Published using Google Docs
Final BCDR Plan
Updated automatically every 5 minutes

Final BCDR Plan                                                                                 

The Final BCDR Plan

Our final project together!

Vanessa Bonner, Joseph Marquez, Zach Brown, Chris Armour, Zevin Alifi, Jordan Nutt

The University Of Advancing Technology

August 20, 2021

Table of Contents

Table of Contents         ------------------------------------------------------------------------------------------- 2

Company Info         ---------------------------------------------------------------------------------------------- 7

Departments        ---------------------------------------------------------------------------------------------- 8

Facility Description        -------------------------------------------------------------------------------------- 9

Team Memo         ------------------------------------------------------------------------------------------------ 10

Procedures        -------------------------------------------------------------------------------------------------- 11

Emergency Contact Information        ---------------------------------------------------------------------- 11

Department Heads Contact        ----------------------------------------------------------------------- 11

Damage Assessment Team        ----------------------------------------------------------------------- 12

Disaster Recovery Specialist        --------------------------------------------------------------------- 13

Technological Disaster Recovery        ----------------------------------------------------------- 13

Environmental Disaster Recovery        ---------------------------------------------------------- 13

Emergency response        ------------------------------------------------------------------------------ 13

Crisis Management Team        ------------------------------------------------------------------------ 14

Hazardous materials team        ------------------------------------------------------------------------ 15

Hospital        --------------------------------------------------------------------------------------------- 15

Ambulance        ----------------------------------------------------------------------------------------- 15

Phone Line Down - Alternative Communications        ------------------------------------------------ 17

Alternate Worksite Activation        ----------------------------------------------------------------------- 18

Location        -------------------------------------------------------------------------------------------- 19

Personnel Requirements        -------------------------------------------------------------------------- 19

Personnel Contact Information        -------------------------------------------------------------- 19

Site Backup Deployment        ------------------------------------------------------------------------------21

Cold Site Deployment Requirements        -----------------------------------------------------------21

Warm Site Backup        ---------------------------------------------------------------------------------23

Hot Site Backup        ------------------------------------------------------------------------------------24

Mobile Backup        -------------------------------------------------------------------------------------25

Mirrored Site Backup        -----------------------------------------------------------------------------26

Data Backup Procedure        --------------------------------------------------------------------------------30

Backup Triggers        ------------------------------------------------------------------------------------30

Backup Transfer Medium        -------------------------------------------------------------------------30

Vital Datasets        ---------------------------------------------------------------------------------------30

Software        ---------------------------------------------------------------------------------------------32

Backup Policy        --------------------------------------------------------------------------------------33

Incremental Backup        ---------------------------------------------------------------------------33

Full Site Backup        -------------------------------------------------------------------------------33

Cloud Backup        --------------------------------------------------------------------------------- 33

Transfer Rates        ------------------------------------------------------------------------------------- 33

Action Plans        ------------------------------------------------------------------------------------------------ 34

Overall Emergency Action Plan        --------------------------------------------------------------------- 34

External Elements        ------------------------------------------------------------------------------------- 35

Internal Elements        -------------------------------------------------------------------------------------- 36

Disaster Declaration Statements        --------------------------------------------------------------------- 36

Building Evacuation and Shelter        -------------------------------------------------------------------- 37

Evacuation Maps        ---------------------------------------------------------------------------------- 37

Procedure        ------------------------------------------------------------------------------------------- 37

Risk Assessment        ------------------------------------------------------------------------------------------- 39

Business Functions        ------------------------------------------------------------------------------------ 39

Suppliers:        ------------------------------------------------------------------------------------------- 39

Product Production:        ------------------------------------------------------------------------------- 39

Product Distribution:        ----------------------------------------------------------------------------- 40

Natural Threats        ---------------------------------------------------------------------------------------- 40

Vulnerability prioritization        ----------------------------------------------------------------------- 40

Fires        ------------------------------------------------------------------------------------------------- 40

Power Outage        -------------------------------------------------------------------------------------- 41

Haboob        --------------------------------------------------------------------------------------------- 42

Microburst        ------------------------------------------------------------------------------------------ 43

Man-Made Threats        ------------------------------------------------------------------------------------- 43

Vulnerability prioritization        ----------------------------------------------------------------------- 43

Equipment Failure        -------------------------------------------------------------------------------- 44

The server room Fires        ---------------------------------------------------------------------------- 45

Forgetting to Lock Things/Insider Threat        ------------------------------------------------------ 46

Wildfires        -------------------------------------------------------------------------------------------- 47

IT and Technology-Based Threats        ------------------------------------------------------------------- 47

Vulnerability prioritization        ----------------------------------------------------------------------- 47

Phishing        -------------------------------------------------------------------------------------------- 48

Ransomware        --------------------------------------------------------------------------------------- 48

Outages        --------------------------------------------------------------------------------------------- 49

City Blackout        -------------------------------------------------------------------------------------- 50

Hardware Failure        ---------------------------------------------------------------------------------- 50

Environmental Threats        -------------------------------------------------------------------------------- 51

Biological        ------------------------------------------------------------------------------------------ 51

Infrastructure Threats        --------------------------------------------------------------------------------- 52

Building Infrastructure        --------------------------------------------------------------------------- 52

Physical Security        ----------------------------------------------------------------------------- 52

RFID ID Badge Scanners:        -------------------------------------------------------------- 52

Security Staff:        ---------------------------------------------------------------------------- 52

Office Building Glass:        ------------------------------------------------------------------- 53

Camera Blind Spots:        --------------------------------------------------------------------- 53

Visitors:        ------------------------------------------------------------------------------------ 53

Utilities:        ---------------------------------------------------------------------------------------- 54

Electrical        ---------------------------------------------------------------------------------- 54

Sewerage        ---------------------------------------------------------------------------------- 54

Water        --------------------------------------------------------------------------------------- 55

Office HVAC:        ----------------------------------------------------------------------------- 56

Server Room HVAC:        -------------------------------------------------------------------- 56

IT Infrastructure        ----------------------------------------------------------------------------------- 56

Open physical device ports (USB, Ethernet):        --------------------------------------------- 56

Wiretaps        ----------------------------------------------------------------------------------- 56

Removable Storage Device        ----------------------------------------------------------------- 57

Open Network Ports:        --------------------------------------------------------------------- 57

Cloud Backups:        --------------------------------------------------------------------------- 57

FEMA Risk Assessment        --------------------------------------------------------------------------------- 58

Services        ------------------------------------------------------------------------------------------------- 58

Hazards        -------------------------------------------------------------------------------------------------- 58

Human-Caused Hazards        ------------------------------------------------------------------------------ 59

Technological Hazards        -------------------------------------------------------------------------------- 59

Service Contracts        ----------------------------------------------------------------------------------------- 60

Dell        ------------------------------------------------------------------------------------------------------ 60

HP        -------------------------------------------------------------------------------------------------------- 60

Boldata        -------------------------------------------------------------------------------------------------- 60

We Sell Software Inc.        ---------------------------------------------------------------------------------- 61

Office Equipment        -------------------------------------------------------------------------------------- 62

Production Machines        ---------------------------------------------------------------------------------- 62

Bellah Law        --------------------------------------------------------------------------------------------- 62

Insurance and Legal        -------------------------------------------------------------------------------------- 63

Provider Information        ----------------------------------------------------------------------------------- 63

Coverage        ------------------------------------------------------------------------------------------------ 63

Insurance Gap Risk        ------------------------------------------------------------------------------------ 63

Legal Counsel Information        --------------------------------------------------------------------------- 64

Government Regulations        -------------------------------------------------------------------------------- 65

Company Data Breach Regulations        ------------------------------------------------------------------ 65

Telemarketing Regulations        --------------------------------------------------------------------------- 65

Company Policies        ----------------------------------------------------------------------------------------- 66

BC/DR Plan Updating        -------------------------------------------------------------------------------- 66

BC/DR Plan Distribution        ----------------------------------------------------------------------------- 67

BC/DR Plan storage        ----------------------------------------------------------------------------------- 68

Offsite Communications        ------------------------------------------------------------------------------ 68

Disaster Notice        ----------------------------------------------------------------------------------------- 70

Data Breach Notice        ------------------------------------------------------------------------------------ 70

Data Backup        -------------------------------------------------------------------------------------------- 70

Incremental Backup        ------------------------------------------------------------------------------- 70

Full Site Backup        ----------------------------------------------------------------------------------- 71

Cloud Backup        -------------------------------------------------------------------------------------- 71

Emergency Guidelines        -------------------------------------------------------------------------------- 71

Building Evacuation        ----------------------------------------------------------------------------------- 72

Personnel Accountability        ------------------------------------------------------------------------ 72

Department Manager Procedure        ----------------------------------------------------------------- 73

Shut-in Emergencies        ---------------------------------------------------------------------------------- 74

Fire Systems Testing        ---------------------------------------------------------------------------------- 75

Fire Sprinkler System Testing        -------------------------------------------------------------------- 75

Fire Alarm System Testing        ----------------------------------------------------------------------- 76

Special Agent Extinguishing Systems        ---------------------------------------------------------- 76

Special Extinguishing Alarm Detection        -------------------------------------------------------- 77

Building Assessments        ------------------------------------------------------------------------------------- 77

Assessment Forms        ------------------------------------------------------------------------------------- 77

Utility Monitoring        ------------------------------------------------------------------------------------- 77

Hazards        -------------------------------------------------------------------------------------------------- 79

Hazardous Materials        ------------------------------------------------------------------------------ 80

Physical Hazards        ---------------------------------------------------------------------------------- 80

Ergonomic Hazards        ------------------------------------------------------------------------------- 81

Psychological Hazards        --------------------------------------------------------------------------- 81

Safety Hazards        ------------------------------------------------------------------------------------- 81

Biological Hazards        -------------------------------------------------------------------------------- 82

Hazardous Chemicals        ----------------------------------------------------------------------------- 82

Disaster Test Scenarios        ---------------------------------------------------------------------------------- 82

Nature-Based scenario        -------------------------------------------------------------------------------- 82

