Hong Kong Baptist University

Size: px
Start display at page:

Download "Hong Kong Baptist University"

Transcription

1 Hong Kong Baptist University Disaster Recovery Standard FOR INTERNAL USE ONLY Date of Issue: JULY 2012

2 Revision History Version Author Date Revision 1.0 Information Security Subcommittee (ISSC) July 2012 Initial Version Copyright Statement All materials in this document are, unless otherwise stated, the property of Hong Kong Baptist University ( HKBU or the University ), and protected by the copyright and other intellectual property laws. Reproduction or retransmission of the materials, in whole or in part and in any manner, without the prior written consent of HKBU, is an offence under the relevant laws. FOR INTERNAL USE ONLY - 2 -

3 1. Policy Statement HKBU shall develop a comprehensive Disaster Recovery Plan ( DRP ) to enable the sustained execution of centralised while mission-critical information technology ( IT ) services against any disasters, such as fire, vandalism, natural disaster, or system failure, etc. 2. Objective The objective of this document is to provide guidelines for the development of a comprehensive DRP. 3. Disaster Recovery Process The University shall develop a disaster recovery process, defining the rules, processes, and disciplines, to ensure that the critical IT services will continue to function if there is a failure of any kind. The main elements of the process should include: Identification of critical information resources contributing to the provision of the services, determination of the interdependencies among them and how the University business would be affected by their outage; Identification and rating of areas of vulnerability based on risk assessment; Mitigation of risks by developing system resilience; and Developing, documenting and testing DRPs; The Office of Information Technology ( ITO ) and respective departmental IT units should conduct a risk and business impact analysis on their information resources, including but not limited to IT infrastructure, hardware and software, data and information, and application systems. After analysing the potential risks, priority levels for the recovery should be assigned to each identified resource area on the basis of their importance and criticality to the University. FOR INTERNAL USE ONLY - 3 -

4 The following table can be used to classify the severity level of the resource areas involved: Classification Description a Mission Critical Critical for accomplishing the vision and mission of the University Can be performed only by computer processing No alternative manual processing capability exists Must be restored within 36 hours (Remarks: If need to be performed by computers only (automatic), the disaster recovery cost will be very high Assume the disaster recovery site is ready Department query about the disaster recovery site (provided by ITO or not) b Critical Critical for accomplishing the work of the University Primarily performed by computer processing Can be performed manually for a limited time Restoration process must start no later than 36 hours, and be completed within 5 days after the disaster has happened c Essential Essential in completing the work of the University Performed by computer processing Can be performed manually for an extended time period Can be restored as early as 5 days after the disaster has happened, but can afford to take a longer time d Non-critical Non-critical for accomplishing the work of the University Can be delayed until the damaged site is restored and/or a new computer system is purchased Can be performed manually ITO and respective departmental IT unit should produce a complete list of equipment, locations, vendors, and points of contact that are necessary for recovery of the Mission Critical and Critical resource areas after the disaster. A DRP should be developed thereafter by related units. FOR INTERNAL USE ONLY - 4 -

5 4. Disaster Recovery Plan The focus of a DRP is to restore the operability of the systems that support mission-critical and critical IT services which may have serious impact on the normal operations of the University. The DRP shall identify the resource areas to be covered, with detailed recovery procedures. The responsible staff should be recorded with clear areas of responsibility and line of accountability. According to the level of severity, different data/systems backup and recovery processes should be imposed. Proper records on the recovery incidents should be properly kept in a systematic way for audit purpose and problem tracing. 5. Data and Systems Backup In avoiding any loss of data, a set of comprehensive data and systems backup should be imposed which include: computer systems including applications and servers must be centrally backed up on a daily, weekly, monthly and yearly basis by rotating set of backup media. backup media, such as tapes, must be stored off-site in a secure fire-proof location. a daily log of all backups must be recorded in a log file and kept within the server room. data must be stored on the central server wherever possible to ensure that daily backups (or backups at other appropriate intervals) are taken. where data is stored on a standalone PC or a laptop, it is the responsibility of the owner of the PC and/or data to ensure that the data are securely and properly backed up. applications and hardware must have appropriate hardware and software support contracts in place. Uninterruptible power supply should be installed to protect data and hardware systems from damage due to electricity/generator facilities failure. data network connection to server rooms of critical systems must be designed for system resilience to prevent destruction of a particular network system/path which in turn will lead to failure in accessing critical University data. in case of a disaster that renders the data centre unusable, alternative arrangements for an appropriate disaster recovery site or a temporary computer room must be in place. documented procedures should be prepared for system housekeeping activities associated with computer and network management, such as start-up and shut-down procedures, data backup, equipment maintenance, computer room management and safety. FOR INTERNAL USE ONLY - 5 -

