Pennsylvania BANNER Users Group 2007 Disaster Recover For The Financial Aid Environment

General Announcements: Please turn off all cell phones/pagers If you must leave the session early, please do so as discreetly as possible Please avoid side conversations during the session Questions will be answered at the end of the session Thank you for your cooperation

What is a Disaster A specific event or series of events that compromises, destroys or renders inaccessible data, credibility, processes or personnel that are needed to perform the immediate duties of an office or individual that cannot be performed by others on campus either due to lack of knowledge, ability or access.

Effected Computer Systems/Data/Processes Staff Students Communications – internal – External

Why Financial Aid Disasters are not entirely technical in nature Financial Aid is vulnerable due to being a public office Tax returns/SSNs No one else on campus knows what you do Enemies

Examples Viral infection closes office for several weeks Fire destroys office Visitor grabs a stack of tax returns off a desk and heads out the door. Pandemic closes school. All lenders need to be contacted and funds returned if appropriate Laptop containing sensitive aid information is stolen Secretary is bringing SSNs home to boyfriend

3 Phases of Disaster Recovery Prevention/Pre-Disaster Containment Recovery

Prevention/ Pre-Disaster Develop a quick and capable response to assure full utilization of all available resources by completing the following: – Document processes and conducting training – Communicate and coordinate disaster recovery plans with IT staff – Developing a procedure for alerting, notifying, and mobilizing key staff members – Establishing mutual support agreements with other offices around campus – Establishing mutual support agreements and contact arrangements with other interested parties (AES, Lenders, etc.) – Make certain staff has a copy of Disaster Plan to refer in case of emergency – Test as much as possible

Containment Its happening. – Protect life – Determine boundaries – Take steps necessary to reduce the level of disaster – Assess immediate dangers of continuance of operation – Communicate with key staff as to implementation of the plan No one will provide information to members of the media.

Recovery The disaster is over or has been contained – How good was your plan? – Was the plan understood and executed? – Communicate return to normalcy with internal and external contacts

Recommendations Form DR committee in Financial Aid – Appoint lead – Invite members of other departments – Write DR manual within committee Everyone gets a copy Everyone is expected to know their part

Recommendations contd Stress Test – Ask staff (especially Work Study) to help identify vulnerabilities – Once a month have an employee work from remote location – Work with IT staff to test data recovery

Recommendations contd Back up! – Verify with IT staff that your data IS being backed up – Purchase zip drive or other external drive to back up important data – Password protect sensitive data – Store back up drives in secure location

Recommendations contd Remove temptation – No files left on desks unattended, especially tax returns, especially overnight – Do not allow passwords to be written down and stored on monitors or keyboards – Do not keep a file called passwords on your pc – Do not travel with sensitive information unless necessary

Recommendations contd Use common sense – Dont sensitive information unless you are certain of the recipient(s) – Dont send prints to public printers – Homing pigeons do not make good curriers – Make sure staff is not giving out information they should not

Discussion