DCP
iwaa96
MIT BUSINESS CONTINUITY PLAN
This is an external release of the MIT Business Continuity Plan.
For information on the plan or Business Continuity Planning at MIT, call Jerry Isaacson MIT
Information Security Office at (617) 253-1440 or send e-mail to [email protected]
Copyright 1995 Massachusetts Institute of Technology
To Page the BCMT Duty Person:
Duty Person To just leave phone number To leave an 80 character message
Number to call back dial: call ______________and give PIN #
1
2
For recorded disaster recovery status reports and announcements
during the emergency
call: _________
Copyright 1995 Massachusetts Institute of Technology
Table of Contents
Part I. Introduction
1Introduction to This Document 1
Part II. Design of the Plan 3
Overview of the Business Continuity Plan 3
Purpose 3
Assumptions 3
Development 4
Maintenance 4
Testing 4
Organization of Disaster Response and Recovery 4
Administrative Computing Steering Committee 4
Business Continuity Management Team 5
Business Continuity Management Team 5
Institute Support Teams: 6
Disaster Response 7
Disaster Detection and Determination 7
Disaster Notification 8
Initiation of the Institute's Business Continuity Plan 8
Activation of a Designated Hot Site 8
Dissemination of Public Information 9
Disaster Recovery Strategy 9
Scope of the Business Continuity Plan 11
Category I Critical Functions 11
Category II Essential Functions 11
Category III - Necessary Functions 11
Category IV - Desirable Functions 11
Part III. Team Descriptions 12
Institute Support Teams 14
Business Continuity Management Team 14
Damage Assessment/Salvage 15
Campus Police 16
MIT News Office - Public Information 17
Insurance 19
Telecommunications 20
Part IV. Recovery Procedures 21
Notification List 21
To reach the BCMT Duty Person: 22
Business Continuity Management Team Coordinator 25
Damage Assessment/Salvage 26
Salvage Operations 27
Campus Police 28
MIT News Office - Public Information 29
Insurance Team 31
Telecommunications 32
Appendix A - Recovery Facilities 33
Emergency Operations Centers 33
Appendix B - Category I, II & III functions 34
Appendix C - Plan Distribution List 35
Business Continuity Management Team 37
BCMT Duty Person Procedures 38
GUIDE TO BCMT ACTIVATION 39
Part I. Introduction
Part I contains information about this document, which provides the written record of the
Massachusetts Institute of Technology Business Continuity Plan.
Introduction to This Document
Planning for the business continuity of MIT in the aftermath of a disaster is a complex task.
Preparation for, response to, and recovery from a disaster affecting the administrative functions
of the Institute requires the cooperative efforts of many support organizations in partnership with
the functional areas supporting the "business" of MIT. This document records the Plan that
outlines and coordinates these efforts, reflecting the analyses by representatives from these
organizations and by the MIT Information Security Officer, Gerald I. Isaacson.
For use in the event of a disaster, this document identifies the computer recovery facilities (hot
sites and shell sites - see Page 33) that have been designated as backups if the functional areas
are disabled.
How To Use This Document
Use this document to learn about the issues involved in planning for the continuity of the critical
and essential business functions at MIT, as a checklist of preparation tasks, for training
personnel, and for recovering from a disaster. This document is divided into four parts, as the
table below describes.
Part Contents
I Information about the document itself.
II Design of the Plan that this document records, including information about the overall
structure of business continuity planning at MIT.
III General responsibilities of the individual Institute Support Teams that together form the
Business Continuity Management Team, emphasizing the function of each team and its
preparation responsibilities.
IV Recovery actions for the Institute Support Teams and important checklists such as the
notification list for a disaster and an inventory of resources required for the environment. [Note:
If a "disaster" situation arises, Section IV of the Plan is the only section that needs to be
referenced. It contains all of the procedures and support information for recovery.]
Audience
This document addresses several groups within the MIT central administration with differing
levels and types of responsibilities for business continuity, as follows:
Administrative Computing Steering Committee
Business Continuity Management Team
Institute Support Teams
Functional Area Recovery Management (FARM) Teams
It should be emphasized that this document is addressed particularly to the members of the
Business Continuity Management Team, since they have the responsibility of preparing for,
responding to, and recovering from any disaster that impacts MIT. Part III of this document
describes the composition of the Business Continuity Management Team in detail.
Distribution
As the written record of the Institute's Business Continuity Plan, this document is distributed to
each member of the Business Continuity Management Team, including members of the Institute
Support Teams.( Appendix C - Distribution List Page -33)
It is also distributed to members of the Administrative Computing Steering Committee, FARM
Team Coordinators, Information Systems Directors and others not primarily involved with the
direct recover effort..
Part II. Design of the Plan
Part II describes the philosophy of business continuity planning at MIT generally, and the kind of
analysis that produced this Plan. It also provides an overview of the functions of the Business
Continuity Management Team in implementing this Plan.
Overview of the Business Continuity Plan
Purpose
MIT increasingly depends on computer-supported information processing and
telecommunications. This dependency will continue to grow with the trend toward decentralizing
information technology to individual organizations within MIT administration and throughout
the campus.
The increasing dependency on computers and telecommunications for operational support poses
the risk that a lengthy loss of these capabilities could seriously affect the overall performance of
the Institute. A risk analysis which was conducted identified several systems as belonging to risk
Category I, comprising those functions whose loss could cause a major impact to the Institute
within __ hours. It also categorized a majority of Institute functions as Essential, or Category II -
requiring processing support within ______ week(s) of an outage. This risk assessment process
will be repeated on a regular basis to ensure that changes to our processing and environment are
reflected in recovery planning.
MIT administration recognizes the low probability of severe damage to data processing
telecommunications or support services capabilities that support the Institute. Nevertheless,
because of the potential impact to MIT, a plan for reducing the risk of damage from a disaster
however unlikely is vital. The Institute's Business Continuity Plan is designed to reduce the risk
to an acceptable level by ensuring the restoration of Critical processing within __ hours, and all
essential production (Category II processing) within _______ week(s) of the outage.
The Plan identifies the critical functions of MIT and the resources required to support them. The
Plan provides guidelines for ensuring that needed personnel and resources are available for both
disaster preparation and response and that the proper steps will be carried out to permit the
timely restoration of services.
