Business Continuity

Business Continuity Preparedness Handbook Managing risk through proactive planning June 2016 Table of contents 1 Executive summary 2 AT&T alignment with industry standards 3 AT&T business continuity management 6 AT&T network disaster recovery capabilities 7 Business continuity preparedness — best practices 8 Planning is essential 10 Solutions for business continuity strategies 11 AT&T business solutions portfolio 12 Collaboration – unified communications 13 Collaboration – messaging 15 Remote access services/mobility 16 Contact center 18 Hosting & application management 19 AT&T enterprise recovery services 21 Managing network security 22 AT&T customer support 24 Additional information 26 Executive summary With growing concern over extreme weather conditions and national security breaches, it’s essential to take a proactive approach to business continuity planning to help minimize the impact of an event to customers, employees and stakeholders. Developing and testing a plan that protects the health and safety of employees and maintains critical business functions requires a comprehensive cross-organizational effort. When it comes to business continuity, proactive planning and a strong execution strategy are essential steps in reducing exposure from any type of “event”, natural or man-made, accidental or intentional, internal or external, with or without prior warning. AT&T has developed this business continuity preparedness handbook to provide an overview of best practices that can help facilitate proactive planning and ongoing enforcement for all event scenarios. It also provides a business continuity preparedness self-assessment to help organizations identify potential gaps in their preparedness planning. As illustrated by the AT&T business continuity survey results included in this handbook, with the ongoing evolution of technology and cyber threats, it is critical for organizations to maintain operational effectiveness and flexibility for any scenario-regardless of cause or duration. This handbook covers the following topics: • AT&T alignment with industry standards • AT&T business continuity survey results • AT&T business continuity management practices • Business continuity preparedness-best practices • Solutions for business continuity strategies • AT&T customer support during an event • Additional resources 2 AT&T alignment with industry standards In 2015, AT&T became the first telecom service provider to be certified under the new international Business Continuity Management standard (ISO 22301:2012) for the Voluntary Private Sector Preparedness Program (PS-Prep™). The new ISO standard is the logical successor to the previous standard and became the accepted Business Continuity Management standard worldwide. This PS-PrepTM re-certification demonstrates that AT&T continues to be equipped to resume business operations and continue delivering services to its customers in the vital hours and days after a disaster strikes. In the event of any disaster or other emergency, we will be able to quickly resume network traffic, field customer calls and queries, and service the communities in which we operate. PS-PrepTM is a partnership between the Department of Homeland Security and the private sector enabling private businesses to demonstrate their capabilities for planning for, responding to, and recovering from disasters and other emergencies. We received our original certification for PS-Prep in 2012. In addition to ISO 22301, the business continuity management program also is: • Certified by CTIA as part of their Business Continuity/ Disaster Recovery Program since 2004 • Aligned with the Disaster Recovery Institute International (DRII) Professional Practices since 2004 • Aligned with the National Incident Management System (NIMS) as suggested by the Department of Homeland Security (DHS) since 2004 • ISO 27001 certified for information security since 2010 • Aligned with the BCI Good Practice Guidelines since 2011 3 TM ISO 22301:2012 “Our customers rely on us for 24x7 connectivity especially during times of natural disasters where we provide a critical lifeline. So we’re proud to be the first telecom to secure re-certification under the new ISO standard. This recognition demonstrates once again that our business continuity program, coupled with our technology recovery team, is best in class.” — John Donovan, Senior Executive Vice President, AT&T Technology and Operations AT&T business continuity survey results AT&T business continuity survey results show fears of potential security breaches and natural disasters, including extreme weather conditions, weighing heavily on IT executives, businesses nationwide have continued to grow and advance their business continuity and disaster recovery plans to incorporate the adoption of wireless network capabilities, cloud services and mobile applications. The results for the latest AT&T annual business continuity study identify several trends regarding how businesses are preparing themselves for potential disasters and threats. AT&T has conducted this study for thirteen consecutive years, surveying IT executives from companies in the United States with at least $25 million in annual revenue, to measure the national pulse on business continuity planning. Our business continuity study is based on a sample of 500 online surveys among Information Technology (IT) executives with primary responsibility for business continuity planning, 59% of them representing companies with locations outside the U.S. The study was conducted by Research Now with respondent geographic representation as follows: “We’re seeing more and more major security events dramatically impact business operations across virtually every industry.” — Jason Porter, Vice President, Security Solutions, AT&T Business Solutions • 28% in the Northeast • 25% in the South • 20% in the Midwest • 27% in the West The following highlights some of our key findings from the study: • Executives increasingly consider managing security requirements specific to mobile deployment (51%) and cloud (48%) as important business concerns. • 54% of executives indicate that IT budgets have increased over the past two years, with “increasing data security” (31%) as one of the leading motivations for investing in new technologies. • In order to respond to these growing concerns, businesses are investing in highly secure platforms across the entire IT landscape, with companies most frequently investing in cloud services (39%) and mobile applications (35%), followed closely by network security solutions (33%). 4 Our business continuity study key findings As devices infiltrate the workforce and organizations expand globally, companies are looking beyond the impact of natural disasters when evaluating their business continuity strategies. They are now evaluating the ongoing impact of security breaches and the tools needed to not only to mitigate risks but also proactively anticipate potential internal and external threats to their organizations. • 81% of companies indicate that their business continuity plan accommodates the possibility of a network security event, such as malware, phishing, bugs and malicious hackers. • 63% of business leaders classify security breaches as their number one business concern in relation to overall security strategies. 5 Although the majority of companies (89%) indicate that they have a proactive approach to overall security, less than half of those polled (49%) claim they have a strong execution strategy in place. The AT&T survey found that although business leaders have the right tools in place, the amount of threats infiltrating the business now require stronger requirements on the front and back end to fend off ongoing attacks. • 86% of companies surveyed are concerned about the use of mobile networks and devices. • Over one-third (34%) have experienced a distributed denial-of-service (DDoS) attack in the past 24 months. However, only half of organizations (50%) are currently taking proactive measures against protecting their company against DDoS attacks. • Similarly, one-fourth (26%) of companies have experienced an advanced persistent threat (APT) attack in the past 24 months. However, only 44% of respondents are taking a proactive approach to protecting their companies against advanced persistent threats. AT&T business continuity management Planning for and responding to crises is something that we perform without hesitation and with extensive experience in a wide variety of situations, from hurricanes to floods, to power outages, work stoppage contingency planning, and man-made disasters. We have a global team of experts who practice this response several times per year. Our business continuity efforts include: the day-to-day operational activities required to maintain continued service to its customers, broad scenario planning as well as individual threat assessment and analysis, centralized command and control responsibility and specific recovery procedures for key business processes. We take appropriate actions for the delivery of services to customers while considering and addressing the needs of our employees and their families. “When an event occurs, our top priority is to account for our employees and to assess their personal impacts. This allows our employees to then focus on our customers’ needs.” — Lisa Tenorio, AT&T Assistant VP, Corporate Business Continuity Planning AT&T has a team of industry-leading, certified and experienced business continuity experts engaged in the AT&T internal business continuity management program to achieve its business objectives. This team requires that key business processes have documented business continuity plans that are updated and exercised on a predetermined schedule. Plan