Man-Made Scenario        ----------------------------------------------------------------------------------- 83

Example Testing Memo        ------------------------------------------------------------------------------- 83

References        -------------------------------------------------------------------------------------------------- 86

Appendix        --------------------------------------------------------------------------------------------------- 94

Employee Contact List        -------------------------------------------------------------------------------- 94

Vendor Contact List        ----------------------------------------------------------------------------------- 98

Supplier Contact List        ---------------------------------------------------------------------------------- 98

Blank DVD/CD/Case Suppliers        ----------------------------------------------------------------- 98

Box Suppliers        -------------------------------------------------------------------------------------- 99

Paper Supplier        ------------------------------------------------------------------------------------- 99

Client Contact List        ------------------------------------------------------------------------------------ 99

Product Distributors Contact List        ------------------------------------------------------------------ 100

E.B Games - West Coast Stores        ---------------------------------------------------------------- 100

Gamestop - East Coast Stores        ------------------------------------------------------------------ 100

Wal-Mart - Nationwide Stores        ----------------------------------------------------------------- 101

Company Resources        --------------------------------------------------------------------------------- 102

Computer equipment        ---------------------------------------------------------------------------- 102

Communication links        --------------------------------------------------------------------------- 104

Communications equipment        ------------------------------------------------------------------- 104

Office equipment        -------------------------------------------------------------------------------- 104

Office supplies        ----------------------------------------------------------------------------------- 105

Production Equipment        -------------------------------------------------------------------------- 105

Facility Access - Key Cards        ------------------------------------------------------------------------ 106

Building 1 Access        ------------------------------------------------------------------------------- 106

Building 2 Access        ------------------------------------------------------------------------------- 106

Building 3 Access        ------------------------------------------------------------------------------- 107

Building Layouts        ------------------------------------------------------------------------------------- 108

Figure 1 - Building 1 internal layout        ---------------------------------------------------------- 108

Figure 2 - Building 2 level 1 internal layout        ------------------------------------------------- 109

Figure 3 - Building 2 level 2 internal layout        ------------------------------------------------- 110

Figure 4 - Building 3 internal layout        ---------------------------------------------------------- 111

Fire Suppression & Safety Equipment locations        ------------------------------------------------- 112

Figure 5 - Building 1        ---------------------------------------------------------------------------- 112

Figure 6 - Building 2 level 1        ------------------------------------------------------------------- 113

Figure 7 - Building 2 level 2        ------------------------------------------------------------------- 114

Figure 8 -Building 3        ----------------------------------------------------------------------------- 115

Building Evacuation Maps        -------------------------------------------------------------------------- 116

Figure 9 - Building 1        ---------------------------------------------------------------------------- 116

Figure 10 - Building 2 Level 1        ----------------------------------------------------------------- 117

Figure 11 - Building 2 Level 2        ----------------------------------------------------------------- 118

Figure 12 - Building 3        --------------------------------------------------------------------------- 119

Network Diagrams        ----------------------------------------------------------------------------------- 120

Figure 13 - Building 1        -------------------------------------------------------------------------- 120

Figure 14 - Building 2        -------------------------------------------------------------------------- 121

Figure 15 - Building 3        -------------------------------------------------------------------------- 122

Financial Statements        --------------------------------------------------------------------------------- 123

Table 1 - Digiknights Financial Statement 2020        -------------------------------------------- 123

Company Growth        ------------------------------------------------------------------------------------ 124

Figure 16 - Company Growth (5 Years)        ------------------------------------------------------ 124

Organizational Chart        --------------------------------------------------------------------------------- 125

Assessment Forms        ----------------------------------------------------------------------------------- 125

      Form 1 - Initial Asset Inventory and Assessment        ------------------------------------------- 126

Form 2- Building Damage Assessment        ------------------------------------------------------ 127

Form 3 -Individual Asset Assessment        ------------------------------------------------------- 128

Company Info

DigiKnight Technologies Inc.

Telephone Number: 415-555-2668

Fax Number: 415-555-2622

Primary Business – Manufacturing of Computer Game Discs (pressing of the discs) and delivery of those discs to stores nationwide.

Background

DigiKnight Technologies is a new company in the Silicon Valley region of California (indeed it is located within miles of Electronic Arts, Lucas Arts, and Cryptic Studios.) It was founded in 2000 by its current C.E.O. Carlton Smith, who realized the rapidly growing potential of game distribution. DigiKnight is not a publisher, nor does it create video games, rather it contracts with major publishers to rapidly produce the physical product (games) and coordinate their shipping to stores around the world. Though a new company, it has seen its sales grow extremely quickly over the last few years; as can be seen in the chart shown below.

Departments

Facility Description

Building One houses the administration department. It is a small single-story building of roughly 2000 square feet. At its entrance is a reception desk for guests visiting the facility, there is also a security guard post at the front door. There are a total of five offices, as well as bathrooms, and a medium-sized conference room.

Building Two houses the Sales, R&D, Shipping, and Advertising departments. It is two stories; with usable floor space roughly double that of the administrative building. Sales and Shipping are located on the bottom floor, along with another security guard post. On the top floor is the R&D Department and Purchasing Department. Instead of having individual offices for each employee, the departments are single rooms (2 per floor), with cubicles set up to give each employee some individual space. This helps to enhance team communication and cuts down on building costs.

Building Three is the production facility. It is 8000 square feet and consists of two rooms. In one room the maintenance team is facilitated to quickly provide any necessary maintenance to the machinery. The maintenance team also responds to maintenance issues in other buildings. In the main room of the building is the production equipment. It consists of NUMBER CD Stamping machines, each of which is capable of producing a large volume of discs. The discs then move into a diagnostic machine which randomly checks discs for quality control. Only discs and in-box materials are duplicated on-site. The company receives pre-made boxes from another manufacturer as well as silk-screened images to place on the CDs. Manuals and in-box ads are manufactured on-site using a high-speed printer. Once produced, a final machine places all items in a box and the box is sent down a conveyor belt to an employee station that places the finished boxes in a larger box for shipping to stores nationwide.

Also attached to Building 3 is the IT department, which contains the central servers for the facility.

Team Memo

Hello Team;

Maintaining the DR/BC plan is a team effort and for every quarter and drill exercise completed, we will be updating the plan with any new improvements approved through management. This will include items identified by employees and team leads during training.  This could improve our response times, as well as recommendations from emergency response personnel and BC/DR contractors. Please make sure all documentation is updated and current for all department binders through team leads. Once a request is completed, a response from management will be requested for documentation review. This will ensure all departments are on the same page and eliminate any confusion in future operations. The reports will start at the lower levels, individual employees, and be reported up to team and department leads. From there the department leads will revise and forward recommendations to management for approval, and if approved, management will send the green light to update the plan to team leads. Once revisions are done by department heads, a revised document will be sent back to management for review and distribution to the main BC/ DR plan for all departments.  

Procedures

Emergency Contact Information

Department Heads Contact

In the event of an emergency please contact the 4 heads listed here. The Heads of the departments will make the continuing call if subordinate departments are needed.  

Damage Assessment Team

Disaster Recovery Specialist

Technological Disaster Recovery

Enterprise Technology Services

730 N 52nd St #100 Phoenix, AZ 85008
602.426.8600

Environmental Disaster Recovery

HRS Restoration

170 S. William Dillard Drive, Building 6, Suite 118
(602) 600-0407

Emergency response

Crisis Management Team

The crisis management team is responsible for responding to all incidents, disasters, and crises. The team will be considered flexible so that they can adjust to the crisis at hand. The crisis management team listed below is the main point of contact for all crises at the company. If any other departments are required for more help within the crisis management team, it is the responsibility of the crisis management team-lead to contact department managers at their discretion. Departments of emergency response may also be informed depending on the situation.

Hazardous materials team

Hospital

Banner - University Medical Center Phoenix

Ambulance

AMR Central Arizona

Phone Line Down - Alternative Communications

If landlines were to go down, we could utilize the VoIP option. As far as distribution lists, nothing would change other than adding 01 to the end of current numbers. We can set up a voice recording, informing the people calling in, that the menu options have changed and to please add 01 to the end of the number to reach their contact. That would trigger the VoIP phones to take the call and vice versa. If the Landlines and the ISP were to go out, we would go to a Cell Phone and Satellite connection. From here, we would have the heads of the departments with company-issued cells and numbers to be reached at. The internet connection would go through the satellite service provider to keep internet communications functioning. Cell phone alternatives can be implemented just as quickly. We would use a voice recording to inform contacts to add 02 to the end of their contact number. This would then redirect them to the cell number of the head of that department. This in turn would help simplify things. Email and Internet services could be conducted with these temporary wireless alternatives without many changes as repairs are being made to main systems.  

Alternatives to Landline Communication

Alternate Worksite Activation

The Alternate worksite would be activated in the event of unforeseen outages due to; natural disasters, cyber-attacks, maintenance overhauls, fires, floods, etc. The phone tree with the heads of departments would be activated along with secondary personnel to become part of the skeleton crew to operate in the backup facility. The facility is updated Bi-weekly with data from the cloud servers to keep data up to date and minimize downtime. Once activated each department will execute their recovery plan simultaneously to quickly get the warm site up and running. The shipping department will reroute trucks to new locations for outbound product shipments. Sales will contact clients and inform them of production delays and give estimates of when deliveries and deadlines will be met. IT will update site systems and software to the current calendar date from cloud server backups as well as provide additional support to other departments and warranty service personnel. Manufacturing will get production lines and systems up and running and redirect raw supply trucks from the main site to the backup site, as well as take inventory of what’s on hand and what is needed. Maintenance will run through facility equipment and do the safety checks and procedures, as well as assist the production line with bringing systems online. Admin will contact employees and create a temporary emergency calendar schedule, as well as contact vendors for warranty support. Skeleton Teams will be established to keep services online at the backup site, and the recovery teams will work to bring the main site back online as soon as possible

Personnel Requirements

With the higher demand of running multiple sites, additional personnel will need to be hired. That would go for all departments and each site would have to have a team lead, Supplemental hires, temporary hires, and contract hires could be set up on an as-needed basis. Warm sites, Hot sites, and mobile sites would need to have dedicated personnel, even if at the minimum, it was just a skeleton crew. The equipment would need a central system that it backs up to, for all systems to be on the same clock and orders not to be lost or dubbed up creating confusion and loss of revenue.

