Project - Global Department Procedures and Disaster Recovery Documents
I was asked by the Corporate Manager of IT to draft some policies and procedures for the IT Department.I drafted the following documents / policies:
- Network Diagramming, Monitoring, and Security Threat Assessment Guidelines
- Server, Computer, and Network Device Provisioning and Asset Replacement Guidelines
- Software Migration and Computer Retirement
Procedures
I was asked to contribute to a Global IT Disaster Recovery and Business Continuity Plan. The following was presented for consideration (along with branch details):
- hardware / software used throughout the company
- costs
- applicable license language of issue / type / counts / unlocks / keys
- device / software version, if obsolete, and market availability / replacement plan
- applicable security considerations
- associated backup / replacement devices
- custom solutions
- impacts to manufacturing if down
- network diagrams
- devices and their age
- security considerations
- impacts to office / manufacturing if segment is down (critical device matrix)
- manufacturing assets
- IT assets / PLC's age, if obsolete, and market availability
- custom solutions
- backups / redundancy
- procedure to re-establish production and applicable customer impacts / severity
- computer backup systems
- device age
- redundancy
- remote restoration capabilities and time lines
- power availability and conditioning
- consider long-term power outages for office / manufacturing
- communications dependencies
- communication systems
- devices and their age
- topographies
- costs
- custom software
- SLA's
- DDoS and Cyber attack analysis and vulnerabiilty report
- remote office / manufacturing spaces
- alternate office/manufacturing spaces
- can other manufacturing locations offset production
- sourcing of temporary personnel
- cold/hot site requirements
- temporary communications redirection
- availability of capital
- ensure plans fit within budgeted amount
- times required to provide capital for temporary relocation, service / equipment restoration, and time required for finance to release necessary capital
- intellectual property theft/security breaches
- physical / computer / network securities
- ability to investigate (forensics)
- analysis on systems / procedures to help mitigate attacks
I suggested the following when asked to review plan to rebuild the corporate Intranet:
- send survey to employees having access, to ensure presented information is accurate, relevant to their duties, and presented in a usable way
- consider removing items / data not recently accessed, consulting with Department Managers to ensure that the information is not relevant
- rebuild website, ensuring remaining items are secured, optimized, properly formatted, easily accessible, and presented in a way that can be directly used in any relevant data processing systems (copy / paste)
I felt this approach would speed the redevelopment process, reduce costs, reduce security risks, and help ensure the information and systems provided were efficient, appropriate to current needs, was properly formatted for use.