Incident managment plan
1 like180 views
This document outlines an incident management plan for BCM xeosolutions. It contains information on the organization, roles and responsibilities, stakeholders, resources, associated risks, and response plans for various incidents including earthquakes, power failures, server hacks, and web server crashes. The plan is intended to ensure business continuity and the timely recovery of critical systems in the event of a disruption.
Incident managment plan
- 1. Incident Management Plan 04/12/2016 REPORT BCM xeosolutions Printed On:
- 2. Organization Info Name BCM xeosolutions Scope This document contains the Business Continuity plan for the resolutions. it's the document containing the informationrequired to post-interruption decision-making and also the agency’s response to any unquiet or extended interruption of the organization's traditional operations and services. This document represents the xeosolutions commitment to response, resumption, recovery, and restoration coming up with. This plan should be kept current to make sure the accuracy of its contents. Every individual answerable for data or materials within the document should make sure that resources area unit committed to the maintenance of its contents. The xeosolutions Business Continuity Plan is intended to provide a framework for constructing plans to ensure the safety of employees, volunteers and consumers (clients) and the resumption of time- sensitive operations and services in the event of an emergency (fire, power or communica-tions blackout, tornado, hurricane, flood, earthquake, civil disturbance, etc,) disaster, or other business interruption. The general objectives of the Plan are to ensure that in the event of an incident or crisis situation: • There will be a logical recovery of the business • Impacts will be kept within acceptable levels as defined by the business department representatives • Business will continue as usual, as far as possible The Plan will address the following planning priorities: • Staff health & safety • Safeguarding of assets • Continuity of key business activities • Protecting the Environment • Fulfilling obligations Policy It is the policy of xeosolutions to: - • Maintain a strategy for reacting to, and recovering from, adverse situations which is in line with senior management’s level of acceptable risk • Maintain a programme of activity which ensures the company has the ability to react appropriately to, and recover from, adverse situations in line with the business continuity objective • Maintain appropriate response plans underpinned by a clear escalation process • Exercise response and recovery plans at least annually • Maintain a level of resilience to operational failure in line with the risk faced, the level of negative impact which could result from failure and senior management’s level of acceptable risk • Maintain employee awareness of the company’s expectations of them during an emergency or business continuity threatening situation • Take account of changing business needs and ensure that the response plans and business continuity strategy are revised where necessary • Remain aligned with best practice in business continuity management Business Entity Info Name xeosolutions Description Xeo Solutions IT Leasding Company Address House No.41 Bella Road G-10/1 Islamabad Telephone +92 333 5364904 E-mail hashmisaf@outlook.com Website www.xeosolutions.com 04/12/2016 1 / 12 Incident Management Plan BCM xeosolutions
- 3. Regulatory Info xeosolutions. Is a ISO/IEC 27000 Series (Formerly BS 7799/ISO 17799 certified organization and operated under the guidelines of BS 779. Further, xeosolutions operates under the laws set forth by the Pakistani Government, including its consumer data protection act and Privacy Acts. Said Orginization strictly follow these statndards, • ISO/IEC 27000 Series (Formerly BS 7799/ISO 17799) • COBIT 4.X • ISO 9000 • NIST SP 800 Roles And Responsibilities For the business continuity of xeosolutions Co., the BCMT provides general support and is concerned with resources and tasks integral to running the specific functional area. CEO Manages and directs the recovery effort. Customer Service Manager. Provides support of critical business functions affected by the disaster. Information Technology Manager. Coordinates all data processing and telecommunications systems recovery, including operational restoration of Building O&S and operations at the designated hot site. Vice President for Marketing Provides for support of critical business functions affected by the disaster. Lead Programmer Provides support of critical business functions affected by the disaster. 1. Managment (1) Manges and directs the recovery direction. (2) Provide training for work force (3) Receives and processes complaints (4) Processes individual rights requests 2. Employee responsibilities (1) Understand and comply with organization’s policies regarding BCP/ 04/12/2016 2 / 12 Incident Management Plan BCM xeosolutions