Location

Personnel Requirements

Personnel Contact Information

Site Backup Deployment

Cold Site Deployment Requirements

Warm Site Backup

The warm site would have most of the same capabilities as the main site and can be run with a skeleton crew for short periods to keep production moving forward. The site is backed up bi-weekly from the cloud with the data from the main site to keep an up-to-date duplicate of current clients, orders, and deadlines that need to be met. The warm site is a little more than half the size of the main site, so full production can not be sustained at 100%, but can continue to operate. The main purpose of the site is to eliminate downtime and mitigate the loss of data, clients, and revenue due to unforeseen circumstances and provide a recovery site to keep DigiKnight Technologies Co. operational.

Pros.

Cons.  

Equipment

Hot Site Backup

To begin with, a Hot Site is also called a “Dynamic Backup or an Active Backup.” A hot site is another replicable system of the main site, where the hot site is a backup site that holds everything that the main site has. The pros of a hot site are that it usually has all the equipment in the hot site location and has connectivity to the main site’s database, is fully redundant, and will have no data loss. A hot site is usually used for business-critical applications, the hot site also has a logical application of the entire environment. The cons about hot sites are that they are used for emergencies if the main site experiences a disaster and they have to move employees and employers to a specific building. The hot site is a replicated version of the main building’s systems in the event of a disaster so a business can resume work while working to fix the main servers' issues.

Mobile Backup

Amazon AWS Snowball Mobile Backup Solutions

AWS Snowball is an offline data transfer and edge computing solution allowing for quick data transfer to AWS servers. This backup solution comes as a physical device with 80 terabytes of usable storage and 40 vCPUs. With this device, the company could quickly transfer all of the data from the 10 Dell PowerEdge r620 servers and set up a backup server solution. This device can be rack-mounted alongside the existing servers after taking delivery from Amazon. Transferring the data to AWS servers is quick and simple by either mailing the device to Amazon or physically delivering the device to an Amazon AWS site. AWS Snowball may also be used to restore data from AWS servers to the company’s local servers.

Cost Breakdown:

Mirrored Site Backup

Data Backup Procedure

Backup Triggers

Backup Transfer Medium

Company data will be backed up through two types of backups, local and cloud. Local backups will utilize the Company’s internal Category 5 cable backbone to complete data transfer. When backing up data to the cloud, the Company will make use of the dual OC3 fiber lines connected at the ISP’s Demarc point.

Vital Datasets

Software

Windows 2016 built-in backup for the servers. AWS or Azure for the backup of files using these types of technologies to help conduct the backup.

Backup Policy

Incremental Backup

To accommodate for data loss the company will use incremental backups throughout the business day to allow for vital company information to be replicated immediately.

Full Site Backup

Every Wednesday and Sunday the main company site will complete a full site backup to external removable Hard drives.  This full backup will occur after hours and the full data package will be split into two parts.

Cloud Backup

A full warm site backup to the cloud will be transferred once every quarter. In between these cycles the company will utilize incremental backups to update data that has been changed between cycles. This incremental backup will occur once per week on Saturday after hours.

Transfer Rates

At 100 megabytes per second as the transfer rate. At that speed it will transfer:

1 GB in 10 seconds

10 GB’s in 100 seconds

100 GB’s in 1,000 seconds

1 TB in 10,000 seconds

2 TB’s in 20,000 seconds

20,000 seconds = 333.33 minutes

333.33 minutes = 5.56 hours (approx 5 and a half hours)

Here are the times for transfer rates from 90 megabytes per second to 140 megabytes per second:

90 Mb/s —- 6.17 hours

100 Mb/s — 5.56 hours

110 Mb/s — 5.05 hours

120 Mb/s — 4.63 hours

130 Mb/s — 4.27 hours

140 Mb/s — 3.97 hours

Action Plans

Overall Emergency Action Plan

External Elements

Shipping

Inform them of the current situation and if need to redirect them to backup facilities to continue with outbound deliveries.

Supplies

Inform them of the current situation and if need to redirect them to backup facilities to continue with inbound deliveries.

Clients

Inform them of the current situation, and what this will mean for their orders.

3rd Party Contractors

Do we need to hire more people?

Internal Elements

Disaster Declaration Statements

Customers, Investors, Shareholders, Vendors, Community

Due to unforeseen circumstances, Digiknights is having technical difficulties and is advising that some services and client shipments might be delayed. Digiknights will send out periodic updates as the situation is remedied and will be available; For contact on any questions, clients might have. Please use the information provided to reach out to us during this temporary delay in operations.

Employees, Contractors

During this time of difficulty, we must strive to provide great customer service and answer any questions to our clients, investors, and suppliers to give them peace of mind. Our foremost priority is to our customers and getting Digiknights up and running at 100% in the shortest time possible. Please keep your teams ready and alert to updates and events that may arise from this difficult situation and pass on all information that will aid in recovery. Utilize your department heads to relay updates periodically to upper echelons to provide detailed information on what current developments have arisen, what solutions are being implemented, and what the ETA is on correcting the problems to get us to 100% and back on track.

 Building Evacuation and Shelter

Evacuation Maps

Available in Appendix Figure 9, 10, 11, 12

Procedure

In the event of a building evacuation, it is the responsibility of each department manager to direct their team to safety by following the designated evacuation procedure. If the department manager of a team is not present during the evacuation then the responsibility will fall to another Evacuation leader present in the corresponding building. All employees and visitors must evacuate the building to predetermined safe points that are designated in the evacuation procedure plans. Evacuation notifications will be distributed through the following three forms of communications: Fire Alarm, PA Intercom System, and phone calls. Departments of emergency response may also be informed depending on the situation.

Risk Assessment

Business Functions

Suppliers:

2 weeks of Downtime limit

A delay in supplies for product development would lead to a decrease in company productivity. If suppliers were unable to supply the company for an extended period of time the company would suffer a loss. While the company does keep a stock on hand as a buffer in case there is a delay, the production team would eventually run out of these supplies. This would cause a total shutdown of product production and distribution.

Product Production:

7 days of Downtime limit

The products produced by the company are vital to the company and its clientele. If production were to cease function so would product distribution. This would cause downtime not only for the company but our clients that require our products to continue operations.

Product Distribution:

2 weeks of downtime limit

The distribution of products produced by the company to retailers around the country is important to the company but not vital. If the distribution channels were to be slowed or temporarily stopped the company would be able to recover. A stockpile of products would get created at the company which would need immediate delivery after distribution channels were reopened.

Natural Threats

Vulnerability prioritization

  1. Fires
  2. Microburst
  3. Power Outages
  4. Haboob 

Fires

Arizona’s hot and dry climate makes it hard to notice wildfires, and with these environmental conditions in place, It makes fires much more likely to become a conser. Fires destroy everything and can be devastating to a company's product, infrastructure, and personnel health.

Probability of Occurrence

Somewhat Likely, Tho fires are common in Arizona, They burn year-round in the state,  but are most numerous and typically burn the largest swaths of land during spring and summer. You don’t hear about too many companies being heavily affected, but they are very common.

Company Loss Analysis

Impact: Complete Loss of infrastructure, Loss of Data, Operations Halted, Product Destroyed, Clients Lost  

Upstream: Can Lock up the grid with emergency response units. Damage Personnel Properties, Cause Panic, Evacuation protocols.  

Downstream: Can destroy infrastructure, inventory, records, data, causing loss of clients

Power Outage

While rare here in phoenix they can be pretty bad if something were to go wrong. Unless we have a UPS system and have multiple backups or protective surge plugs there isn’t much to worry about.

Probability of Occurrence

Very Likely, Phoenix has experienced rolling blackouts in its history, with no power you can not run your business, power your grid, keep communication open.

Loss Analysis

Impact: Halt to Operations, Loss of revenue, loss of clients, damage to reputation.

Upstream: Grid Lock, Prevention of employees to reach work, Loss of communication, disconnection from the grid, loss of information.

Downstream: Loss of customers, loss of revenue, loss of data, potential loss of vendors, damaged reputation.

Haboob

Haboob storms don’t happen year-round but can occur randomly, associated with microburst and more frequent in the summer and monsoon times. The likelihood of this being a seasonal constraint threat is unlikely, so countermeasures should be taken so we are prepared for such a disaster. The potential damage they can cause is not just limited to data loss but also loss of life. In 2011 Arizona Department of Public Safety Officers responded to a 16 car pile-up on Interstate caused by A blinding dust storm, causing three pileups involving dozens of vehicles where at least 15 people were injured, and one man was killed. This locked the roadways on the interstate i-10 between Tucson and Phoenix.

Probability of Occurrence

Very likely to occur in Arizona, They are a desert native storm that can cause a lot of damage due to its high wind speeds, loss of visibility, and panic it creates within people.          

Loss Analysis

Impact: Slowdown of operations, Shut down of business for the day, loss of revenue, property damage

Upstream: Products not to reach destinations due to loss of visibility and gridlock, employees not being able to reach work.

Downstream: Can halt operations causing loss of revenue, loss of clients, potential loss of vendors, and shut down the business.

Microburst

Historically Arizona has had very destructive Microburst ranging from, flash flooding, tornados, record high temps, record cold temp, extremely high winds, large hail storms, severe lightning storms, resulting in property damage, business shutdowns, gridlocks, power outages, severe injuries, and loss of life.  

Probability of Occurrence

Somewhat Likely because they occur each year between June 15 and Sept. 30, Damage to infrastructure, Products, Data, Revenue, Customers, Business Operations, Vendor Relationships.    

Loss Analysis

Impact: Loss of revenue, loss of infrastructure, shut down of businesses, loss of employees

Man-Made Threats

Vulnerability prioritization

  1. Equipment Failure
  2. Server room Fires
  3. Forgetting to Lock things/Insider threat
  4. Wildfires

Equipment Failure

 If equipment is not properly maintained or cared for this could be the biggest cause of all the company's network issues.

