AUDIT GUIDELINES FOR SCHOOL DISASTER RECOVERY PLANNING
|
|
- Violet Woods
- 8 years ago
- Views:
Transcription
1 AUDIT GUIDELINES FOR SCHOOL DISASTER RECOVERY PLANNING Introduction It has become increasingly common for schools to place a great deal of reliance upon PC s and computer systems to manage and operate both the schools academic and administrative functions. However, the School must also be aware of the consequence to those systems in the event of a disaster, security failure and loss of service. Each of these areas should be analysed and contingency plans developed and implemented to identify and reduce risks, limit the consequences of damaging incidents, and to ensure the timely resumption of essential academic and administrative operations. Contingency planning is necessary in all organisations (including schools) that use computers, and the auditors will look for evidence of a written contingency plan. Plans should be maintained and practised to become an integral part of other management processes. Due to this it has become critical for schools to prepare an appropriate disaster recovery plan in order to cope with the possible risk of disruptions or complete loss of computer systems. However, the role of the School in disaster recovery planning does not end at the creation of such a plan. Plans must be tested regularly at appropriate intervals to a level, which demonstrates that the school can restore to its normal state of operation within a time scale appropriate to the service it provides. It is accepted that most schools regularly take back up copies of their systems but it is possible that few actually test the back up tapes to ensure that all information has been correctly saved. Types of disaster, loss or damage to consider Theft Fire and smoke Sabotage and vandalism Flood Power failure Equipment failure Consequences of a disaster Assets stolen or destroyed have to be replaced Disruption of academic and/or administrative functions Disruption of purchasing arrangements, payments procedures and income collection. Loss of financial control and financial reporting to Governors on the financial position of the School Possible liability for losses of third parties who rely on you. Page 1 of 5
2 Developing a Contingency and Business Continuity Plan The process for developing and maintaining a continuity plan should bring together the following key elements: Understand the risks the School faces in terms of likelihood and impact. This should include identifying risks proportionate to the critical systems. Understand the impact that interruptions, small or large, are likely to have on the School. Formulate and document continuity strategy consistent with the Schools objectives and priorities. Formulate and document continuity plan in line with agreed strategy. Regularly test and update plan and processes. Establish ownership of the plan at an appropriate level i.e. Headteacher. Consider purchasing suitable insurance to cover eventualities. Business Continuity and Impact Analysis Business continuity should begin by identifying events that can cause interruptions to processes. This should be followed by a risk assessment to determine the impact of those interruptions (both in terms of damage scale and recovery period). Both these activities should be carried out with the full involvement of the Governing Body who own the resources and processes. The assessment considers all systems, and is not limited to the information processing facility. Depending on the risk assessment, a strategy plan should be developed to determine the overall approach to keep the school up and running. Once this plan has been created, the Governing Body should endorse it. The School should consider the following; Each system should be risk assessed and ranked in order to determine the degree of importance to the School and the knowledge of the consequences of a system being unavailable. Each system should be analysed to ensure that any other systems reliant on them are known. Each system should be evaluated in order to ensure recovery takes place within the expected time-scale. Adequate back up and retention of data off site must be maintained for use in an emergency. Recovery is based on reasonable assumptions. Evaluation of system s recovery time-scale is performed before a decision is made on the selection of re-start operations. Personnel must be trained in and understand the plan. Plan must be rehearsed. Plan includes financial support for extended operations. Page 2 of 5
3 If another School is chosen as a Partner, their facilities have been checked to ensure that they can perform within the desired time-scale and provide adequate facilities. Key functions should be identified by job title not by name. Analyses of current procedures to ensure all elements are included in the plan. Insurance cover should include consequential loss and cover for increased working costs. Quality checks on all plan elements. Check to ensure all key systems are represented in the plan. Frequent update and republishing of plan stored copies of the plan should be replaced when new issues are released. Summary Most of the everyday issues concerning formulating disaster and contingency arrangements circulate around three concepts; contingency arrangements require a great attention to detail, plans must always be maintained, plans must be stored where they can be readily found and must be known to those who will use them. SUGGESTED BASIC FRAMEWORK FOR A DISASTER RECOVERY PLAN Backup Procedures Detail the procedure