6 6. Testing, Review and Update Since the operations of the University and its IT infrastructure and information systems keep changing from time to time, the DRP should therefore be reviewed and updated at least annually to ensure that it is in alignment with the prevailing business objectives/requirements, and has taken into account the changing information resource environment. Periodic testing of the DRP should be performed in a simulated environment to ensure that it can be implemented in emergency situations, and that the University s senior management and all respective staff members understand their roles and know how the DRP is to be executed during the disaster. Test results should be reviewed and be used to update the DRP accordingly. 7. Summary The principal objective of the disaster recovery program is to develop, test and document a wellstructured and easily comprehensible plan which will help the University recover the operability of the systems that support mission-critical and critical business processes to normal operation as quickly as possible from an unforeseen disaster or emergency. The ITO/departmental IT management should ensure that an appropriate and up-to-date DRP be ready at all times to minimise the potential impact to mission-critical processes of the University/respective departments. FOR INTERNAL USE ONLY - 6 -

Hong Kong Baptist University

Hong Kong Baptist University Hong Kong Baptist University Guidelines for Development and Maintenance of University/Departmental Websites FOR INTERNAL USE ONLY Date of Issue: MAY 2014 Revision History Version Author Date Revision 1.0

More information

How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%.

How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%. How to write a DISASTER RECOVERY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A DRP AND HOW CAN IT HELP MY COMPANY? CHAPTER PREPARING TO WRITE YOUR DISASTER RECOVERY PLAN

More information

SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT 11-02. IT Backup, Recovery and Disaster Recovery Planning

SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT 11-02. IT Backup, Recovery and Disaster Recovery Planning SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT 11-02 IT Backup, Recovery and Disaster Recovery Planning Executive Summary Introduction As part of the 2011/12 Audit Plan and following discussions

More information

Disaster Recovery Policy

Disaster Recovery Policy Disaster Recovery Policy INTRODUCTION This policy provides a framework for the ongoing process of planning, developing and implementing disaster recovery management for IT Services at UCD. A disaster is

More information

SCOPE; ENFORCEMENT; AUTHORITY; EXCEPTIONS

SCOPE; ENFORCEMENT; AUTHORITY; EXCEPTIONS Title: DRAFT USG Continuity of Operation Plan Policy Policy Number: 2009-Julian Date Topical Security Area: Document Type: Standard Pages: Words: Lines: 5 1,387 182 Issue Date: May-09 Effective Date: Immediately

More information

DRAFT Disaster Recovery Policy Template

DRAFT Disaster Recovery Policy Template DRAFT Disaster Recovery Policy Template NOTE: This is a boiler plate template much information is needed from to finalizeconsider this document pre-draft FOREWARD... 3 Policy Overview...

More information

SECTION 15 INFORMATION TECHNOLOGY

SECTION 15 INFORMATION TECHNOLOGY SECTION 15 INFORMATION TECHNOLOGY 15.1 Purpose 15.2 Authorization 15.3 Internal Controls 15.4 Computer Resources 15.5 Network/Systems Access 15.6 Disaster Recovery Plan (DRP) 15.1 PURPOSE The Navajo County

More information

Disaster Recovery Plan Documentation for Agencies Instructions

Disaster Recovery Plan Documentation for Agencies Instructions California Office of Information Security Disaster Recovery Plan Documentation for Agencies Instructions () November 2009 SCOPE AND PURPOSE The requirements included in this document are applicable to

More information

Education and Workforce Development Cabinet POLICY/PROCEDURE. Policy Number: EDU-06 Effective Date: April 15, 2006 Revision Date: December 20, 2012

