Survivability

In the event of a disaster, the university must be able to carry on its critical functions. If those functions require technical resources, a recovery plan must be in place and tested to ensure effective response and a timely return to normal operations.

Survivability is the capability to maintain or quickly recover critical business functions after a disaster or adverse event. The Continuity of Operations Plan (COOP) is intended to minimize the effects of an event, reduce financial loss, continue essential services and expedite the return to normalcy. The Disaster Recovery Plan is the technology component of the COOP. The plan describes the procedures to provide the technology processes that support essential services during an emergency and detail how the infrastructure will return to regular operations within an acceptable time frame. A documented COOP and Disaster Recovery Plan should reduce confusion during an emergency and enhance the ability to deal with the crisis.

Please see the following FSU policies that discuss Disaster Recovery:

4-OP-H-5 Information Security Policy

4-OP-H-10 Information Technology Disaster Recovery and Backup Data Policy

Tools and Resources

FSU Comprehensive Emergency Plan

What is a Disaster?

The unplanned and significant displacement or interruption of normal business processes resulting from the failure or disruption of the assets, infrastructure or facilities such processes rely on.

Common Disaster Types

Power Outage

Hurricane or other storm

Flooding

Fires

Hardware error

Software error

Physical attack

Power surge or spike

Earthquake

Additionally, a major cybersecurity incident like a Distributed Denial of Service , Ransomware or other Malware, etc could cause a disaster

What is Business Continuity?

Addresses the academic, research and operational business activities of the University. This includes the procedures and information needed to keep critical functions running during a period of displacement or interruption to normal operations.

–Business continuity planning often addresses a larger set of issues than DR planning.

–Recovery Point Objectives (RPO). RPO are define the maximum time/period in which data is at risk of being lost due to a major incident.

What is Disaster Recovery?

Activities to enable continued operation or recovery of technology or other infrastructure to an acceptable level of performance after a disaster occurs.

–This includes the processes, policies, procedures, and infrastructure related to preparing for and implementing recovery or continued operation of vital technology after a disaster.

–Recovery Time Objectives (RTO). RTO are defined as the duration of time within which a system or process must be restored to an acceptable level of service to avoid unacceptable consequences after a disruption has occurred.

FEMA Training

FEMA provides comprehensive disaster recovery training materials, many of which are available at no cost. A few of the core offerings are listed below.

We recommend that Florida State University department BC & DR personnel complete the following online training courses as time allows.

FEMA - Emergency Management Institute (EMI) Course | IS-700.A: National Incident Management System (NIMS) An Introduction

This course introduces and overviews the National Incident Management System (NIMS). NIMS provides a consistent nationwide template to enable all government, private-sector, and nongovernmental organizations to work together during domestic incidents.

https://training.fema.gov/is/courseoverview.aspx?code=IS-700.a

FEMA - Emergency Management Institute (EMI) Course | IS-100.B: Introduction to Incident Command System, ICS-100

Introduction to the Incident Command System, introduces the Incident Command System (ICS) and provides the foundation for higher level ICS training. This course describes the history, features and principles, and organizational structure of the Incident Command System. It also explains the relationship between ICS and the National Incident Management System (NIMS).

https://training.fema.gov/is/courseoverview.aspx?code=IS-100.b

FEMA - IS-100.HE: Introduction to the Incident Command System for Higher Education

Introduction to the Incident Command System for Higher Education, introduces the Incident Command System (ICS) and provides the foundation for higher level ICS training. This course describes the history, features and principles, and organizational structure of ICS. It also explains the relationship between ICS and the National Incident Management System (NIMS). This course uses the same objectives and content as other ICS courses with higher education examples and exercises.

https://training.fema.gov/is/courseoverview.aspx?code=IS-100.HE

FEMA – Continuity of Operations Awareness; Introduction to Continuity of Operations

Continuity of operations is a Federal initiative, required by Presidential directive, to ensure that agencies are able to continue performance of essential functions under a broad range of circumstances.

Continuity of operations is part of every agency’s fundamental mission. Today’s changing threat environment has increased the need for continuity capabilities and plans at all levels of government and within the private sector.

More courses are available from FEMA here:

https://training.fema.gov/is/curriculum.aspx

National Institute of Standards and Technology

NIST Computer Security Resource Center

https://csrc.nist.gov/publications/sp

NIST SP 800-34 Rev. 1: Contingency Planning Guide for Federal Information Systems

https://csrc.nist.gov/publications/detail/sp/800-34/rev-1/final

NIST SP 800-84: Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities

https://csrc.nist.gov/publications/detail/sp/800-84/final

Other Useful Disaster Recovery Resources

FSU Information Security and Privacy Office Presentations

Disaster Recovery and Business Continuity Planning Overview