This Business Continuity Plan specifies the responsibilities of the Business Continuity
Management Team, whose mission is to establish Institute level procedures to ensure the
continuity of MIT's business functions. In the event of a disaster affecting any of the functional
areas, the Business Continuity Management Team serves as liaison between the functional
area(s) affected and other Institute organizations providing major services. These services
include the support provided by Physical Plant, security provided by the Campus Police, and
public information dissemination handled by the MIT News Office, among others.
Assumptions
The Plan is predicated on the validity of the following three assumptions:
The situation that causes the disaster is localized to the data processing facility of
Operations and Systems in ________; the building or space housing the functional area;
or to the communication systems and networks that support the functional area. It is not a
general disaster, such as an earthquake or the "Blizzard of '78," affecting a major portion
of metropolitan Boston.
It should be noted however, that the Plan will still be functional and effective even in an area-
wide disaster. Even though the basic priorities for restoration of essential services to the
community will normally take precedence over the recovery of an individual organization, the
Institute's Business Continuity Plan can still provide for a more expeditious restoration of our
resources for supporting key functions.
The Plan is based on the availability of the hot sites or the back-up resources, as
described in Part IV. The accessibility of these, or equivalent back-up resources, is a
critical requirement.
The Plan is a document that reflects the changing environment and requirements of MIT.
Therefore, the Plan requires the continued allocation of resources to maintain it and to
keep it in a constant state of readiness.
Development
MIT's Information Security Officer, with assistance from key Institute support areas, is
responsible for developing the Institute's Business Continuity Plan. Development and support of
individual FARM Team Plans are the responsibility of the functional area planning for recovery.
Maintenance
Ensuring that the Plan reflects ongoing changes to resources is crucial. This task includes
updating the Plan and revising this document to reflect updates; testing the updated Plan; and
training personnel. The Business Continuity Management Team Coordinators are responsible for
this comprehensive maintenance task.
Quarterly, the Business Continuity Management Team Coordinators ensures that the Plan
undergoes a more formal review to confirm the incorporation of all changes since the prior
quarter. Annually, the Business Continuity Management Team Coordinators initiates a complete
review of the Plan, which could result in major revisions to this document. These revisions will
be distributed to all authorized personnel, who exchange their old plans for the newly revised
plans. At that time the Coordinators will provide an annual status report on continuity planning
to the Administrative Computing Steering Committee.
Testing
Testing the Business Continuity Plan is an essential element of preparedness. Partial tests of
individual components and recovery plans of specific FARM Teams will be carried out on a
regular basis. A comprehensive exercise of our continuity capabilities and support by our
designated recovery facilities will be performed on an annual basis.
Organization of Disaster Response and Recovery
The organizational backbone of business continuity planning at MIT is the Business Continuity
Management Team. In the event of a disaster affecting an MIT organization or its resources, the
Business Continuity Management Team will respond in accordance with this Plan and will
initiate specific actions for recovery. The Business Continuity Management Team is called into
action under the authority of the Administrative Computing Steering Committee which has the
responsibility for approving actions regarding Business Continuity Planning at MIT.
Administrative Computing Steering Committee
Senior Vice President, Chairman of the Committee. Manages and directs the recovery
effort. Provides liaison with senior MIT management for reporting the status of the
recovery operation.
Vice President for Financial Operations. Provides liaison with the Committee for
support of critical business functions affected by the disaster.
Vice President for Information Systems. Coordinates all data processing and
telecommunications systems recovery, including operational restoration of Building O&S
and operations at the designated hot site.
Vice President for Research Provides liaison with the Committee for support of critical
business functions affected by the disaster.
Vice President for Resource Development Provides liaison with the Committee for
support of critical business functions affected by the disaster.
Executive Vice President Alumni Association Provides liaison with the Committee for
support of critical business functions affected by the disaster.
Assistant to Provost Provides liaison with the Committee for support of critical business
functions affected by the disaster.
Business Continuity Management Team
For the business continuity of MIT systems, two organizations are primary: the Business
Continuity Management Team, with its Institute Support Teams, and the Functional Area
Recovery Management (FARM) Team for the area affected. In the event of a disaster, the BCMT
provides general support, while the FARM Team is concerned with resources and tasks integral
to running the specific functional area.
This section provides general information about the organization of recovery efforts and the role
of the Business Continuity Management Team. Part III of this document describes the Business
Continuity Management Team and the responsibilities of each Institute Support Team in detail.
Business Continuity Management Team.
The Business Continuity Management Team is composed of upper-level managers in
MIT administration. The following is a list of each position on the Business Continuity
Management Team, and a brief overview of each member's responsibilities:
Information Security Officer. As Co-Coordinator of the Business Continuity
Management Team, with the Coordinator of the O&S -FARM team, provides liaison
between the Institute's operational and management teams and the FARM teams in
affected areas. Also responsible for ongoing maintenance, training and testing of the
Institute's Business Continuity Plan. Coordinates the Institute Support Teams under the
auspices of the Business Continuity Management Team.
Director, Operations and Systems. Coordinates support for data processing resources at
the main data center and the designated recovery sites.
Director, Telecommunications Systems. Provides alternate voice and data
communications capability in the event normal telecommunication lines and equipment
are disrupted by the disaster. Evaluates the requirements and selects appropriate means of
backing up the MIT telecommunications network.
Chief, Campus Police. Provides for physical security and emergency support to affected
areas and for notification mechanisms for problems that are or could be disasters. Extends
a security perimeter around the functional area affected by the disaster.
Director, Physical Plant. Coordinates all services for the restoration of plumbing,
electrical, and other support systems as well as structural integrity. Assesses damage and
makes a prognosis for occupancy of the structure affected by the disaster.
Director of Insurance and Legal Affairs. Provides liaison to insurance carriers and
claims adjusters. Coordinates insurance program with continuity planning programs.
Director, MIT News Office. Communicates with the news media, public, staff, faculty,
and student body who are not involved in the recovery operation.
Personnel Department. Provides support for human resources elements of recovery and
staff notification through the emergency broadcast service.
Director, Distributed Computing & Network Services. Provides network support for
Administrative and Academic Computing and other distributed services and networks.
Assistant to the Vice President, for Information Systems. Represents the Office of the
President. Liaison to FARM Teams in the President's Office.
