Business continuity and disaster recovery for IS

Size: px
Start display at page:

Download "Business continuity and disaster recovery for IS"

Transcription

1 MASARYKOVA UNIVERZITA FAKULTA INFORMATIKY P <?A %, \J/ & Business continuity and disaster recovery for IS BACHELOR THESIS Martin Hinca Brno,2006

2 Declaration Hereby I declare, that this paper is my original authorial work, which I have worked out by my own. All sources, references and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Advisor: doc. RNDr. Vaclav Matyáš, M.Sc, Ph.D. 11

3 Thanks I would like to thank my advisor, Mr. Václav Matyáš, for introducing me to this topic, as well as his guidance and invaluable contribution to this thesis. My gratitude also belongs to my family and friends, for their support and seemingly endless patience. And last but not least to Ms. Miriam Claire, a writer and a friend, for her linguistic touch. m

4 Abstract The objective of this paper is to describe fundamental aspects of business continuity planning, disaster recovery planning, and designing a plan for ensuring continuity in a commercial environment company. This plan will be presented in two versions: one realistic, taking into consideration the budget of the company, and the other idealistic, heedless of any funding limits. IV

5 Keywords Business continuity planning, disaster recovery planning, IT security, disaster preparedness, contingency planning, hazard mitigation, crisis management. v

6 Contents 1 Introduction 3 2 Contingency planning in a nutshell Business continuity planning About BCP BCP components What is a disaster? Most common disaster causes Can disasters be foreseen? Possible disaster impact BCP benefits and objectives Disaster recovery Disaster recovery plan There's more to DRP than IT Relation of disaster recovery to BCP 12 3 Creating a business continuity plan The outline Initiation of the plan Policy Defining responsibilities Requirements and strategies Identifying business threats Risk and impact analysis Prevention and recovery strategies Plan Implementation Operation and management Testing the BC plan Training and awareness of the staff Reviewing of the plan Common business continuity planning pitfalls 19 4 Developing a BC plan for VOtech 21 1

7 4.1 About VOtech, Ine Initiating the planning process VOtech resources Threat identification, risk analysis, and strategy design Neglected threats Precautions taken 25 5 Conclusion 26 Bibliography 27 Appendix 29 A VOtech risk analysis 29 B VOtech security policy 37 B.l Physical security 37 B.l.l Entering the building 37 B.l.2 Fire protection 37 B.l.3 Containers f or storing backup data 38 B.1.4 Electronic monitoring system 38 B.l.5 Video monitoring system 38 B.2 Hardware and software IS security 38 B.2.1 Uninterrupted Power Supply (UPS) 38 B.2.2 Firewall and separation from the network B.2.3 OS and application-level authentication 39 B.2.4 Network backup components 39 B.3 Organizational and personal security 40 B.3.1 Access monitoring 40 B.3.2 Building access for visitors 40 B.3.3 Entrance monitoring 40 B.3.4 Creation and storing of backup copies 40 2

8 Chapter 1 Introduction Dependence of modern business on its information technology system has been growing rapidly during the past decade. And yet surveys keep showing that while technology in terms of power and effectiveness is steadily progressing at fast pace, IT security still isn't viewed by many as a necessity. Quite commonly, it is far from the level that would be appropriate for the consequences, should the systems it is meant to protect become compromised. Furthermore, management of many companies would still rather respond to the disasters as they come, instead of reaching preparedness via creating a business continuity plan, which would serve as a means of prevention. Experts argue that this is because the awareness about the risks is low within the organization, and in many cases, the responsibility for security is blurred and unclear. It is difficult to understand the obvious lack of interest, considering that over half of the reporting companies indicate that a single hour of downtime costs them more than $50K [AllOl], and in some cases, the stated sums climbed well over $5 mil. Meanwhile, the gap between the increasing security risks and what companies do to address them continues to widen. Interdependency between companies has grown to such degree, that security issues no longer affect only one company, but its business partners as well. One of the most persuasive factors that are pushing the interest in security forward, is the extensive number of regulations and consequences for not complying with them. Still, only 18 per cent of small companies are able and willing to meet ISO [You05] [Thi03] On the brighter side, IT security in every aspect seems to be coming of age. Reported incidents ranging from virus and malware in- 3

9 1. INTRODUCTION fections, all the way to natural disasters and terrorist attacks, have added to the overall attention paid to the protection of information technology. Also, the amount of companies specializing in providing IT contingency plans is rising. 4

