Disaster Recovery Plan

Introduction

Mumias Sugar Company is a registered agro-based company in the Sub-Saharan African region of Mumias Kenya. It is majorly involved in growing and crushing cane to produce sugar. Other projects handled by the company include ethanol production, water bottling and Cogeneration of electricity. 34% of the company is owned by the Kenya government, and 30% by farmers, 4% by Commonwealth Development Corporation and 32% is owned by shareholders. The company is on plot No-FR/257/12 with a total area of 4,295 hectares. Its construction was completed in 1968 and it started sugar production in 1972. It is located in Butere-Mumias District along the Kakamega-Bungoma road. It is 32km west of Kakamega town, 23km south of Bungoma town (Munyasi, 2012). I have outlaid my report as follows. 

The objectives of Mumias Sugar Company include: 1) providing farmers with a reliable source of income, 2) creating employment from the profits made, 3) reducing rural-urban migration that is destabilizing the country, 4) reducing over-importation of sugar and 4) create an economic hub at Mumias. The general layout and size of the factory are as shown below:

(Chart omitted for preview. Available via download)

According to Munyasi (2012), the factory and the nucleus border Mumias Town to south, as well as other sugar cane plantation. It extends 200 meters west of the factory. The factory was constructed to house all its mechanical and technical necessities. For example, the Factory workshop repairs heavy metal machinery, fleet section repairs trucks & tractors. It also has a facilities section that houses masonry, plumbing and carpentry section. This is a factory system. 

The company has a work-shift system where workers operate on various shifts to allow maximum utilization of its enormous labor supply. Machines are driven by steam and water wheels. Huge conveyor systems are also present from the extraction site to deliver bagasse to the boilers.  One major environmental factor within the company premises is a fully-fledged meteorology station. The agricultural weather station gives vital information that runs agricultural practices. This station provides the agronomy department with information that will be used in strategic and intermediate information. For example, the wind vane gives the wind direction. It enables the agronomists to know from which direction rain-bearing wind is coming from. It gives a plan on the cane planting date and site location. Further details will be discussed later in the report. Most workers in the factory are either casual laborers or contractors. Few have been employed on a permanent basis. Independent contractors determine own work sequence, are permitted to hire assistants, paid as per the job done, are under a contract that governs how the relationship can be severed and performs services under the worker’s business name (Diocal, 2004).  

Contractors do most of the work in the factory. E.g. harvesting & transport of cane from farms, constructions, plant maintenance (hot works wielding), security (G4S). These workers have influenced the establishment of retail markets (Shibale, Matungu, and Mayoni). They seek accommodation, food and other basic needs from these areas. Safety aspects have been attached for example issuance of a permit to work. It contains (site description details) and effective for hot works as this is a major source of fire especially when sparks interact with dry cane or bagasse. Bagasse is mixed with oil and then used to fire boilers (3-sugar plant, ethanol & cogen). The report will also give a detailed occupational health and safety guide that is strictly followed by all the company employees. This guide also includes infrastructural development.

The factory has a tarmacked road network bordering the company with the neighboring land on the western side. The nucleus estate is served by murram road. The factory has access routes that direct the transportation of goods and movement of people around the highly dangerous area. Such include wheel loaders (offload sugar cane and bagasse at the cane yard and bagasse store conveyors respectively). The cane milling process has been briefly highlighted below. It must be noted that bagasse from the extraction site is the source of the fuel used to fire boilers. Bagasse is carried by conveyors to the various boilers.

The Company’s Organizational Structure

(Figure 1 omitted for preview. Available via download)

The company’s network architecture is as shown below (retrieved from {http://www.edrawsoft.com/Network-Architecture.php}. 

(Figure 2 omitted for preview. Available via download)

The Proposed network architecture of an alternate computing facility in the event of a disaster (this includes the backup systems and the wide-area networks) (retrieved from {http://www.edrawsoft.com/Network-Architecture.php}. 

(Figure 3 omitted for preview. Available via download)

Computing Facility Disaster Recovery Plan Policy (DRP)

Disaster Declaration

It is hereby noted that since disasters happen so rarely (natural and artificial), management of the company has often ignored the disaster recovery planning. Process (DRPP). A contingency plan will give Mumias Sugar Company a competitive advantage in the local and international market. The following policy is meant to ensure the management’s support in the event of any disaster. Moreover, disasters do not only comprise of adverse weather conditions. Any event (man-made or natural) that could likely cause an extended delay of (MSC) services should be measured in this category.

Assessment of Security

The management and technical staff are mandated by this policy to carry out an initial assessment of a disaster before its magnitude surpasses their capability. The Security Systems Operators (SSOs) are mandated to ensure no security detail has been left out in the event of disaster. This policy supports Moyles (HIPAA Security Rule) that emphasizes compliance of security details in the event of a power outage. There should also various disaster recovery methods such hot sites, cold sites, managed service provider and cloud-based services. Management should also vet security vendors such as cloud computing security providers.