Associate Comptroller, Comptroller's Accounting Office . Represents the Vice
President for Financial Operations. Liaison to Financial Operations FARM Teams.
Manager, Audit Division. Provides audit support during the emergency. Makes
recommendations on changes to the normal control procedures necessitated by the
recovery process.
Safety Office - Coordinates risk reduction and avoidance activities and emergency
response with the BCMT
Emergency Response Team - This unit, headed by the Physical Plant Mechanical
Engineering Manager, provides the initial response to the majority of campus
emergencies.
Institute Support Teams:
Under the overall direction of the Business Continuity Management Team, support is provided to
assist a functional area's recovery by Institute Support Teams. These teams, described below,
work in conjunction with the FARM Team of the area affected by the problem condition to
restore services and provide assistance at the Institute level. In many cases, the organizations
comprising these support teams have as their normal responsibility the provision of these support
services. This support is generally documented in a procedures manual for the organization. The
Business Continuity Plan is an adjunct to that documentation and highlights, in particular, the
interfaces between the campus level service and the individual FARM Team operations
requirements. In cases where the documentation in this Plan and the organization's documents
differ, the organization's documentation has precedence.
· Damage Assessment/Salvage Team. Headed by the Administrative Officer for Physical
Plant and activated during the initial stage of an emergency, the team reports directly to
the Business Continuity Management Team, evaluates the initial status of the damaged
functional area, and estimates both the time to reoccupy the facility and the salvageability
of the remaining equipment. This team draws members from the Physical Plant Office,
from Operations and Systems, Telecommunications Systems, Distributed Computing &
Network Services and from the FARM team of the affected area as well as appropriate
vendors supporting our environment.
Following the assessment of damage, the team is responsible for salvaging equipment,
data and supplies following a disaster; identifying which resources remain; and
determining their future utilization in rebuilding the data center and recovery from the
disaster. The members of the Damage Assessment Team become the Salvage Team
Transportation Team. A temporary Institute Support Team headed jointly by the
Computer Operations Manager in Operations and Systems and by the Associate Director
of Operations for Physical Plant, responsible for transporting resources personnel,
equipment, and materials to back-up sites as necessary. This team draws members from
two organizations: Information Systems personnel who normally operate the shuttle bus
between and Physical Plant personnel who normally transport heavy equipment within
the Institute.
Public Information The interface with the media, the general public and faculty, staff and
students who are not participating in the recovery process is handled by the MIT News
Office, working closely with the Personnel Department.
Telecommunications Team Headed by the Director of the Information Systems
Telecommunications Department, is responsible for establishing voice and data
communications between the affected site and the remainder of the campus.
Disaster Response
This section describes six required responses to a disaster, or to a problem that could evolve into
a disaster:
1. Detect and determine a disaster condition
2. Notify persons responsible for recovery
3. Initiate the Institute's Business Continuity Plan
4. Activate the designated hot site
5. Disseminate Public Information
6. Provide support services to aid recovery
Each subsection below identifies the organization(s) and/or position(s) responsible for each of
these six responses.
Disaster Detection and Determination
The detection of an event which could result in a disaster affecting information processing
systems at MIT is the responsibility of Physical Plant Operations (PPO), Campus Police,
Information Systems, or whoever first discovers or receives information about an emergency
situation developing in one of the functional areas _________, Building ____ other building on
campus housing major information processing systems or about the communications lines
between these buildings.
Disaster Notification
PPO will follow existing procedures and notify the individuals who are acting as the Business
Continuity Management Team Duty Persons (DP)). The DP on call will monitor the evolving
situation and, if appropriate, will then notify the Business Continuity Management Team
representative based upon a predefined set of notification parameters. (Page - 22)
When a situation occurs that could result interruption of processing of major information
processing systems of networks on campus, the following people must be notified:
· Normally, Physical Plant Operations and /or the Campus Police receive the initial notice
through their alarm monitoring capabilities. If the problem does not activate a normal alarm
system, immediately notify these two areas.
· Chairman of the Administrative Computing Steering Committee
· Vice President for Information Systems
· The Business Continuity Management Team Coordinator (Information Security Officer)
· The Operations and Systems FARM Team Coordinator
· The Telecommunications and Distributed Computing & Network Services FARM Team
Coordinators (if the situation affects the data or voice transmission lines or facilities)
Initiation of the Institute's Business Continuity Plan
Initiation of this Plan is the responsibility of the Business Continuity Management Team
Coordinator or any member of the Business Continuity Management Team or the Administrative
Computing Steering Committee.
Activation of a Designated Hot Site
The responsibility for activating any of the designated hot sites or back-up resources is delegated
to the Vice President for Information Systems. In the absence of the Vice President,
responsibility reverts to the Director of Information Systems Operations & Systems or the
Coordinator of the O&S Functional Area Recovery Management Team. Within ___ hours of the
occurrence, the Vice President for Information Systems, or alternate, determines the prognosis
for recovery of the damaged functional area through consultation with the Information Security
Officer and the Damage Assessment Team, headed by Physical Plant, which also includes
representatives from Operations and Systems, Telecommunications Systems and the functional
areas affected.
If the estimated occupancy or recovery of the damaged functional area cannot be accomplished
within ___ hours, the usual occupants of the designated back-up site are notified of the intention
to occupy their facility.
Dissemination of Public Information
The Director of the MIT News Office is responsible for directing all meetings and discussions
with the news media and the public, and in conjunction with the Personnel Department, with
MIT personnel not actively participating in the recovery operation. In the absence of the MIT
News Office representative, the responsibility reverts to the senior official present at the scene.
Recovery Status Information Number (617) ______ has been established as a voice mail
information number for posting recovery status and information notices. All reports will be
placed by the Continuity Planning Coordinators or the Telecommunication FARM team leader.
Provision of Support Services to Aid Recovery
During and following a disaster, Institute Support Teams, as described on page 14, are
responsible for aiding the FARM Teams. They operate under the direction of the Business
Continuity Management Team through the Recovery Coordinator (the Information Security
Officer).
Disaster Recovery Strategy
The disaster recovery strategy explained below pertains specifically to a disaster disabling the
main data center. This functional area provides mainframe computer and major server support to
MIT's administrative applications. Especially at risk are the critical applications those designated
as Category I (see below) systems. The O&S FARM Team Plan provides for recovering the
capacity to support these critical applications within ___ hours. Summarizing the provisions of
the O&S Plan, subsections below explain the context in which the Institute's Business Continuity
Plan operates. The Business Continuity Plan complements the strategies for restoring the data
processing capabilities normally provided by Operations & Systems.