exercises are designed around specific scenarios to test the viability and capability of the plans. Plan development and plan exercise execution are based on the concept of continuous improvement with the focus of maintaining business operations. As part of that planning, AT&T has performed an extensive corporate-wide risk assessment, and implemented incident response and contingency planning on several broad fronts: Employees and facilities It is the policy of AT&T to provision and maintain products and services in an environmentally responsible and sustainable manner. The company implements strategies based on best practices to reduce risk and to help mitigate operational impacts during an event. During events, AT&T extensively utilizes text messaging and notification tools to notify employees and our first responder teams; sharing status and providing local resources to impacted employees to assist with their personal recovery needs. Business process We design our services to help our key business processes remain operational and keep customer service impacts to a minimum. Through a comprehensive response, recovery, and restoration program, AT&T helps support reliability of its key business processes and infrastructures. Supplier BCP AT&T promotes supplier business continuity capabilities that are aligned with our business requirements. Suppliers providing products and services supporting AT&T business activities are documented in the business unit’s business continuity plan. Suppliers supporting essential business activities are requested to complete a BCP Survey based on a pre-defined schedule identifying whether a business continuity program is in place. For more information, visit Doing Business with Us on the Web (att.com/dbw). 6 Network infrastructure In the event of a disaster, as customers implement their own business continuity plans, a shift in traffic patterns on the AT&T Global Network may result. AT&T proactively plans for these shifts in wireless and wireline voice and data traffic patterns evaluating alternatives to maximize network performance. Information Technology Service Continuity The AT&T Information Technology Service Continuity (ITSC) Program is committed to identifying and managing IT-related service continuity risks across the enterprise. The organization has established safeguards to minimize the risk, cost, and duration of disruption to key business processes in the event of a crisis or disaster. Accordingly, ITSC has taken a number of steps to increase the reliability of AT&T key business processes and supporting infrastructures in order to provide high-quality communication services to AT&T customers. This includes prevention and mitigation efforts, as well as comprehensive emergency response and recovery plans in the event of a disaster or crisis. Information/cyber security The AT&T chief security office (CSO) establishes policies and requirements, as well as comprehensive programs, to incorporate security into all facets of computing and networking environments. The AT&T security program implements the AT&T security policies through a rich set of initiatives, processes and procedures administered by the AT&T security organization worldwide and certified to the ISO/ IEC 27001:2005 Information Security Management Standard. These program initiatives are executed on an ongoing basis by each region and are supported by the global network security teams. The goal of the program is to protect both AT&T and each customer’s information and resources. AT&T community support When disaster strikes, we are ready to provide meaningful humanitarian assistance to residents and first responders. Together with relief organizations and community volunteers, our people and resources can make a difference and provide critical support to those in need. We’re proud to serve our communities by making critical connections in good times and bad. Our network disaster recovery capabilities AT&T developed its network disaster recovery (NDR) capability specifically to allow rapid service recovery following the catastrophic loss of a network office. Network disaster recovery provides business continuity and recovery capabilities for the AT&T Global Network. AT&T has invested more than 600 million dollars in its NDR program since its inception in 1991; our dedicated recovery fleet now has more than 320 trailers and support vehicles. One of the primary roles of the network disaster recovery organization is to recover the services of an AT&T network office that has been completely destroyed or compromised by a natural or man-made disaster. This type of restoration would exceed the normal capabilities of the AT&T network operations maintenance processes and would require the long-term deployment of specialized equipment and resources. The AT&T NDR Team includes AT&T managers, engineers and technicians who have received special training in the physical recovery of the AT&T network. Members participate in several recovery exercises each year to sharpen and practice their skills using NDR’s disaster recovery equipment and processes. The exercises test as many of the NDR processes as possible, from the initial team call-out, to equipment transportation and set-up, to technology turn-up and testing. NDR has conducted three or four technology recovery exercises in the field each year since the program’s formation. The NDR Team includes members who have been trained as hazardous materials technicians. This training allows them to perform assessment, recovery and maintenance activities in contaminated environments while wearing specialized personal protective equipment. • NDR’s recovery equipment includes a fleet of speciallydesigned semi-tractor trailers that contain the same type of equipment that is normally installed in permanent AT&T offices. These technology trailers can be interconnected to recover the capabilities of a network office that has been heavily damaged or destroyed. The equipment is maintained in and deployed from warehouses strategically located in the U.S. and abroad. • NDR establishes broadband and wireless voice and data connectivity from disaster sites using one or more Emergency Communications Vehicles (ECV). An ECV uses a satellite link to provide NDR with command communications during the initial phase of a recovery effort. The ECVs have also been used to provide command and humanitarian relief communications capability to other emergency responders. • AT&T uses Cells on Wheels (COWs) and Cells on Light Trucks (COLTs), self-contained mobile cell sites, to provide extra cellular capacity to restore communications after a disaster. The mobile sites can be used to replace the service of a failed permanent cell site and they can be used to supplement the cellular capacity of an area that has increased demand. The NDR Team uses Satellite COWs and COLTs to establish firstin communications when terrestrial connections to the AT&T Network are not immediately available. 7 Assess your own level of preparedness with the following questions Mitigate risk, protect mission critical resources Has the organization assessed the impact of a potential disruption? Has the organization analyzed which business processes, applications, facilities, suppliers, workgroups, or vital records are most critical? Has the organization created a strategy to recover from potential impacts? Are new scenarios, threats, and vulnerabilities addressed in your planning process? Has the organization developed and exercised a business continuity plan to mitigate business risk? Is this plan maintained and reviewed with the organization’s response team on a regular basis? Is the plan approved by organization leadership? Are key locations hardened and facilities conditioned? What physical and logical security measures are in place? Do the security measures in place also address potential exposure from cloud and mobile technology? Meet regulatory requirements and customer service level agreements Does the organization or its business partners have regulatory mandated performance or availability service levels? Has the organization complied with all current or regulatory requirements or public policy mandates? Invest wisely Has the organization quantified the potential costs of downtime or total business failure? Has the organization developed sound business cases to optimally invest in risk mitigation? • The NDR fleet includes eight mobile command centers. The trailers can be rapidly deployed and set up within an hour of arriving at a recovery site. The command centers have data and voice communications capabilities (provided by the ECVs) and provide NDR’s incident command team with a fully-equipped and controlled office space during disaster responses. For large and/or long-term responses, a base camp can be established that will provide AT&T responders with access to a full kitchen, a dining facility and sleeping quarters. AT&T has a large inventory of MREs (meals ready to eat) and other supplies set aside for use during emergency responses. Business continuity preparedness — best practices All companies and government agencies, regardless of size, need to identify their mission-critical business processes and effectively manage the risks around them, whether from a pandemic, hurricane, earthquake or any other kind of crisis. Mission-critical business processes are those that enable an organization to provide vital services, exercise civil authority, maintain the safety of the general public, or sustain its industrial or economic base. In addition, the complexities of maintaining mobility and wireless capabilities during a disaster or security threat has become increasingly important for businesses as they consider business continuity planning. Taking a proactive approach to