Probability of Occurrence

Equipment Failure can affect an entire company depending on what equipment fails. Equipment has a high maintenance cost to make sure that it doesn’t die out on the company. Causing profit loss and or data loss to the company

Loss Analysis

Impact: This failure can range depending on the severity of the situation. If a wire to a computer came unplugged it’s not a big issue but if a bigger piece of equipment could go down it could potentially cost hundreds of dollars per minute of downtime.

Upstream: Potential profit loss depending on how important that equipment is. If you lose cables it could be a huge profit loss as it could potentially take down your entire network.
Downstream: Customers won’t have access to your website/products if the internal network is down so the customers will not come back to the company if they see us down.

Server room Fires

Servers run Hot! especially here in Arizona. Server room fires could potentially lose the company a lot of money in maintenance, downtime, and recovery costs due to the extreme heat Arizona has. It’s best to maintain adequate air conditioning and monitor Hot and Cold aisles in the server room.

Probability of Occurrence

Server room fires can be started from many things such as Electrical Failure, Subfloor wiring, Overheated electronics, And other various fires that may occur but if we are talking electronic fires. 78% of non-home electronic room fires originated from electronic equipment according to the National Fire Protection Association.

Loss Analysis

Impact: The biggest damage to a company's network is if a server room were to go up in flames. All server data could be lost and operational costs could be high for recovering and replacing the broken equipment.

Upstream: Potential downtime and data loss of the company and its supplies
Downstream: The customers won’t have easy access to the company if they are a seller of products.

Forgetting to Lock Things/Insider Threat

Insider threat whether unintentional or intentional is a serious threat that could compromise an entire company.

Probability of Occurrence

Forgetting to lock things or Insider threat is the risk of physically leaving an important door unlocked for those who probably should not have access to that room. By forgetting to lock a door, You are putting the company's data at risk of potential tampering.

Loss Analysis

Impact: If IT staff forgets to lock a door and someone were to wander into the server room the potential damage could be high as all your highly valuable data could be contained in the room where this threat could access. No matter if there was malicious or non-malicious intent the risk is not worth taking.

Upstream: Your stakeholders will lose money as well as you can lose money if an incident were to occur and take down your network.
Downstream: Your customers wouldn't be at too much risk depending on the severity of a risk.

Wildfires

Here in Arizona almost half of 500 communities are at risk of a wildfire as some buildings are built next to flammable landscapes.

Probability of Occurrence

In about 500 communities studied by the Arizona Department of Forestry and Fire Management, 42% of homes were at high risk for wildfires and 44% were at moderate risk.

Loss Analysis

Impact: Wildfires will cause the most infrastructure damage from the building to the operations as a wildfire cannot be controlled as easily as a server room fire. Wildfires will cost a loss in the recovery of data as you will likely have to rebuild systems in a new building to continue operations and return backups.

Upstream: Fire departments will lose resources trying to protect people's homes from further damage caused by Wildfires
Downstream: People could potentially lose their homes and belongings to a fire.

IT and Technology-Based Threats

Vulnerability prioritization

  1. Phishing
  2. Ransomware
  3. Outages
  4. Blackout
  5. Hardware Failure

Phishing

Probability of Occurrence

Very likely, these attacks are very common and any company can fall for them as nearly ⅓ do fall for them.

Loss Analysis

Impact:  Loss of revenue, Data loss, Potential Business affiliations, and potentially loss of employees

The most common hacking technique, From an article by safeguard cyber, In the 2019 Verizon data breach investigation. It states that ⅓ of all cybersecurity breaches involve phishing. Making is very common to fall for. Putting the suppliers and customers at risk equally as if a company falls for such an attack they could lose a lot of data and money from suppliers and customers.

Ransomware

Probability of Occurrence

Very likely, Any company is vulnerable to these attacks as they are just as common if not more common than phishing attempts when it comes to security.

Loss Analysis

Impact: Loss of revenue, Data loss, Potential business affiliations.

Upstream: For the suppliers, if a company were to fall. They could lose stock or private documents having to do business with the company. Potentially losing trust with that company and losing money
-Downstream: A customer's data could be leaked out by the attacker if they were to get such data.

Outages

Probability of Occurrence

Very likely The Internet is constantly going down be it from new construction, power outages, software updates, or tech refreshes and systems crashes. This is very common in the IT field and issues like this are dealt with daily.  

Loss Analysis

Impact: Loss of Net Revenue, Google makes 108k every minute that it’s online, every minute can be multiplied by that number to calculate total Net Revenue lost.

With the internet down we could potentially lose clients, revenue, and vendors or products.

City Blackout

Blackouts rarely happen in the state of Arizona and they aren’t too much of a problem in AZ alone as companies like APS and SRP work together to make sure customers never experience long-term power outages.

Probability of Occurrence

Rarely happens in Arizona, a backup generator would help for the blackout.

Hardware Failure

Probability of Occurrence

The least detrimental out of all of the most of the time but every company will experience hardware failure eventually. Tech gets old and needs replacing.

Loss Analysis

Impact: Minor data loss if it’s a hard drive. Money loss for replacement parts if needed.

While probably the most common with a blog post who polled over 400 of their partners with 99% of them saying they experienced a hardware failure. It’s not the most detrimental since in the same blog post most of the failures are caused by hard drives. Which are easily recoverable for a company.

Environmental Threats

Biological

Biological threats from viruses such as COVID-19, flu, and the common cold can lead to major health concerns.  Depending on the spread of the virus throughout the company we could see a varying degree of loss of productivity. From one person being sick to the entire company being shut down while the buildings are sanitized. The company must also be aware of the effects of viruses concerning our suppliers. During the COVID-19 Pandemic, businesses saw a shortage of supplies affecting 39.2% of essential businesses.

Probability of Occurrence

Covid-19 (Pandemic): More of a global situation but a situation that affected all of the world.

Loss Analysis

Impact: Covid-19 (Pandemic): Practically killed every business in America alone that didn’t have any form of backup plan.

Upstream: Any type of environmental disaster that occurs by a third-party supplier can cause a huge mishap. We will lose a lot of potential profit made by our partnership if our upstream is affected by an environmental disaster.
Downstream: With a disaster, We will lose out on a lot of profits made during that time whether we are affected directly by it or not. If we offer services to our community or key customers we will not have their business as they deal with the disaster.

Infrastructure Threats

Building Infrastructure

Physical Security

RFID ID Badge Scanners:

Without the use of ID verification through facial recognition or the Security Room ID badges can be used for infiltration onto the Company’s premises.  Through the use of card skimmers ID badge data can be copied and duplicate cards made. Simple human error can lead to cards being stolen and used by criminals.

Security Staff:

Insider threat is a very real possibility and can come from employees, former employees, Security staff, Contractors, etc. With security staff, It’s best to look for credible staff with a pretty good reputation and work experience in security to prevent further threats from other sources. They are to protect the employing parties’ assets from spying or forward-facing threats.

Office Building Glass:

Glass comes in a variety of different types and strength ratings. From tempered glass to impact-resistant and bulletproof glass. The use of the wrong type of glass outside and within the company’s buildings can have a detrimental effect. The use of tempered glass in the lobby while cost-effective does leave the building vulnerable to attacks. With a simple rock, an intruder could break the glass opening up the facility. On the other hand, having bulletproof glass for all windows would create an extraneous expense for the company and possible liabilities in the event of an emergency.

Camera Blind Spots:

Surveillance cameras come in a variety of flavors each with its own strengths and weaknesses. Within the facility, you would ideally want to be able to access an IP Camera with pan and zoom capabilities, to monitor a large room, like the production line, outside the buildings, and common areas that are accessible to the public. While these cameras allow you to maneuver and observe a wide area, their field of view is limited to the direction they are pointed to at any given moment. This creates blind spots that could be exploited to gain access to restricted and sensitive areas. The second downfall of these cameras is that they are vulnerable to outside threats,  can be easily disabled with gum or spray paint, and can be accessed to spy on the company and or be taken offline if not properly secured. Third, not only are CCTV security camera systems very expensive, they only observe what's happening and need a human entity to do the reporting if something is outside of normal operations. This is why most of the time you see large out-of-date fixed position cameras placed in hallways and outside buildings pointed at the most common and high traffic areas with the hopes of deterring a breach given its obvious vulnerabilities. To mitigate the possibilities of that happening the cameras should be placed redundantly with the objective being if one fails then the other can still give us eyes on the targeted area. This can be accomplished with multiple views of hallways, rooms, and perimeters of the facilities. Paired with other security measures, like automated door locks, alarm systems, access badges, and segregation of access to facilities, blind spots and breaches can be mitigated to a more acceptable risk factor. This will keep the budget down, and eliminate the need to purchase state-of-the-art surveillance equipment for a small business operation.              

Visitors:

Allowing visitors past the lobby of the company leaves the company open for corporate espionage. Visitors could conceal their intentions through various social engineering techniques to gain access to sensitive sections of the building. This would allow them to access company data and record the building’s layout.

Utilities:

Electrical

Electricity is a vital requirement for the company to continue operating. Without electricity, the building of the entire company would cease its daily functions. This type of threat can come from various sources including the city power grid, backup generator, and faulty wiring.

 Sewerage

There is to consider, of course, mechanical wear that damages the integrity of the property’s sewer systems, such as leaks, corrosion, or cracks in the pipes. They must be maintained by dedicated plumbers, whether they are on staff or. The maintainers will also account for the surrounding area that might have obstacles that prevent flow. Without proper 

Water

Under Federal Law, employers must provide potable water that employees can consume. Potable water includes tap water that is safe to drink, and employers are not allowed to make employees pay for water that is provided. However there are some areas in the states where the tap water does not meet the drinking water requirements, thus a drinking fountain or bottled water must be provided. This is because the OSH Act created the Occupational Safety and Health Administration (OHSA), which sets and enforces protective workplace safety and health standards. So if the water goes out production stops. A disruption in the water supply is a serious health and safety issue. Employers are required to clean washroom facilities, toilets must flush, and employees must be able to wash their hands. If the water goes out employers must provide an alternative to comply with OSHA standards. This can be done with portable hand washing stations, portable toilets, and portable trailers that have been converted to provide temporary facilities while the water issues are repaired.