This section addresses three phases of disaster recovery:
· Emergency
· Backup
· Recovery
Strategies for accomplishing each of these phases are described below. It should be noted that the
subsection describing the emergency phase applies equally to a disaster affecting the
Adminstration Building or other building on campus, the functional area that provides support
for the maintenance of the critical system.
Emergency Phase
The emergency phase begins with the initial response to a disaster. During this phase, the
existing emergency plans and procedures of Campus Police and Physical Plant direct efforts to
protect life and property, the primary goal of initial response. Security over the area is
established as local support services such as the Police and Fire Departments are enlisted through
existing mechanisms. The BCMT Duty Person is alerted by pager and begins to monitor the
situation.
If the emergency situation appears to affect the main data center (or other critical facility or
service), either through damage to data processing or support facilities, or if access to the facility
is prohibited, the Duty Person will closely monitor the event, notifying BCMT personnel as
required to assist in damage assessment. Once access to the facility is permitted, an assessment
of the damage is made to determine the estimated length of the outage. If access to the facility is
precluded, then the estimate includes the time until the effect of the disaster on the facility can be
evaluated.
If the estimated outage is less than __ hours, recovery will be initiated under normal Information
Systems operational recovery procedures. If the outage is estimated to be longer than __ hours,
then the Duty Person activates the BCMT, which in turn notifies the Chairman of the
Administrative Computing Steering Committee and Vice President for Information Systems and
the Business Continuity Plan is activated. The recovery process then moves into the back-up
phase.
The Business Continuity Management Team remains active until recovery is complete to ensure
that the Institute will be ready in the event the situation changes.
Back-up Phase
The back-up phase begins with the initiation of the appropriate FARM Team Plan(s) for outages
enduring longer than __ hours. In the initial stage of the back-up phase, the goal is to resume
processing critical applications. Processing will resume either at the main data center or at the
designated hot site, depending on the results of the assessment of damage to equipment and the
physical structure of the building.
In the back-up phase , the initial hot site must support critical (Category I) applications for up to
__ weeks and as many Category II applications as resources and time permit. During this period,
processing of these systems resumes, possibly in a degraded mode, up to the capacity of the hot
site. Within this __-week period, the main data center will be returned to full operational status if
possible.
However, if the damaged area requires a longer period of reconstruction, then the second stage of
back-up commences. During the second stage, a shell facility (a pre-engineered temporary
processing facility that we have contracted to use for this purpose) is assembled on the ________
parking lot and equipment installed to provide for processing all applications until a permanent
site is ready. See Page 33 for a list of the designated recovery sites.
Recovery Phase
The time required for recovery of the functional area and the eventual restoration of normal
processing depends on the damage caused by the disaster. The time frame for recovery can vary
from several days to several months. In either case, the recovery process begins immediately
after the disaster and takes place in parallel with back-up operations at the designated hot site.
The primary goal is to restore normal operations as soon as possible.
Scope of the Business Continuity Plan
The object of this Plan is to restore critical (Category I) systems within __ hours, and Essential
(Category II) systems within ___ week(s) of a disaster that disables any functional area and/or
essential equipment supporting the systems or functions in that area.
The initial Risk Assessment of the computer applications that support MIT administration
assigned ____systems to Category I Critical. This risk category identifies applications that have
the highest priority and must be restored within __ hours of a disaster disabling a functional area.
Specifically, each function of these systems was evaluated and allocated a place in one of four
risk categories, as described below.
Category I - Critical Functions
Category II - Essential Functions
Category III - Necessary Functions
Category IV - Desirable Functions
Note: Category IV functions are important to MIT administrative processing, but due to their
nature, the frequency they are run and other factors, they can be suspended for the duration of the
emergency.
The administrative systems in Categories I - IV are those that provide Institute wide services.
There are many departmental and laboratory systems as well as non-information processing
systems (such as _______________) that are also either essential for the Institute or the local
area(s) they support. Recovery for these systems too must be based upon an assessment of the
impact of their loss and the cost of their recovery. See the Departmental FARM Team Plan
document for further information on assessing risk at the departmental level.
Part III. Team Descriptions
Part III describes the organization and responsibilities of the Business Continuity Management
Team. Composed of sub-teams (the Institute Support Teams), the Business Continuity
Management Team as a whole plans and implements the responses and recovery actions in the
event of a disaster disabling either a functional area, Central Administration or the main data
center. It's primary role is to provide Institute level support services to any functional area
affected by the problem.
· Information Security Officer. As Business Continuity Management Team Co-coordinator,
provides liaison between the Institute's operational and management teams and the FARM teams
in affected areas. Also responsible for ongoing maintenance, training and testing of the Business
Continuity Plan. Coordinates the Institute Support Teams under the auspices of the Business
Continuity Management Team. The Co-coordinator of the BCMT is the Coordinator of the O&S
FARM Team, who will take responsibility for recovery in the absence of the Information
Security Officer.
· Director, Operations and Systems. Provides for support for data processing resources with
primary responsibility for restoration for O&S processing. Recovery plans for the computing
facilities are the responsibility of the Coordinator of the O&S FARM Team and are described in
the O&S FARM Team plan
· Director, Telecommunications Systems. Provides alternate voice and data communications
capability in the event normal telecommunication lines and equipment are disrupted by the
disaster. Evaluates the requirements and selects appropriate means of backing up the MIT
telecommunications network. Recovery plans for the primary 5ESS telephone switching
equipment in __ and satellite facilities in other buildings on campus are described in the
Telecommunications FARM Team plan.
· Chief, Campus Police. Provides for physical security and emergency support to affected areas
and for notification mechanisms for problems that are or could be disasters. Extends a security
perimeter around the functional area affected by the disaster. Provides coordination with public
emergency services (Cambridge Police, etc.) as required.
· Director, Physical Plant. Coordinates all services for the restoration of plumbing and
electrical systems and structural integrity. Assesses damage and makes a prognosis for
occupancy of the structure affected by the disaster.