business continuity is essential for being prepared to respond when disaster strikes. Plans should specify redundant systems, back-up sites, employee communications, and alternative work sites. They also should include a process for maintaining customer service, and customer communications immediately following the crisis and proceeding until things return to normal. Business Continuity Management, involves business sustainability through a period of significant interruption caused by a disaster or any other disruptive event. An unplanned interruption could have an impact on national security, citizen services and economic well-being. Business Continuity Management is good business practice because it enables organizations to continue their essential functions across a broad spectrum of hazards and emergencies. It is essential for all types of scenarios ranging from system or component failure caused by a software upgrade to a manmade or natural disaster that broadly impacts an organization’s physical assets, buildings and/or people. Following is a set of key planning principles that apply to business continuity scenarios in the public or private sector. The following outlines six key steps in preparing for any type of business continuity process. The more accurate an organization can be in its planning, the more prepared it will be in the long run. 8 Identify key business processes and impacts The first step is to understand what processes are critical to the business and how different disaster scenarios could impact continuity of operations. For example, how could demand for products and services be affected – will it grow or decline? What is the impact to the organization in terms of leadership, capabilities, security and communications, and what does that mean for the operation of missioncritical functions? The answers to these types of questions could determine the type of response required. This step is vital so that, with delegation of authority or orders of succession established, attention and resources can effectively focus on a rapid response to the situation. Perform risk assessment, risk treatment and management To continue with key business processes in a crisis, it is necessary for an organization to complete a functional risk assessment to help address the essential functions first and make the appropriate investments, in time and money. The risk assessment will identify the processes, resources and suppliers which would have the greatest impact on a company’s ability to serve its customers or an agency’s ability to achieve its mission objectives. It also involves the identification and assessment of the potential threats, the existing vulnerabilities and the probability that a threat will exploit the identified vulnerabilities. This aids in the identification of risk exposure to different components of the organization, so that factbased decision making on mitigation plans can occur. Develop business continuity/disaster recovery (BC/DR) plans and provision DR capabilities Continuity plans should be developed to provide interoperable communication and continuity of key business operations with essential suppliers, or other agencies, until normal operation can be resumed. Delegation of Authority and Orders of Succession support that businesses plan for the loss of leadership so that essential business operations could continue if key executives are incapacitated. Continuity plans should identify not only incremental strategic or procedural changes, but also any gaps in capabilities that need to be addressed. It is important to implement any new capabilities prior to the event occurring, to allow a business to successfully recover at time of disaster. Train, test and exercise Emergency response team members need to be provided opportunities to acquire the skills to perform their assigned business continuity roles. Business continuity plans must be capable of implementation with or without warning. They must be tested on a regular basis and in as real a way as possible to validate their effectiveness when a disaster occurs. This requires the development of a test plan, detailing how a business will test capabilities, as well as an emergency response guidebook. In addition to conducting simulation exercises, recovery strategy implementations are necessary to validate operational effectiveness. Determine recovery strategies The next step is to define the organization’s business continuity strategies. For example, how does the organization want its business to perform and what options are available? Does the organization keep the same service level agreements or does it prioritize work? In addition, alternate facilities and their desirable characteristics must be considered. The results of the risk assessment and the identification of recovery strategies are instrumental in the development of continuity plans to address specific threats. It is also critical that these activities be accomplished in a methodical and consistent way across the organization so that all parts of the business are preparing for the same scenarios, using the same information to certify that the end-to-end plans are effective. 9 Monitor and improve performance Situations evolve over time and are not static. An organization should consider how changes to a situation and the business environment could affect preparedness. To validate that a plan works at the time of a disaster, business continuity plans should be considered an organizational priority and reviewed regularly. In addition, changes to normal operations must also be reflected in business continuity plans and the emergency response guidebook, whether they are system upgrades, process changes or resource restructuring. Planning is essential Build escalating scenarios and perform simulation exercises to identify gaps When a disaster strikes, an organization’s ability to respond quickly and effectively may be critical in protecting its staff, profits, reputation and essential operations. Developing a plan that protects the health and safety of employees and maintains key business processes requires a comprehensive and cross-organizational planning effort. Many organizations are conducting business continuity planning exercises using a range of scenarios to assess the impact of a disaster on their businesses. For example, they may have one scenario designed to simulate a local flood and a second that assesses the impact of a Category F5 Tornado impacting several locations simultaneously. Scenario-based exercises help identify gaps and risks that might not otherwise be obvious. Build scenarios starting with a small event and then move up to one with potential for significant impact. Review and expand existing business continuity plans to include the landscape of threats over larger geographic regions While many organizations have business continuity plans to deal with regional events, they may not be prepared for an event that could occur on a global scale. Existing business continuity plans should be reviewed and supplemented accordingly to meet the needs of a range of threats. Communication is crucial The ability of an organization to withstand a crisis may ultimately rest on the effectiveness of its communications with employees, customers, suppliers and other key interested parties. Senior executives should be ready to deliver the right messages both internally and externally. Utilize credible sources It’s important to identify reliable and credible sources of information early on in the planning process and to track developments. Develop planning phases with trigger points Organizations should create clearly defined responseplanning phases with trigger points for moving from one phase to another. For example, resources such as the Federal Emergency Management Agency (FEMA) can be used as a reference point for disaster and event planning. Similarly, the World Health Organization (WHO) has developed a planning checklist for large businesses that can be used as a reference point for defining phases and trigger points for proactive planning activities. Network solutions for business continuity preparedness require advanced planning and implementation to effectively enable survivability of a firm’s critical operations Organizations should be prepared to respond to additional demands that might result from their continuity plans, such as increased virtual office work and associated increased demand on their Virtual Private Network (VPN). These concerns might include evaluating their current employee usage of the services, maximum expected increase in corporate infrastructure usage under different scenarios, increases in additional services required and employee preparedness for telecommuting. It is also prudent to provide employees who must work in a virtual office scenario with multiple options to access their corporate network. 10 AT&T offers a wide array of business continuity services Solutions for business continuity strategies An increasing number of organizations today are turning to experts for help with business continuity planning. Building on years of experience in managing and maintaining some of the world’s largest and most complex networks (including its own), AT&T offers a wide array of business continuity services designed to provide customers with opportunities for continuous operation and availability of their key business processes, mission-critical applications, data, work centers and networks. The AT&T National Security and Emergency Preparedness (NSEP) portfolio Businesses who provide national security and emergency preparedness services can accomplish their critical missions under the most challenging natural and manmade circumstances with our continuing commitment to support a robust set of NSEP services. In the event of crisis, AT&T has a resilient network with significant capacity that is complimented by robust operations to support NSEP services and NSEP users’ needs. AT&T offers a comprehensive suite of NSEP services, based on the following National Communications System (NCS) Programs: • Telecommunications Service Priority (TSP) • Government Emergency Telecommunications Service (GETS) • Wireless Priority Service (WPS) Further, AT&T is fully committed to providing robust NSEP services and to working closely with the NCS to develop next generation GETS over Internet Protocol (IP). 