INFORMATION TECHNOLOGY DISASTER RECOVERY & CONTINGENCY PLANNING
Royal Canadian Legion
Branch 295 Chilliwack-Vedder
September 18th, 2023
INFORMATION TECHNOLOGY (IT) DISASTER RECOVERY & CONTINGENCY PLANNING
PREAMBLE
Recovery and contingency planning is limited to Branch 295 information technology systems supported by RCL Br 295 IT Services volunteers. Entertainment systems, cash machines, BC Lottery Commission terminals, loss of key personnel, and alternative methods of conducting business during IT service outages are not within the IT Services area of responsibility.
The intent of this document is to highlight our critical areas of concern and establish a framework for implementing recovery and contingency measures in the event of catastrophic or significant loss of service. Other IT Services documentation provides additional information.
Much of the content below explains some IT Services routine activities that could contribute to an efficient and effective recovery from major problems. Volunteer hours are somewhat limited and IT Services cannot guarantee the provision of services to cover all contingencies.
This is not a comprehensive checklist of actions to be taken. An Incident Response Guide is published separately.
INTRODUCTION
1. Disaster recovery and contingency plans are complementary but separate, entities. Disaster recovery deals with restoring full service to an acceptable expected state after a major event, while contingency planning involves identifying temporary alternative ways of doing business until full service can be restored. Many contingency measures are an administrative responsibility of "management" beyond the expertise and responsibility of IT Services.
2. We will define "disaster" as a major fire, flood, or other event with long-term denial of access to our building with possible destruction of our computers and point of sales system, or one involving a major malware attack such as a ransomware event. Other serious events outside the IT Services area of direct responsibility may include the loss of key personnel or services with no identified replacements or alternatives.
3. In the event of a disaster or significant loss of service, the IT Services team will meet as soon as humanly possible with the president and other key stakeholders to assess the damage, determine practical measures, and begin recovery action.
DISASTER RECOVERY & CONTINGENCY MEASURES OVERVIEW
All information technology services managed and conducted within the branch can be relocated to a temporary site or distributed to other locations with Internet connections. Replacement hardware can be purchased or borrowed; essential software products can be obtained and installed on different computers; documents and other data can be restored from offsite backup storage; important email and email contact lists can be re-created from email account backups; and essential vendor contact information can be retrieved from backed up Sage 50 company files.
2. We have a comprehensive user documents backup plan in effect that is described below.
3. Scheduled maintenance and system backups will be carried out annually on each computer time permitting. One computer will be looked at every three months. Maintenance includes tune-ups and the creation of Windows Restore Points, system recovery USB sticks, and system backups. Only the system recovery disks are stored offsite.
4. Financial records backups from the point of sales system and the accounting system are copied to the \\SYSTEM-RCL-295\ computer and move weekly to the offsite backup drive.
5. User account IDs and Passwords provided to IT Services are stored on the Shaw IT Services email account and periodically printed for filing in the president's file cabinet.
INVENTORY ANALYSIS
Assigning asset values assists us in prioritizing and establishing the level of effort required to recover or implement contingency measures. These values are an indicator of the importance of each asset to branch operations. The following assignments are used here:
Essential+
Essential
Important
Non-Essential
1. IdealPOS (IPS) point of sales system (POS). Essential+ service (Exception: If we were to lose our building or for any reason have no ability to conduct sales then this asset value would plummet)
IdealPOS computer under the bar connected to a point of sales terminal
Ethernet connection to the Shaw access point/router for connection to the IPS back office on the main office computer
Supported by KEN-ROD Office Equipment Ltd.
5767 203a St, Langley Twp, BC V3A 1W7, Canada
kenrod2@shaw.ca
(604) 530-0794
IPS data is automatically backed up at 4:00 am daily. Each night, the IPS backup files are copied to the "System" computer for later offload to an offsite storage device.
Disaster recovery: Contact KEN-ROD technical support for guidance and possible installation of replacement equipment.
Contingencies: alternative methods of accounting for cash payments are an administrative matter.
2. Sage 50 Simply Accounting application and data files. Essential+ service.
Sage 50 Version 2023.0 is installed on two office computers. Databases are stored on the main computer.