Office HVAC:

Office HVAC is a necessity in the summer months of Arizona. The Phoenix Metropolitan area has seen temperatures of over 120 degrees Fahrenheit. The loss of HVAC would result in lower employee productivity and increased aggression. If the temperatures within the building were to rise to a dangerous level all employees would need to be sent home until the HVAC system was repaired.

Server Room HVAC:

The airflow provided by the Server Room HVAC system is vital for continuous operation. This system removes contaminants through stages of air filtration including HEPA. The Arizona desert is full of dust particles which would comprise the electronics in the server room without this filtration. The HVAC system also removes the hot air from the server racks keeping them cool. If the system were to completely fail the company may suffer data loss from overheating servers and the possibility of a fire.

IT Infrastructure

         Open physical device ports (USB, Ethernet):

Wiretaps

Through the use of network monitoring devices and keyloggers, the company’s data can be transmitted offsite through network tunnels created by these devices. Common network monitors take the form of an inline ethernet device. However, network monitoring devices and keyloggers have become harder to spot. Companies are making devices that are disguised inside the end of USB cables or embedded in other computer peripherals such as keyboards.

Removable Storage Device

These devices allow for one of the easiest forms of corporate espionage. These incredibly small devices allow for the company’s data to be copied and exfiltrated off the property. Storage devices can also be used as malware delivery devices that could infect the entire company network. Custom storage devices are also available on the open market. One of these devices is the USB Rubber Ducky which can design itself to a computer as a different peripheral allowing it to execute a custom coded payload.

Open Network Ports: 

Open Network Ports are vulnerable to hacker port scanning, where they use software like Nmap, to find which ports are open in a given computer system, and whether or not an actual service is listening on that port and then an attempt to exploit potential vulnerabilities in any services they find. Once in, the attacker can inject their malicious malware to gain control over said systems, remove sensitive data, plant rootkits, or just fly under the radar and capture packets over a long period of time. This can be mitigated by closing non-essential ports, monitoring port traffic, and filtering. This doesn't mean an attack won’t happen but active security monitoring can streamline the reaction time it would take to respond to such a threat.

Cloud Backups:

Data must be protected in multiple ways. Making sure confidential data isn’t exposed to the outside world is just as crucial as the assurance that it remains intact. If hardware or human failure occurs, a cloud backup can guarantee some resolve. If there is any data loss, the company can simply roll back to their existing backup. Depending on the frequency at which you create the backups, and how many redundant ones are made, less work has to be done to get back where you left off.

FEMA Risk Assessment

Services

Hazards

Human-Caused Hazards

Technological Hazards

Service Contracts

The company has several service contracts for its various pieces of equipment. This is a listing of those contracts, along with other important information.

Dell

The contract with Dell covers all computer systems purchased from them. The contract includes same-day service if a request call comes in before 3 PM; otherwise, the contract guarantees next-day service.

The contract number is: 42368131588-DGK and expires every year on December 29th. It can be renewed every year without changing the contract terms. Each computer purchased is numbered with the serial number DGK12389-#, where the # symbol represents the number of the computer (there are currently 25 Dell systems in the office, labeled 1 – 25). If service is needed, the user should call 1-888-555-5897.

HP

Similar to the Dell contract, this contract covers all HP and Compaq computer systems. It was negotiated during a period of time where special deals were given to customers, so it includes 24-hour service, three-hundred-sixty-five days a year, with no additional charge.

The contract number is: DGK-13548253 and expires every year on February 22nd. It can be renewed every year without changing the contract terms. Each computer purchased is numbered with the serial number DGK55879-#, where the # symbol represents the number of the computer (there are currently 22 HP and Compaq systems in the office, labeled 1 – 22) If service is needed, the user should call 1-888-555-5237.

Boldata

Boldata systems is a smaller company, and as such only offers a service contract that covers sending maintenance personnel on-site Monday through Friday between the hours of noon and five. It is not an ideal service contract, but it is enough to cover the few systems owned by the company.

The Contract number is DGK1161 and expires every three years on March 9th. Systems have the serial number DGK - # where the # symbol represents the number of the computer (there are currently 3 Boldata systems in the office, labeled 1 – 3) If service is needed, the user should call 1-888-555-1497.

We Sell Software Inc.

All of the software owned by DigiKnight is offered 24-hour customer support telephone service through this company. It covers all office, sales, administration, and other software programs. Every piece of software has its serial number embedded into the program, so further writing it down is not necessary. The contract is numbered DK823892. If software service is needed the individual may contact 1-888-9876.

Office Equipment

These machines are covered by Office Equip Inc. The service contract covers normal working hours at the company and will even send a new unit if it is necessary (requiring of course that the user then mail back the broken unit).

The contract number for all office equipment is OEIDKG-125. The contract is currently set to expire on November 7th, 2007. By the decision of Office Equip Inc. all devices owned by the company are given the serial number DGK191. The number to call for service is 1-888-555-1576.

Production Machines

All of the production machines are serviced on-site by the maintenance staff. If the maintenance staff is unable to affect a repair then it contacts We Fix’Em Inc, who can be reached at 1-888-555-0567. The machines have no serial numbers because they were custom-built, but the contract number in case it is ever needed is WFDK4898.

Bellah Law

If legal counsel is needed the company keeps Bellah Law Office on retainer to handle LLCs, Corporations, Contracts, Leases, Employment Agreements.

5622 W Glendale Ave, Glendale, AZ 85301

8:00 AM - 5:00 PM M-F Office Hours

Contact info/ Phone: 602-252-9937, Website: https://bellahlaw.com/

Insurance and Legal

Provider Information

AmTrust Contact Information:
1 (877) 528-7878 - Customer service
212.499.0100 - General information
216.643.5969 - Corporate fax

Coverage

Cyber Liability -$1,500 /year
Workers Compensation - $400-$800 /year
Business owner’s policy - $1,191 /year

In a security-related event, A breach can cost thousands of dollars in damages, and With AmTrust Cyber insurance They will cover a wide range of cyberattacks such as those listed above and assist in addressing the attacks during and after the event to restore data integrity.

Insurance Gap Risk

An insurance gap could spell trouble when it comes to computer security, as hardware and recovery require a lot of money. A potential insurance gap could be a breach of Personally identifiable information. While an insurance company would protect data in the event of a data breach, outside of that if you were to have some personal information leak, that is very unlikely to be covered under insurance

Legal Counsel Information

If legal counsel is needed the company keeps Bellah Law Office to handle LLCs, Corporations, Contracts, Leases, Employment Agreements. If our legal team can not meet what is required then private legal contractors will be augmented as needed.  

Bellah Law

5622 W Glendale Ave, Glendale, AZ 85301

8:00 AM - 5:00 PM M-F Office Hours

Contact info/ Phone: 602-252-9937, Website: https://bellahlaw.com/

Government Regulations

Company Data Breach Regulations

Under Arizona Data-Breach Notification Laws A.R.S. §§ 18-551 and 18-552 DigiKnight Technologies is required to notify the individuals involved in the breach. If the breach affects more than 1,000 individuals then Digiknight must notify the three largest nationwide consumer reporting agencies. If more than 100,000 individuals are affected or the cost of providing notice exceeds $45,000 DigiKnight must inform the attorney general through a written letter and release a public notice on the company website.

Telemarketing Regulations

The company is restricted in the hours that it may contact consumers under the Telephone Consumer Protection Act of 1991 (TCPA) 47 CFR 64.1200(c)(1). Any residential telephone subscriber may not be contacted before the hours of 8 a.m. or after 9 p.m. in their timezone. This means that any current or potential clients may not be contacted by phone when outside of these hours. Digiknight must keep timezone considerations in mind when contacting individuals.

Company Policies

BC/DR Plan Updating

After every Emergency Response Drill and situation, the After actions survey and response should be reviewed, and the plan should be updated with any insights and steps taken to improve the current plan. The recommendations of response teams and employees should be taken into account and a strategy to implement them into our current plan should be developed. Team Leads should discuss what happened during responses and what they observed in their sections and how they would react differently if something was found lacking. Things to take into account would be:

  1. How long it took for employees to react to the emergency alarms.
  2. How long it took to pass out emergency supplies.
  3. How long it took to secure workstations.
  4. How long it took to evacuate the building.
  5. How long it took to reach the secure assembly area.
  6. How long it took to take accountability of all personnel.
  7. How long it took to secure crucial systems.
  8. How long it took to take accountability of all crucial systems.
  9. How long it took to report all departments to Management.  

The reasoning behind this approach is to build experience and quicken response times, make notes on where the plan needs more attention to detail, and train employees on their part in an emergency. If details are overlooked in the initial planning then the after actions report will show us where we need to improve our plan. A prepared team response is more efficient than one caught off guard. By taking notes on how long every step of the plan took. We also can track how well we are responding to emergencies and track our improvement linearly over time as we run drills.

With these steps, we can actively keep our plan up to date with all the information gathered and continuously improve upon our plan. Any new findings can be implemented as needed and any changes that need to be executed can be added.

Additional Information

An After Actions Survey can be created specifically for different response situations.

Team Meetings can be held to discuss ways to improve upon the current Emergency Response Plan, What worked well, and what could use some revamping.

Outside Contractors can be brought in to run different safety drills with the company.

Training dummies can be purchased to run different evacuation scenarios for a deeper level of preparation and more life-like training situation.

BC/DR Plan Distribution

Hello, team.

Plan updates can be distributed through digital documents like pdfs, verbal conferences with your team, or physical papers. Clearly define what departments and people will be affected the most by the plan updates. Create pre-emptive answers to concerns you expect your team to have.

BC/DR Plan storage

Documents containing information about the BC/DR plan and other various emergency documents must be backed up via digital copy. Digital copies are the most important asset for our documents as they allow for quick changes, previous version backups, and quick and easy access if an employee or someone else needs it.