11 Telecommunications Service Priority The Federal Communications Commission (FCC) established the TSP in 1988 to help determine what circuits should be restored and maintained first in a crisis. Telecommunication circuits most necessary for the nation’s security and emergency preparedness functions are assigned TSP codes by the federal government and are given priority for restoration and installation. AT&T will give critical circuits with assigned TSP codes top priority for restoration, as required by the FCC. TSP establishes the legal basis for Service Providers to act, when authorized by the FCC, on a priority basis in the provisioning and restoration of services supporting NSEP mission requirements. TSP is applicable to services such as dedicated private lines, access lines, dial-tone lines, high-capacity digital systems, and trunks between another carrier’s switching or wireless nodes. TSP is an FCC mandated program that is managed and administered by the Office of Emergency Communications (OEC). AT&T has a designated TSP Point of Contact (POC) to interact with the OEC. AT&T Customer Care Center supports TSP provisioning when orders are received from customers who are authorized by the FCC. Restoring service with TSP restoration priority is accomplished using special handling and escalation processes by the AT&T customer care specialists. Government Emergency Telecommunications Service GETS is a calling card service and is available to Federal, State, Local, and other Government authorized users. GETS calls receive priority treatment in the network and have a high probability of completion when a disaster occurs or in situations that may result in network congestion. Wireless Priority Service AT&T Mobility supports NSEP critical users’ needs for priority wireless call processing that can be enhanced when used with GETS priority treatment in the AT&T portfolio of NSEP services. AT&T Mobility manages all WPS related operations and administration in accordance with NCS guidelines. WPS is offered on a subscription basis to Federal, State, Local and other Government authorized users. WPS users can dial the *272 feature code to queue for priority access to a radio traffic channel and network trunks. In cases where WPS calls terminate on a non-AT&T network; these calls can receive priority handling across the AT&T network. Our business solutions portfolio For organizations looking to update their business continuity plans, AT&T offers a wide array of business continuity services, encompassing disaster planning, risk management, recovery preparedness and communications readiness. In addition, services such as business impact analysis, risk assessments, enterprise hosting, cloud computing application services, and storage solutions, as well as high availability network solutions and network and IT security solutions can be important components of a company’s business continuity plans. The following pages provide information on some of the business solutions that AT&T can provide to support a customer’s business continuity strategies. Each solution provides a synopsis of the Business Continuity/Disaster Recovery challenge and then how AT&T can help address that challenge. It is essential to design and implement these solutions before any type of potential business disruption occurs. Factors such as solution design time, provisioning cycle times and lead times for hardware procurement should all be planned for accordingly. All companies, regardless of size, need to identify their critical business components and effectively manage the risk around them, whether from a hurricane, an earthquake or any other kind of crisis. Unfortunately, many companies are still unprepared. 12 Collaboration – unified communications Natural or man-made disasters can affect the ability of any company to communicate. As businesses implement their continuity plans, they may find they want to consider audio, Web and video conferencing and/or wireless video as part of their overall communications strategy for continued communications and operations as well as emergency response. Business continuity/ disaster recovery challenge During a disaster scenario, organizations may need to provide their employees and customers with alternatives to face-to-face meetings in the event of travel restrictions or social distancing policies. Additionally, organizations may need to disseminate critical business or operational information quickly and unambiguously to specific employees in real-time for effective disaster response coordination. Crisis management by global enterprises in times of regional, national, or global emergencies is critical to effective and consistent execution. 13 How we can help AT&T Unified Communications solutions provide real-time collaboration with others from any location, keeping the lines of communication open in an emergency. Businesses and government department/agencies can incorporate voice, Web, wireless and video into their emergency response communications processes. AT&T Conferencing with Cisco WebEx solution AT&T Conferencing with Cisco WebEx solution offers real-time project collaboration for the critical operation of a business. Employees can communicate and collaborate real-time, viewing and editing documents and sharing applications to support the continuity of business operations. Key decision-makers and colleagues can collaborate on high-profile or emergency projects through an integrated global audio, Web and video conferencing solution, to help keep mission-critical business operations functioning. This HD video solution provides integrated conferencing and collaboration to help facilitate internal and external communication, from an array of devices, including mobile, laptop and multiple video endpoints. AT&T Unified Communications Services (UC Services) A cloud-based communication and collaboration solution that integrates multiple UC and telephony tools such as instant messaging (IM), voice calling, conferencing, and e-mail with presence, behind a single user interface – and makes them available via the AT&T network cloud. Businesses and government agencies are no stranger to disasters. With AT&T UC Services, even before arriving at the scene, emergency response personnel can make decisions about deploying equipment, securing the area and responding to almost any situation. Emergency personnel can use the presence feature to verify who is available and send invitations to join an immediate Web conference utilizing instant messaging. Disaster relief teams can join the Web conference directly from IM, on mobile devices in the field or via desk phone while manning emergency operations centers. Each person can immediately view real-time status reports to plan and prepare recovery efforts. And since UC and telephony applications reside in the cloud, you gain the availability, redundancy and scalability of the AT&T network, helping you respond to disaster management more quickly. Corporate crisis management service For an added layer of security, AT&T offers firms the option of reserving ports on a separate network platform with priority access. This service is designed for critical executive level communications to reach key business decision-makers. Web conferencing services AT&T Conferencing with Cisco WebEx solution allows for real-time project collaboration critical to the operation of a business. The AT&T Web conferencing service adds a layer of communication effectiveness by allowing employees real-time viewing of business documents that support the ongoing continuity of business operations. In the event of an emergency, these same Web conferencing ports are designed to continue to function along with their associated audio conferencing ports and can be utilized for disaster-related collaboration. Key decision-makers can collaborate with an integrated audio, Web, video conferencing solution, on highprofile or emergency projects in order to keep mission-critical business operations functioning. And now you can join an AT&T Conferencing with Cisco WebEx solution using your iPhone® or iPad® from virtually anywhere in the world! 14 Collaboration – messaging How we can help When planning for a pandemic event or any man-made or natural disaster, businesses need to consider their ability to maintain electronic communications, such as e-mail and voicemail. During any type of disaster, maintaining communications with employees, customers and shareholders is critical to managing through an event to keep everyone informed, mitigate panic and maintain critical business functions. In order to minimize the impact of an event, enterprises need to develop a plan to maintain their messaging infrastructure. Hosted messaging AT&T provides hosting and application management services for Microsoft® Exchange in a highly available, global infrastructure. The AT&T server environment with state-of-the art security features, applies sophisticated backup systems to help prevent outages. Storage and networks are based on the AT&T utility computing platform, expanding and contracting as demand fluctuates. Hosted from data centers in the U.S., Europe, and Asia, the AT&T hosted e-mail solution brings ‘enterprise-class’ messaging and collaboration to customers in a scalable, redundant, and cost-effective way. Business continuity/ disaster recovery challenge In many types of disaster scenarios, businesses may need to relocate their local messaging infrastructure outside the impacted geographic area. If the messaging infrastructure is impacted, then personnel outside the affected area will need to assume the responsibility of monitoring and managing the messaging services. In addition, the security of the messaging service needs to remain intact. 