMATION TECHNOLOGY
DISASTER RECOVERY PLAN













Prepared Date:

30 June 2006

Revision Date:

Rev 1: 2 October 2006




ASC
IT Disaster Recovery Plan

Document Change Page



Revision
Prepared Date
Approved Date
Reason for Change
Original
30 June 2006

Draft IT Disaster Recovery Plan for Cabinet Review
Revision 1
2 October 2006

Final IT DR Plan for Cabinet Approval


































2



Adams State College
Information Technology (IT)
Disaster Recovery Plan

Table of Contents

Section

1.0

Introduction.....4

2.0

Objectives....4

3.0

Scope.......4

4.0

Assumptions5

5.0

Definitions.......6

6.0

General Disaster Response and Recovery Guidelines....6

7.0 IT Risk Assessment
7.1 Level 1 Computing Services Building and Central Computer Room..7
7.2 Level 2 ASC Telecommunications12
7.3 Level 2 911 Emergency Services...16
7.4 Level 2 Network Services..18
7.5 Level 2 Cable Plant... 22
7.6 Level 3 File and Print Services..23
7.7 Level 3 Enterprise Resource Planning Services (Banner).....25
7.8 Level 3 Email Services..29
7.9 Level 3 Web Services35
7.10 Level 3 Campus Card Services....37
7.11 Level 3 Residential Network Computing Services (Resnet)...39
7.12 Level 3 Academic Instructional Technology Classrooms.......40
7.13 Level 3 Student Computer Laboratory Services.........................................42

8.0 Maintenance of the IT Disaster Recovery Plan.44

9.0 Attachments

Attachment A ASC Computing Services Contact List
Attachment B ASC Campus Contact List
Attachment C Vendor Contact Information

3 Attachment D Equipment and Software Inventory
Attachment E Disaster Recovery Action Items & Improvement Recommendations


1.0 INTRODUCTION

Adams State College (ASC) is a four year, Colorado, public college which, by statue,
offers undergraduate Liberal Arts and Sciences, Teacher Preparation, and
Business degree programs; a limited number of masters level programs; and two year
transfer programs with a community college role and mission. Over time, Information
Technology (IT) services have become critical to performing the educational mission of
the college. As a result of this ever-increasing reliance on technology, IT services require
a comprehensive Disaster Recovery Plan to assure these services can be re-established
quickly and completely in event of a disaster.

This Plan summarizes the results of a comprehensive risk analysis conducted for all IT
services; it provides general steps that will be taken in event of a disaster to restore IT
functions; and it provides recommendations for hardening of the IT infrastructure that
require executive-level management approval and additional funding to implement.


2.0 OBJECTIVES
The primary objective of this Disaster Recovery Plan is to help ensure college business
continuity by providing the ability to successfully recover computer services in the event
of a disaster.
Specific goals of this plan relative to an emergency include:

Detailing a general course of action to follow in the event of a disaster,

Minimizing confusion, errors, and expense to the college, and

Implementing a quick and complete recovery of services.

Secondary objectives of this Plan are:

Reducing risks of loss of services,

Providing ongoing protection of institutional assets, and

Ensuring the continued viability of this plan.


3.0 SCOPE
This plan will only address the recovery of systems under the direct control of the
Computing Services Department that are considered critical for business continuity.
Also, given the uncertain impact of a given incident or disaster, it is not the intent of this
document to provide specific recovery instructions for every system. Rather, this

4 document will outline a general recovery process which will lead to development of
specific responses to any given incident or disaster.

Three levels of risk, based on severity to campus operations, have been identified. A
Level 1 risk is associated with the Computer Services building and central computer
room which house the campus servers, router, PBX and serves as the primary hub for
campus electronic and voice communications and connectivity. A Level 2 risk is
associated with the campus network infrastructure and the telephone public exchange
(PBX). The final risk level, Level 3, is associated with risks specific to unique
applications or functionality. Though risk at all levels must be addressed for disaster
recovery purposes, Level 1 risks will be given increased priority over other levels.. The
same holds true for Level 2 versus Level 3 risks. The following major service areas are
addressed in this plan:


Level 1 - Computing Services Building & Central Computer Room

Level 2 - Central Telephone Services

Level 2 - 911 Emergency Services

Level 2 - Network Infrastructure and Services

Level 2 - Cable Plant

Level 3 - File & Print Services

Level 3 - ERP Services (Banner)

Level 3 - Email Services

Level 3 - Web Services

Level 3 - Campus Card Services (1card)

Level 3 - Student Residential Network Computing Services (RESNET)

Level 3 - Technology Enhanced Classroom Support

Level 3 - Student Computer Lab Services

NOTE: All systems that are both necessary for the daily operations of ASC and the responsibility of the
Computing Services Department are maintained under service contracts with the appropriate equipment
vendors.


4.0 ASSUMPTIONS

This disaster recovery plan is based on the following assumptions:

The safety of students, staff, and faculty is of paramount; the safeguard of such will
supersede concerns specific to hardware, software, and other recovery needs.

Once an incident covered by this plan has been declared a disaster, the
appropriate priority will be given to the recovery effort and the resources and
support required as outlined in this IT Disaster Recovery Plan will be made
available.

Depending on the severity of the disaster, other departments/divisions on campus may
be required to modify their operations to accommodate changes in system
performance, computer availability and physical location until a full recovery has

5 been completed. The ASC Cabinet will encourage campus departments to have
contingency or business continuity plans for their operations, which include operating
without IT systems for an extended period of time.

5.0 DEFINITIONS

The following definitions pertain to their use in this IT Disaster Recovery Plan:

Backup/Recovery Tapes: Copies of all software and data located on the central servers,
which are used to return the servers to a state of readiness and operation that existed
shortly prior to the incident/disaster.
Disaster: A significant or unusual incident that has long-term implications to business
continuity and the ongoing operations of ASC.
Incident: An event which impacts a specific IT service or server.

Level 1 Risk: Risk associated with the most critical IT services/capabilities, based upon
impact to the campus if the service or capability were lost.

Level 2 Risk: Risk associated with critical IT services/capabilities, based upon impact to
the campus if the service or capability were lost.

Level 3 Risk: Risk associated with the loss of selected applications/functionality.


.
6.0 GENERAL DISASTER RESPONSE & RECOVERY GUIDELINES

1. In the event of a disaster, the CIO will notify the three primary IT Disaster Recovery
Teams; network, administrative and telecommunications (see Appendix A, IT Disaster
Recovery Teams).

2. Appropriate steps will be taken to safeguard personnel and minimize damage to any
related equipment and/or software.

3. A damage assessment will be conducted by each team and recommendations made to the CIO
for recovery of impacted services.
4. Individuals required to assist in recovery of these services will be identified. The CIO will
communicate this need to the VP for Finance & Administration (see Appendix B, ASC Campus
Contact List).
5. The campus will be informed as to IT system degradation and restrictions on IT usage and/or
availability.
6. The CIO will develop an overall IT recovery plan and schedule, focusing on highest priorities
of the campus infrastructure, first, as defined by the Cabinet.

6 7. Necessary software and hardware replacement will be coordinated with vendors and the ASC
Purchasing Office, as required (see Appendix C for vendor contact information and Appendix D
for a list of critical equipment).
8. The CIO will oversee the recovery of campus IT services based on established priorities.
9
. The CIO will ensure that IT recovery efforts are properly coordinated with other campus
recovery efforts.
10. The CIO will communicate recovery status updates to the ASC Cabinet and campus at large.
11. The CIO will v