10 Chapter 2 Contingency planning in a nutshell 2.1 Business continuity planning About BCP A business continuity plan (BCP) describes the steps an organization takes to prevent, or recover from a situation when it cannot operate normally because of a natural or manmade disaster (2.1.4). It's objective is to minimize damage to the company, and possibly even prevent the disaster from occurring in the first place. Because a majority of organizations are new to computers and networks, have never experienced a disaster, are unable or unwilling to finance the planning effort, believe it will never happen to them, or feel they can deal with the problems if and as they happen, they discount the need for continuity planning. However, literature shows that four out of five impacted organizations do not survive one year, and ultimately, only one tenth survives five years. Businesses need their computers, although usually the information stored in them is more valuable than the hardware, and can continue operations without them for only four days, on average. [Nem97] For most companies, even those four days mean that their day-to-day processes are disrupted. While experts differ on this subject, most of them consider business continuity planning to be a shelter for entire organizations. It is possible to create a business continuity plan for a specific process, but there is no doubt that a working plan must address all missioncritical business processes. 5

11 2.1.2 BCP components 2. CONTINGENCY PLANNING IN A NUTSHELL A business continuity plan is an umbrella plan whose major subcomponents include the disaster recovery plan, and consists of following plans [Bah03]: Business Resumption Plan Occupant Emergency Plan Incident Management Plan Continuity of Operations Plan Disaster Recovery Plan The Business Resumption Plan, Occupant Emergency Plan and Continuity of Operation Plan do not deal with the company's IT infrastructure. The Incident Management Plan establishes a structure and procedures to address attacks against the IT infrastructure of the organization. If successful, it does not involve activation of the Disaster Recovery Plan. The only sub-plan I will consider important in further detail is the DRP. According to some authors, business continuity planning only deals with prevention. [Lam02] Once a disaster occurs, they claim that it is the business recovery planning that kicks in. In this paper, I will consider business recovery being part of continuity planning What is a disaster? A disaster is defined as a sudden, unplanned event that hampers normal operation of the organization, or disrupts its critical processes. Possible consequences of a disaster include damage to a wide range of resources, such as premises, important data, employees, ability to generate revenue, loss of capital, reputation and confidence, or even complete loss of control over the company. [Bah03] 6

12 2.1.4 Most common disaster causes 2. CONTINGENCY PLANNING IN A NUTSHELL While some authors divide and classify the disasters according to what they affect, others divide them according to their nature. [Hal04] At this theoretical stage, I prefer the latter. Manmade fraud, theft, blackmail - cybernetic attacks (hacking, viruses, malware) sabotage, arson - terrorism Natural disasters - fire, floods, hurricane, earthquake... - pollution, contamination Technical failures - communication network failure - power failure - failure of information technology or software - transportation failure However, it is very important to realize that we should not plan recovery from a specific type of disaster, but rather how to carry on the goals of an organization in spite of anything. [Nem97] It makes no sense to plan specifically for a disaster by fire or by flood. Instead, planning for site loss, key personnel loss, communications disruption, or a vast loss of data is a lot more appropriate. It is, of course, a good idea to discuss an expected high impact disaster individually, but always in the context of an overall plan. [LL04] 7

13 2.1.5 Can disasters be foreseen? 2. CONTINGENCY PLANNING IN A NUTSHELL The greatest risk to the organization is that a disaster can happen without an adequate warning. Although sometimes it can be predicted that something likely to undermine the organization is going to happen, most accidents and failures are not really foreseeable. However, the notion that events like these are truly unforeseen is spurious, as academics have always argued that all systems have a propensity towards failure. [Smi90] Therefore, it makes no sense for managers to consider if a system will fail, but rather, when that will happen. It is possible to assume and accept the premise that all organizations will face a crisis at some point in their lifespan. Even though a warning may be issued beforehand, it will usually be too late, anyway. Even two or three days may not be enough. Apart from evacuating the site to protect from a natural disaster, for example, a lot of other things need to be done. Backing up the system, expediting the essential orders as part of a vendor chain, or even buying material needed during the aftermath; everything takes a lot of time, and time is exactly what a disaster-struck company does not have Possible disaster impact Without a proper business continuity plan, the threats mentioned in can negatively impact vital components of the organization. Business continuity planning is meant to protect: Public image of the company Revenue generation Market share Customer, employee and shareholder confidence Essential services the organization provides Health of its employees Position within a vendor chain, and more... 8