Education and Workforce Development Cabinet POLICY/PROCEDURE. Policy Number: EDU-06 Effective Date: April 15, 2006 Revision Date: December 20, 2012 Education and Workforce Development Cabinet POLICY/PROCEDURE Policy Number: EDU-06 Effective Date: April 15, 2006 Revision Date: December 20, 2012 Subject: Backup Procedures Tower and Server Farms Policy:

More information

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS) Information Technology Disaster Recovery Policy Policy Statement This policy defines acceptable methods for disaster recovery planning, preparedness, management and mitigation of IT systems and services

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

IBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public]

IBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public] IBX Business Network Platform Information Security Controls 2015-02- 20 Document Classification [Public] Table of Contents 1. General 2 2. Physical Security 2 3. Network Access Control 2 4. Operating System

More information

Technology Recovery Plan Instructions

Technology Recovery Plan Instructions State of California California Information Security Office Technology Recovery Plan Instructions SIMM 5325-A (Formerly SIMM 65A) September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF

More information

EDP HOSTING SERVICES Reducing Your Costs & Protecting Your Business

EDP HOSTING SERVICES Reducing Your Costs & Protecting Your Business EDP HOSTING SERVICES Reducing Your Costs & Protecting Your Business Cost-effective, client focused, business solutions. Building relationships for business growth Considering outsourcing your computing

More information

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1 AUDITING A BCP PLAN Thomas Bronack Auditing a BCP Plan presentation Page: 1 What are the Objectives of a Good BCP Plan Protect employees Restore critical business processes or functions to minimize the

More information

Disaster Recovery and Business Continuity Plan

Disaster Recovery and Business Continuity Plan Disaster Recovery and Business Continuity Plan Table of Contents 1. Introduction... 3 2. Objectives... 3 3. Risks... 3 4. Steps of Disaster Recovery Plan formulation... 3 5. Audit Procedure.... 5 Appendix

More information

State of South Carolina Policy Guidance and Training

State of South Carolina Policy Guidance and Training State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Business Continuity Management Policy June 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy

More information

Tufts Health Plan Corporate Continuity Strategy

Tufts Health Plan Corporate Continuity Strategy Tufts Health Plan Corporate Continuity Strategy July 2015 OVERVIEW The intent of this document is to provide external customers and auditors with a highlevel overview of the Tufts Health Plan Corporate

More information

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain 1. What is the most common planned performance duration for a continuity of operations plan (COOP)? A. 30 days B. 60 days C. 90 days D. It depends on the severity of a disaster. 2. What is the business

More information

San Francisco Chapter. Information Systems Operations

San Francisco Chapter. Information Systems Operations Information Systems Operations Overview Operations as a part of General Computer Controls Key Areas of focus within Information Systems Operations Key operational risks Controls generally associated with

More information

CENTER FOR NUCLEAR WASTE REGULATORY ANALYSES

CENTER FOR NUCLEAR WASTE REGULATORY ANALYSES Page 1 of 5 ELECTRONIC FILE ARCHIVAL AND BACKUP PROCEDURES EFFECTIVITY AND APPROVAL Revision 1 of this procedure became effective on July 6, 2004. This procedure consists of the pages and changes listed

More information

Disaster Recovery Planning

Disaster Recovery Planning Disaster Recovery Planning This is a brief guide, with a suggested table of contents, to help you get started with putting together your Disaster Recovery Plan (DRP) Pensar can assist you in completing

More information

Our Colorado region is offering a FREE Disaster Recovery Review promotional through June 30, 2009!

Our Colorado region is offering a FREE Disaster Recovery Review promotional through June 30, 2009! Disaster Recovery Review FREE Promotional Offer Our Colorado region is offering a FREE Disaster Recovery Review promotional through June 30, 2009! This review is designed to help the small business better

More information

ICT Disaster Recovery Plan

ICT Disaster Recovery Plan 7 Appendix A ICT Disaster Recovery Plan Definition of a Disaster A computer disaster is the occurrence of any computer system or associated event which causes the interruption of business, leading in the

More information

TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY FREQUENTLY ASKED QUESTIONS OVERVIEW CORPORATE CONTINUITY PROGRAM.

TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY FREQUENTLY ASKED QUESTIONS OVERVIEW CORPORATE CONTINUITY PROGRAM. TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY FREQUENTLY ASKED QUESTIONS July 2015 OVERVIEW The intent of this document is to provide external customers and auditors with a high-level overview of the

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October

More information

Information Resources Security Guidelines

Information Resources Security Guidelines Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive

More information

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS Appendix L DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS I. GETTING READY A. Obtain written commitment from top management of support for contingency planning objectives. B. Assemble

More information

Maintenance Connection Disaster Recovery Plan

Maintenance Connection Disaster Recovery Plan Maintenance Connection Disaster Recovery Plan Last Revised: January 2014 Maintenance Connection, Inc. 1477 Drew Ave. Suite 103 Davis, CA 95695 8885673434 1 Introduction Maintenance Connection s Disaster

More information

Resource Ordering and Status System. User Business Resumption Plan

Resource Ordering and Status System. User Business Resumption Plan Resource Ordering and Status System User Business Resumption Plan I. INTRODUCTION This document is the disaster preparedness and recovery plan for users of the Resource Ordering and Statusing System (ROSS).

More information

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006 Department of Information Technology Data Center Disaster Recovery Audit Report Final Report September 2006 promoting efficient & effective local government Executive Summary Our audit found that a comprehensive

More information

Business Continuity Planning

Business Continuity Planning Information Systems Audit and Control Association www.isaca.org Business Continuity Planning AUDIT PROGRAM & INTERNAL CONTROL QUESTIONNAIRE The Information Systems Audit and Control Association With more

More information

Business Continuity & Recovery Plan Summary

Business Continuity & Recovery Plan Summary Introduction An organization s ability to survive a significant business interruption is determined by the company s ability to develop, implement, and maintain viable recovery and business continuity

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

Millennium Systems on the Cloud:

Millennium Systems on the Cloud: Millennium Systems on the Cloud: Experience on System Migration from SUN V490 to VMWare Platform Li Yiu On, Systems Section, Library Tsang Jimmy, Office of Information Technology Hong Kong Baptist University

More information

Birkenhead Sixth Form College IT Disaster Recovery Plan

Birkenhead Sixth Form College IT Disaster Recovery Plan Author: Role: Mal Blackburne College Learning Manager Page 1 of 14 Introduction...3 Objectives/Constraints...3 Assumptions...4 Incidents Requiring Action...4 Physical Safeguards...5 Types of Computer Service

More information

Online Backup Solution with Disaster Recovery

Online Backup Solution with Disaster Recovery Online Backup Solution with Disaster Recovery Backup Replacement - Online For Businesses looking for Consistent, Reliable and Offsite Backup, with Minimal Data loss, Generational Management and Disaster

More information

IT Disaster Recovery Plan Template

IT Disaster Recovery Plan Template HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned

More information

IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement

More information

Disaster Recovery Planning Process

Disaster Recovery Planning Process Disaster Recovery Planning Process By Geoffrey H. Wold Part I of III This is the first of a three-part series that describes the planning process related to disaster recovery. Based on the various considerations

More information

Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.

More information

Information Systems and Technology

Information Systems and Technology As public servants, it is our responsibility to use taxpayers dollars in the most effective and efficient way possible while adhering to laws and regulations governing those processes. There are many reasons

More information

15 Organisation/ICT/02/01/15 Back- up

15 Organisation/ICT/02/01/15 Back- up 15 Organisation/ICT/02/01/15 Back- up 15.1 Description Backup is a copy of a program or file that is stored separately from the original. These duplicated copies of data on different storage media or additional

More information

INSIDE. Preventing Data Loss. > Disaster Recovery Types and Categories. > Disaster Recovery Site Types. > Disaster Recovery Procedure Lists

INSIDE. Preventing Data Loss. > Disaster Recovery Types and Categories. > Disaster Recovery Site Types. > Disaster Recovery Procedure Lists Preventing Data Loss INSIDE > Disaster Recovery Types and Categories > Disaster Recovery Site Types > Disaster Recovery Procedure Lists > Business Continuity Plan 1 Preventing Data Loss White Paper Overview

