[University of Arkansas][Computing Services]

Disaster Recovery Plan
Disaster Risks and Prevention
(DRPDR002)

Last update: Tuesday, 21-Mar-2000 10:31:51 CST

As important as having a disaster recovery plan is, taking measures to prevent a disaster or to mitigate its effects beforehand is even more important. This portion of the plan reviews the various threats that can lead to a disaster, where our vulnerabilities are, and steps we should take to minimize our risk. The threats covered here are both natural and human-created.


FIRE

The threat of fire in the Administrative Services Building (ADSB), especially in the machine room area, is very real and poses the highest risk factor of all the causes of disaster mentioned here. The building is filled with electrical devices and connections that could overheat or short out and cause a fire. Not to be forgotten are the hydrogen gas producing batteries in the Uninterruptible Power Supply room where a spark could ignite a fire and explosion.

The computers within the facility also pose a quick target for arson from anyone wishing to disrupt University operations. Wide area fires, such as those common in recent years in California, are also a possibility in dry times.

Preventive Measures

Fire Alarms
The Administrative Services Building (ADSB) is equipped with a fire alarm system, with ceiling-mounted smoke detectors scattered widely throughout the building. Smoke detectors are also placed beneath the raised floor of the machine room.
Fire Extinguishers
Hand-held fire extinguishers are required in visible locations throughout the building. Staff are to be trained in the use of fire extinguishers.
Halon System
The machine room and tape vaults are protected by a Halon gas fire extinguishing system.
Building Construction
The ADSB is built primarily of non-combustible materials. The risk to fire can be reduced when new construction is done, or when office furnishings are purchased, to acquire flame resistant products.
Training and Documentation
Detailed instructions for dealing with fire are present in Standard Operating Procedures documentation. Staff are required to undergo training on proper actions to take in the event of a fire. Staff are required to demonstrate proficiency in periodic, unscheduled fire drills.

Recommendations

Regular review of the procedures should be conducted to insure that they are up to date. Unannounced drills should be conducted by an impartial administrator and a written evaluation should be produced for the department heads housed in the building.

Regular inspections of the fire prevention equipment are also mandated. Fire extinguishers are periodically inspected as a standard policy, but so should the Halon fire prevention system. Non-disruptive tests of the Halon system should also be conducted. Smoke detectors located under the machine room raised flooring should be periodically inspected and cleaned.

Return to the top of this document


FLOOD

The Administrative Services Building is located in an area surrounded by higher ground. It is also located in the middle of a dry stream bed (culverts have been constructed to divert the stream during wet periods). These factors coupled with the chance of a storm that drops large amounts of rain in the Fayetteville area create the threat of flooding. Flood waters penetrating the machine room, especially with its submerged flooring, can cause a lot of damage. Not only could there be potential disruption of power caused by the water, flood waters can bring in mud and silt that can destroy sensitive electrical connections. Of course, the presence of water in a room with high voltage electrical equipment can pose a threat of electrical shock to personnel within the machine room.

Preventive Measures

Storm sewer modifications were made as a part of the construction of the ADSB building. Water detectors are installed under the machine room floor and two sump pumps are installed in the machine room.

Recommendations

Periodic inspections of the underflooring in the machine room must be conducted to detect water seepage, especially any time there is a heavy downpour. The four water drains located under the floor should also be inspected to make sure that they aren't clogged by debris.

Periodic inspections of the water detectors are also required to ensure their proper operation. Batteries within the detectors must be replaced on a regular schedule.

Operators should be trained in shutdown procedures and drills should be conducted on a regular basis. Also, staff in the machine room should be trained in responding to victims of electrical shock.

Return to the top of this document


TORNADOS AND HIGH WINDS

As the University of Arkansas is situated along "Tornado Alley", damage due to high winds or an actual tornado is a very real possibility. A tornado has the potential for causing the most destructive disaster we face.

Preventive Measures

While a fire can be as destructive as a tornado, there are very few preventative measures that we can take for tornados. Building construction makes a big difference in the ability of a structure to withstand the forces of high winds. Unfortunately, the Administrative Services Building is not a strong building. The exterior (south) wall and flat roof are susceptible to wind damage. Strong winds are often accompanied by heavy rain, so a double threat of wind and water damage exists if the integrity of the roof is lost.