Physical Documents are less important than digital but still important especially if it’s an escape plan that we need to put up in the hallways of the building.

Offsite Communications

The company needs to maintain good crisis management through a work from home policy given current events. Team members must follow a ruleset when engaging with each other, but especially so off-site. There are many means for this such as communicating only through secure means like encrypted communication platforms. Routine stress testing of security systems so that potential vulnerabilities are discovered ahead of time puts us at an advantage over those who actively would try to compromise our business. Secure online and offline backups of important company records are crucial as well.

Disaster Notice

In the event of a disaster and depending on the size of the disaster, We will need to inform employees, customers, stakeholders, and possibly the media. It is important to make sure that all legal requirements are met when assessing the damages of a disaster so we can minimize the cost of recovery so we can put more focus on it. The first people to know about a breach would be the employees as it affects how they will work, next would likely be stakeholders or those who hold stock or share into the company as they put money into investing into the company. Next would be the general public which includes media and customers to alert them of the potential risk they are at from the aforementioned disaster.

Data Breach Notice

Under Arizona Data-Breach Notification Laws A.R.S. §§ 18-551 and 18-552 DigiKnight Technologies is required to notify the individuals involved in the breach. If the breach affects more than 1,000 individuals then Digiknight must notify the three largest nationwide consumer reporting agencies. If more than 100,000 individuals are affected or the cost of providing notice exceeds $45,000 DigiKnight must inform the attorney general through a written letter and release a public notice on the company website.

Data Backup

Incremental Backup

To accommodate for data loss the company will use incremental backups throughout the business day to allow for vital company information to be replicated immediately.

Full Site Backup

Every Wednesday and Sunday the main company site will complete a full site backup to external removable Hard drives.  This full backup will occur after hours and the full data package will be split into two parts.

Cloud Backup

A full warm site backup to the cloud will be transferred once every quarter. In between these cycles the company will utilize incremental backups to update data that has been changed between cycles. This incremental backup will occur once per week on Saturday after hours.

Emergency Guidelines

In the event of an emergency, Employees will be expected to follow the safety guidelines we set out for them but before that, they need to know some policies and procedures before taking the steps to safety.

Employees are expected to follow the guidelines that were taught to them in training.

Building Evacuation

In the event of an emergency, the building doors will default to open, allowing people to safely exit the building. Sensitive areas will be automatically locked by default with safety releases if inside, one to safely exit to the evac area.

Evacuation Maps

Available in Appendix Figure 9, 10, 11, 12

Personnel Accountability

When an emergency alarm sounds, calmly move towards the exits identified for your section or area on the emergency evacuation maps posted at every door and exit and proceed to the emergency gathering area. Once you have arrived at the emergency gathering area, your team lead will take accountability for their department and report that up to management. In the event the team lead is not there, the first person at the evacuation gathering point will take accountability for their department, report up to management, and identify the team lead was not at the gathering point. Once everyone is accounted for, shuttles will pick up employees and bus them to a pre-designated safety point (nearby hotel) for final accountability call, and information gathering while safety crews run through the structures.

Department Manager Procedure

In the event of a building evacuation, it is the responsibility of each department manager to direct their team to safety by following the designated evacuation procedure. If the department manager of a team is not present during the evacuation then the responsibility will fall to another Evacuation leader present in the corresponding building. All employees and visitors must evacuate the building to predetermined safe points that are designated in the evacuation procedure plans. Evacuation notifications will be distributed through the following three forms of communications: Fire Alarm, PA Intercom System, and phone calls. Departments of emergency response may also be informed depending on the situation.

Shut-in Emergencies

In the event of a shut-in emergency because of severe weather or natural disaster, emergency supplies will be distributed to employees. This will include Flash Lights, MRE’s, Water bottles, emergency blankets, and cots for extended stays. All buildings will have their stash of emergency supplies in the red lockers by exits and emergency supply closet, and each building will have a designated gathering point. Each building will also have walkie-talkies and emergency generators for small devices and communication between buildings, loved ones, and emergency channels. Team Leads will be trained with emergency procedures in the event of an emergency. This will include how to batten down the hatches for the building, making sure all equipment is properly secured, and all personnel is accounted for.  

Fire Systems Testing

Note: Fire Sprinkler maps available in Appendix Figure 4, 5, 6, 7, 8

**IMPORTANT**

Before any testing can be performed by a licensed inspector, Fire Protection must be called to put the building on Test mode. Fire Protection will require a code provided by the property management company. Failure to put the building into Test mode before conducting testing will result in the Fire Department being deployed which may result in a fine.

Fire Sprinkler System Testing

Fire Alarm System Testing

Special Agent Extinguishing Systems

Special Extinguishing Alarm Detection

Building Assessments

Assessment Forms

Complete Assessment forms found in Appendix

Form 1 - Initial Asset Inventory and Assessment

Form 2- Building Damage Assessment

Form 3 -Individual Asset Assessment

Utility Monitoring

The Guard Post will have a utility monitoring grid that will be continuously monitored and in the event of a failure, an alarm will sound as well as a color-coded light identifying what systems and where they are located, and why they failed.

        Green Solid = All Systems Operating Normally

        Yellow Blinking = System Down for Scheduled Maintenance

Red Blinking = System Reporting Error

Red Solid = System Down/ Failure

Hazards

Hazardous Materials - Examples of these products include materials that are flammable, explosive, oxidizing, poisonous, infectious, corrosive, or dangerously reactive

Hazardous Materials

Physical Hazards

Ergonomic Hazards

Psychological Hazards

Safety Hazards

Biological Hazards

Hazardous Chemicals

Disaster Test Scenarios

Nature-Based scenario

In the event of a flash flood which can occur in Arizona during monsoon season. Your safety is a priority in this situation rather than the building. As a flash flood starts coming people need to remain calm as panic can make things worse in almost any situation. But if a flash flood is developing quickly you have to drop what you are doing and find safety on a higher floor to prevent the water from climbing up to you as fast. Get anyone out of low areas and up into higher parts of the building for safety and from there just wait. Don’t move from where you are unless it’s to go higher into the building.

Man-Made Scenario

In the event of a bomb threat, one of the most important things to keep in mind is to remain calm. Causing a panic will lead situations to escalate much further and possibly make things worse. In this scenario, information and communication are critical. Whoever found the threat or got the call, needs to immediately notify authorities and higher staff about the situation so the higher-ups can spread the information out to authorities and other staff so everyone can stay calm. When talking to proper authorities, Tell them all the information from, voice, age, sex, any background noise, any suspicious bagging. Exact words are needed if the threat is made via a call. If a suspicious item is found on the location, do NOT touch the item. Leave it and keep a safe distance away from it as your goal is to safely find a way out of the building or find a safe spot in general. As part of training for this situation, we will have staff watch bomb threat training videos so they can understand the risks and procedures for dealing with this threat as safety is the number one priority.

Example Testing Memo

Good Evening Sir,

 Today's Emergency Response Drill (ERD) will take place between 8 am - 12 am. The drill should only take around 15 minutes from start to finish with 30 minutes afterward for review and reflection. The Alarm will sound in the allotted time and a Stopwatch timer for each department and building will begin. The scenario for the Emergency Response Situation will be randomly selected and vary from rolling blackouts to earthquake and extreme weather, and be executed as soon as the alarm sounds. Each department will have to follow their emergency response procedures, safely exit the building and gather in the assembly area for accountability. Once accountability is completed the department head will report to management, and their timer will stop. Once all departments from each building report to manage the building’s timer will stop. Once all buildings are evacuated, and all Departments have reported in, the drill will be completed and the reflection and review period will begin. This will cover all the response times with all departments to see who is falling behind and who is leading in emergency response. The review will also request that the employees complete a small survey on their individual experience, what they found easy and what they found difficult, and if they have any comments on where we could improve on.  Keeping employee morale in mind, the department with the best response time will receive a free lunch and get a plack with their department's response time and bragging rights for their wall. This is not meant to be a competition but just a little encouragement and incentive to help the company be well-practiced and prepared for when the situation arrives.  