15 AT&T has a portfolio of messaging services to support a business during a disaster scenario. Key services include: Secure Email Gateway AT&T Secure Email Gateway (SEG) is a highly scalable, best in class email filtering and threat detection service, employing security tools such as encryption and predictive defense analytics to help keep your network safe from inside and outside threats. SEG is designed to block spam, viruses, and other inbound email threats before they reach your network and to filter outbound email to help protect your company against loss of important information. In the event of unexpected email downtime or disaster, the service also helps address your business continuity needs. Enterprise paging Enterprise paging is a text messaging gateway solution for group notification that works seamlessly with most business notification applications. Enterprise Paging uses the text messaging network, is backed by 24x7 technical support, and enables enhanced response features such as delivery confirmations, longer messages and rapid response prompts. Customers of Enterprise Paging can leverage the dial-up TAP protocol to add redundancy in the event of company e-mail server or Internet failures, and in the event of an on-premise outage the AT&T Business Notification Center Web site can be used as a backup to connect via the Internet from anywhere a connection can be established. Remote access services/ mobility Some studies estimate that if a pandemic becomes a reality, approximately 25-40% of employees may report to work from home due to illness or concerns with infection. For this reason several telework laws were enacted for federal, state and local governments to deploy effective strategies to support availability of personnel resources during an emergency. A Remote Access Plan becomes critical for supporting different types of employees and the applications to which they may need access. This is true for addressing any type of crisis, whether recovering from a natural disaster, such as a hurricane, or dealing with a manmade event such as a public-transit strike. A Remote Access Plan should be implemented in advance, at least in terms of the infrastructure, and include the ability to simply and easily deploy services to end-users on an as-needed basis. When natural disasters and unexpected events occur, it is absolutely vital that businesses respond quickly to maintain their customer service, minimize disruption to their business, and protect their business opportunities. Business continuity/ disaster recovery challenge When disaster strikes, a plan to provide remote access to critical applications is paramount to staying productive. Employees may scatter, whether moving to higher ground in the event of a hurricane or retreating to their home to avoid a pandemic. A Remote Access Plan should be developed and tested in advance to confirm that the different profiles of users have access to the equipment and software they need locally to access the corporate network remotely and scale their network in a timely manner to accommodate the spike in remote users. In addition, users remotely accessing corporate data from a variety of devices, smartphones and tablets introduce another layer of complexity and concern. The ability to manage mobile devices and provide corporate policies is key. How we can help AT&T provides a variety of access and VPN alternatives to meet the needs of multiple profiles. These services are designed to meet the remote access needs of users in both day-today business and in an emergency. Key services include: Remote VPN access AT&T offers a wide array of business continuity services designed to help facilitate your continuous operation including Remote Access to your VPN. This can extend the availability of your critical business processes, applications, data, work centers and networks for your employees. AT&T Network-based IP Remote Access extends your network virtually anywhere Internet connectivity exists and provides near seamless integration of applications and helps scale your remote access infrastructure to accommodate the increase in remote users. In addition, AT&T Network-based IP Remote Access integrates mobile technologies and services as an extension to existing enterprise infrastructure. AT&T also offers SSL (Secure Socket Layer) encryption, allowing end-users access to specific applications via a browser from any location via virtually any device (e.g., Smartphone, PC, laptop, tablet) wherever Internet access is available. AT&T remote access VPN services also supports SSL and is most appropriate for end-users who don’t have access to a company-provided machine and/or only require access to a few Web-enabled applications such as e-mail. Access virtually any time, any place AT&T provides a range of access methods, including Wi-Fi, Wired Ethernet, Wireless, Wireless WAN, ISDN, DSL and DialUp. The AT&T Global Network customer takes the guesswork out of which access method is available by automatically detecting available access methods and connecting in priority order to the first available method. In addition, network congestion is minimized by proactive monitoring of the AT&T network and augmenting capacity as required. Wireless WAN Connectivity As part of a disaster preparedness program, AT&T can provide the ability for enterprises to connect to network resources when wireline solutions are not available or are being restored, reducing the costs associated with downtime. WWAN Connectivity from AT&T provides diverse, cost-effective backup for data applications, quick deployment for remote locations, temporary locations for mobile workers and consistent network connectivity. WWAN offers a truly diverse backup solution for mission-critical data when a landline outage occurs. Plus, with a WWAN solution, businesses can utilize their existing security infrastructure and choose from a number of additional security options for network-to-network connectivity. 16 Mobile Remote Access Mobile Remote Access Services support end-to-end connectivity for corporate networks from any location, using a multitude of devices. It gives all users flexible, highly secure access to corporate assets, thereby empowering a genuinely mobile workforce. The AT&T wireless network provides the coverage, performance, security and convenience enterprise customers need. We can support multiple current and most popular platforms, with options for laptops, embedded devices, integrated devices, smartphones, tablets and the use of mobile hot spots. The AT&T Global Network customer provides a simple user interface, with one-click network access and integrated VPN support. And AT&T VPN solutions offer a wide variety of service levels and network configurations, all supported by our global MPLS-enabled network. Customers can quickly configure and deploy their devices where and when they need them in areas where there is wireless, Wi-Fi or dial-up access so that users can connect while they are on-the-go or if displaced in the event of a disaster. Wireless Push-To-Talk AT&T Enhanced Push-to-Talk customers value the convenience and productivity of being able to set up individual or group calls with the push of a button and instantly communicate a message over the speaker of the recipient’s handset. This saves them time as they no longer have to dial, answer and go through greetings, etc., before communicating. For example, in an emergency, a dispatcher can communicate location and instructions over Push-to-Talk faster than it would take most emergency responders to answer a ringing phone. For repair crew, receiving messages on their handset without having to hold a phone and make a connection is more convenient and allows them to continue working while talking. 