(Disaster recovery procedures omitted for preview. Available via download)

Executive Summary

This charter reviews the process of establishing an incident response team in charge of maintaining data, data warehousing, and facility recovering after the occurrence of computing disasters. The charter begins by discussing the mission statement of the organization, the incident declaration and the structure that is specifically responsible for maintaining disaster recovery procedures. It also discusses the roles and responsibilities, information flow and methods of communication. The charter sheds light on methods and services provided by the IRT before closing with the authority and reporting procedures of the DRP policy. Citations have been carefully placed to ensure the readers understand the origin of the charter. Finally, emphasis has been made that an IRT charter should not be considered lightly.

Mission Statement

The IRT team of Mumias Sugar aims at ensuring the company’s information security. It endeavors to use “efficient, innovative and ethical practices while meeting the diverse expectations of other Stakeholders” (Msc.org, 2008).

Incident Declaration

This charter contains and specifies actions required of the management of Mumias Sugar Company under the Incident Response Team to reporting or responding to an information technology situation (data malfunction or computing disaster) that may threaten the confidentiality, integrity or availability of Mumias Sugar systems, network policies, or data.  The following should be followed accurately:

All members of Mumias Sugar (Natural sweetness) family are responsible for reporting known or suspected events IT events promptly, as described in the disaster declaration of this document (see attached). Mumias Sugar management reserves the right to take necessary action under this DRP policy to protect Mumias Sugar resources or preserve evidence as given accordingly. The Director of information technology is responsible for declaring a reported event as an incident, according to the given company criteria under part (IV) of the procedures of recovering from a disaster in this document. He/she is responsible for directing any response action in the event of a reported incident. The relevant procedures as stipulated in part (iv) of the DRP policy should be strictly followed by the individuals of the Incident Response Team when an IT malware has been reported. However, MSC management will ensure the process does not infringe any company rights. Immediate halt of the process will be done if unnecessary scrutiny is actualized and as not stipulated r is contrary to this policy. Utmost confidentiality and information secrecy will be required from the persons that will be carrying out the response process (IRT) and those who will raise the alarm. Any conveying of information will be through the management and the public relations team as has been directed in part (IV) of the policy. Mumias Sugar management will approve any alterations or exceptions that will be considered by the Incident Response Team in the course of disaster recovery.

IT Organizational Structure 

Roles and Responsibilities

The incident repose team will comprise of five major positions working under the IT department but spread across all networks and department. The positions have been stipulated as follows: Team leader-head of IT in the company, IT Analyst (s), Computing Incident Handler(s), Security system engineer, Public Relations coordinator and head of IT advisory board. The Team leader is tasked with the overall administration of the IRT personnel. He/she also ensures total control of the company system. He represents the team in the board.

The IT analyst monitors and controls the technical bit of the incident. Intrusion details and verification are handled by the IT analyst. He/she also verifies whether the incident is worth being considered a disaster. The computing Incident Handler(s) is “responsible for leading a particular incident response operation or effort while the Security Engineer(s) serve as the technical resource” (Sans, 2003). He/she is vested with “proposing counter measures for hardening the various platforms supported within the organization. Finally, the Public Relations Coordinator determines what information is distributed, when, how and to whom” (Ibid). This position is critical, since “information released to the public should be handled through a single source representing the organization experiencing the incident.”7 

Information Flow and Methods of Communication

It is important to realize that the bearer of the incident information is referred to as a client. He/she may come from the internal (staff member) premises or external (a visitor). The help desk is first to receive this information from the client before it informs the information security department (under IT). This comprises of the leader and the Network Operating Centre (Engineers and system analysts). At this point, radio calls are used by the engineers as well as oral communication. After the incident, the public relations team writes to the media houses or a statement is read to confirm or annul the incident. The flow of information can be depicted from this diagram as is depicted from (Northwestern.edu, 2006). 

(Figure 4 omitted for preview. Available via download)

Methods and services provided by the IRT. As stated, IRT handles cybercrime issues through encryption of data. It also ensures backing up of data in case of power outages and hardware vandalism. In general, it deals with computer risk management (Csirt.org, 2013). Information is released only after the IRT has taken care of it. Authority and reporting procedures DRP policy. 

(Figure 5 omitted for preview. Available via download)

References

Munyasi. J. (2012). Environmental Audit for Mumias Sugar Company. Kenya Agricultural Research Institute. Mumias Kenya.

Northwestern University Information. (2006). Incident Response Protocol. Retrieved from.www.it.northwestern.edu/bin/docs/IncidentResponseProtocol-abridged.pdf. Updated on March 24, 2006. Accessed on September 4, 2013 at 6:25 pm

SANS Institute. (2003). Security Issues with DNS: as part of GIAC practical repository. Web resource. Retrieved from {www.sans.org/reading-room/whitepapers/dns/security-issues- dns-1069}. Accessed on September 4, 2013 at 2:56 pm

Search Security. (2010). Disaster recovery and contingency planning security consideration. Retrieved from {http://searchsecurity.techtarget.com/magazine/Content/Disaster-recovery-and-contingency-planning-security-considerations}.Updated on December, 2010. Accessed on September 4, 2013 at 4:15 pm