Director, Safety Office. Coordinates safety and hazardous materials related issues with
other organizations involved in recovery planning and response as well as governmental
and other emergency services.
Director, Personnel Department. Coordinates all activities of the recovery process with key
attention to the personnel aspects of the situation. This includes releasing staff from areas
affected, initiating emergency notification systems and working with the MIT News office on
dissemination of information about the recovery effort
Director, Distributed Computing & Network Services. Coordinates all services in
support of the restoration of network services and support facilities. This icludes support
for Athena communications services and external network service support.
· Director, MIT News Office. Communicates with the news media, public, staff, faculty, and
student body who are not involved in the recovery operation.
· Assistant to the Vice President, for Information Systems. Represents the Office of the
President.
· Associate Comptroller, Comptroller's Accounting Office. Represents the Vice President for
Financial Operations.
· Audit Manager, Audit Division Provide consultation on compensating controls and
suggestions on maintaining the appropriate level of controls during the recovery process.
Institute Support Teams
Business Continuity Management Team
1. Function
To oversee the development, maintenance and testing of recovery plans addressing all Category I
and II business functions. In the event of a "disaster" to manage the backup and recovery efforts
and facilitate the support for key business functions and restoration of normal activities.
2. Organization
The BCMT is co-chaired by the MIT Information Security Officer and the Coordinator of the
O&S FARM Team, who serves in the absence of the Security Officer. The Team is composed of
key management personnel from each of the areas involved in the recovery process.
3. Interfaces
The team interfaces with and is responsible for all business continuity plans and planning
personnel at MIT.
Preparation Requirements
On a quarterly basis, the team will meet to review FARM Team plans that have been completed
in the last quarter.
On an annual basis, the Team will review the overall status of the recovery plan, and report on
this status through the Information Security Officer, to the Administrative Computing Steering
Committee.
Individual Team members will prepare recovery procedures for their assigned areas of
responsibility at MIT. They will ensure that changes to their procedures are reflected in any
interfacing procedures.
The BCMT will ensure that continuing levels of support are available for the FARM Teams that
require it.
The BCMT will also review and approve FARM Team plans as they are submitted, re-evaluate
the criticality of MIT operating functions at regular intervals and provide for awareness and
training in recovery planning. They will also participate in emergency preparedness drills
initiated by the Safety Office or other appropriate campus organizations.
Damage Assessment/Salvage
1. Function
To report to the Business Continuity Management Team (BCMT), within two to four hours after
access to the facility is permitted, on the extent of the damage to the affected site, and to make
recommendations to the BCMT regarding possible reactivation and/or relocation of data center
or user operations. Existing Physical Plant emergency procedures are documented in a manual
known as the "Black Book" maintained by Physical Plant. The Business Continuity Plan
procedures supplement, and are subordinate to those in the Black Book, which takes precedence
in the case of any difference. Following assessment of the damage, the team is then responsible
for salvage operations in the area affected.
2. Organization
Headed by the Administrative Officer for Physical Plant and activated during the initial stage of
an emergency, the team reports directly to the Business Continuity Management Team, evaluates
the initial status of the damaged functional area, and estimates the time to reoccupy the facility
and the salvageability of the remaining equipment. During an emergency situation, the individual
designated in the Black Book will take operational responsibility for implementation of damage
assessment. This team draws members from the Physical Plant Office, from Operations and
Systems, and from the FARM team of the affected area. Following assessment, the team is
responsible for salvaging equipment, data, and supplies following a disaster; identifying which
resources remain; and determining their future utilization in rebuilding the data center and
recovery from the disaster.
3. Interface
The Damage Assessment/Salvage Team will interface with other Physical Plant operations
groups, the Campus Police and Information Systems operations functions, including vendor and
insurance representatives, to keep abreast of new equipment, physical structures, and other
factors relating to recovery.
4. Preparation Requirements
Identification of all equipment to be kept current. A quarterly report will be stored off-site. The
listing will show all current information, such as engineering change levels, book value, lessor,
etc. Configuration diagrams will also be available. Emergency equipment, including portable
lighting, hard hats, boots, portable two-way radios, floor plans and equipment layouts will be
maintained by Physical Plant.
A listing of all vendor sales personnel, customer engineers and regional sales and engineering
offices is to be kept and reviewed quarterly. Names, addresses and phone numbers (normal,
home, and emergency) are also to be kept.
Campus Police
1. Function
To provide for all facets of a positive security and safety posture, to assure that proper protection
and safeguards are afforded all MIT employees and Institute assets at both the damaged and
backup sites.
2. Organization
The team will consist of the Campus Police Department Supervisor and appropriate support staff.
The team will report through the Chief who is a member of the Business Continuity Management
Team.
3. Interfaces
The Campus Police Team will interface with the following teams or organizational units, relative
to security and safety requirements:
Personnel
Physical Plant
Safety office
Environmental Medical Services
MIT News office
Other appropriate departments as required
4. Preparation Requirements
Provide emergency medical services, if necessary.
Identify the number of Campus Police personnel needed to provide physical security protection
of both the damaged and backup sites.
Identify the type of equipment needed by Campus Police personnel in the performance of their
assigned duties.
Coordinate and arrange for additional security equipment and manpower, as applicable, if
needed.
Identify and provide security protection required for the transport of confidential information to
and from both off-site and backup sites. Coordinate with the appropriate MIT Department.
Periodically review the level of security needed at both the damaged and backup sites.
MIT News Office - Public Information
1. Function
The most difficult time to maintain good public relations is when there is an accident or
emergency. Public relations planning is required so that when an emergency arises, inquiries
from the news media, friends and relatives of staff, faculty, and students can be handled
effectively. While we cannot expect to turn a bad situation into a good one, we can assist in
making sure facts presented to the public are accurate and as positive as possible given the
situation.
It is in our best interest to cooperate with the media as much as possible, so that they will not be
forced to resort to unreliable sources to get information that could be untrue and more damaging
to the Institute than the facts.
Therefore, it is the policy of MIT in time of emergency, to:
Have the MIT News Office serve as the authorized spokesperson for the Institute. All public
information must be coordinated and disseminated by their staff.
Refrain from releasing information on personnel casualties until families have been notified.
Once families have been notified, names of those personnel should be released quickly to
alleviate the fears of relatives of others.