for backup of SIMS. SIMS Administrator Detail staff who have: Full management status in SIMS; Access to certain SIMS modules State where the SYSMAN password is stored. Identify the number and locations of those PC s where SIMS can be accessed. Virus Protection SCHOOL NETWORK & SIMS DISASTER RECOVERY PLAN Backup Procedures SIMS is backed up each day. Tapes are labelled Monday Friday. Monthly tapes are kept at (1 st person & job title) home. The Administrator replaces tapes if (1 st person & job title) is away from the school. SIMS Administrator The SYSMAN password is kept in a sealed envelope in the school safe. (1 st person & job title) and (2 nd person & job title) have full Manager status in SIMS. Staff are given access to SIMS modules as required. SIMS can, in general, only be accessed from terminals located in the Head-teacher and Administrator s office. Very few terminals will run SIMSMAN. Virus Protection Page 3 of 5
4 Detail the virus protection software in use at school. State when and how the networks/ stand alone PC s can and should be scanned. Document the procedures to be taken when a virus is detected and the action to be taken to remedy the problem. Disaster Recovery during School Hours This should state the following: The member of staff to contact initially; The telephone/ mobile/ pager number of the member of staff identified above. A second member of staff to contact if the initial member can not be contacted. Out of School Hours This should state the following: The member of staff to contact initially; The telephone/ mobile/ pager number of the member of staff identified above; State procedures if emergency access is needed by outside contractors or North Somerset Staff. The procedures should be located in a fireproof safe with full details of passwords and contracts. The user areas on the PC are scanned regularly by Dr Solomon s virus protection software. Each PC can be selectively scanned or disinfected from the terminal of the Administrator. Disaster Recovery during School Hours Contact (1 st person & job title) either by phone or message pager. The pager number is (xx)xxx on the school phone system. If (1 st person & job title) is not in school, contact (2 nd person & job title) if action is needed quickly. Please leave a pager message for (1 st person and job title) as well. If there is a power cut effecting the servers, (person & job title) or (other person & job title) should turn off the server monitors to conserve the batteries in the UPS. If the power cut only lasts a few minutes, the system may keep running. If it lasts too long, the system will shut down and then restart when power is restored. CD-ROM and print servers will have to be restarted after the system has got going. Out of School Hours If possible, contact (contact person & job title) as above or by phoning home on (0000) ), or in extreme emergency contact (alternative contact person & job title) (message pager yyyyy-yyy ). If emergency access to the system by (company) or North Somerset staff, full details of passwords, procedures and contracts can be found in a sealed envelope in the school safe. Out-of-hours power cuts should not affect the servers, but print-server computers will need to be restarted about 5 minutes after power is restored. Check the screen to see that it starts properly. If in doubt, press the reset button again. Page 4 of 5
5 Maintenance Contracts Detail all maintenance contracts the school has with outside bodies, including North Somerset Council IT Sections. Daily SIMS Maintenance This should state the procedures in place for checking the SIMS error log in SIMSMAN. Inventory The inventory should include both hardware and software. It should be up to date and in accordance with audit requirements. Maintenance Contracts The server covers both the Administration and Academic Networks. There is basic maintenance cover available under the relevant North Somerset Contract. In addition, both servers are covered by the (name of company) care contract number which expires xx/xx/02 Details of the contract are in the front of the Contractors event log. The school has (name of company) onsite standard support. The school customer ID is The onsite support contract number is AB4321. This runs until at least September 02. SIMS maintenance is covered by the North Somerset SIMS team. Daily SIMS Maintenance The SIMS error log in SIMSMAN is checked regularly and the error messages are checked daily. Most SIMS indexes are rebuilt weekly. The FMS6 indexes are rebuilt termly. Page 5 of 5
Education and Workforce Development Cabinet POLICY/PROCEDURE. Policy Number: EDU-06 Effective Date: April 15, 2006 Revision Date: December 20, 2012
Education and Workforce Development Cabinet POLICY/PROCEDURE Policy Number: EDU-06 Effective Date: April 15, 2006 Revision Date: December 20, 2012 Subject: Backup Procedures Tower and Server Farms Policy:
More informationInformation Security Policy. Chapter 11. Business Continuity
Information Security Policy Chapter 11 Business Continuity Author: Policy & Strategy Team Version: 0.5 Date: July 2008 Version 0.5 Page 1 of 6 Document Control Information Document ID Document title Sefton
More informationTailored Technologies LLC
685 Third Avenue New York, NY 10017 Tel: (212) 503-6300 Fax: (212) 503-6312 Date: January 9, 2014 To: The Audit File of the Hugh L. Carey Battery Park City Authority From: Tailored Technology Observations
More informationDoes it state the management commitment and set out the organizational approach to managing information security?
