LOS ANGELES COUNTY
DEPARTMENT OF MENTAL HEALTH
  Policy 550.03 Information Technology Contingency Plan
 
  Procedures - Emergency Mode Operation Plan
  1. The Emergency Mode Operation Plan must enable the Los Angeles County Department of Mental Health (DMH/Department) to continue its operations and business processes in the event of fire, vandalism, systems failure, or other disaster, and must safeguard the security of data. Regardless of the scope of the emergency, the Emergency Mode Operation Plan provides for emergency operations. If the emergency is limited to a server failure, the Emergency Mode Operation Plan may provide direction to use another server somewhere in the facility. If it is a department-wide emergency, the Emergency Mode Operation Plan may require operations be performed from another location until the disaster/emergency is over.
     
  2. In creating this plan, perform all of the following:
     
    1. Base the plan on the criticality analysis for each Information Technology system.
       
    2. Focus on the recovery of operations and business continuity rather than recovery of electronic records and data sets. Some electronic records and data sets may have to be recovered to permit the continuity of operations.
       
    3. Identify the scope, including the severity of the emergency (e.g., system only, facility-wide, department-wide) and the duration of the emergency (e.g., until repair, day, week, month, undetermined).
       
    4. Identify type of recovery (e.g., hot site, warm site, cold site, disk mirroring) that is required by the scope of the emergency.
       
    5. Identify emergency continuity personnel, including either backup personnel or personnel cross-trained to ensure adequate staffing in the event of an emergency.
       
    6. Designate specific roles and responsibilities to initiate and maintain emergency mode operations including information system and security personnel.
       
    7. Include the following emergency access control requirements:
       
      1. Determine emergency access control requirements for emergency mode operations and ensure that the access control matrices reflect such requirements.
         
      2. Give users additional privileges in the event of a crisis situation to access information as needed and in accordance with the above emergency mode operation procedures.
         
  3. Create the Emergency Operation Mode Plan spreadsheet:
     
    1. From the Application and Data Criticality Analysis spreadsheet (Attachment 1), copy the Official System Name, System Owner, and Director Priority Level columns into a new spreadsheet.
       
    2. Add columns for Scope of Emergency, Level of Emergency, Type of Recovery, Facility Access, and System Access to create the DMH Emergency Operation Mode Plan spreadsheet, shown below:

      EMERGENCY MODE OPERATION PLAN
      Date:
       
      Official
      System Name      		 System Manager/ Owner Director’s Priority Level Scope of Emergency Level of Emergency Type of Recovery Facility Access System Access
                     
                     

       
    3. Complete the spreadsheet by filling in all of the data.
       
      1. In the Scope of Emergency column, define the breadth and extent of the emergency. It may be a system emergency (e.g., loss of mainframe, server, client, or peripheral device like router, switch, hub, or printer); a facility emergency (e.g., loss of a room, floor, loss of utility services to a facility, building), or group of a DMH emergency (e.g., loss of an enterprise-wide application, networking infrastructure, communication infrastructure); or a County emergency (e.g., loss of countywide electricity, telephone, or other communications).
         
      2. In the Level of Emergency column, enter one of the following three levels:
         
        1. Level 1 Emergency Operations: Local, day to day, involving the loss of a location or function
        2. Level 2 Emergency Operations: An incident affecting multiple locations or functions
        3. Level 3 Emergency Operations: Major disruption to one or more locations or functions
           
      3. In the Type of Recovery column, define both the (1) locations and (2) recovery methods. An actual location or specific system location will be specified (e.g., hot site; disk mirroring).
         
        1. Continuity locations are places DMH can use to recover the Department's operation(s) in the event of an emergency or disaster. An internal site is a continuity location within DMH or the County. An external site is a location that does not belong to DMH or the County. Examples of the types of locations and data recovery methods are:
           
          • A hot site is a data center facility that is configured with the hardware and network communications required to recover the Department's operation. The location must be environmentally controlled and available to the Department upon a declaration of disaster.
          • A warm site is a data center facility that contains HVAC, electrical power, network communication for voice and data access, and some hardware available to use for recovery.
          • A cold site is a data center facility equipped with HVAC, electrical power, and network communications for voice and data. A cold site has no hardware available to use for recovery.
             
        2. Data Recovery Methods
           
          • Electronic vaulting writes backup tapes over the network to the recovery site. The recovery point objective is shortened because the data that is used is more current than the standard 24-hour off-site storage process.
          • Electronic journaling writes transactions and journals over the network to a second location. The information can then be restored on other systems at a hot site. This process diminishes the amount of data lost in the event of an emergency at the primary facility.
          • Disk shadowing and mirroring allows for data replication to remote disks. Shadowing is asynchronous; there is a lag between the primary system and the replaced system. Synchronous mirroring means the data sent to the secondary system is current with the primary system.
          • A hot standby is a replicated server waiting to take the processing load. The hot standby may be load balanced between the primary operating site and a second location to ensure both systems are up-to-date.
             
      4. In the Facility Access and System Access columns, enter a Yes or No notation. For each type of recovery, "Yes' means that secure access for emergency personnel has been provided to both the facility and system recovery site or method.
         
  4. In implementing this plan, perform both of the following tasks:
     
    1. Implement the emergency access requirements in section B above.
       
    2. Test the Emergency Mode Operation Plan as set forth in Procedures - Testing and Revision of Information Technology Contingency Plan.