Provide factual information to the press and authorities as quickly as facts have been verified,
and use every means of communications available to offset rumors and misstatements.
Avoid speculating on anything that is not positively verified, including cause of accident,
damage estimates, losses, etc. (Fire Officials normally release their own damage estimates.)
Emphasize positive steps taken by the Institute to handle the emergency and its effects.
Situations calling for implementation of the Emergency Public Information Plan may include,
but are not limited to:
Systems malfunctions disrupting the normal course of operations.
Accidents, particularly when personal injury results.
Natural disasters, such as fires, floods, tornadoes and explosions.
Civil disorders, such as riots and sabotage.
Executive death.
Scandal, including embezzlement and misuse of funds.
Major litigation initiated by or against the Institute.
2. Organization
The Director of the MIT News Office, a member of the Business Continuity Management Team,
will act as the Public Information Officer for the Institute. The News Office alternates are listed
in Appendix A. In their absence the responsibility will revert to the Senior Manager on the scene.
3. Interfaces
The MIT News Office will be the interface between MIT and the public or news media. Copies
of all status reports to the Business Continuity Management Team or Administrative Computing
Steering Committee will be forwarded to the Public Information Officer for potential value in
information distribution for good public relations. They will work with the Personnel
Department in dissemination of information to staff.
4. Preparation Requirements
Existing relationships with local media will be utilized to notify the public of emergency and
recovery status. The Public Information Officer will maintain up-to-date contact information for
the media and other required parties.
A facility will be identified to be used as a press room. Arrangements will be made to provide
the necessary equipment and support services for the press. Coordination with the
Telecommunications Team for additional voice communication, if required, will also be made.
Insurance
1. Function
To provide for all facets of insurance coverage before and after a disaster and to ensure that the
recovery action is taken in such a way as to assure a prompt and fair recovery from our insurance
carriers.
2. Organization
The team will consist of the Director of Insurance and Legal Affairs and required staff and
insurance carrier personnel. The team reports through the Business Continuity Management
Team, of which it is a member.
3. Interfaces
The Insurance Team will interface with the following teams, relative to insurance matters:
MIT News Office
Campus Police
Damage Assessment/Salvage
Information Systems Operations
Appropriate FARM Teams
This team will be activated upon the initial notification of a disaster.
4. Preparation Requirements
Determine needs for insurance coverage. Identify the coverage required for both hardware,
media, media recovery, liability and extra expense.
Prepare procedure outlining recommended steps to be followed by Damage Assessment/Salvage
Team during initial stage of disaster (Appendix A)
List appropriate contacts in (Appendix B).
Arrange for availability of both still and video recording equipment to record the damage.
Ensure that an equipment inventory is available, to include model and serial number of all
devices.
Evaluate all new products and services offered by MIT for potential liability in the event of a
disaster.
Telecommunications
1. Function
To provide voice and data communications to support critical functions. Restore damaged lines
and equipment.
2. Organization
The team will consist of appropriate Telecommunications Systems staff. Telecommunications
Systems will also coordinate with and supervise outside contractors as necessary. The team will
report through the Director of Telecommunications Systems, who is a member of the Business
Continuity Management Team.
3. Interfaces
The Telecommunications Systems team will interface with the following teams or organizational
units, relative to telecommunications requirements:
Physical Plant
Campus Police
Distributed Computing & Network Services
Other Information Systems departments as necessary
Other MIT departments requiring emergency telecommunications
Outside contractors and service providers as necessary
4. Preparation Requirements
Provide critical voice and data communications services in the event that normal
telecommunications lines and equipment are disrupted or relocation of personnel is necessary.
Consult with outside contractors and service providers to ensure that replacement equipment and
materials are available for timely delivery and installation.
Utilize available resources, such as the MIT Cable Television network and voice mail system, to
broadcast information relevant to the disaster.
Part IV. Recovery Procedures
Notification List
This appendix contains the names and telephone numbers of managers and personnel who must
be notified in the event of a disaster. The Business Continuity Management Team Coordinator is
responsible for keeping this notification list up-to-date.
Administrative Computing Steering Committee
Chairman
Members
Business Continuity Management Team
Two individuals are assigned responsibility for the interface with other campus
organizations, such as Physical Plant Operations, to monitor emergencies as they occur.
These Early Warning Duty people are then responsible for activation of the full Business
Continuity Management Team and necessary Functional Area Recovery Management
Teams.
The BCMT Duty People are equipped with Pagers, activated either by Physical Plant
Operations or they can be paged directly.
In addition, each Duty Person is equipped with a cellular phone for emergency use.
To reach the BCMT Duty Person:
By Pager:
Duty Person To leave phone number To leave an 80 character text Number call: message
call:
and give PIN # of pager
1
2
By Cellular Phone:
1
2
Note: these numbers are to be used only in emergencies or for testing.
The people on duty will monitor the situation and determine if it has the potential to
impact our processing ability. [See Duty Person procedure for details]
Coordinators
Members
I/S Operations & Systems
Telecommunications
Campus Police
MIT News Office - Public Information
Insurance
Physical Plant:
Emergency Response Team
Operations Center
Safety Office
President's Office
Comptrollers Accounting Office
Personnel Office
Distributed Computing & Network Services
BCMT Liason
Housing:
Nuclear Reactor
Plasma Fusion Lab
Medical Department
FARM Team Coordinators
Bursar's Office Category
Financial Planning & Management Category
Freshman Admissions Category
Operations & Systems Category
Payroll Category
Physical Plant Category
Property Office Category
Purchasing & Stores Category
Registrar's Office Category
Resource Development Category
Technology Licensing Office Category
Telecommunications Category
Business Continuity Management Team Coordinator
This appendix contains instructions to the Business Continuity Management Team Coordinators
for overseeing disaster response and recovery efforts.
Action Procedures
Player Action
Coordinator Ensure entire Business Continuity Management Team (BCMT) has been notified.
Then notify Vice President for Information Systems and Chairman of Administrative Computing
Steering Committee.
Coordinator Activate the Emergency Operations Center (See Page 33) and notify staff to meet
there.
Coordinator Meet with Damage Assessment Team to review their findings and present results to
BCMT.
Coordinator Present recommendations to BCMT for next steps in recovery effort.
Coordinator Begin notification of all recovery teams. Check to ensure all recovery participants
have been notified.