References

  1. 18-551 - Definitions. (2018). In Arizona legislature. https://www.azleg.gov/ars/18/00551.htm
  2. 18-552 - Notification of security system breaches; requirements; enforcement; civil penalty; preemption; exceptions. (2018). In Arizona legislature. https://www.azleg.gov/ars/18/00552.htm
  3. 2020 ransomware statistics, data, & trends. (2020, July 18). PurpleSec. https://purplesec.us/resources/cyber-security-statistics/ransomware/
  4. A Guide to Critical Infrastructure Security and Resilience. (2019, November). CISA. https://www.cisa.gov/sites/default/files/publications/Guide-Critical-Infrastructure-Security-Resilience-110819-508v2.pdf
  5. ALDAY, J. (2017, February 9). Disaster recovery: Cold sites, hot sites, and why do I care? Cima Solutions Group. https://www.cimasg.com/2017/02/disaster-recovery-cold-sites-hot-sites-and-why-do-i-care/
  6. Amazon. (n.d.). Amazon FSx for Windows file server. Amazon Web Services, Inc. https://aws.amazon.com/fsx/windows/
  7. AmTrust Financial. (2021). Cyber insurance, cyber liability | AmTrust financial. AmTrust Financial. https://amtrustfinancial.com/insurance-products/cyber-liability
  8. Anne Marie Helmenstine, Ph.D. (2018, January 8). Canned air isn't actually air. ThoughtCo. https://www.thoughtco.com/whats-in-canned-air-3975941
  9. Arizona communities at high risk during wildfire season. (2020, July 24). Cronkite News - Arizona PBS. https://cronkitenews.azpbs.org/2020/07/24/arizona-communities-high-risk-wildfire-season/
  10. Arizona has lost $1B from data breaches since 2005 • Arizona mirror. (2020, August 5). Arizona Mirror. https://www.azmirror.com/blog/arizona-has-lost-1b-from-data-breaches-since-2005/
  11. AWS. (2021). AWS snow family | Physical devices to migrate data into and out of AWS | Amazon web services. Amazon Web Services, Inc. https://aws.amazon.com/snow/
  12. Barry, J. (2021, February 19). Texas power outage disaster raises concerns about whether it could happen in Arizona. AZFamily. https://www.azfamily.com/news/texas-power-outage-disaster-raises-concerns-about-whether-it-could-happen-in-arizona/article_d13184c4-730d-11eb-849e-2f79d1935e2d.html
  13. Business Impact Analysis. (2007, May 25). Request Rejected. https://cdn.ttgtmedia.com/searchSecurityChannel/downloads/443_Disaster_04_(2).pdf
  14. City Of Phoenix. (2018). Fire Protection Systems and Equipment Inspection, and Maintenance. Official Website of the City of Phoenix, Arizona. https://www.phoenix.gov/firesite/Documents/Fire%20Protection%20System%20Inspection%20Frequency%20Guide.pdf
  15. Coco-Stotts, K. (2020, January 30). The top 5 threats to your IT infrastructure. JumpCloud. https://jumpcloud.com/blog/five-threats-infrastructure#cookie-accept
  16. CONTINUITY OF OPERATIONS PLAN (COOP). (2010, April). Gadsden County Sheriff's Department. https://gadsdensheriff.org/pdf/emergency_mgt_docs/Continuity%20of%20Operations%20Plan.pdf
  17. Dcurwin. (2019, April 24). What is Azure backup? - Azure backup. Developer tools, technical documentation, and coding examples | Microsoft Docs. https://docs.microsoft.com/en-us/azure/backup/backup-overview
  18. Department of Corrections (DOC). (2019). Strategic Plan. Washington State Department of Corrections (DOC). https://www.doc.wa.gov/docs/publications/100-SP001.pdf
  19. Department of Emergency and Military Affairs. (2019). Emergency management. https://dema.az.gov/emergency-management
  20. EKBERG, N. (2016, October 17). A business continuity and disaster recovery checklist. NYSTEC. https://www.nystec.com/insights/a-business-continuity-and-disaster-recovery-checklist/
  21. Embroker. (2020, August 26). How much does cyber insurance cost?. https://www.embroker.com/blog/cyber-insurance-cost/
  22. Equipment out of order. (n.d.). smart-eam.com. https://smart-eam.com/en/polomka/
  23. FEMA. (2020, July 30). Risk assessment. Plan Ahead for Disasters | Ready.gov. https://www.ready.gov/risk-assessment
  24. Gerd Simon, (2018, May) Understanding and Mitigating Risks to Data Center Operation https://www.dotmagazine.online/economic-engine-digital-infrastructure/mitigating-risks-to-data-center-operation
  25. Hardware failure | Arvig blog. (2020, March 3). Arvig Business. https://www.arvigbusiness.com/for-business/hardware-failure-why-it-happens-and-how-it-impacts-business/
  26. Hardware failure survey findings - StorageCraft. (2013, September 27). StorageCraft Technology, LLC. https://blog.storagecraft.com/hardware-failure/
  27. HARRIS & COMPANY. (2019, September 18). Workplace hazardous materials information system (WHMIS). go2HR. https://www.go2hr.ca/health-safety/safety-basics/workplace-hazardous-materials-information-system-whmis
  28. Historical Arizona storms of the 20th century. (n.d.). National Weather Service. https://www.weather.gov/psr/Arizona_historic_storms
  29. Holton, L. J. (2018, July 5). The disadvantages of CCTV. It Still Works. https://itstillworks.com/12083564/the-disadvantages-of-cctv
  30. Information Security. (2021). Threat likelihood and vulnerability assessment - Information security. Google Sites. https://sites.google.com/site/infosecsecurity201/information-security-risk-management/risk-assessment-activities/threat-likelihood
  31. Insider Threat Mitigation for U.S.Critical Infrastructure Entities: Guidelines from an Intelligence Perspect. (2021, March). Home. https://www.dni.gov/files/NCSC/documents/news/20210319-Insider-Threat-Mitigation-for-US-Critical-Infrastru-March-2021.pdf
  32. Maricopa. (2021). Most common natural hazards. Maricopa County, AZ | Official Website. https://www.maricopa.gov/5143/Most-Common-Natural-Hazards
  33. NWS Phoenix storm event summaries. (n.d.). https://www.weather.gov/psr/eventsummaries
  34. Omnisecu. (2021). Types of backup sites - Hot site, warm site, cold site. Types of Backup Sites - Hot Site, Warm Site, Cold Site. https://www.omnisecu.com/ccna-security/types-of-backup-sites.php
  35. OSHA. (1980, September 12). 1910.165 - Employee alarm systems. | Occupational safety and health administration. Occupational Safety and Health Administration. https://www.osha.gov/laws-regs/regulations/standardnumber/1910/1910.165
  36. Osha. (2021). Workers’ Rights. Occupational Safety and Health Administration. https://www.osha.gov/sites/default/files/publications/osha3021.pdf
  37. Peterson, S., & Kirvan, P. (2018, September 18). Developing an emergency communications plan: A template for business continuity planners. SearchDisasterRecovery. https://searchdisasterrecovery.techtarget.com/Developing-an-emergency-communications-plan-A-template-for-business-continuity-planners
  38. RiskSense (n.d.). RiskSense: Full Spectrum Risk-Based Vulnerability Management. https://risksense.com/wp-content/uploads/2018/12/Protecting-Arizona-Against-Cyber-Threats.pdf
  39. S., S. (2018, June 15). Are employers required to provide drinking water to employees? Petrillo & Goldberg Law. https://www.petrilloandgoldberg.com/frequently-asked-questions/are-employers-required-to-provide-drinking-water-to-employees/
  40. Segue Technologies. (2016, October 11). The three stages of disaster recovery sites. https://www.seguetech.com/three-stages-disaster-recovery-sites/
  41. Snedaker, S., & Rima, C. (2013). Business continuity and disaster recovery planning for IT professionals (2nd ed.). Syngress Press.
  42. Status. (2020, August 7). How to communicate during an organizational change [7 best practices]. Status Articles. https://status.net/articles/change-management-communication/
  43. Stone, A. (2020, September 28). Phishing attacks are what percentage of cyber attacks? Secure Communication Channels & Social Media | SafeGuard Cyber. https://www.safeguardcyber.com/blog/phishing-attacks-are-what-percentage-of-cyber-attacks
  44. The most common causes of server room fires might surprise you. (2017, June 8). Cooling Power. https://coolingpowercorp.com/news/common-causes-server-room-fires-might-surprise/
  45. Tim Hoffer, (2018, Feb 16). The Main Causes of Underground Infrastructure Damage  https://www.softdig.com/blog/main-causes-underground-infrastructure-damage/
  46. Trimmer, R.(n.d.). YouTube. https://www.youtube.com/watch?v=bI-dO7RI3lE
  47. Tweney, D. (2013, August 16). 5-minute outage costs Google $545,000 in revenue. VentureBeat. https://venturebeat.com/2013/08/16/3-minute-outage-costs-google-545000-in-revenue/
  48. U.S. Bureau of Labor Statistics. (2021, March 3). Comparing the experiences of essential and nonessential businesses during COVID-19: The economics daily: U.S. Bureau of Labor Statistics. https://www.bls.gov/opub/ted/2021/comparing-the-experiences-of-essential-and-nonessential-businesses-during-covid-19.htm
  49. V-amallick. (2021, May 4). Support matrix for the MARS agent - Azure backup. Developer tools, technical documentation, and coding examples | Microsoft Docs. https://docs.microsoft.com/en-us/azure/backup/backup-support-matrix-mars-agent
  50. Waterlogic. (2017, November 15). Drinking water - The US law | Waterlogic. Water Coolers and Dispensers for Office and Waterlogic. https://www.waterlogic.com/en-us/resources-blog/drinking-water-the-law/
  51. Wpadmin. (2020, June 10). Differences between a cold, warm and hot disaster recovery site. OTAVA. https://www.otava.com/blog/what-is-the-difference-between-a-cold-warm-and-hot-disaster-recovery-site/

Appendix

Employee Contact List

CEO & Founder:

Carlton Smith 415-555-7841

Administration

Manager: Mark Saunders

Main Phone line: 415-555-8643

Employees:

Phone Extension

Mark Saunders

0180

Rod Hatherly

0181

Bea Holdeman

0182

Susan Marcotte

0183

Kendra Bell

0184

Dillon Sommer

0185

Sales

Manager: Diane Ford

Main Phone line: 415-555-6312

Employees:

Phone Extension

Diane Ford

0200

Halle Branson

0201

Natasha Lowe

0202

Thomas Baird

0203

Lorna Hastings

0204

Dwayne Roby

0205

Pam Millard

0206

Katie Barnes

0207

Leonard Filby

0208

Helen Reese

0209

Manufacturing

Manager: Linda Kraemer

Main Phone line: 415-555-6161

Employees:

Phone Extension

Linda Kraemer

0150

Jessica Talen

0151

Andrew Saunders

0152

Cassie Johnson

0153

Annette Watson

0154

Marty Kitzman

0155

Research & Development

Manager: Carlton Bowden

Main Phone line: 415-555-3223

Employees:

Phone Extension

Carlton Bowden

0100

Kurt Gossard

0101

Sam Jarosz

0102

Corey Bogdan

0103

Anne Mcloskey

0104

Maintenance

Manager: Michael Winters

Main Phone line: 415-555-3970

Employees:

Phone Extension

Michael Winters

0400

Bell Rosenburg

0141

Adam Loudy

0142

Katelin Griffin

0143

Lance Addams

0144

Jeffery DeVane

0145

Advertising

Manager: Michael Churchill

Main Phone line: 415-555-3131

Employees:

Phone Extension

Michael Churchill

0160

Aaron McDowel

0161

Owen Mill

0162

Allison Bell

0163

Rebecca McClintock

0164

Jessica Williams

0165

Shipping

Manager: Kenneth Gilliam

Main Phone line: 415-555-6431

Employees:

Phone Extension

Kenneth Gilliam

0130

Derrick Cunningham

0131

Evan McAllister

0132

Kevin Albright

0133

Brent Kastner

0134

Purchasing

Manager: Katherine Cavenaugh

Main Phone line: 415-555-3298

Employees:

Phone Extension

Katherine Cavenaugh

0120

Shay Robertson

0121

Robert White

0122

Ian Wolf

0123

Security

Manager: Brett Kelcey

Main Phone line: 415-555-3852

Employees:

Phone Extension

Brett Kelcey

0170

Frank Arrons

0171

Joanna Clark

0172

Martin Burns

0173

IT

Manager: Alicia McKellips

Main Phone line: 415-555-8352

Employees:

Phone Extension

Alicia McKellips

0190

Luke McDowel

0191

Allan Smith

0192

Joseph Webber

0193

Robert Wildhorn

0194

Vendor Contact List

Dell

One Dell Way

Round Rock, Texas 78682

(1-800-WWW-DELL)

HP

3000 Hanover Street

Palo Alto, CA 94304-1185 USA

(800-282-6672)

Bold Data Technology, Inc.

dba BOLData Systems

48363 Fremont Blvd.

Fremont, CA 94538

800-923-2653

Supplier Contact List

Blank DVD/CD/Case Suppliers

The Tech Geek – Primary Supplier

48965 Warm Springs Blvd Fremont, CA 94539

Toll-Free: 1-800-456-0825

Disc Makers – Secondary Supplier (In emergency)

http://www.discmakers.com

7905 N. Route 130 Pennsauken, NJ 08110-1402

Toll-Free: 800-468-9353

Local: 856-663-9030

Dub-It Media Services – Secondary Supplier (In emergency)

Hollywood Sales Office

1110 North Tamarind Avenue Hollywood, California 90038

Toll-Free: 1-888-99DUB-IT

Local: 323-993-9570

ISSI Business Solutions– Secondary Supplier (In emergency)

22122 20th Ave SE #152 Bothell, WA 98021

Toll-Free: 1-800-660-3586

Local phone: 425-483-4801

Box Suppliers

Customized Packaging Solutions Inc. – Primary Supplier

8333 24th Avenue P.O. Box 278060 Sacramento, CA 95826

The Packaging House, Inc. – Secondary Supplier (In emergency)

6330 North Pulaski Road Chicago, Illinois 60646-4594

Toll-Free: 800-966-1808

Ace Packaging of AZ– Secondary Supplier (In emergency)

https://www.acepackagingaz.com/

4012 W Turney Ave #3 Phoenix, AZ 85019

Local: (602) 272-7231

Paper Supplier

JC Paper – Primary Supplier

47422 Kato Rd Fremont, CA 94538

Local: (510) 413-4700

Ace Packaging of AZ– Secondary Supplier (In emergency)

https://www.acepackagingaz.com/

4012 W Turney Ave #3 Phoenix, AZ 85019

Local: (602) 272-7231

Client Contact List

Electronic Arts:

209 Redwood Shores Parkway

Redwood City, CA 94065

Ubisoft:

625 Third Street

San Francisco - CA 94107

Take-Two Interactive

622 Broadway

New York, NY 10012

LucasArts

1110 Gorgas Avenue

San Francisco, CA 94129

Nintendo

Redmond, WA 98073

Capcom:

475 Oakmead Parkway

Sunnyvale CA, 94085

Codemasters

350 Fifth Avenue, 59th Floor

New York, NY 10118

Midway:

2704 West Roscoe Street

Chicago, IL 60618

Activision

3100 Ocean Park Boulevard

Santa Monica, California 90405

THQ

27001 Agoura Road Suite 325

Calabasas Hills, CA 91301

Product Distributors Contact List

E.B Games - West Coast Stores

EB Games #3302

Broadway & Jackson

617 SW JACKSON ST

PORTLAND OR, 97201

503-221-8791

Electronics Boutique #435

Stoneridge

1384 STONERIDGE MALL

PLEASANTON CA, 94588 US

925-463-0932

EB Games #667

Arizona Mills

5000 ARIZONA MILLS CIR

TEMPE AZ, 85282

480-838-3958

EB Games #401

Fashion Show Mall

3200 LAS VEGAS BLVD. SOUTH

LAS VEGAS NV, 89109 US

702-731-1733

Gamestop - East Coast Stores

GameStop #872

Westside Shopping Center

2477 Frederick Ave.

Baltimore MD, 21223 US

(410)945-3100

GameStop #747

Meadow Glen Mall (F)

3850 Mystic Valley Parkway

Medford MA, 02155 US

(781)395-3341

GameStop #2201

Coral Way

8743 SW 24th Street

Miami FL, 33165 US

(305)227-3795

Wal-Mart - Nationwide Stores

Wal-Mart Supercenter Store

350 West Hope Avenue

Salt Lake City (C), UT 84115

(801) 484-7311

Wal-Mart Store #2204

1300 Des Plaines Avenue

Forest Park, IL 60130

(708) 771-2270

Wal-Mart Store #1151

6565 State Avenue

Kansas City, KS 66102

(913) 788-3331

Company Resources

Computer equipment

Administrative Computers

Sales Computers

Research and Development Computers

Shipping Computers

Advertising Department Computers

IT Department Computers and Servers

Manufacturing Computers

Communication links

Communications equipment

Office equipment

Office supplies

Production Equipment

Facility Access - Key Cards

Building 1 Access

Department

KEY ID

CEO

MASTER-1

Administration

ADMN-1 / ADMN-6

Sales

SLS-1 / SLS-9

Purchasing

PUR1 / PUR-4

Manufacturing

MNF-1 / MNF-6

R&D

RD-1 / RD-5

Security

SEC-1 / SEC-4

IT

IT-1 / IT-5

Maintenance

MNT-1 / MNT-6

Building 2 Access

Department

KEY ID

CEO

MASTER-1

Sales

SLS-1 / SLS-9

Purchasing

PUR-1 / PUR4

Shipping

SHP-1 / SHP-5

Advertising

ADV-1 / ADV-6

Manufacturing

MNF-1 / MNF-6

R&D

RD-1 / RD-5

Security

SEC-1 / SEC-4

IT

IT-1 / IT-5

Maintenance

MNT-1 / MNT-6

Building 3 Access

Department

KEY ID

CEO

MASTER-1

Shipping

SHP-1 / SHP-5

Manufacturing

MNF-1 / MNF-6

R&D

RD-1 / RD-5

Security

SEC-1 / SEC-4

IT

IT-1 / IT-5

Maintenance

MNT-1 / MNT-6

Building Layouts

Figure 1 - Building 1 internal layout

Figure 2 - Building 2 level 1 internal layout

Figure 3 - Building 2 level 2 internal layout

Figure 4 - Building 3 internal layout

Fire Suppression & Safety Equipment locations

Figure 5 - Building 1

Figure 6 - Building 2 level 1

Figure 7 - Building 2 level 2

Figure 8 -Building 3

Building Evacuation Maps

Figure 9 - Building 1

Figure 10 - Building 2 Level 1

Figure 11 - Building 2 Level 2

Figure 12 - Building 3

Network Diagrams

Figure 13 - Building 1

Figure 14 - Building 2

Figure 15 - Building 3

Financial Statements

Table 1 - Digiknights Financial Statement 2020

Total Revenue

$200,000,000.00

Less Staff Salaries and Benefits

($6,900,000.00)

Less Operational Costs*

($125,000,000.00)

Net Profit

$68,100,000.00

Operational Costs include supplies, materials, maintenance, contracts, insurance, rent, vehicles, etc

Revenue By Customer

Units

Cost Per

Electronic Arts

$65,000,000.00

2600000

25

Ubisoft

$5,000,000.00

125000

40

Take-Two Interactive

$2,000,000.00

50000

40

LucasArts

$40,000,000.00

1333333.333

30

Nintendo

$50,000,000.00

1666666.667

30

Capcom

$4,000,000.00

100000

40

Codemasters

$7,000,000.00

189189.1892

37

Midway

$6,000,000.00

162162.1622

37

Activision

$20,000,000.00

571428.5714

35

THQ

$1,000,000.00

25000

40

Total

$200,000,000.00

6822779.923

Monthly

568564.9936

Weekly

136455.5985

5 Production Machines

27000 units each week per machine

Company Growth

Figure 16 - Company Growth (5 Years)

Organizational Chart

Assessment Forms

Form 1 - Initial Asset Inventory and Assessment

Inspection Date:         Inspector Name:

Building Number:          Room

 

Damage

 

 

 

 

Asset Name

Unknown

Minor

Moderate

Severe

Repairable

Value

Downtime

Comments/ Cause of Damage

  • Yes
  • No

 

 

 

  • Yes
  • No

 

 

 

 

  • Yes
  • No

 

 

 

 

  • Yes
  • No

 

 

 

 

  • Yes
  • No

 

 

 

 

  • Yes
  • No

 

 

 

 

  • Yes
  • No

 

 

 

 

  • Yes
  • No

 

 

 

Form 2- Building Damage Assessment

Inspection Date:          Inspector Name:

Building Number:         Room:

Space is (Check all that apply)

  • Not Usable
  • Usable
  • Wet
  • Damp
  • Dry

Utilities are operational (Check all that apply)

  • Phone
  • Internet
  • Power    
  • Water
  • Sewage

Ceiling tiles (e.g. wet, sagging, missing)

Walls (e.g. cracks, watermarks, soot)

Floor/Carpet (e.g. wet, burnt, torn, mildew)

Water leaks (e.g. from roof, through walls, windows)

Doors/Windows (e.g. broken locks, hinges, awnings)

Fixtures (e.g. electrical outlets, lighting)

Other

Comments

Form 3 -Individual Asset Assessment

Inspection Date:          Inspector Name:

Building Number:         Room:        Department:

Asset Description        Model #        Inv ID #

Contract #

Overall Damage: Unknown         Minor Moderate Severe Total loss

Asset Repairable: Yes  No

Estimated Repair/Replacement Cost

Estimated Downtime

Describe Visual Condition: (e.g soot, wet, crushed, tipped over)

List Components

Usable

Repairable

Replace

Name

Value

Name

Cost

Name

Cost

Comments