IT Disaster Recovery Plan

Information Technology Statement of Intent

This document delineates our policies and procedures for technology disaster recovery, as well as our process-level plans for recovering critical technology platforms and the data stored within. This includes data stored for The Green Hills Group’s client’s company information and website data. This document summarizes our recommended procedures. In the event of an actual emergency situation, modifications to this document may be made to ensure the safety of our systems and data. 

Our mission is to ensure information system uptime, data integrity and availability, and business continuity. The Green Hills Group will be referred to as TGHG throughout this document.

Policy Statement

  • The company shall develop a comprehensive IT disaster recovery plan. 
  • A formal risk assessment shall be undertaken to determine the requirements for the disaster recovery plan. 
  • The disaster recovery plan should cover all essential and critical infrastructure elements, systems and networks, in accordance with key business activities. 
  • All staff must be made aware of the disaster recovery plan and their own respective roles. 
  • The disaster recovery plan is to be kept up to date to take into account changing circumstances.

Objectives

The principal objective of the IT disaster recovery program is to develop, test and document a well-structured and easily understood plan which will help the company recover as quickly and effectively as possible from an unforeseen disaster or emergency which interrupts information systems and business operations. 

Additional objectives include the following: 

  • The need to ensure that all employees fully understand their duties in implementing such a plan 
  • The need to ensure that operational policies are adhered to within all planned activities 
  • The need to ensure that proposed contingency arrangements are cost-effective 
  • The need to consider implications on other company sites 
  • Disaster recovery capabilities as applicable to key customers, vendors and others

Key Personnel Contact Information

Internal Operations

  • President: Lee Covert – 636-579-9024
  • Director of Operations: Alex Covert – 616-406-9002
  • Main Phone Number – 615-485-3882

External Vendors

Key Technology Management Systems

  • Website Server System

The website server system used for all of TGHG’s customers is provided by Liquid Web. The server setup is built with a processing system that far exceeds the needs of the clients to provide flexibility for unpredictable influxes of site traffic. The server setup’s core security systems are built to prevent most common malware and DDoS attacks. These secure systems are built to provide a safe and secure option for all of TGHG’s customers.

Key Features:

  • ProcessorIntel Xeon E3-1230 v6 Quad-Core
  • OSLinux OS (+CentOs 7 – 64Bit) (+Apache)
  • ControlPanelcPanel/ Web Host Manager – Fully Managed (+Softaculous) (+Server Secure)
  • RAM32GB DDR4 SDRAM
  • HD12 x SSD (+240 GB SSD) (+Software RAID 1)
  • HD2Single SATA HDD (7,200 RPM) (+1 TB SATA HDD (7,200 RPM))
  • HD32 x SSD (+480 GB SSD) (+Hardware RAID 1)
  • NVMeNo NVMe Storage
  • SERVERCHASSISStandard – Single PSU – No Hot Swap Bays
  • DDOSProtectionStandard DDoS Attack Protection (up to 2gbps)
  • ExtraIpPublic IP Addresses (+1 Public IP Address)
  • Bandwidth5 TB Outbound Bandwidth (+100M Uplink Port)
  • Website Backup System

The Intel Xeon E3-1230 v6 Quad-Core server system has a built in backup system that records and safely stores data once a month. In addition, TGHG provides a more frequent backup system provided by ManageWP. Depending on the need of the client, this backup service can be set at the frequency of monthly, weekly, daily, every 12 hours, every 6 hours, or every 1 hour.

  • Data Transfer 

TGHG’s websites collect and store both public and private data. The information stored by each WordPress website is protected by the Wordfence security plugin. When transferring private data from one of TGHG’s websites to a client, the information is transferred using Google Suite. This data transfer is protected by a login system that allows only known users that have been given permission to access the data.

  • Website Security Plugins

To further protect the WordPress websites managed by TGHG from hacks and malware, we use the Wordfence plugin. This plugin’s features include:

Firewall Features:

  • Web Application Firewall identifies and blocks malicious traffic. Built and maintained by a large team focused 100% on WordPress security.
  • Protects your site at the endpoint, enabling deep integration with WordPress. Unlike cloud alternatives does not break encryption, cannot be bypassed and cannot leak data.
  • Integrated malware scanner blocks requests that include malicious code or content.
  • Protection from brute force attacks by limiting login attempts, enforcing strong passwords and other login security measures.

WordPress Security Scanner Features:

  • Malware scanner checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections.
  • Compares your core files, themes and plugins with what is in the WordPress.org repository, checking their integrity and reporting any changes to you.
  • Repair files that have changed by overwriting them with a pristine, original version. Delete any files that don’t belong easily within the Wordfence interface.
  • Checks your site for known security vulnerabilities and alerts you to any issues. Also alerts you to potential security issues when a plugin has been closed or abandoned.
  • Checks your content safety by scanning file contents, posts and comments for dangerous URLs and suspicious content.

Risk Management

TGHG’s business relies on a remote team working from individual locations. The main disaster concerns stem from the technology systems built on the internet to store and maintain client information. 

There are many potential disruptive threats which can occur at any time and affect the normal business process. We have considered a wide range of potential threats and the results of our deliberations are included in this section. Each potential environmental disaster or emergency situation has been examined. The focus here is on the level of business disruption which could arise from each type of disaster.

Potential disasters have been assessed as follows:

Probability: 1=Very High, 5=Very Low                 Impact: 1=Total destruction, 5=Minor annoyance

Disaster Recovery Workflow

This workflow procedure is to be used for all potential disaster or threat scenarios. 

  1. Potential disaster or threat discovered by TGHG or client
    1. If discovered by TGHG, TGHG website coordinator contacts client to notify them of occurrence
    2. If discovered by client, client uses TGHG phone number or contact emails to notify TGHG
  2. TGHG assembles team members qualified to troubleshoot and address the issue
  3. TGHG team members communicate recovery plan
  4. TGHG team members execute plan
  5. Once completed, TGHG team members communicate to client update on status of threat and completion of resolution