Risk Assessment Check List Information Security Policy 1. Information security policy document Does an Information security policy exist, which is approved by the management, published and communicated
More informationISO27001 Controls and Objectives
Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the
More informationSupplier IT Security Guide
Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA
More informationSOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT 11-02. IT Backup, Recovery and Disaster Recovery Planning
SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT 11-02 IT Backup, Recovery and Disaster Recovery Planning Executive Summary Introduction As part of the 2011/12 Audit Plan and following discussions
More informationHow to Build a Comprehensive Business Continuity Plan
How to Build a Comprehensive Business Continuity Plan Business continuity planning is essential for any business. A business continuity plan carried out effectively will enable any business to continue
More informationAPPENDIX 7. ICT Disaster Recovery Plan
APPENDIX 7 ICT Disaster Recovery Plan This policy was approved and ratified by the Governing Body of Cox Green School on 15 th October 2013 Signed: Chair of Governors Date: Ratified: Oct 2013 Review: Sep
More informationBusiness Continuity Exercise: Electricity Supply Failure Appendix 4.4
1 Business Continuity Exercise: Electricity Supply Failure Appendix 4.4 2 Housekeeping Fire safety Breaks and refreshments Toilets Mobiles and pagers 3 Introduction Respect each others contributions What
More informationSupplier Security Assessment Questionnaire
HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.
More informationService Children s Education
Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and
More informationDisaster Recovery and Business Continuity Plan
Disaster Recovery and Business Continuity Plan Table of Contents 1. Introduction... 3 2. Objectives... 3 3. Risks... 3 4. Steps of Disaster Recovery Plan formulation... 3 5. Audit Procedure.... 5 Appendix
More informationAuditing in an Automated Environment: Appendix C: Computer Operations
Agency Prepared By Initials Date Reviewed By Audit Program - Computer Operations W/P Ref Page 1 of 1 Procedures Initials Date Reference/Comments OBJECTIVE - To document the review of the computer operations
More informationTECHNICAL SECURITY AND DATA BACKUP POLICY
TECHNICAL SECURITY AND DATA BACKUP POLICY PURPOSE Effective technical security depends not only on technical measures, but also on appropriate policies and procedures and on good user education and training.
More informationOur Colorado region is offering a FREE Disaster Recovery Review promotional through June 30, 2009!
