Protecting the County’s Assets

R3

Ensure that the new disaster plan under development includes specific recommendations on: • The need for user consensus on the system and application priorities, both for protection against failure and sequence of recovery in the event that not all facilities can be restored immediately after a catastrophic outage • The value of distributing some of the servers (presently clustered) and the use of storage area networks – basically a “let’s not put all of our eggs in one basket” strategy • A “non-stop” solution for the Sonoma County Law Enforcement Consortium (SCLEC) system such that an outage of the main system is instantly switched to a standby, such standby preferably located at a site some distance from the primary location. There are numerous hardware, network and software solutions available to achieve this • Identify every single point of failure in the data center, including network terminators and cabling ducts, and determine the investment value of providing redundancy. Tax Collector

R2

Involve the major users more closely in the design of the new disaster recovery plan. This may need senior management directives to the major users.

R1

Complete its initial disaster recovery plan by December 2005, and request the funding it calls for in time for the 2006-2007 budget cycle. This request should include a change in the manner by which such expenditures are funded, separately from recovery of ongoing ISD running costs.

R5

Participate, bi-annually, in an actual test, to determine that Sonoma County can successfully process its Tax Collection applications at Napa County’s computer installation.

R4

Participate more actively, on an annual basis, in the disaster recovery testing of the Tax Collection applications. This should include use of backup data in a real environment, not simply a test to show that the data is being backed up.

R6

Evaluate the opportunity investment cost of, as an example, a five-day delay in investing the peak tax income in mid-December, and determine what commensurate investment in redundant equipment would preclude the lost opportunity. Sonoma County Water Agency

R7

Complete the current update of the disaster plan by December 2005.

R8

Modify the existing checklists to be more hands-on, action-oriented, and easier for a disaster worker to carry on his/her person or in his/her automobile. Sonoma County School Districts

R11

Develop a pro-forma action checklist for use by all schools in handling post-disaster tasks.

R9

Ascertain whether an extension to the USDOE grant timetable is possible, and determine if an extension would be desirable.

R12

Ensure that the role of SCOE in actual post-disaster scenarios is identified and publicized.

R13

Review the check-in/check-out procedures at the main facility and determine if a change is desirable.

R10

Review the letter from the US Department of Education regarding the Russian school hostage emergency, and expedite action and replies from all school districts.

R14

Implement a common parent-contact system as soon as possible.

R15

Complete an inventory questionnaire of school communication equipment. Sheriff’s Department

