1. Purpose
The SCC Disaster Recovery Plan establishes the procedures and responsibilities required to restore SCC systems and services following a disruptive event. The plan ensures that SCC can recover hosted environments, development infrastructure, and critical services in a timely and predictable manner. This plan supports SCC’s commitment to protect the confidentiality, integrity, and availability of member data.
This is supplementary to the expectation the SCC has of all member institutions to store or perform on-site local backups of all database contents and associated digital assets.
2. Scope
This plan applies to:
-
All SCC staff and contractors
-
SCC-managed cloud infrastructure
-
SCC-managed development, staging, and testing environments
-
SCC systems used for support, monitoring, and administration
-
Backup and recovery infrastructure
-
Events that disrupt availability, integrity, or functionality of SCC services
The plan covers disasters including but not limited to system failures, data corruption, cloud provider outages, security incidents, natural disasters, and human error.
3. Objectives
The objectives of the SCC Disaster Recovery Plan are to:
-
Restore hosted services within the defined Recovery Time Objective (RTO)
-
Minimize data loss within the defined Recovery Point Objective (RPO)
-
Maintain continuity of SCC operations
-
Protect member data from loss or corruption
-
Provide clear roles, responsibilities, and communication pathways
-
Ensure predictable and repeatable recovery procedures
5. Disaster Definition
A disaster is any event that significantly disrupts SCC operations or hosted services and cannot be resolved through normal incident response procedures. Examples include:
-
Loss of access to hosting provider resources
-
Corruption of production databases
-
Widespread asset storage failure
-
Extended cloud provider outage
-
Security incident requiring full environment rebuild
-
Natural disaster affecting SCC operational capacity
6. Recovery Priorities
SCC restores services in the following order:
Core hosting infrastructure
- VPC, subnets, security groups, IAM roles, networking.
Database services
- MariaDB instances, database restoration, schema validation.
Asset storage
- S3 buckets or equivalent object storage.
Application services
- Specify 7 containers, asset server, web portals, web server.
Monitoring systems
- Uptime monitoring and alerting.
Support systems
- Help Desk, documentation, communication channels.
7. Backup Strategy
SCC maintains a multilayered backup strategy described in full in the Database and Asset Hosting Service Level Agreement: SCC Hosting SLA
Backups include schema, data, and essential configuration files. Backups are stored in the same region as the hosted environment. Backups include automated integrity checks.
8. Recovery Time and Recovery Point Objectives
Recovery Time Objective (RTO)
SCC staff restores normal operations within three business days during Central Time business hours. Restoration is subject to incident severity, system dependencies, and operational capacity.
Recovery Point Objective (RPO)
Data loss is limited to changes made since the last valid backup. This is typically less than 24 hours.
9. Disaster Recovery Procedures
1. Notify Stakeholders
SCC staff notifies affected member institutions with:
-
Description of the issue
-
Expected recovery timeline
-
Any required member actions
2. Stabilize the Environment
SCC staff isolates affected systems, halts automated processes, and preserves logs for forensic analysis.
3. Restore Infrastructure
SCC staff rebuilds or reconfigures:
-
VPC
-
Subnets
-
Security groups
-
IAM roles
-
Load balancers
-
Reverse proxy configuration
4. Restore Databases
-
Deploy new MariaDB instance
-
Import the most recent valid SQL backup
-
Validate schema and data integrity
-
Apply required migrations
5. Restore Assets
-
Recreate asset storage buckets
-
Restore quarterly snapshot
-
Apply weekly incremental updates
6. Restore Application Services
-
Deploy Specify 7 containers
-
Deploy asset server
-
Validate application functionality
-
Reconnect application to restored database
7. Validate System Integrity
SCC staff verify:
-
Authentication and SSO
-
CRUD operations
-
Asset retrieval
-
Reporting
-
API functionality
-
Performance and stability
8. Member Validation
Members confirm:
-
Data completeness
-
Asset availability
-
Workflow functionality
9. Finish Recovery
SCC staff confirms full restoration and provides a summary report to members.
10. Communication Plan
SCC staff communicates with members through:
-
Email notifications
-
Status updates during recovery
-
Final restoration confirmation
-
Follow up documentation if required
SCC staff maintains transparency throughout the recovery process.
11. Post Recovery Review
Following an incident, SCC staff conducts a review that includes:
-
Timeline of events
-
Root cause analysis
-
Impact assessment
-
Effectiveness of recovery procedures
-
Required improvements
-
Updates to documentation
Findings are incorporated into future planning and training.
12. Plan Maintenance
SCC staff reviews this plan annually and updates as SCC infrastructure, hosting practices, and member needs evolve.
Download this document as a pdf:
SCC Disaster Recovery Plan.pdf (103.2 KB)