Disaster Recovery Review FREE Promotional Offer Our Colorado region is offering a FREE Disaster Recovery Review promotional through June 30, 2009! This review is designed to help the small business better
More informationBUSINESS CONTINUITY PLAN
Business Logo Here BUSINESS CONTINUITY PLAN FOR SMALL TO MEDIUM SIZED BUSINESSES DATE :??? VERSION:?? PRODUCED BY DURHAM CIVIL CONTINGENCIES UNIT BUSINESS CONTINUITY PLAN LIST OF CONTENTS 1. DISCLAIMER...4
More informationIT Disaster Recovery Plan Template
HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned
More information<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP
IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement
More informationDraft Information Technology Policy
Draft Information Technology Policy Version 3.0 Draft Date June 2014 Status Draft Approved By: Table of Contents 1.0 Introduction... 6 Background... 6 Purpose... 6 Scope... 6 Legal Framework... 6 2.0 Software
More informationTechnology Solutions That Make Business Sense. The 10 Disaster Planning Essentials For A Small Business Network
Technology Solutions That Make Business Sense. The 10 Disaster Planning Essentials For A Small Business Network If your data is important to your business and you cannot afford to have your operations
More informationLondon Local Authorities Business Continuity Guidance for Suppliers & Contractors
London Local Authorities Business Continuity Guidance for Suppliers & Contractors This document has been produced by the LAP-IG Supply Chain Resilience Sub Group. For further information please contact:
More informationReady for Anything BUSINESS CONTINUITY GUIDE FOR BUSINESS OWNERS. Plan to Stay in Business
BUSINESS CONTINUITY GUIDE FOR BUSINESS OWNERS Administration, Louisiana Economic Development and participating universities. All opinions, conclusions or recommendations expressed are those of the author(s)
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationBNA FEDERAL CREDIT UNION DISASTER RECOVERY PLAN
BNA FEDERAL CREDIT UNION DISASTER RECOVERY PLAN INTRODUCTION The need for a contingency plan for business interruptions is vital to the operations of the BNA Federal Credit Union. Without such a plan,
More informationOffsite Disaster Recovery Plan
1 Offsite Disaster Recovery Plan Offsite Disaster Recovery Plan Presented By: Natan Verkhovsky President Disty Portal Inc. 2 Offsite Disaster Recovery Plan Introduction This document is a comprehensive
More informationBusiness Unit CONTINGENCY PLAN
Contingency Plan Template Business Unit CONTINGENCY PLAN Version 1.0 (Date submitted) Submitted By: Business Unit Date Version 1.0 Page 1 1 Plan Review and Updates... 3 2 Introduction... 3 2.1 Purpose...
More informationDISASTER RECOVERY PLAN
DISASTER RECOVERY PLAN Section 1. Goals of a Disaster Recovery Plan The major goals of a disaster recovery plan are: To minimize interruptions to normal operations. To limit the extent of disruption and
More informationBUSINESS CONTINUITY PLAN
BUSINESS CONTINUITY PLAN A GUIDE TO PREPARING A PLAN FOR SMALL TO MEDIUM SIZED BUSINESSES PREPARED BY DEVON COUNTY COUNCIL EMERGENCY PLANNING SERVICE CONTENTS 1. DISCLAIMER...3 2. BACKGROUND...3 3. METHODOLOGY...3
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationDETAIL AUDIT PROGRAM Information Systems General Controls Review
Contributed 4/23/99 by Steve_Parker/TBE/Teledyne@teledyne.com DETAIL AUDIT PROGRAM Information Systems General Controls Review 1.0 Introduction The objectives of this audit are to review policies, procedures,
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationDisaster Recovery. Tips for business survival. A Guide for businesses looking for disaster recovery November 2005
Disaster Recovery Tips for business survival A Guide for businesses looking for disaster recovery November 2005 Page 1 of 9 Introduction The aim of this paper is to highlight the importance of having a
More informationAutodesk PLM 360 Security Whitepaper
Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure
More informationICT Disaster Recovery Plan
7 Appendix A ICT Disaster Recovery Plan Definition of a Disaster A computer disaster is the occurrence of any computer system or associated event which causes the interruption of business, leading in the
More informationBUSINESS CONTINUITY PLAN
BUSINESS CONTINUITY PLAN Business Name: Phone # Cell # Emergency Contact Information: Dial 9-1-1 in an Emergency Non-Emergency: Police: Fire: Insurance Provider: Emergency Planning Team: I. CRITICAL OPERATIONS
More informationISO 27001 Controls and Objectives
ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements
More informationInformation Security Policy
Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September
More informationbusiness continuity plan for:
business continuity plan for: Insert your company name here Our statement of Business Continuity is: > To ensure all employees are competent to do their tasks, and to provide adequate training > To review
More informationThe 10 Disaster Planning Essentials For A Small Business Network
The 10 Disaster Planning Essentials For A Small Business Network If your data is important to your business and you cannot afford to have your operations halted for days even weeks due to data loss or
More informationOFFICE OF THE STATE AUDITOR General Controls Review Questionnaire