R19

Require that all county departments file a formal statement of their disaster recovery requirements, for computer-based and manual systems, with detailed descriptions of the necessary steps to return the business to normal. Required responses to Findings Sonoma County Tax Collector - F8, F10 Sonoma County Information Systems Director - F4, F8 Sonoma County Administrator - F6, F7, F26, F27 Sonoma County Water Agency - General Manager F13 Project Director USDOE Project - F14 Superintendent of Schools – SCOE F16 Sonoma County Sheriff – F23, F24 Board of Supervisors – F26, F27 Requested responses to Recommendations None Required responses to Recommendations County Director of Information Systems - R1, R2, R3 County Tax Collector - R4, R5, R6 Sonoma County Water Agency – General Manager - R7, R8 Superintendent of Schools – SCOE - R9, R10, R12, R13 Deputy Superintendent of Schools – R11, R14 County Sheriff - R16, R17 County Dispatch Manager - R16 County Administrator - R1, R2, R18, R19 Board of Supervisors - R18, R19 All School Superintendents - R15 9 Exhibit A. Interviewees in the Investigation Sonoma County Water Agency • General Manager • Disaster Planning Analyst Sonoma County Office of Education • Superintendent • Deputy Superintendent • Director, Environmental Health and Safety • Director of Operations • USDOE Project Director • Loss Prevention Director – Redwood Empire Schools’ Insurance Group • Technology Director • Technology/Network Managers (2) • Information Systems Manager Large-sized School District • Superintendent • Deputy Superintendent • Disaster Planning Analyst Medium-sized School District • Superintendent • Supervisor of Maintenance and Operations Small-sized School District • Superintendent Information Systems Department • Director • Division Director • Assistant Manager – Radio and Communications • Assistant Manager – Telephone Systems Sheriff’s Department • Sheriff and Coroner • Assistant Sheriff • Captain - Detention Division • Captain – Patrol Bureau • Captain – Administration Bureau • Lieutenant (2) – Patrol Bureau • Dispatch Manager 10 Exhibit B. List of documents made available to the grand jury • Sheriff’s Organization − Jail Evacuation Plans − Dispatch Center Evacuation Plan − Order for TD 280 Switch – to switch County 911 lines to Santa Rosa Police Department − Procedure managing outside access to Sheriff’s Radio Frequency − Sheriff Procedure – Rules and Regulation on Conduct − County Dispatch Center – Disaster Response and Recovery Plan (written during this investigation) • Sonoma County Information Services Department (ISD) − Sonoma County Telecommunications Network − County of Sonoma Radio Relay Network − Disaster Recovery Exercise Recap − Extract from Strategic plan, titled Expanding Disaster Recovery • Sonoma County Office of Education − Trainings on Safe School Plans and School Crisis Response − Emergency Preparedness Plan for the main facility − Academic Aftershocks – a video featuring the impact of the Northridge Earthquake on California State University - Northridge − Practical Information for Crisis Planning – A Guide for Schools and Communities − Activity Summaries SCOE/USDOE Project, October 1, 2004 – March 31, 2006 − Changes to School Safe Plan September 29, 2004 − Community Health Profile for the Bi-County Redwood Coast Region − Emergency Response and Crisis Management Leadership Workshop description − General Safe Work Practices for all Employees − Earthquake Hazards Checklist − List of Emergency Management Activities prior to USDOE grant − Loss Recovery Resource Guide – Redwood Empire Schools’ Insurance Group − EOC/Incident Command System SEMS Organization Chart for Schools • Sonoma County School Districts − Fort Ross School District Administrative Flow Chart for 2004-2005 − Fort Ross School Safety Plan − Fort Ross Disaster Preparedness Plan − Cloverdale Unified School District Emergency Action Plan − Monte Rio School Emergency Action Plan − Petaluma City Schools Emergency Plan − Piner-Olivet Union and School District Emergency Closure Procedures − Doyle Park Comprehensive School Safety Plan 04-05 − Post Earthquake Damage Evaluation and Reporting Procedures for California Schools • Sonoma Tax Collector Office − Disaster Recovery Plan – A list of systems 11 Exhibit C – Basic Principles of Disaster Recovery and Business Resumption All organizations eventually consider how best to protect their well-defined infrastructures which consist of processes, procedures, and communication mechanisms, collectively referred to as system(s)or application(s). The system may be manual, computer-based, or both. Normally this protection will be against disasters such as fire, earthquake or explosion. For example, manual systems have historically made use of fireproof cabinets, safes, vaults, or duplicate copies of the paperwork kept in two places. The expectation was that vital records, or data, could withstand the disaster, or safe copies in a safe location could be used to replenish the original data. The organization would then quickly be able to resume “business as usual,” once the disaster was over. With the advent of computer-based applications the analog of fireproof cabinets etc., became necessary. Disaster Planning Since more elaborate schemes require more investment, it is vital that an organization carefully prioritizes the criticality of its systems and develops a disaster plan. The plan will usually try to identify so called single points of failure, identifying those pieces of equipment that should be duplicated, if possible, to reduce the probability of a disaster taking out a single critical piece of equipment. An organization needs to determine which of its applications are critical to its ability to continue business, then decide how best to protect the critical data so that it is not lost in a disaster, or can be replaced in total or at least to an agreed to point in time. The most basic form of protection is to take periodic electronic copies of the data, typically on magnetic tape, typically nightly, and store them at a separate location. Ideally the second location is not adjacent to the primary location, or on the same earthquake fault-line! It is a form of insurance, and just as with insurance one can pay higher premiums for better coverage. An organization may decide to have multiple centers, with equipment mostly duplicated, or a second center with only enough equipment for the priority work. Until the late 90’s most organizational computing was done on a single, large computer, a mainframe. As the personal computer (PC) grew in power and functionality, applications began to move to servers, larger PC’s that could handle multiple users concurrently. Sonoma County has both a mainframe and servers, and the disaster plan for each will probably be different. For example, it is relatively easy to distribute multiple servers to multiple locations, and connect them over the network such that they can be a backup for each other. One other option for Sonoma County is to find another organization with exactly the same systems and agree to be mutual backup for each other. Regardless of the depth of coverage in the plan, it is good practice to have “fire-drills,” at least annually, to test that the organization can recover from the backup data. Business Resumption This refers to the process of identifying all of the steps that will be required to get back to normal after a disaster. Again, it requires senior management to identify the critical applications so that they can be restored first if there is a resource issue. Sometimes it can take many weeks to get everything back to normal. This may involve temporary labor, overtime, weekends, and cooperation from trade unions, suppliers or customers. Frequently, the business resumption plan will point to improvements that are needed for the disaster plan. By default or by design, an organization may decide to do nothing on these two fronts. With the integration of computers into our daily work and personal lives this is most unlikely to be a prudent strategy. EXHIBIT D

R16

Work with ISD to identify a cost-effective “non-stop” solution to protect the SCLEC system.

R17

Work with ISD to determine cost-effective backup solutions for internally developed systems. General (senior management of all the entities)

R18

Ensure that all disaster recovery and business-resumption planning efforts are continuously supported and reviewed by appropriate stakeholder groups.

R18

Ensure that all disaster recovery and business-resumption planning efforts are continuously supported and reviewed by appropriate stakeholder groups.