Coordinator Monitor the activities of the recovery teams. Assist them as required in their
recovery efforts.
Coordinator Report to BCMT on a regular basis on the status of recovery activities. Report to
Administrative Computing Steering Committee as appropriate on recovery status.
Coordinator On an hourly basis, or other appropriate interval, update the Recovery Status
information message on _______ .
Damage Assessment/Salvage
This appendix contains instructions to the Damage Assessment/Salvage Team for disaster
response and recovery efforts.
Action Procedures
Player Action
Building Services Notify team members, and vendors to report to the site for initial damage
assessment and clean-up.
Physical Plant AO Notify insurance representative
Operations Center Issue Work Orders and call appropriate personnel.
Team Leader Request permission to enter site from Fire Department (if required).
Take a service representative from each of the appropriate vendors, the insurance claims
representative and appropriate Physical Plant and Information Systems personnel into the site.
Team Members Review and assess the damage to the facility. List all equipment and the extent
of damage. List damage to all support systems (power, A/C, fire suppression, communications,
etc.).
Team Leader Notify the BCMT as to the severity of the damage and what can potentially be
salvaged.
Team Leader Notify the BCMT if the area be restored to the required level of operational
capability in the required time frame.
Salvage Operations
Player Action
Team Leader Initiate the Emergency Notification List and have all members report to the Staging
Area.
Salvage Team Have the Building Services Supervisor determine which equipment and furniture
can be salvaged. Photograph all damaged areas as soon as possible for potential insurance
claims.
Salvage Team Important ** Prior to performing any salvage operation contact Insurance Team
to coordinate with possible insurance claims requirements and appraisals.
Have the Physical Plant Supervisor and staff start salvaging any furniture and equipment.
Based upon advice from Insurance Team and customer engineering, contact computer hardware
refurbishers regarding reconditioning of damaged equipment
Team Leader Meet with the Business Continuity Management Team Coordinator to provide
status on salvage operations.
Configuration List
A sample of the configuration and full equipment inventory report from the Fixed Asset Control
Systems or other automated equipment inventories should be inserted here. The Continuity Plan
Masters in off-site storage will contain the full listing.
Blueprints
Complete sets of blueprints of the buildings housing critical processing and the data center are
maintained at [__________________________] and in off-site storage.
Campus Police
This appendix contains instructions to the Campus Police for disaster response and recovery
efforts.
Action Procedures
Player Action
Campus Police Duty Sgt. An MIT Police Case Report will be completed upon stabilization of the
disaster situation. As per standard police procedure, this report will detail the names of all
victims, witnesses, injuries, facility damage description, etc., as well as list all notifications
Campus Police Duty Sgt. Initiate the notification listing of appropriate Campus Police
Department Command Staff and personnel (App. A)
Campus Police Day/Night Notify the Business Continuity Management Team if the emergency
affects Data Processing or Telecommunications operations in any way.
Campus Police Duty Sgt. Assign Campus Police personnel to both the damaged and backup
sites, as required.
Campus Police Duty Sgt. Ensure that all Campus Police personnel are properly equipped at each
affected location and the recovery sites. (Page 33)
Campus Police Duty Sgt. Coordinate the need for additional manpower and equipment as
required.
Campus Police Command Periodically submit status reports to the Staff Continuity Coordinator
at the Emergency Control Center.
Campus Police Command Ensure that all facets of security protection Staff are afforded, relative
to entry/exit controls, transportation of information, etc. at both the damaged and backup sites.
MIT News Office - Public Information
Action Procedures
Player Action
Campus Police Notify MIT News Office when an emergency occurs.
Public Information Officer Assess the public relations scope of the emergency, in consultation
with senior management if necessary, and determine the appropriate public relations course of
action.
In instances where media are notified immediately, due to fire department or police involvement,
the Public Information Officer will proceed to the scene at once to gather initial facts. Emphasis
must be placed upon getting pertinent information to the news media as quickly as possible.
PIO Staff Assistant Maintain a log of all incoming calls to ensure a quick response to media and
other requests.
Public Information Officer Maintain a log of all information which has been released to the
media.
Public Information Officer When appropriate, prepare news releases on a periodic basis for
distribution to the local media list.
Public Information Officer If employee injuries or fatalities are involved, notify Personnel to
send appropriate management personnel to the homes of the involved families.
Personnel Notify Public Information Officer as soon as families have been informed. This will
permit the release of names and addresses of victims so that families of those not involved can be
relieved of anxiety.
Public Information Officer Contact the public relations director(s) at the hospitals where injured
have been taken to coordinate the release of information.
Public Information Officer In cases where long-term media coverage is anticipated, establish a
Press Room in the ( location to be selected) Provide for telephone requirements of the press.
Public Information Officer Schedule periodic press conferences, taking into consideration
Management personnel who will be participating.
Public Information Officer If media wants to photograph physical damage, Clear request with
Campus Police prior to approving request. Then accompany all photographers.
Public Information Officer Coordinate follow-up news releases after the immediate emergency
has passed to present the Institute in as positive light as possible. Possible topics could include:
What has been done to prevent recurrence of this type of emergency?
What are plans for reconstruction?
What has been done to express gratitude to the community for it's help?
What has been done to help employees, students and faculty?
Insurance Team
This appendix contains instructions to the Insurance Team Coordinator for disaster response,
salvage and recovery efforts.
Action Procedures
Player Action
Insurance Team Leader Contact appropriate Insurance people upon first advice of disaster.
Insurance Team Leader Meet with Damage Assessment/Salvage team at site.
Insurance Team Leader Go through disaster scene with Damage Assessment/Salvage team and
advise on matters relating to insurance and claims. Ensure that nothing is done to compromise
recovery from insurance carrier. Photograph all applicable areas.
Insurance Team Leader File all appropriate claims forms with all involved insurance carriers.
Report status of claims activity to the Business Continuity Management Team.
Telecommunications
This appendix contains instructions to the Telecommunications Systems team for disaster
response and recovery efforts.
Action Procedures
Player Action
HELP Line Personnel or Receives report of disaster from Physical
after-hours Duty Person Plant or Campus Police and notifies appropriate telecommunications
Systems and other personnel.
Director, Telecommunications Systems Oversees assessment of damage to telecommunications
facilities. Directs contingency and recovery efforts. Provides updates to Business Continuity
Management Team and MIT administration.