- 4. Stakeholders Stakeholder Normal Expectations Expectations During Disruption Ranking Muhmmad Bilal Ms. Bilal is responsible for the marketing and public relations department at xeosolutions Communicate all the task and ativies of recovery process to thepersonal aspects of the situations includeing (Top Managment,) initiate emergency alerts . None Muhammad Haris Mr. Haris is lead programmer and project manager at xeosolutions He is responsible to make sure all the backup must be available . and Perform the recover operation along with hist team. None Safwan Hashmi Mr. Safwan Hashmi serves as the CEO of xeosolutions . He is responsible for the entire operations of the organization. As Business Continuity Management Team Co-facilitator, gives contact between the operational and administration groups. Additionally in charge of progressing support, preparing and testing of the Business Continuity Plan. Facilitates the Institute Support Teams under the sponsorship of the Business Continuity Management Team. Critical Ziad Tufail Mr. Ziad is responsible for the overall operations of the customer support management department Provides for managesupport team that provide the clients during the disaster and recovery operations with primary responsibility for restoration. None Local Emergency Response Team Ensure the saftey and well being of the community. Provide disaster response and emergency response services to people and assets in danger durring a disruption. Critical Assurance Insurance Agent Provide insurance based support throughout normal operations. Provide insurance based support throughout normal operations. None Associated Risk Treatment Risk Treatment xeosolutions 04/12/2016 3 / 12 Incident Management Plan BCM xeosolutions
- 5. Resource Description Division/Department PHP Web Server PHP Web Server These server contain , website and database of cleint , which key business of orginization. IT Risk Ranking Areas Of Impact Critical Hosting and Domain Template Column Requirement Item Description Computing Equipment C Skills Skills Must have skill to restore all the web service from remote site. Supporting Activities New Requirement Item Maximum Disruption Period Recovery Time Minimum Service Level 5 Business Days 2 Business Days Ability to access programming data remotely from an alternate machine. Impact Analysis Requirement Items Assessment Date Review Date Signed Off By 01/12/2016 04/01/2017 Safwan Hashmi Resources 04/12/2016 4 / 12 Incident Management Plan BCM xeosolutions
- 6. Resource Description Division/Department Office Headquarters Building is an imporant resource where servers are plasece and people can work on software /Web Application. Risk Ranking Areas Of Impact High In the case of a discruption or disaster effecting the physical buildings of xeosolutions ., all aspects of the business would fall under the areas of impact. Template Column Requirement Item Description Maximum Disruption Period Recovery Time Minimum Service Level 2 Days 1 The ability to remotely access all vital information for business processes from another site. Impact Analysis Requirement Items Assessment Date Review Date Signed Off By 01/12/2016 01/12/2016 Safwan Hashmi Resources Resource Description Division/Department Server - Customer Information Customer Information is always a very sensitiv information to an orginization. Loss of these server result in oraginization reputation loss and alos have bear the plenties set by the governing bodies. Sales Risk Ranking Areas Of Impact None Template Column Requirement Item Description Maximum Disruption Period Recovery Time Minimum Service Level Impact Analysis Requirement Items Assessment Date Review Date Signed Off By 07/12/2016 09/12/2016 Ziad Tufail Resources 04/12/2016 5 / 12 Incident Management Plan BCM xeosolutions
- 7. Resource Description Division/Department Computer (desktop) - Programmer Progamers workstations are critical resource for the development of new products, and Manageing existing application.s MIS Risk Ranking Areas Of Impact High Programming and Development Department. Template Column Requirement Item Description Maximum Disruption Period Recovery Time Minimum Service Level 5 2Business Days 2 Business Days Ability to access programming data remotely from an alternate machine. Impact Analysis Requirement Items Assessment Date Review Date Signed Off By 01/12/2016 05/12/2016 Safwan Hashmi Resources 04/12/2016 6 / 12 Incident Management Plan BCM xeosolutions
- 8. Incident Response Description xeosolutions Business Continuity Plan: General Disruption Response xeosolutions increasingly depends on computer-supported information processing and telecommunications. This dependency will continue to grow with the trend toward decentralizing information technology to individual organizations within xeosolutions . administration. The increasing dependency on computers and telecommunications for operational support poses the risk that a lengthy loss of these capabilities could seriously affect the overall performance of the Company. A risk analysis which was conducted identified several systems comprising those functions whose loss could cause a major impact to the Conmpany. This risk assessment process will be repeated on a regular basis to ensure that changes to our processing and environment are reflected in recovery planning. XEOSOLUTIONS administration recognizes the low probability of severe damage to data processing telecommunications or support services capabilities that support the Company. Nevertheless, because of the potential impact to XEOSOLUTIONS., a plan for reducing the risk of damage from a disaster however unlikely is vital. The Company‘s Business Continuity Plan is designed to reduce the risk to an acceptable level by ensuring the restoration of Critical processing. The Plan identifies the critical functions of XEOSOLUTIONS. and the resources required to support them. The Plan provides guidelines for ensuring that needed personnel and resources are available for both disaster preparation and response and that the proper steps will be carried out to per Tech Co. the timely restoration of services. Plans Associated Threat Description Natural Disaster - earthquake Failure of backed up data Malicious attack - manipulation of IT equipment Loss of availability to authorized users Malicious attack - manipulation of data or software Denial of service Incident Response Recovery 04/12/2016 7 / 12 Incident Management Plan BCM xeosolutions