Three password-protected company files (databases) are in use and stored on the main computer in c:\user\public\Simplyaccounting. (LEGION, POPPY, GAMING). Anyone using the secondary office computer requires network access to the databases.
A part-time bookkeeper is employed for data entry and reporting. The Finance Officer has read and report access and IT Services has control of the sysadmin account to add, remove, or modify users and user access rights. Sysadmin access is also available to the bookkeeper if necessary.
The bookkeeper backs up Sage 50 data at the end of each data entry session. Each night, the SAGE 50 backup files are copied to the "System" computer for later offload to an offsite storage device.
Licencing information is required to perform software upgrades. Upgrade complications may require Sage 50 Customer Support intervention.
main computer \\OFFICE-RCL-295\
Company: Royal Canadian Legion Br #280
Serial: 112P2U29648598
Activitation Key Code: 112P2U2-QPR5-ACPA-TBED-Z6DW
Account ID: 4002845016
Payroll: Active
secondary computer \\ECECUTIVE-RCL-295\
Company Name: Royal Canadian Legion Br #280
Serial Number:112P2U29648598
Activation Key Codes:112P2U2-QPR5-ACPA-TBED-Z6DW (require confirmation of this code)
Account ID:4002845016
Payroll ID:PW01LPNBMM
Disaster recovery: (assumes loss of all computers and all data). Download software and restore data from offsite backups to a replacement computer. If the facility is also lost then this can be done offsite in any location with an Internet connection.
Observation. There is no indication that the branch has a succession plan if bookkeeping services are lost.
Contingencies: At present, the branch has no alternative to Sage 50 for financial accounting. The measures described above are the contingency.
3. Office productivity tools (e.g. Word processor and spreadsheet applications). Essential service
The full suite of Microsoft 365 office products is installed on all three computers.
Disaster recovery: (assumes loss of one more of our three business computers. Reinstall existing licences on new computers. Restore data from backups.
Contingencies: Free Microsoft Office-compatible products such as Libre Office or OpenOffice can be installed for essential work.
3. Internet Connectivity. Essential service
Internet connections support multiple essential business functions that include but are not limited to, government regulations, licencing, staff payroll, and membership records.
Electronic mail and website access relies on our Shaw Communications account. Our Internet access point/router is located in the office. Office computers are connected through ehternet cable and the basement computer uses our TP-LINK DECO mesh system to connect to the router.
SHAW ACCOUNT 018-7813-3330
Computers with WiFi adapters can connect to the Internet through the "Rogers Open" router in the building.
4. Printing and copying. Important service
One Ricoh network printer is connected to the Shaw router and provides high-speed and high-capacity printing, scanning, and copying services. This printer is too large in size to easily relocate to another room or location.
One HP colour inkjet printer is on a wifi connection and is available to all computers on the network.
One Brother colour inkjet printer is connected to the computer in the basement.
Disaster recovery (loss of Ricoh). Replacement purchase.
Contingencies: In the event of network loss the Ricoh can be connected to a computer with a USB cable and printer drivers can be obtained and installed from the vendor website. If the Ricoh printer is lost then one of the other two inkjet printers can be used.
5. Electronic Mail. The official email is considered an Essential service. Other email accounts such as those used by the bookkeeper, finance officer, and IT Services are considered Non-Essential
The official branch email rclbr295@shaw.ca is hosted by Shaw Communications. The password is known to the office administrator, IT Services, the president, and possibly others identified by the president.
Business access at present is exclusively through webmail.shaw.ca available through any web browser at any location. IT Services periodically exports the main email account for offsite storage. We also have the capability of creating .PST files with Microsoft Outlook.
Shaw email is hosted on a "Zimbra" system. Account data and email backups are in .TGZ format specific to Zimbra systems.
Disaster recovery: The only obvious circumstance that could be considered disastrous would be a total loss of Shaw service. Even then, the loss of email service would be temporary, lasting only until some or all of the contingency measures can be implemented.