More information

Disaster Recovery Plan Review Checklist. A High-Level Internal Planning Tool to Assist State Agencies with Their Disaster Recovery Plans

Disaster Recovery Plan Review Checklist. A High-Level Internal Planning Tool to Assist State Agencies with Their Disaster Recovery Plans Disaster Recovery Plan Review Checklist A High-Level Internal Planning Tool to Assist State Agencies with Their Disaster Recovery Plans November 2008 DISASTER RECOVERY PLAN REVIEW CHECKLIST - FOR INTERNAL

More information

This policy is not designed to use systems backup for the following purposes:

This policy is not designed to use systems backup for the following purposes: Number: AC IT POL 003 Subject: Backup and Restore Policy 1. PURPOSE The backup and restore policy establishes the need and rules for performing periodic system backup to permit timely restoration of Africa

More information

Attachment to Data Center Services Multisourcing Service Integrator Master Services Agreement

Attachment to Data Center Services Multisourcing Service Integrator Master Services Agreement Attachment to Data Center Services Multisourcing Service Integrator Master Services Agreement DIR Contract No. DIR-DCS-MSI-MSA-001 Between The State of Texas, acting by and through the Texas Department

More information

SUSD IT Disaster Recovery Plan. Tom Clark, Chief Technology Officer

SUSD IT Disaster Recovery Plan. Tom Clark, Chief Technology Officer SUSD IT Disaster Recovery Plan Tom Clark, Chief Technology Officer Rationale for a Disaster Recovery Plan Need for DRP Identified in the District s Auditor General Report Best practice for IT organizations

More information

14/03/12 Updated Annex 1 to refer to current backup details. 15/03/12 Included section detailing NetApp filer data storage

14/03/12 Updated Annex 1 to refer to current backup details. 15/03/12 Included section detailing NetApp filer data storage System and File Restore Policy Document Status Security Classification Version 1.1 Level 4 - PUBLIC Status DRAFT Approval Life 3 Years Review By June 2012 Owner Change History System Support Group Manager

More information

2.1 To define the backup strategy for systems and data within the Cape Winelands District Municipality (CWDM).

2.1 To define the backup strategy for systems and data within the Cape Winelands District Municipality (CWDM). BACKUP POLICY POLICY ADOPTED BY COUNCIL ON 25 APRIL 2012 AT ITEM C.14.3 POLICY AMENDED BY COUNCIL ON 24 APRIL 2014 AT ITEM C.14.1 Cape Winelands District Municipality Backup Policy 1. 1. INTRODUCTION Computer

More information

Identify and Protect Your Vital Records

Identify and Protect Your Vital Records Identify and Protect Your Vital Records INTRODUCTION The Federal Emergency Management Agency s Federal Preparedness Circular 65 states The protection and ready availability of electronic and hardcopy documents,

More information

Prepared by Rod Davis, ABCP, MCSA November, 2011

Prepared by Rod Davis, ABCP, MCSA November, 2011 Prepared by Rod Davis, ABCP, MCSA November, 2011 Disaster an event, which causes the loss of an essential service, or part of it, for a length of time which imperils mission achievement. (Andrew Hiles,

More information

3. A damage assessment will be conducted by the IT Director, and if applicable vendor/consult, and reported back to Management.

3. A damage assessment will be conducted by the IT Director, and if applicable vendor/consult, and reported back to Management. 3. A damage assessment will be conducted by the IT Director, and if applicable vendor/consult, and reported back to Management. 4. Individuals required to assist in recovery of these services will be identified.

More information

Disaster Prevention and Recovery for School System Technology

Disaster Prevention and Recovery for School System Technology The Optimal Reference Guide: Disaster Prevention and Recovery for School System Technology Extraordinary insight into today s education topics Glynn D. Ligon, Ph.D., ESP Solutions Group Evangelina Mangino,

More information

Massachusetts Institute of Technology. Functional Area Recovery Management Team Plan Development Template

Massachusetts Institute of Technology. Functional Area Recovery Management Team Plan Development Template Massachusetts Institute of Technology Functional Area Recovery Management Team Plan Development Template Public Distribution Version For further information, contact: Jerry Isaacson MIT Information Security