Recommendations

All occupants of the Administrative Services Building should know where the strong points of the building are and directed to seek shelter in threatening weather. The machine room operator is often unaware of outside weather conditions, so the machine room should be equipped with a weather alert radio.

Computing Services should have large tarpolines or plastic sheeting available in the machine room area ready to cover sensitive electronic equipment in case the building is damaged. Protective covering should also be deployed over magnetic tape racks to prevent water and wind damage. Operators should be trained how to properly cover the equipment.

Return to the top of this document


EARTHQUAKE

The threat of an earthquake in the Fayetteville area is low, but should not be ignored. Scientists have predicted that a large earthquake along the New Madrid fault may happen any time in the next 50 years, and that its effects will be felt as far away as our area. Buildings in our area are not built to earthquake resistant standards like they are in quake-prone areas like California. So we could expect light to moderate damage from the predicted quake.

An earthquake has the potential for being the most disruptive for this disaster recovery plan. If the Administrative Services Building is damaged, it is highly probable that the Cold Site on campus may also be similarly affected. Restoration of computing and networking facilities following a bad earthquake could be very difficult and require an extended period of time due to the need to do widescale building repairs.

Preventive Measures

The preventative measures for an earthquake can be similar to those of a tornado. Building construction makes all the difference in whether the facility will survive or not. Even if the building survives, earthquakes can interrupt power and other utilities for an extended period of time. Standby power generators could be purchased or leased to provide power while commercial utilities are restored.

Recommendations

Computing Services should have large tarpolines or plastic sheeting available in the machine room area ready to cover sensitive electronic equipment in case the building is damaged. Protective covering should also be deployed over magnetic tape racks to prevent water and wind damage. Operators should be trained how to proper cover the equipment.

Return to the top of this document


COMPUTER CRIME

Computer crime is becoming more of a threat as systems become more complex and access is more highly distributed. With the new networking technologies, more potential for improper access is present than ever before.

Computer crime usually does not affect hardware in a destructive manner. It may be more insidious, and may often come from within. A disgruntled employee can build viruses or time bombs into applications and systems code. A well-intentioned employee can make coding errors that affect data integrity (not considered a crime, of course, unless the employee deliberately sabotaged programs and data).

Preventive Measures

All systems should have security products installed to protect against unauthorized entry. All systems should be protected by passwords, especially those permitting updates to data. All users should be required to change their passwords on a regular basis. All security systems should log invalid attempts to access data, and security administrators should review these logs on a regular basis.

All systems should be backed up on a periodic basis. Those backups should be stored in an area separate from the original data. Physical security of the data storage area for backups must be implemented. Standards should be established on the number of backup cycles to retain and the length of their retention.

Recommendations

Continue to improve security functions on all platforms. Strictly enforce policies and procedures when violations are detected. Regularly let users know the importance of keeping their passwords secret. Let users know how to choose strong passwords that are very difficult to guess.

Improve network security. Shared wire media, such as thinnet ethernet, are susceptible to sniffing activities, which unscrupulous users may use to capture passwords. Implement stronger security mechanisms over the network, such as one-time passwords, data encryption, and non-shared wire media.

Return to the top of this document


TERRORISTIC ACTION AND SABOTAGE

The University's computer systems are always potential targets for terroristic actions, such as a bomb. The threat of kidnapping of key personnel also exists.

Preventive Measures

Good physical security is extremely important. However, terroristic actions can often occur regardless of in-building security, and they can be very destructive. A bomb placed next to an exterior wall of the machine room will likely breach the wall and cause damage within the room.

Given the freedom that we enjoy within the United States at this time, almost no one will accept the wide-scale planning, restrictions, and costs that would be necessary to protect the Administrative Services Building from a bomb. Some commonsense measures can help, however.

The building should be adequately lit at night on all sides. All doors into the machine room area should be strong and have good locks. Entrances into the machine room proper should be locked at all times. Only those people with proper security clearances should be permitted into the machine room area. Suspicious parties should be reported to the police (they may not be terrorists, but they may have theft of expensive computer equipment in mind).

Recommendations

Maintain good building physical security. Doors into the machine room area should be locked at all times. All visitors to the machine room should receive prior authorization and log in and out.

Return to the top of this document



[Home Page] [Table of Contents] [Send Mail]
Copyright © 1997 University of Arkansas
All rights reserved