OFFICE OF THE STATE AUDITOR Agency: * University Please answer all of the following questions. Where we ask for copies of policies and procedures and other documentation, we would prefer this in electronic
More informationBUSINESS CONTINUITY ASSESSMENT CHECKLIST
BUSINESS CONTINUITY ASSESSMENT CHECKLIST This assessment checklist will help you put your business continuity plan together. The assessment has been split into sections for ease of reference. Document
More informationProgram: Management Information Systems. David Pfafman 01/11/2006
Effective 04/20/2005 Page - 1 - POLICY: PURPOSE: It is the policy of to provide a plan to insure the accessibility of protected health information (PHI) in the event of data loss due to an emergency or
More informationInformation Security Policies. Version 6.1
Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access
More informationAPPENDIX 7. ICT Disaster Recovery Plan
APPENDIX 7 ICT Disaster Recovery Plan This policy was approved and ratified by the Governing Body of Cox Green School on 20 th October 2015 Signed: Chair of Governors Date: Version Authorisation Approval
More informationHIPAA RISK ASSESSMENT
HIPAA RISK ASSESSMENT PRACTICE INFORMATION (FILL OUT ONE OF THESE FORMS FOR EACH LOCATION) Practice Name: Address: City, State, Zip: Phone: E-mail: We anticipate that your Meaningful Use training and implementation
More informationJuly 30, 2009. Internal Audit Report 2009-08 Information Technology Business Continuity Plan Information Technology Department
Internal Audit Report 2009-08 Introduction. The Municipality depends heavily on technology and automated information systems, and their disruption for even a few days could have a severe impact on critical
More informationThe 10 Disaster Planning Essentials For A Small Business Network
The 10 Disaster Planning Essentials For A Small Business Network If your data is important to your business and you cannot afford to have your operations halted for days even weeks due to data loss or
More informationDisaster Recovery Plan
Disaster Recovery Plan This guide sets forth items to consider in the review of the firm s disaster recovery plan. You should form a committee to assess the plan and should assign activities under the
More informationUnit Guide to Business Continuity/Resumption Planning
Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationThis policy is not designed to use systems backup for the following purposes:
Number: AC IT POL 003 Subject: Backup and Restore Policy 1. PURPOSE The backup and restore policy establishes the need and rules for performing periodic system backup to permit timely restoration of Africa
More informationUniversity of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template
University of California, Riverside Computing and Communications IS3 Local Campus Overview Departmental Planning Template Last Updated April 21 st, 2011 Table of Contents: Introduction Security Plan Administrative
More informationBusiness Continuity Planning in IT
Introduction: Business Continuity Planning in IT The more your business relies on its IT systems, the more you need to consider how unexpected disruptions might affect your business. These disruptions
More informationOperational Risk Publication Date: May 2015. 1. Operational Risk... 3
OPERATIONAL RISK Contents 1. Operational Risk... 3 1.1 Legislation... 3 1.2 Guidance... 3 1.3 Risk management process... 4 1.4 Risk register... 7 1.5 EBA Guidelines on the Security of Internet Payments...
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationSTEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY 27 2015
STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY 27 2015 AGENDA: Emergency Management Business Continuity Planning Q & A MONTH DAY, YEAR TITLE OF THE PRESENTATION 2 CANADIAN RED CROSS Disaster
More informationBusiness Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?
Business Continuity Is your Business Prepared for the worse? Major emergencies can develop suddenly without warning. Situations can threaten and disrupt your business and impact upon you and your staff.
More informationIT Disaster Recovery and Business Resumption Planning Standards
Information Technology Disaster Recovery and Business IT Disaster Recovery and Business Adopted by the Information Services Board (ISB) on May 28, 1992 Policy No: Also see: 500-P1, 502-G1 Supersedes No:
More informationHow To Manage A Business Continuity Strategy
Business continuity strategy 2009 2012 Table of contents 1 Why this strategy is needed 3 2 Aim of the strategy 4 3 Our approach to business continuity 4 PROCESS 4 STRUCTURE 5 DOCUMENTATION 6 DISRUPTION
More informationBirkenhead Sixth Form College IT Disaster Recovery Plan
Author: Role: Mal Blackburne College Learning Manager Page 1 of 14 Introduction...3 Objectives/Constraints...3 Assumptions...4 Incidents Requiring Action...4 Physical Safeguards...5 Types of Computer Service
More informationClovis Municipal School District Information Technology (IT) Disaster Recovery Plan
Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan Revision History REVISION DATE NAME DESCRIPTION Draft 1.0 Eric Wimbish IT Backup Disaster Table of Contents Information
More informationReview your insurance cover regularly to ensure it keeps pace with any changes in the business.