More information

CITY UNIVERSITY OF HONG KONG. Inventory and Ownership Standard

CITY UNIVERSITY OF HONG KONG. Inventory and Ownership Standard CITY UNIVERSITY OF HONG KONG Inventory and Ownership Standard (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief Information Officer in September

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Information Security- Perspective for Management Business Impact Analysis ( BIA ) and Business

More information

Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan

Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan Revision History REVISION DATE NAME DESCRIPTION Draft 1.0 Eric Wimbish IT Backup Disaster Table of Contents Information

More information

The Essential Guide for Protecting Your Legal Practice From IT Downtime

The Essential Guide for Protecting Your Legal Practice From IT Downtime The Essential Guide for Protecting Your Legal Practice From IT Downtime www.axcient.com Introduction: Technology in the Legal Practice In the professional services industry, the key deliverable of a project

More information

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services

More information

Completed. Document Name. NERC CIP Requirements CIP-002 Critical Cyber Asset Identification R1 Critical Asset Identifaction Method

Completed. Document Name. NERC CIP Requirements CIP-002 Critical Cyber Asset Identification R1 Critical Asset Identifaction Method NERC CIP Requirements CIP-002 Critical Cyber Asset Identification R1 Critical Asset Identifaction Method R2 Critical Asset Identification R3 Critical Cyber Asset Identification Procedures and Evaluation

More information

Memorandum. ACTION: Report on Computer Security Controls of Financial Management System, FTA FE-2000-098. May 23, 2000.

Memorandum. ACTION: Report on Computer Security Controls of Financial Management System, FTA FE-2000-098. May 23, 2000. U.S. Department of Transportation Office of the Secretary of Transportation Office of Inspector General Memorandum ACTION: Report on Computer Security Controls of Financial Management System, FTA FE-2000-098

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

OKHAHLAMBA LOCAL MUNICIPALITY

OKHAHLAMBA LOCAL MUNICIPALITY OKHAHLAMBA LOCAL MUNICIPALITY I.T DISASTER RECOVERY PLAN 2012/2013 TABLE OF CONTENTS 1. INTRODUCTION 1 1.1 PURPOSE 2 1.2 OBJECTIVES 2 1.3 SCOPE 2 1.4 DISASTER RECOVERY STRATEGY 2 1.5 DISASTER DEFINITION

More information

DETAIL AUDIT PROGRAM Information Systems General Controls Review

DETAIL AUDIT PROGRAM Information Systems General Controls Review Contributed 4/23/99 by Steve_Parker/TBE/Teledyne@teledyne.com DETAIL AUDIT PROGRAM Information Systems General Controls Review 1.0 Introduction The objectives of this audit are to review policies, procedures,

More information

Does it state the management commitment and set out the organizational approach to managing information security?

Does it state the management commitment and set out the organizational approach to managing information security? Risk Assessment Check List Information Security Policy 1. Information security policy document Does an Information security policy exist, which is approved by the management, published and communicated

More information

Data Center Audit April 2015

Data Center Audit April 2015 Data Center Audit April 2015 Table of Contents Executive Summary 2 5 Highlights and Accomplishments 6 7 Summary Observations 8 This report provides management with information about the condition of risks

More information

Policy Document. Communications and Operation Management Policy

Policy Document. Communications and Operation Management Policy Policy Document Communications and Operation Management Policy [23/08/2011] Page 1 of 11 Document Control Organisation Redditch Borough Council Title Communications and Operation Management Policy Author

More information

Business Continuity & Recovery Plan Summary

Business Continuity & Recovery Plan Summary Introduction An organization s ability to survive a significant business interruption is determined by the company s ability to develop, implement, and maintain viable recovery and business continuity

More information

Offsite Disaster Recovery Plan

Offsite Disaster Recovery Plan 1 Offsite Disaster Recovery Plan Offsite Disaster Recovery Plan Presented By: Natan Verkhovsky President Disty Portal Inc. 2 Offsite Disaster Recovery Plan Introduction This document is a comprehensive

More information

AUDIT GUIDELINES FOR SCHOOL DISASTER RECOVERY PLANNING

AUDIT GUIDELINES FOR SCHOOL DISASTER RECOVERY PLANNING AUDIT GUIDELINES FOR SCHOOL DISASTER RECOVERY PLANNING Introduction It has become increasingly common for schools to place a great deal of reliance upon PC s and computer systems to manage and operate

More information

What is Business Continuity Planning (BCP) / Disaster Recovery Plan(DRP)?