- 9. Plan Purpose And Scope Plan Maintened By Disruption/Disaste r Response due to earthquake The object of this Plan is to restore critical systems within 5 hours, and Essential (Category II) systems within 2 week(s) of a disaster that disables any functional area and/or essential equipment supporting the systems or functions in that area. Safwan Hashmi Plan Steps Description Time Frame Team Responsible Detect and determine a disaster condition The detection of an event which could result in a disaster affecting information processing systems at XEOSOLUTION. is the responsibility of Physical Plant Operations (PPO), Police, Information Systems, or whoever first discovers or receives information about an emergency situation developing in one of the functional areas 30 Minutes xeosolutions BCM Team Initiate the Organization's Business Continuity Plan Initiate the Organization's Business Continuity Plan . 30 Minutes xeosolutions BCM Team Activate the designated hot site Make hotsite operational . 1 Hours xeosolutions BCM Team Dissemination of Public Information The Director of the Costumer Relations is responsible for directing all meetings and discussions with the news media and the public, and in conjunction with the Personnel Department, with Tech Co. personnel not actively participating in the recovery operation. 1 Hours xeosolutions BCM Team Notify Person to Recover When a situation occurs that could result interruption of processing of major information processing systems of networks, the following people must be notified: ·Physical Plant Operations and /or the Police receive the initial notice through their alarm monitoring capabilities. If the problem does not activate a normal alarm system, immediately notify these two areas. · BCM Team Leader 1 Hours xeosolutions BCM Team Provide Support to Recovers 3 Hours xeosolutions BCM Team 04/12/2016 8 / 12 Incident Management Plan BCM xeosolutions
- 10. Plan Purpose And Scope Plan Maintened By Power Failure This Purpose of this plan is to make sure that if the power falure is occurected , company must have the generatore and UPS in order to avoid distruptions Safwan Hashmi Plan Steps Description Time Frame Team Responsible Report the Power Failure Report the Power Failure 2 Minutes xeosolutions BCM Team Active the UPS Activate the Backup UPS/Genrator as soon as possible. 5 Minutes xeosolutions BCM Team Restore the power Restore the Power Failure take the counter meansure to avoid the distruption of Failue next time 1 Hours xeosolutions BCM Team 04/12/2016 9 / 12 Incident Management Plan BCM xeosolutions
- 11. Plan Purpose And Scope Plan Maintened By Server Hacked Objective this plan is to restore Server operations to normal when it compromise by hackeer. Safwan Hashmi Plan Steps Description Time Frame Team Responsible Detect and Identify the Server is Hacked. Detect and Identify server is compromise of hackers. 30 Minutes xeosolutions BCM Team Report to Managment Report to Managment and tell them about cyber attack that out servers has been compromised . 1 Hours xeosolutions BCM Team Operate the Backup in safe mode. Make the backup server operational . 2 Hours xeosolutions BCM Team Recover the compromised Server Recover /Restore the compromised server as soon as possible and take security measures to prevent the cyber to happed again 1 Days xeosolutions BCM Team Identify the loophole and Valunribilities Identify the valunribilities and take counter measures and Test the server . 1 Days xeosolutions BCM Team Restore the sever to operational state 1 Days Business Continuity Management Team 04/12/2016 10 / 12 Incident Management Plan BCM xeosolutions
- 12. Plan Purpose And Scope Plan Maintened By Web Server Crash The purpose of this plan is recover the web server and make it operation as soon as possible. Safwan Hashmi Plan Steps Description Time Frame Team Responsible Notify all the Client with Email for the maintinance of Server Notify all the Client with Email for the maintinance of Server for Next 1 hours. 5 Minutes xeosolutions BCM Team Detect the Issue. Dectect issue as soon as occured. 5 Minutes xeosolutions BCM Team Make backupn server opertational Make backup server operation with in 1 Hours. 1 Hours xeosolutions BCM Team Recover you the servers and Make it online . Recover you the servers and Make it online . 1 Days xeosolutions BCM Team 04/12/2016 11 / 12 Incident Management Plan BCM xeosolutions
- 13. Name Description Testing Coordinator Testing of BCM Testing BCM Plan Safwan Hashmi Incident Plan Scenario Test Date Frequency Disruption/Disaster Response due to earthquake Disruption/Disaster Response 14/12/2016 0 Responsible Description Safwan Hashmi xeosolutions can be disaster due to earthquake , its business can effect. The purpose this plan to run business during the disaster. Goals Preparations Participants The purpose this plan to test that business can survive during the disaster. BCM Team will create an enviroment of disaster . All the steps will be carried to out during this even as we defind plan. Top Managment Programmers/Lead and Manager BCM Team Markiting Team Expected Date Actual Date Results Needs Review Test Results Test Plans Maintenance 04/12/2016 12 / 12 Incident Management Plan BCM xeosolutions