Contingencies: (a) Restore the most recent .TGZ export from Shaw to a Zimbra system. Third-party paid services are required to restore .TGZ files to other systems. (b) Load and sync the latest backup .PST file into Microsoft Outlook and sync with a new email account.
COMPUTERS
As of 2023 all computers operate on Microsoft Windows 11 Pro. Windows "Home" versions are not intended for use in a business environment and will not be supported by IT Services when the last one is replaced. Windows 365 is installed on each computer.
Primary office computer purchased in 2023. (\\OFFICE-RCL-295\). This computer is primarily used by the Office Administrator for email and other web services, document processing, and scanning from the Ricoh printer/copier, and hosts the IdealPOS Backoffice and the Sage 50 Simply Accounting application and databases. The computer is connected to the Shaw Internet access point with an ethernet cable.
Secondary office computer (\\EXECUTIVE-RCL-295\). Purchased in 2022. Used by the executive and others for general work. Sage 50 is also installed and can be used for multi-user access or in the event of a crash of the primary computer. The computer is connected to the Internet and internal network through WiFi.
Basement computer located in the board room (\\MEMBERSHIP-RCL-295\). Purchased in 2021. Used primarily by the Membership Officer for internet access to the Dominion membership portal. The computer is connected to the Internet through the branch wireless (WiFi) system.
\\SYSTEM-RCL-295\ is an old Windows 10 Home office computer and is used exclusively through remote access by IT Services. It is located under the main desk in the office and not connected to a monitor. It contains a share for "public" documents available to all users on any branch computer. (This computer was formally the main office computer)
\\TECH-RCL-295\ is an old Windows 10 office computer used exclusively for remote access to the branch computers and development testing. It is offsite in the custody of an IT Services team member.
A Windows 10 laptop computer is stored in the branch primarily for use with the big-screen TV.
INTERNET & INTERNAL NETWORK
Our Internet service provider is Shaw Communications and the branch relies exclusively on this service for access to email and web-based services.
All computers are configured to be "discoverable" by other computers on the "network". Mapping of network drives enables transfer of files between computers which is critical for our data backup strategy. Internal network connectivity is all through the Shaw router.
COMMUNICATIONS & ADVERTISING
1. Branch communications tools include -
Facebook page at facebook.com/rcl295. The page is hosted on a member's personal Facebook page and alternate Administrators have been authorized. Any Administrator can take ownership of the page if necessary. The Facebook page is our most important public-facing tool.
Branch website at https://sites.google.com/view/rcl295/home. The site is maintained by the webmaster through the Gmail account rclegionbr295@gmail.com. The website is maintained by a single volunteer webmaster and serves little purpose other than to let the world know that the branch exists. There is no succession plan to enable continuing updating of the website in the absence of the volunteer webmaster.
A little-used Instagram account is linked to the Facebook page.
A Branch/Member News email account is maintained through our rclbr295@shaw.ca email account.
Print copies of a newsletter and events calendar produced at home by a volunteer using Microsoft Publisher is available in the branch every two months. PDF copies are published on the branch website and the source files are uploaded by the webmaster for archiving on a branch computer.
FILE BACKUPS
File backups are currently accomplished with robocopy commands in batch files running nightly on all three office computers and the system computer through the Windows Task Scheduler.
A full backup of user documents is created annually in January.
Files created or modified within the past 45 days are copied to each computer's hard drive and attached USB drive daily.
Files created or modified within the past 21 days are saved on the local computer as well as the attached USB drive daily as "incremental backups".
The 21 day files are zipped for later copy to the system computer \\SYSTEM-RCL-295\
Every second Sunday an automated script on the system computer copies these incremental backups to the system computer where they an be moved over the Internet to offsite storage in the Information Manager's home.
Photos, videos, music, appdata, downloads, and onedrive files are not backed up.
CONFIGURATION MANAGEMENT
IT Services & Information Management volunteers will manage -
Common Software applications installation and updating.
Operating system updates
Network configuration
Shared document folders
Configurations specific to user accounts will be managed by the account holder (e.g. browser settings, bookmarks, etc)
CONCLUSION
Disaster recovery planning is an ongoing process and what is valid today may not be valid tomorrow.
Branch IT Services 11 April 2024