What is Business Continuity Planning (BCP) / Disaster Recovery Plan(DRP)? Workshop on System Audit of Banks BCP Workshop on System Audit of Banks What is Business Continuity Planning (BCP) / Disaster Recovery Plan(DRP)? - Preparedness of an organisation to ensure continuity,

More information

FINAL. Internal Audit Report. Data Centre Operations and Security

FINAL. Internal Audit Report. Data Centre Operations and Security FINAL Internal Audit Report Data Centre Operations and Security Document Details: Reference: Report nos from monitoring spreadsheet/2013.14 Senior Manager, Internal Audit & Assurance: ext. 6567 Engagement

More information

MARQUIS DISASTER RECOVERY PLAN (DRP)

MARQUIS DISASTER RECOVERY PLAN (DRP) MARQUIS DISASTER RECOVERY PLAN (DRP) Disaster Recovery is an ongoing process to plan, develop, test and implement changes, processes and procedures supporting the recovery of the critical functions in

More information

IT - General Controls Questionnaire

IT - General Controls Questionnaire IT - General Controls Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks G1. ACCESS CONTROLS Access controls are comprised of those policies and procedures that are designed to allow

More information

Disaster Recovery Planning The Process

Disaster Recovery Planning The Process Disaster Recovery Planning The Process Introduction We began our planning processes after experiencing several disasters, including a building fire, an environmental contamination, faulty discharge of

More information

Decision on adequate information system management. (Official Gazette 37/2010)

Decision on adequate information system management. (Official Gazette 37/2010) Decision on adequate information system management (Official Gazette 37/2010) Pursuant to Article 161, paragraph (1), item (3) of the Credit Institutions Act (Official Gazette 117/2008, 74/2009 and 153/2009)

More information

Columbus City Schools Office of Internal Audit

Columbus City Schools Office of Internal Audit Information Technology Disaster Recovery Plan Review Report Date: March 24, 2011 Internal Audit Mission Statement To support the overall mission of the Columbus City Schools by providing quality management

More information

Continuity of Business

Continuity of Business White Paper Continuity of Business SAS Continuity of Business initiative reflects our commitment to our employees, to our customers, and to all of the stakeholders in our global business community to be

More information

INFORMATION GOVERNANCE POLICY: DATA BACKUP, RESTORE & FILE STORAGE HANDLING

INFORMATION GOVERNANCE POLICY: DATA BACKUP, RESTORE & FILE STORAGE HANDLING INFORMATION GOVERNANCE POLICY: DATA BACKUP, RESTORE & FILE STORAGE HANDLING Original Approved by: Policy and Procedure Ratification Sub-group on 23 October 2007 Version 2.2 Approved by : Information Governance

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Dacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery

Dacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery Dacorum Borough Council Final Internal Audit Report IT Business Continuity and Disaster Recovery Distribution list: Chris Gordon Group Manager Performance, Policy and Projects John Worts ICT Team Leader

More information

IT Infrastructure is Key to Growth. Infrastructure nventory.

IT Infrastructure is Key to Growth. Infrastructure nventory. Introduction. The overall objective of an Information Technology (IT) Assessment is to evaluate whether an enterprise s current IT strategy is tightly coupled to the enterprise plans and challenges. Current

More information

IT Service Management

IT Service Management IT Service Management Service Continuity Methods (Disaster Recovery Planning) White Paper Prepared by: Rick Leopoldi May 25, 2002 Copyright 2001. All rights reserved. Duplication of this document or extraction

More information

Why cloud backup? Top 10 reasons

Why cloud backup? Top 10 reasons Why cloud backup? Top 10 reasons HP Autonomy solutions Table of contents 3 Achieve disaster recovery with secure offsite cloud backup 4 Free yourself from manual and complex tape backup tasks 4 Get predictable

