Per Chapter 14 Problem 7 (listed below) Describe the internal control weaknesses present at Hexagon. List the components that should be in a disaster recovery plan at Hexagon. What factors, other than those included in the plan itself, should a company consider when formulating a disaster recovery plan?
7. DISASTER RECOVERY PLAN
Hexagon is an online retailer of exotic foods including spices from around the world, canned sauces, and prepackaged breads such as tortillas and naan. The company does 100 percent of its business over the Internet to consumers and through private networks with retail trading partners. Recently, Hexagon moved its sales and business headquarters functions into a warehouse on the outskirts of San Francisco. Prior to the move, the company engaged the services of an architect to redesign the facility to be modern yet in keeping with the original character of the building. While remodeling the warehouse, the architects retained the wooden-shingled exterior and the exposed wooden beams throughout the interior. The data processing center, which contained the servers and networked terminals, was situated in a large open area with high ceilings and skylights. The center was made accessible to the rest of the staff to be consistent with the firm’s philosophy of removing barriers and encouraging a team approach to problem solving. Before occupying the new facility, city inspectors declared the building to be compliant with all relevant building codes.
In a recent compliance audit, Hexagon’s auditors advised the company’s management to develop a disaster recovery plan. Toward this end, the company entered into a mutual aid agreement with several other firms in the area that had similar technology systems. These firms all agreed verbally to provide emergency assistance to each other in the event of disasters or emergencies. In addition, Hexagon implemented a data backup system in which all files are copied daily to tapes and disks and each week the backup storage devices are taken to an offsite facility where they are secured.
The operator’s manual with instructions on how to restore the system is stored in the main data processing area along with a list of names and phone numbers of key IT professionals to contact in case of an emergency.
Required
a. Describe the internal control weaknesses present at Hexagon.
b. List the components that should be included in a disaster recovery plan for a company like Hexagon.
c. What factors, other than those included in the plan itself, should a company consider when formulating a disaster recovery plan?