Top Tips On Disaster Recovery Would you be able to recover if your business suffered a major incident that affected trading? Fires, floods, gas explosions, terrorist attacks, theft and sabotage could all
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More informationBACKUP STRATEGY AND DISASTER RECOVERY POLICY STATEMENT
TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB BACKUP STRATEGY AND DISASTER RECOVERY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January
More informationMAXIMUM PROTECTION, MINIMUM DOWNTIME
MANAGED SERVICES MAXIMUM PROTECTION, MINIMUM DOWNTIME Get peace of mind with proactive IT support Designed to protect your business, save you money and give you peace of mind, Talon Managed Services is
More informationDisaster Recovery Plan
Disaster Recovery Plan Disasters that can cause hardware, software and data loss such as fire are inevitable. One can minimize the losses by formulating a plan to recover from such disasters and to keep
More informationMusic Recording Studio Security Program Security Assessment Version 1.1
Music Recording Studio Security Program Security Assessment Version 1.1 DOCUMENTATION, RISK MANAGEMENT AND COMPLIANCE PERSONNEL AND RESOURCES ASSET MANAGEMENT PHYSICAL SECURITY IT SECURITY TRAINING AND
More informationMATATIELE LOCAL MUNICIPALITY DISASTER RECOVERY PLAN
MATATIELE LOCAL MUNICIPALITY DISASTER RECOVERY PLAN INDEX Page PART 1: OBJECTIVE 3 PART 2: RESPONSIBILITES 3 PART 3: DOCUMENTATION 3 PART 4: DATA BACKUP 3 PART 5: DISASTER RECOVERY PROCEDURE 3 5.1 Power
More informationPhysical Security Policy
Physical Security Policy Author: Policy & Strategy Team Version: 0.8 Date: January 2008 Version 0.8 Page 1 of 7 Document Control Information Document ID Document title Sefton Council Physical Security
More informationBUSINESS CONTINUITY PLAN
BUSINESS CONTINUITY PLAN Signed Governor Print Name Date: Review: 1 To provide guidance to school staff, governors and external parties on how to react to disruption major or minor. 1. Rationale 1.1 To
More informationSITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA
SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...
More informationOffsite Backup with Fast Recovery
SMALL BUSINESS ESSENTIAL TECHNOLOGY INTRODUCTION Offsite Backup with Fast Recovery How not to be stranded, pulling your hair out, waiting a couple of weeks for your server to be rebuilt. STOP USING TAPE
More information15 Organisation/ICT/02/01/15 Back- up
15 Organisation/ICT/02/01/15 Back- up 15.1 Description Backup is a copy of a program or file that is stored separately from the original. These duplicated copies of data on different storage media or additional
More informationThe Essential Guide for Protecting Your Legal Practice From IT Downtime
The Essential Guide for Protecting Your Legal Practice From IT Downtime www.axcient.com Introduction: Technology in the Legal Practice In the professional services industry, the key deliverable of a project
More informationInformation System Audit. Arkansas Administrative Statewide Information System (AASIS) General Controls
Information System Audit Arkansas Administrative Statewide Information System (AASIS) General Controls ARKANSAS DIVISION OF LEGISLATIVE AUDIT April 12, 2002 April 12, 2002 Members of the Legislative Joint
More informationIT - General Controls Questionnaire
IT - General Controls Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks G1. ACCESS CONTROLS Access controls are comprised of those policies and procedures that are designed to allow
More informationKeyfort Cloud Services (KCS)
Keyfort Cloud Services (KCS) Data Location, Security & Privacy 1. Executive Summary The purposes of this document is to provide a common understanding of the data location, security, privacy, resiliency
More informationHong Kong Baptist University
Hong Kong Baptist University Disaster Recovery Standard FOR INTERNAL USE ONLY Date of Issue: JULY 2012 Revision History Version Author Date Revision 1.0 Information Security Subcommittee (ISSC) July 2012
More informationMUSC Information Security Policy Compliance Checklist for System Owners Instructions
Instructions This checklist can be used to identify gaps in compliance with MUSC's information security policies and standards, which are published on the Web at http://www.musc.edu/security. Each of the
More informationBusiness Continuity Guidance for Suppliers & Contractors. Blackburn with Darwen Borough Council
Business Continuity Guidance for Suppliers & Contractors For further information please contact: Rachel Hutchinson Civil Contingencies Manager Blackburn with Darwen Borough Council Contents 1. Introduction...
