Emergency Response Plans
Level 2: IT Disruption
Department: Information Technology
Departmental Emergency Contact: Patrice Bruneau
In the event of widespread data network, computer, or server failure, the Director of Technology Services, in consultation with the Associate Vice President for Information Technology, will determine if alternate electronic means are available to provide services lost from the outage. In addition, alternative non-electronic means also will be recommended to affected parties. Information Technology personnel also will work diligently with appropriate parties to bring data services back online.
This plan also covers the response and recovery for localized and widespread data failure due to unknown causes, including hacking and cyber terrorism.
During a critical incident, the first priority related to data services is to assess the functionality of emergency communications systems.
The ability to utilize the emergency cellphone notification system will be determined. The functionality of the Alertus system, siren system, main web servers, and email servers will also be assessed. The ability to operate these systems is important during any critical event. If any of these systems are disrupted, Information Technology personnel will first work toward assuring some subset of these systems are available. If emergency notification capabilities do not exist, staff will coordinate with Campus Police so appropriate alternatives can be planned.
Once emergency notification systems have been assessed and determined, Information Technology staff will work to determine which systems are affected by the outage. This damage assessment will allow the responding staff to align business continuity needs with the action plans. Personnel will then work to restore data services to further assist in maintaining appropriate business continuity and to bring academic and business functions back to normal operating conditions (in order of priority):
- If hacking or cyber terrorism is suspected, Information Technology staff will identify and isolate the affected systems. Depending on severity, the SC Information Sharing and Analysis Center (SC ISAC) will be contacted. Contact with other agencies, including SLED, FBI, USSS, JTTF, and Homeland Security can be facilitated through the SC ISAC.
- The offsite disaster recovery site shall be assessed and brought online if appropriate and if possible.
- Mission critical systems shall be restored to provide core service for payroll, financial aid, student records, and other mission critical services from at least one location.
- Email systems shall be restored for faculty/staff servers. Client access will be determined by availability of campus network.
- Outside Internet access to the main Winthrop web server will be restored to provide a visual Internet presence and to provide external communication as needed.
- Internal campus networks shall be restored to areas of critical need such as offices in the president’s and academic affairs suites and core functional offices.
- All remaining email servers shall be restored. Client access will be determined by availability of campus network.
- Mission critical systems shall be restored to provide core services in additional locations to provide more effective business operation.
- Remaining mission critical and non-mission critical servers shall be restored.
- Full campus network access shall be restored.
- Field service will be dispatched to address remaining individual client and workgroup issues.
Campus Police, CIMT leadership, and the Vice President for Finance & Business will be informed of the status and all changes in status regarding data services. Whenever possible and without interference with other activities, the campus should be informed through non-emergency channels of the status of data services.
In case of a major external data services outage that does not significantly affect or threaten Winthrop’s internal functioning or the safety of its constituents, but is beyond the control or reach of Winthrop’s IT technicians, the following steps will replace the established IT disruption Emergency Response Plan:
IT will apprise CIMT leadership after the origin and extent of the outage have been determined. CIMT leadership, in consultation with IT, will determine if and how the extent and duration of the outage are communicated to the campus population. If available, temporary measures can be used to restore service partially or in full. This will depend on the measures’ overall effect on the parts of the system not affected by the outage, such as internal functions and emergency notification systems. Once the outage is resolved, all temporary measures will be carefully removed to minimize system disruptions.
As the system resumes full functionality, IT will apprise CIMT leadership. IT and CIMT leadership will determine, based on prior communication, how the resolution is communicated to the campus population.
C. Expectations for Employees:
All Information Technology staff members are expected to be on call during a widespread data failure. Depending on the nature of the outage, all engineering, user support, telecommunications, and ACC staff may be required to report to campus or be on call during such an incident. In addition, the Director of Technology Services shall be on campus. The Associate Vice President for Information Technology should also be on campus or remain apprised of the situation throughout the entire incident.
If necessary, third party contractors will be contacted to provide additional assistance to restore services.
If the data failure is the result of an overriding incident (such as fire, weather, earthquake, etc.), the parties responsible for managing the overriding incident will determine if and when it is safe for Information Technology staff to report for duty to address the data failure.
In the case of widespread electricity loss, portable diesel must be provided to fill the Tillman Data Center generator on an ongoing basis. Facilities Management already provides this service and must be on standby to provide fuel.
The following contact information will be used to contact staff. Contact Campus Police to establish after-hours contact with the personnel below.
- Craig Sauvigne, 2 Tillman, Ex. 3375
- Patrice Bruneau, 13C Tillman, Ex. 2266
- James Hammond, 2 Tillman, Ex. 2282
- TJ Carney, 13B Tillman, Ex. 2116
- Renee Shugart, 13A Tillman, Ex. 3446
- Rosanne Wallace, Workman Bldg., Ex. 2575
- Gene Ealey, Workman Bldg., Ex. 2502
- Rick Walker, Workman Bldg., Ex. 2607
- Brandon Chap, Workman Bldg., Ex. 1337
E. Responsibility and Control:
The Director of Technology Services has the authority to make decisions regarding the use of university resources to address issues in this plan. In the absence of the Director of Technology Services, the Associate Vice President for Information Technology will supervise operations. In the absence of both the Director of Technology Services and the Associate Vice President for Information Technology, the User Support Manager, Telecommunications Manager, Academic Computing Manager, or Senior System Administrator will supervise operations. The choice between these particular positions will depend on which position is most closely related to the actual data outage.
All Information Technology personnel will be on call for the duration of an outage covered under this plan. Technicians may be called on site for wiring, server relocation, troubleshooting, and other technical duties..
F. Emergency and Training Plans:
- Information Technology personnel will work with the campus to recommend alternative electronic and non-electronic means to provide business continuity.
- Information Technology staff will periodically schedule invasive and non-invasive tests of offsite business continuity and disaster recovery resources.