More information

Vermont College of Fine Arts Information Technology Disaster Recovery Plan for Fiscal Year 2012

Vermont College of Fine Arts Information Technology Disaster Recovery Plan for Fiscal Year 2012 Vermont College of Fine Arts Information Technology Disaster Recovery Plan for Fiscal Year 2012 Introduction: Vermont College of Fine Arts (VCFA) is a national center for education in the arts, fostering

More information

IT Security Standard: Computing Devices

IT Security Standard: Computing Devices IT Security Standard: Computing Devices Revision History: Date By Action Pages 09/30/10 ITS Release of New Document Initial Draft Review Frequency: Annually Responsible Office: ITS Responsible Officer:

More information

Planning a Backup Strategy

Planning a Backup Strategy Planning a Backup Strategy White Paper Backups, restores, and data recovery operations are some of the most important tasks that an IT organization performs. Businesses cannot risk losing access to data

More information

IT Disaster Recovery and Business Resumption Planning Standards

IT Disaster Recovery and Business Resumption Planning Standards Information Technology Disaster Recovery and Business IT Disaster Recovery and Business Adopted by the Information Services Board (ISB) on May 28, 1992 Policy No: Also see: 500-P1, 502-G1 Supersedes No:

More information

Auditing in an Automated Environment: Appendix C: Computer Operations

Auditing in an Automated Environment: Appendix C: Computer Operations Agency Prepared By Initials Date Reviewed By Audit Program - Computer Operations W/P Ref Page 1 of 1 Procedures Initials Date Reference/Comments OBJECTIVE - To document the review of the computer operations

More information

COMMERCIALISM INTEGRITY STEWARDSHIP. Back-up Policy & Guidance

COMMERCIALISM INTEGRITY STEWARDSHIP. Back-up Policy & Guidance Back-up Policy & Guidance Document Control Document Details Author Adrian Last Company Name The Crown Estate Division Name Information Services Document Name Back Up Policy Version Date 10/10/12 Effective

More information

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014 Islington ICT Physical Security of Information Policy A council-wide information technology policy Version 0.7 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document

More information

R345, Information Technology Resource Security 1

R345, Information Technology Resource Security 1 R345, Information Technology Resource Security 1 R345-1. Purpose: To provide policy to secure the private sensitive information of faculty, staff, patients, students, and others affiliated with USHE institutions,

More information

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP)

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP) Preface Computer systems are the core tool of today s business and are vital to every business from the smallest to giant organizations. Money transactions, customer service are just simple examples. Despite

More information

Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business. www.integrit-network.com

Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business. www.integrit-network.com Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business www.integrit-network.com Business Continuity & Disaster Survival Strategies for the Small & Mid Size Business AGENDA:

More information

SUBJECT: REPLACEMENT OF CORPORATE ELECTRONIC DATA STORAGE, BACKUP AND DISASTER RECOVERY SOLUTIONS

SUBJECT: REPLACEMENT OF CORPORATE ELECTRONIC DATA STORAGE, BACKUP AND DISASTER RECOVERY SOLUTIONS REPORT TO CABINET TO BE HELD ON 15 SEPTEMBER 2015 Key Decision No Forward Plan Ref No 23K Corporate Priority The proposals in this report contribute to the delivery of all the Council s priorities Cabinet

More information

HIPAA RISK ASSESSMENT

HIPAA RISK ASSESSMENT HIPAA RISK ASSESSMENT PRACTICE INFORMATION (FILL OUT ONE OF THESE FORMS FOR EACH LOCATION) Practice Name: Address: City, State, Zip: Phone: E-mail: We anticipate that your Meaningful Use training and implementation

More information

Program: Management Information Systems. David Pfafman 01/11/2006

Program: Management Information Systems. David Pfafman 01/11/2006 Effective 04/20/2005 Page - 1 - POLICY: PURPOSE: It is the policy of to provide a plan to insure the accessibility of protected health information (PHI) in the event of data loss due to an emergency or

More information

Virtual Disaster Recovery

Virtual Disaster Recovery Virtual Disaster Recovery White Paper September 16, 2008 Kelly Laughton Davenport Group Consultant Davenport Group 2008. All rights reserved. Introduction Today s data center has evolved into a complex,

More information