Operations and Customer Service Arranges for voice and dial-up data communications services
to support critical functions. Procures stock to repair or replace damaged equipment. Restores
full services in a timely manner.
Transmission Services Provides data communications facilities or circuits to support critical
functions. Assists with restoration of cable and wire plant, as needed. Assists Information
Systems and other departments with relocation and restoration of data facilities.
Appendix A - Recovery Facilities
The following facilities have been identified as designated recovery sites for restoration of
processing under the MIT Business Continuity Planning strategy.
Emergency Operations Centers
The Emergency Operations Center is the location to be used by the Business Continuity
Management Team and their support staff as a location from which to manage the recovery
process. As such, the specific location will be selected by the Coordinator at the time of the
occurrence. The following are the locations available:
Emergency Operations Center is located in _________________________________
Central Administration building out of service - Immediately after evacuation of building, the
BCMT will convene in Building _____ to coordinate intial response to the event. If the problem
appears to be long term - or affects the local area, the BCMT will activate the primary EOC in
______.
Hot Sites (Operational data centers providing emergency computing resources)
Facilities provided: (See O&S FARM Team Plan)
Shell Sites (Computer conditioned space available to install equipment)
Facilities provided: (See O&SFARM Team Plan)
Appendix B - Category I, II & III functions
For details about each of these functions see the appropriate FARM Team Plan
Appendix C - Plan Distribution List
PLAN DISTRIBUTION MATRIX
ORGANIZATION RECIPIENT LOCATION MIT PLAN FARM
COPIES TEAM
COPIES
Business
Continuity
Management Team
Coordinators 2 1
Audit Division 2 1
Campus Police 2 1
Comptrollers 2 1
Accounting Office
CAO - Payroll 2
Emergency 2 1
Response Team
Insurance 2 1
I/S Operations & 2 1
Systems
MIT News Office 2 1
Personnel Office 2 1
Physical Plant 2 1
President's 2 1
Office
Safety Office 2 1
Telecommunications 2 1
Distributed 2 1
Computing &
Network Services
Administrative
Computing
Steering
Committee
Chairman 2 1
2
1
FARM Team
Coordinators
Bursars Office 1
Comptrollers 1
Accounting Office
CAO - Payroll 1
Freshman 1
Admissions Office
Lincoln Fiscal 1
Office
Office of 1
Financial
Planning &
Management
Purchasing & 1
Stores
Office of the 1
Registrar
Technology 1
Licensing Office
Academic 1
Computing
Services
Administrative 1
Systems
Development
Computing Support 1
Services
Documentation & 1 1
Training Services
I/S VP Office 1 1
Business Continuity Management Team
EARLY WARNING
DUTY PROCEDURES
For information call:
BCMT Duty Person Procedures
This booklet contains instructions for the individuals currently assigned to be the active Business
Continuity Management Team contact for emergency situations that may develop. The Duty
Person is on call 24 hours a day for the one month assignment. The two people assigned as Duty
Persons (DP) will be equipped with a pager and a cellular phone - both to be used for BCMT
testing and emergencies only. Each person will pass the equipment to the next person on the
Duty Person roster when the one month assignment ends. The equipment information is as
follows:
Duty Person To just leave phone number To leave an 80 character message
Number to call back dial: call ____________ and give PIN #
1
2
To reach by cellular phone:
1
2
Preparation Procedures
Upon receipt of the equipment, read the directions for the equipment and familiarize yourself
with the pager and the phone. Ensure that phone batteries are charged properly (see instructions).
Note: the pager takes one AAA battery, which lasts about a month.
Call the other duty person to ensure the phone is operable. Send a page to your own unit to
ensure it is also functioning correctly.
At the end of your assignment, pass the equipment and documentation to the next person on the
duty roster. Notify the BCMT coordinators, ______________ and _____________ by e-mail that
the duty has been transferred. If an individual cannot serve, for a temporary period (i.e.. going to
a conference) it is their responsibility to provide a trained alternate as their replacement. The
BCMT Coordinators and the other person on duty are to be notified in advance about the
replacement.
If there is a need to contact all the people on the Duty Roster send e-mail to:
____________, an Athena mail list maintained by the Information Security Officer for this
purpose.
GUIDE TO BCMT ACTIVATION
1. The first indication of a problem will probably be a page alert from Physical Plant Operations.
This will be a short text message outlining the problem. Unless it's obvious that the problem is
long term and severe, wait 30 minutes (for things in the Operations Center to quiet down) and
call them at ___________. Tell them you're calling for the BCMT and get the latest status about
the problem reported by the page.
2. Does the problem prevent normal access, occupation or usage of any part of any of the areas
listed under the FARM Team Contact List, or does the disaster disrupt service provided by
telephones, the network, or the mainframe computers?
If no, go back to sleep!
If yes, continue.
3. Will expected recovery of the affected area last into normal business hours?
If no, go back to sleep!
If yes, continue.
4. Does the FARM Team Coordinator of the affected service indicate that the disaster will affect
that service? The FARM Team Contact List below provides the phone numbers of the FARM
Team coordinators and the buildings their functions operate in.
If no, go back to sleep!
If yes, continue.
5. ACTIVATE THE BCMT!
Call the coordinators first:
If they can't be reached, call the BCMT members directly. The numbers are on the list attached.
The BCMT has three possible assembly points:
If the problem is _____ related, meet in the ________ meeting room.
If ____ related, meet in the ______________ Conference Room ______
All other problems, meet in the Emergency Operations Center _______
Business Continuity Management Team Duty Roster
Name MIT Home From To Pager No
Phone
ID
1
24
2
10
FARM Team Contact List
# Area(s) FARM Team Contact Ext. Home E-mail Phone
10
Business Continuity Management Team
BCMT Contact Office Ext. Home Phone E-mail # BCMT 04 Coordinator BCMT 05 Coordinator
Physical 02 Plant Campus 03 Police Operations 40 Center Supervisor Emergency 41 Response
Team 42 Safety 43 Office Safety 44 Office DCNS 45 DCNS 11 CAO 46 I/S O & S 06
Telecomm 47 14 MIT News 48 Office 49 Insurance 50 Physical 51 Plant
Cellular Phone Memory Assignments
# Contact Phone
00
01
02