More informationUniversity of Aberdeen Information Security Policy
University of Aberdeen Information Security Policy Contents Introduction to Information Security... 1 How can information be protected?... 1 1. Information Security Policy... 3 Subsidiary Policy details:...
More informationThe University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1
Version 3.1 November 22, 2004 TABLE OF CONTENTS PART 1: DISASTER RECOVERY EXPECTATIONS... 3 OVERVIEW...3 EXPECTATIONS PRIOR TO AN INCIDENT OCCURRENCE...3 EXPECTATIONS PRIOR TO A DISASTER OCCURRENCE...4
More informationBUSINESS CONTINUITY MANAGEMENT A Guide for Businesses In Northamptonshire
BUSINESS CONTINUITY MANAGEMENT A Guide for Businesses In Northamptonshire 1 What is Business Continuity? Business Continuity is a planning process which provides a framework to ensure the resilience of
More informationR345, Information Technology Resource Security 1
R345, Information Technology Resource Security 1 R345-1. Purpose: To provide policy to secure the private sensitive information of faculty, staff, patients, students, and others affiliated with USHE institutions,
More informationIntel Enhanced Data Security Assessment Form
Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized
More informationBusiness Continuity Planning and Disaster Recovery Planning
4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business
More informationFINAL. Internal Audit Report. Data Centre Operations and Security
FINAL Internal Audit Report Data Centre Operations and Security Document Details: Reference: Report nos from monitoring spreadsheet/2013.14 Senior Manager, Internal Audit & Assurance: ext. 6567 Engagement
More informationSan Francisco Chapter. Information Systems Operations
Information Systems Operations Overview Operations as a part of General Computer Controls Key Areas of focus within Information Systems Operations Key operational risks Controls generally associated with
More informationHIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards
More informationNORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)
NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy
More informationRotherham CCG Network Security Policy V2.0
Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October
More informationBusiness Continuity Management & Disaster Recovery GETTING STARTED Checklist for Local Businesses & Organisations
Business Continuity Management & Disaster Recovery GETTING STARTED Checklist for Local Businesses & Organisations Name of Organisation: Date: This Document has been designed to assist local businesses
More informationWhat is Business Continuity Planning (BCP) / Disaster Recovery Plan(DRP)?
Workshop on System Audit of Banks BCP Workshop on System Audit of Banks What is Business Continuity Planning (BCP) / Disaster Recovery Plan(DRP)? - Preparedness of an organisation to ensure continuity,
More informationPAPER-6 PART-4 OF 5 CA A.RAFEQ, FCA
1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-4 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationDisaster Recovery. Policy - External
Disaster Recovery Policy - External Disaster Recovery Policy Modified by: Rob Wray, IT and Development Manager November 2008 Approved by: Alan Matthews, Managing Director Georgia Cogdon, Executive Assistant
More informationHIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE
HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE How to Use this Assessment The following risk assessment provides you with a series of questions to help you prioritize the development and implementation
More informationOIG. Improvements Are Needed for Information Technology Controls at the Las Vegas Finance Center. Audit Report OFFICE OF INSPECTOR GENERAL
OIG OFFICE OF INSPECTOR GENERAL Catalyst for Improving the Environment Audit Report Improvements Are Needed for Information Technology Controls at the Las Vegas Finance Center Report No. 2003-P-00011 May
More information