Lab Logo
Lawrence Berkeley National Laboratory
Main | Search | Phone | Today | Notice
 
Office of the Chief Information Officer: Rosio Alvarez, PhD
Home | Policy | Privacy | Assurance | Federal Enterprise Architecture | CPIC | IT Division | Organizations and Committees

 

IT Policy: Guidance for the Management of Contingency Plans and Disaster Recoveyr Testing
     
Summary, Keywords, Notes   Guidance: Implementing Lifecycle Management Contingency Repsonse in RPM 9.01

IDisaster Recovery, Contingency Planning, Authority to Operate, Continuity of Operations, Business Continuity Planning.

 

Promulgated 5/17/2007. Review required by 5/17/2010

.

 

 

 

  1. It is the policy of LBNL to prepare its IT staff and assets for responding to disasters by creating plans for restoring key services, revising such plans when required by changes in the operating environment, testing components of these plans at least annually,and revising/recertifying plans as they are tested.
  1. The Certification and Accreditation Coordinator provides annual guidance to the LBL Enclaves to coordinate the testing of contingency plans.
    1. Such guidance will contain minimum expectations for the number and type of test performed.
    2. Such guidance wil provide deadlines for the termination and reporting of testing activities.
    3. Each enclave will follow the procedures laid out by the C&A Coordinator Annually.
    4. The guidance provided by the C&A coordinator represents the minimum expectation for testing and management. As in all things, responding to disasters and testing is a line management responsibility - responsible managers must ensure that the appropriate level of testing is achieved, including testing beyond the minimum expectations if necessary.
  1. LBL IT Disaster Recovery / Contingency Testing should be integrated, wherever possible, with labwide Emergency Response and Business Coninuity Testing and Planning

  2. LBL recognizes that many different types of tests are appropriate and useful in the testing of contingency response. Acceptable tests include tabletops, technical testing, technical tabletops, procedure walkthrough, lessons learned exercises related to real component failures, and participation in labwide emergency tests where such participation is related to the recovery of IT systems.
  3. LBL does not engage in any activities which rise to the level of Critical Infrastucture/Key Resources as defined by the Department of Energy. IT participation in Business Continuity Planning for LBNL is considered sufficient preparation with regards to recovery of operations. If enclaves identify they rise to the level of requiring a Continuity of Operations Plan (COOP), they must alert the CPPM.
  4. Roles and Responsibilities related to Disaster Recovery of IT Systems:

LBNL Chief Information Officer (CIO)

Responsibility: Oversees Labwide IT Disaster Recovery

 
 

C&A Coordinator

Responsibility: Set annual expectations, with CIO and Enclaves, for Disaster Recovery Testing.

 
 

Enclave Owners & IT Division Department Heads

Responsibility: Conduct and report on annual tests as directed. Conduct more frequent and extensive testing if conditions warrant.

 
 
Employees, End Users, and System Administrators

Responsibility: Take appropriate precuations regarding the planning and testing of contingency response. Participate with SEO Group as below to coordinate IT support of Labwide activites.

 

Chief Operating Officer

Set institutional BCP priorities.

 

Security and Emergency Operations Group

Set Labwide policy, procedure, planning, and testing requirements for emergency response and business continuity planning.

 

 

Documents:

LBL Disaster Recovery Testing Form:

Current 2008-2009 Form

Archived Previous Form

Summary of Activities from Previous Years

FY05

FY06

 

 

     
     

 

 

  Home | Policy | Privacy | Assurance | Federal Enterprise Architecture | CPIC | IT Division | Organizations and Committees  
 
Lab Logo
Lawrence Berkeley National Laboratory
University of California: It Starts Here
 
This page is and all subsequent pages are covered by the University's Privacy and Security Notice and Policies