17 Enterprise Mobile Management (EMM) When developing a disaster preparedness plan, consideration must be given to users and the disparate devices and operating systems they are using to access the organization’s infrastructure, as well as the sensitivity of the corporate data being accessed. AT&T provides enterprise mobile device management and security solutions that empower IT managers to set policies, lockdown applications, expand on-device encryption, distribute software, conduct device diagnostics, understand inventory, and more. These comprehensive, scalable device management and security solutions provide IT managers with the capabilities to help protect corporate data on a dayto-day operational basis, as well as in an emergency. AT&T also offers professional services options to assist IT managers with developing a holistic mobile strategy - from consulting, design and development, to deployment and support. AT&T Private Mobile Connection AT&T provides reliable standards-based connectivity between enterprise data center locations and its wireless network. It is through connections that data traffic from wireless devices can be aggregated into one or more AT&T locations and transported to customer data centers. Geo-redundancy within the wireless network from AT&T allows traffic to be shifted to unaffected locations during disaster scenarios. By using this product as part of a business continuity solution, a customer’s network and security infrastructure can be economically utilized to help support continued service during times of emergency. AT&T Private Mobile Connection enables the seamless use of wireless applications during disaster recovery scenarios, providing the security features and reliability elements that enterprises require regardless of transport medium. Crisis phone program/voluntary suspend As an integral part of disaster preparedness planning, AT&T offers customers a Crisis Phone Program to facilitate remote access and mobility. This program provides devices for organizations to use solely in emergencies. Enterprise customers can manage costs by keeping devices on-hand in a “voluntary suspend” mode, ready to be activated only when a crisis or emergency arises. Contact center When natural disasters and unexpected events occur, it is absolutely vital to minimize risk to employees, operations and protect essential assets. With a contact center serving as the front door to the business, maintaining a fully functional contact center can be the lifeline for how enterprises manage through crisis events. Business continuity/ disaster recovery challenge Businesses need to be protected against all of the vulnerabilities to a contact center that arise when disaster strikes. Networking infrastructure needs to be highly resilient. Call routing needs to be flexible and adaptive in the event of limited resources. Call completion needs to be streamlined and highly automated to minimize agent involvement when people are impacted. How we can help AT&T Contact Center Services are ideally suited to help businesses respond quickly to unexpected events. Through an array of advanced capabilities, AT&T Contact Center Services work to support continued customer operations. With highly-skilled Consulting and Integration Solutions resources, AT&T works with businesses throughout the Contact Center life cycle, from pre-planning all the way to day-to-day operations for end-to-end optimization to enable continued and non-disrupted business activities. Our networking services are highly-scalable and resilient. The AT&T portfolio of call routing solutions allows calls to be automatically delivered to the appropriate destination. With an array of automation services, call fulfillment can be accomplished in a highly efficient and effective manner. AT&T uses a “predictive, preventive and proactive” approach through its network service offerings. Based on predicting problems in advance and building intelligent systems and alarms into the network, AT&T initiates rules and procedures to provide network availability for uninterrupted service. AT&T has a number of product and service offerings that specifically address the challenges of business continuity including offers hosted in the AT&T network or premises-based at the customer site and options for fully dedicated or shared environments. Within the toll-free network, AT&T provides a number of solutions that give customers a high degree of flexibility and control when using either traditional delivery methods or IP. Solutions offered within the AT&T toll-free network include: AT&T Route It!® Provides organizations with the ability to manage toll-free calls virtually any way they need. As the need to respond to emergency situations arise, businesses can develop new routing plans and invoke alternate business rules to direct calls to the most available resources at the time. Alternate destination routing Provides predefined network routing schemes that automatically redirect calls when a busy or ring-no-answer condition is encountered. Next available agent routing and network queuing The combination of these two capabilities provides businesses the ability to queue calls in the AT&T network and route to the customer location when agents become available. This feature extends and enhances the traditional premises-based capabilities and allows callers to wait for an available resource when active agents are unavailable. SIP routing Utilizing network-based Session Initiation Protocol (SIP) routing capabilities of our IP toll-free offering provides the ability to get customers to the right customer service centers that are available to address their needs the first time. AT&T Contact Center Services Provide a variety of hosted and managed service offerings that enable continued business operations during disruptive situations. These offerings include hosted and managed services that provide voice enabled self-service applications, automated routing, and multi-channel customer contact functionality. Our Contact Center Services also provide quick and immediate response to adverse and unexpected conditions while maintaining customer service. The dynamic distribution of call flows reduces the risk of single-point-of-failure within the call center environment. Businesses can face uncertainty with confidence knowing that their customerfacing operations are backed by world-class network reliability and resiliency. 18 Hosting & application management When planning for any type of disaster, public and private sector establishments need to consider a geographically diverse strategy for maintaining availability and access to mission-critical applications. During an event, hardware, software, processes and personnel can be adversely impacted. In order to mitigate this risk, customers need to develop a plan to quickly re-establish their application infrastructure and recover data. Business continuity/ disaster recovery challenge In a disaster scenario, such as an earthquake or terrorist attack, businesses may need to temporarily fail-over applications and infrastructure to another geography. In the event of a pandemic, local personnel responsible for the applications and infrastructure could be impacted. Firms need to have the ability to turn up application instances and infrastructure, rapidly recover data and vital records, and maintain the availability of their mission-critical applications. How we can help AT&T offers an unparalleled breadth of application management and hosting services, as well as associated consulting services, to support application availability and high availability access to critical data and applications. AT&T also offers a complete range of storage services to meet recovery time and recovery point objectives. However, for the purposes of planning for Business Continuity/Disaster Recovery, there are a few services that should be strongly considered: Hosting services AT&T provides flexible hosting solutions so critical business data and applications remain accessible and high-performing. AT&T has the ability to design, implement, monitor, manage and report on the availability and performance of infrastructure, servers and applications. With diverse capabilities such as collocation, managed hosting, utility computing, and Web hosting, AT&T meets the diverse needs of organizations that need to create a comprehensive recovery strategy. In addition, AT&T provides highly-reliable conditioned space that has direct access to the AT&T Global IP Network for immediate access to your infrastructure and applications. Cloud services AT&T Cloud Services provide a flexible, cost-effective alternative for delivering IT services – in a way that complements existing systems, staff and processes. Procurement and deployment normally takes time and ties up internal staff. With self-service provisioning, AT&T cloud solutions let organizations sign up online and tap into virtual AT&T infrastructures within minutes. You can launch new services, applications and projects rapidly and expand access, capacity and performance on-demand, while you view and monitor consumption via a Web-based portal. Application management AT&T manages and provides ongoing support for the key software applications companies rely on, specializing in managed enterprise software solutions, eCommerce, and messaging applications. AT&T hosts and manages mission-critical applications, including maintaining replication and disaster recovery for the applications that help businesses operate. AT&T proactively monitors, maintains, provides help desk support, patches, fixes and updates applications – so that in the event of a disaster, customers can concentrate on their core business rather than getting their applications up and running. Managed data storage services AT&T provides primary storage through its Ultravailable® Storage and Storage Plus services for customers who either co-locate or host their IT infrastructure within an AT&T Internet Data Center (IDC). AT&T also offers backup and recovery data storage services through its tape and disk backup and restore capabilities which provides businesses with 19 a highly secure and recoverable environment for their data. A Web interface provides the ability to manage and restore data, as needed. Backup copies can be directed to a specified location or an AT&T Internet Data Center. Data mirroring/replication For synchronous mirroring/replication requirements, customers may elect to use AT&T Ultravailable® Network as a high-end, highly-available, fault tolerant, fully redundant, optical networking solution. Content distribution AT&T Content Delivery Network service replicates and distributes your Web page content, files for download, and live and on-demand video, allowing you to efficiently distribute your content to your customers and significantly improve your Web site’s capacity, reliability and performance. So even if your Web server or data center fails, you can count on AT&T to continue to distribute your content hosted in our network of streaming and caching EDGE servers. Digital signage AT&T Digital SignageSM service is a managed solution that delivers your multimedia message content, interactive wireless Apps, and content creation services. The Service is very flexible in scalability as it leverages your firm’s internal unicast or multicast distribution network or Internet connectivity. AT&T Digital SignageSM service includes full life cycle support for design, global deployment, monitoring, maintenance, and break-fix. AT&T even provides support to create the content that will be played on the signs and how to leverage marketing techniques for customer interaction. Consulting services (AT&T consulting) As part of their Cloud and Data Center Transformation practice, AT&T Consulting provides a broad portfolio of Business Continuity/Disaster Recovery (BC/DR) services to our customers: AT&T Consulting possesses a team of industry-leading, certified and experienced business continuity experts to facilitate the creation of a Risk Assessment (RA), Business Impact Analysis (BIA) and a Business Continuity Plan (BCP), which also addresses the necessary Disaster Recovery Plan (DRP) for our customer’s environment. The DRP provides the necessary Runbooks and Continuity of Operations Processes (COOPs) which are required to successfully execute the DRP and recover mission-critical voice and data services. The COOPs also address the processes you may execute in response to the loss of a critical facility as well as situations where access to the critical facility is blocked or hampered by the disaster event. One factor that is frequently overlooked in the design and implementation of DR solutions is the integration of the DR environment into the production environment from an operational perspective. These environments must be instrumented and monitored as if they are part of the production environment. As part of our methodology, AT&T Consulting addresses how the DR solution will be integrated into the production environment and also helps ensure that the DR environment is capable of being managed and monitored on the DR site as well as remotely at a Global Operations Center. The AT&T Consulting team has the flexibility to either create BCPs where none currently exist or to evaluate and modify existing BCPs. They will also confirm that critical enterprise business processes have documented BCPs that are updated and tested on a regular basis. Table Top Plan exercises are designed around specific scenarios to test the viability and capability of the plans, as well as to train key executives on their responsibilities during a disaster. The maintenance of the BCP and regular Table Top test execution are focused on the concept of continuous improvement of the BCP with the objective of achieving continuous business operations. • BC/DR Strategy and Roadmap Engagements • BC/DR Infrastructure Assessments • BC/DR Application Assessments • BC/DR Facility Assessments • BC/DR Design and Integration Services 20 AT&T enterprise recovery services Maintaining a business continuity and recovery program requires expertise and resources that may not be readily available in-house. Enterprise Recovery Services from AT&T offer a full portfolio of subscriptionbased disaster recovery services for systems and user work locations for businesses to remain prepared for any unplanned event that impacts their company’s operations. Business continuity/ disaster recovery challenge A business depends on constant, uninterrupted access to key applications and critical data. To mitigate the repercussions of a disaster, business continuity and recovery planning is essential to support continued access to business processes. Not only is it important to understand what to recover, whether it is information systems or work group space for employees that have been displaced by a disaster, it is also necessary to know where information systems will be reconstituted or end-users supported. How we can help AT&T offers a choice for recovery utilizing center-based, mobile-based or subscriber location-based recovery options for information systems and employees, telecommunications capabilities and IT resources. Key services include: Systems recovery AT&T ERS System Recovery solution is ideal for organizations that need to recover distributed systems, Intel®-based platforms, and/or mainframe systems. The solution supports over 30 current and legacy platforms, as well as sophisticated storage environments, and the network to keep it all connected. End-user recovery AT&T End-User Recovery Service is ideal for organizations that need alternate workspace for their employees, telecommunications capabilities and IT resources to recover their business processes. End-User Recovery resources includes space, equipment and voice and data communication lines. ERS solution delivery options: • Center-based recovery solution This solution offers office space and conditioned IT facilities strategically located throughout North America where the affected employees or COOP personnel can quickly resume business operations in the event of loss or disruption of their location. • Mobile-based recovery solution The mobile recovery center solution is designed to save businesses time and to keep their employees closer to home. During a disaster, personnel can focus on assessing the extent of damage caused by the disaster and implementing the contingency plan, while the AT&T-provided Mobile Recovery Center is en route to their specified location. Mobile Recovery Centers are equipped with office space, communications and open systems. The mobile recovery center can be configured with generator power as well as satellite communications. • ERS quick ship This solution will quick ship pre-specified equipment to the customer specified site at time of disaster. 21 Managing network security When planning for any catastrophic event, security should be at the top of the list of services to review. Recovery time and data integrity are paramount to business operations. In order to minimize the impact of an event, alternatives to local or premisesbased solutions should be evaluated. Business continuity/ disaster recovery challenge During a natural or man-made event, businesses may have new temporary locations and significantly increased numbers of employees accessing their network from remote locations. More than ever, businesses will be faced with the need for better secured access to their corporate WANs and LANs. In addition, local security infrastructure and trained personnel could be impacted by the event. Businesses need to have the ability to monitor and manage the security infrastructure during the event. How we can help With extensive security experience, and a variety of security resources, AT&T is well equipped to help protect a firm’s WAN, LAN and Remote Access services. For the purposes of Business Continuity/Disaster Recovery planning, there are a few capabilities that firms should strongly consider. Key services include: Firewall protection The experts at AT&T can help design and implement premises-based and network-based firewalls that will help detect and filter out malicious traffic in the network before it gets to a customer’s premises. AT&T can also provide a network-based firewall solution that allows remote workers as well as LAN users to access corporate applications in a highly secure manner. In addition, AT&T offers an Endpoint Security service that is located on the users’ desktops or notebooks and provides a means of maintaining the customer’s corporate security policy by helping to protect the endpoint as well as the corporate network from various threats and malware. The goal of AT&T is to help organizations maintain their network security during an event. Intrusion detection/prevention AT&T Managed Intrusion Detection/Prevention Service helps protect the networking infrastructure by detecting and responding to unauthorized attempts to access the customer’s network. The hardware/software application is connected to the AT&T Security Operations Center where service technicians support round-the-clock surveillance. When a pattern of misuse is detected, the system quickly and automatically responds according to predefined policies to send an alert and take immediate action. DDoS Defense AT&T Distributed Denial of Service (DDoS) Defense helps detect and mitigate DDoS attacks. DDoS identification and mitigation takes place within the AT&T IP backbone providing increased DDoS protection from malicious traffic before it reaches the customer’s network. If a volumetric denial of service attack is detected, the traffic will be routed to a network mitigation scrubbing facility, where the malicious DDoS attack packets are identified and dropped while the traffic determined to be valid is allowed to pass to the customer. Bundled firewall, email and web security AT&T Secure Network Gateway (SNG) is a cloud-based security service that includes AT&T Network-based Firewall Service, AT&T Secure Email Gateway Service and AT&T Web Security Service. With Secure Network Gateway, customers have tools to help them protect their e-mail from viruses, worms, and spam; manage Internet access with firewalls; block Web-born malware from corporate networks; and receive alerts about possible attacks. 22 Mobile security AT&T Mobile Security network-based features help maintain compliance with government regulations, enforce corporate security policies, and simplify the management of personal or enterprise-owned devices. AT&T Mobile Security provides anti-virus, anti-malware, and anti-spam capabilities, loss and theft protection, and application monitoring and control. Device management features that quickly and easily protect, manage, and locate lost mobile devices are also included. These solutions also provide consistent application of your corporate security policy when your wireless device connects back to your network. You can validate that your wireline and wireless devices adhere to the same security policies. AT&T provides a range of MDM solutions and professional services that empower IT managers to set policies, lockdown applications, expand on-device encryption, distribute software, conduct device diagnostics, understand inventory, and more. These comprehensive, scalable device management and security solutions provide IT managers with the capabilities to help protect corporate data on a day-to-day operational basis, as well as in an emergency. AT&T Threat Manager – Log Analysis (TMLA) AT&T Threat Manager – Log Analysis (TMLA) delivers near real-time log monitoring, correlation and expert analysis of security activity across your organization. This service helps to improve the effectiveness of customer’s security infrastructure by actively analyzing logs and alerts from the customer devices in near real time, 24x7. Our experts provide prioritization and notification around high and critical severity security incidents. At the core of this solution is AT&T Threat Intellect: The culmination of eight global security operations centers, our advanced data analytics and the rapid results of machine learning. One of the benefits this overarching solution brings to your organization is reduced noise of traffic at volume, helping to improve your security infrastructure by actively analyzing logs and alerts from your devices in near real time, 24x7x365. AT&T Threat Manager – Log Analysis provides a broad view of the security in your network by helping to efficiently correlate alerts from multiple devices and device types across the entire enterprise: • Utilizes AT&T proprietary data and insights, and 3rd party feeds • Distills billions of raw logs to a few cases • Helps detect threats earlier • Implementation support can be added and provided by AT&T consulting for asset identification and implementation verification 23 More information on all of these business solutions can be found at the following URLs: att.com/security wireless.att.com/businesscenter AT&T customer support Communications During a disaster scenario, AT&T communicates with its customers through a variety of vehicles including, AT&T BusinessDirect® | AT&T Premier, AT&T Vital Connections, broadcast e-mails, individual e-mails or phone calls from AT&T representatives, and Interactive Voice Responses. Methods of communication vary based on the severity and proliferation of an event. AT&T communicates internally when an event occurs and then communicates with its customers as appropriate information becomes available. In addition, customers can obtain updates directly from AT&T in a self-service fashion using att.com as the front door to any updates regarding events. As a standard feature on att.com, there is information about business continuity, both about how AT&T is prepared and ready through its NDR exercises, and about services that are available to customers for their preparedness requirements. AT&T BusinessDirect® | AT&T Premier AT&T BusinessDirect® | AT&T Premier is a suite of powerful online tools that can be particularly helpful for both communications and self-servicing for AT&T customers during times of disaster. These tools can be used to reroute network traffic, test circuits, report and track service problems, place emergency orders, and perform other customer service related tasks. It is important to be prepared to be able to use the tools when they are needed. Therefore, customers should confirm they have access to and are familiar with the portal before an unexpected incident occurs. Customers can obtain access to the portal through their AT&T account representatives. During a disaster, AT&T will post critical information and messages for customers on the AT&T BusinessDirect® | AT&T Premier for easy access. There are several ways in which businesses can use AT&T BusinessDirect® | AT&T Premier, as depicted in the following table. AT&T BusinessDirect® | AT&T Premier online tools may be used within business continuity planning and recovery efforts. 24 AT&T BusinessDirect® | AT&T Premier online tools may be used within business continuity planning and recovery efforts AT&T BusinessDirect® capabilities Tool name Applicable service(s) Call routing • Control Toll-Free Routing • AT&T Toll-Free Service • Make changes to existing routing plans in near real-time. Shift toll-free traffic to other contact centers to maintain customer service • Route It!® • Establish new routing plans. Add new terminations in near real-time and begin routing terminations almost immediately eMaintenance • AT&T BusinessDirect Map • Check networks for outages in near real-time • AT&T BusinessDirect eMaintenance • Test circuits to see if they are performing properly • Most Domestic and International Data Services • Outbound Switched Voice Service (EM only) • Submit trouble tickets to initiate repairs quickly • Domestic and International Toll-Free Readyline Service • Invoke Service Assurance Plans – toll-free call routing plans that are prepared in advance • Dedicated Voice Service • Domestic and International Toll-Free MEGACOM Service • Most AT&T Managed Services eOrdering • AT&T BusinessDirect eOrder • Most Domestic Voice and Data Services • Move, add, change and disconnect services on AT&T network • AT&T BusinessDirect Map • AT&T Toll-Free Service • IP-Enabled Frame Relay and ATM Services • Receive up-to-date network inventory • Get near real-time status on orders Performance reporting and monitoring • Analyze and Monitor Call Data • Frame Relay Service • Originating and terminating details on calls reaching the customer’s premises • Analyze Toll-Free Call Attempts – Real-Time • ATM Service • Summary information on call attempts to the customer’s toll-free number • AT&T BusinessDirect Map • IP-Enabled Frame Relay and ATM Services • Near real-time information on AT&T High-Speed Packet Service ports and PVC usage • Monitor data circuits: for T1 circuits, configuration, performance and fault monitoring; for T3 circuits, configuration and fault monitoring • Near real-time fault notification on trunk and carrier outages • Site availability for routers; site-to-site latency by Class of Service; near real-time usage for site latency and packet delivery by COS 25 • Customer Network Management Service/Web Reports Interface • iGEMS T1-T3 Monitor • IP Network Usage Reports Monitor and Control Voice Performance • Private Line Service • Domestic and International Toll-Free Voice Service • Dedicated inbound and outbound domestic long distance voice trunk groups • AT&T Enhanced VPN Service • AT&T Advanced VPN Service How online tools to manage your wireless environment may be used within business continuity planning and recovery efforts Premier enterprise portal Tool name Applicable service(s) • Purchase, move, add and change wireless services, features and devices during and after a disaster based on customer’s contract and device preferences • Premier Resource Center, Premier Online Care • Most Enterprise Wireless Voice and Data Programs and Services • Individual, Corporate and Telecom Manager Online Stores • End-user self service for online wireless account management, bill payment and care any time Online activation, SIM inventory management and simplified billing • Enterprise On-Demand Service For large wireless data deployments such as: • Field Service; ruggedized devices • Order inactive data Subscriber Identity Module (SIM) cards online before disaster strikes • Telemetry; meter reading devices • Online activation of the SIMs needed during an emergency • Point of Sale; merchant devices • Dedicated Voice Service • Mobile Professionals; LaptopConnect cards • Online Billing – view a simplified bill • Online ticket entry, status and reporting • Coverage Viewer Service coverage maps • Provides interactive wireless network coverage map detail for wireless voice, data and partner networks • AT&T-owned GSM, GPRS and EDGE wireless network service • 3G/4G HSPA+/4G LTE wireless network • Zoom to the street level to help establish service expectations if company resources are displaced • Unaffiliated carriers, partner coverage Wireless service not available in all areas. Due to transmission, system and other limitations, wireless service may not be accessible at all times. Offer(s) subject to change. Additional restrictions apply. See https://www.wireless.att.com/businesscenter/solutions/ for more information. Additional information It’s important to identify accurate sources of information for preparedness efforts. The AT&T Web site, Vital Connections, provides disaster and business continuity resources providing guidance and assistance in addressing your needs. Additional information on Business Continuity planning can also be found on AT&T Networking Exchange, the following government and agency Web sites and by contacting your AT&T Representative. AT&T sites: • AT&T Vital Connections att.com/vitalconnections • AT&T Networking Exchange att.com/networkingexchange/ businesscontinuity Non-AT&T sites: • BCI Standards and Guidelines thebci.org • Federal Emergency Management Agency (FEMA) - Ready ready.gov • Federal Emergency Management Agency (FEMA) fema.gov • Federal Emergency Management Agency (FEMA) PS-Prep fema.gov/privatesector/ preparedness • NCS - TSP Program Office tsp.ncs.gov • NOAA North Atlantic Hurricane Outlook noaa.gov • U.S. Health and Human Services pandemicflu.gov • World Health Organization who.int • Centers for Disease Control and Prevention (CDC) cdc.gov • National Security Telecommunications Advisory Committee (NSTAC) dhs.gov/nstac • AT&T Doing Business with us att.com/dbw 26 06/20/16 AB-0771-09 ©2016 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. The information contained herein is not an offer, commitment, representation or warranty by AT&T and is subject to change.