14 2. CONTINGENCY PLANNING IN A NUTSHELL These factors are of high importance, and often considered essential to most organizations. Many people in top-level management are convinced that the mentioned threats will avoid their company. Others would think that it is enough to pay insurance for the company, which is ready to cover the damage. Unfortunately, those opinions are not based on experience, but on wishful thinking. IT Security surveys show that an organization must be able to confront disasters successfully in order to prosper. [Hal04] It is obvious that proper and systematic prevention is cheaper and more effective than recovering from the damage that could occur without being prepared for it. Fault-tolerance techniques have been deployed to increase computer system availability, as well as to reduce the damage caused by a component failure. But even though vital data can be stored on stable storage that is able to survive failures such as electrical outages or system crashes, this will not be of much help if, for example, a natural disaster strikes. Not even placing redundant copies in multiple places will help, if they are stored in the affected area. This approach only protects against single device failures. [CLWOO] BCP benefits and objectives The most important reason organizations develop business continuity plans is to guarantee speedy and cost-effective recovery of critical business processes following a disaster. Furthermore, a good and comprehensive business continuity plan will have a series of benefits for the organization: Make anticipation and prevention of critical situations possible. Reduce the need for making decisions under stress and time pressure. Allow the entire staff be instructed on their responsibilities in the event of a disaster. Let the organization develop various contingency arrangements Enable the company to meet various security requirements. 9

15 2. CONTINGENCY PLANNING IN A NUTSHELL Allow exposure of weaknesses in the plans by thorough testing. Reduce the overall risk to the organization. Provide the company with a reasonable outlook to present to its shareholders. Greatly decrease the impact of disasters, as described in The first and foremost objective of business continuity, however, is the survival of the organization as a whole. Processes critical for company's very existence must be restored in this first phase. Once the state of the organization is stabilized, a long-term recovery of all processes can be initiated. jŕ S <fs ŕ (U ^ sptŕ K /t K / i r^/i v/\( i/\j t/v -y disaster strike original state Figure 2.1: Order of actions following a crisis This makes sense - if the organization goes bankrupt because its critical functions are disrupted, it is pointless to plot full recovery. It is this first survival phase that is most important to the whole mission. It needs to be planned thoroughly by anticipating as many potential problems as possible, and developing strategies capable of solving them. While managing an incident, it is important to understand that a large number of business-critical decisions will need to be taken in a very short timespan. Furthermore, the people responsible will be under a great amount of stress, and will be working outside of their 10

16 2. CONTINGENCY PLANNING IN A NUTSHELL normal posts. Therefore, when possible, it is a good idea to plan in as much detail as possible. Making at least some of the decisions in advance will relieve the pressure and benefit the recovery process greatly. The long-term recovery phase needs only outline planning, because there will be time to plan the details when the company has been stabilized, and the precise details of the recovery process known. [SS95] Thus, it is more effective to consider in terms of broad strategies only, instead of detailed tactics. 2.2 Disaster recovery Disaster recovery plan The focus of a disaster recovery plan (DRP) is to restore the operability of systems that support critical business processes, so that the organization can return to normal mode of operation as soon as possible, thus minimizing the damage. Since many critical processes depend on an information technology infrastructure, the DRP is an IT focused plan. Restoration of systems does not necessarily imply technology redundancy. Workflows that would be automatized under normal circumstances may have to be completed manually when DRP kicks in. A good example is accountancy. The decision of what to do manually in the critical event is cost-driven, and based solely on the management of the organization. Having a DRP in place reduces the risk of going beyond the length of time the business process takes, according to what has been determined acceptable by management within the organization. During the recovery phase, the focus is on establishing controls over occurring events to limit the risk of any additional losses. [Bah03] There's more to DRP than IT By planning for computer disaster recovery, the need to plan for the recovery of other business services can become less obvious. With a "tick in the box" for computer recovery, managers may overlook planning for the reinstatement of other, similarly critical services. Alii

17 2. CONTINGENCY PLANNING IN A NUTSHELL though it might not be apparent, disaster recovery is more than just the recovery of information technology. There is a lot more to consider. For example, manpower to operate the system must be provided. Also, it is important to realize that the reputation of an organization is often more fragile and essential, than an information system that works without interruption, and deserves equal attention [SS95]. Consequently, it is not enough to prepare information technology systems only, but due to the nature of this paper, we will focus on IT. 2.3 Relation of disaster recovery to BCP The relation between DRP and BCP is not very clear. Having studied an extensive amount of literature, I have concluded that the most sensible view is the one that declares disaster recovery as a subset of business continuity planning, as presented in 2.1.1, [CC04]. However, some authors consider disaster recovery planning to be on the same level as disaster recovery. In [Dav03], the author introduces comprehensive emergency management program (CEMP), and claims that both BCP and DRP are parts of it, along with mitigation, business resumption, and contingency planning. However, even according to this paper, the main difference is that while disaster recovery mostly covers information technology and data recovery, business continuity cares about business processes and how to recover them. Still, disaster recovery is not only concerned with information technology (see 2.2.2). Some say that BCP kicks in once the event has been stabilized to a certain degree, thanks to DRP-based recovery [Cas04]. Disaster problems may begin with a lack of appreciation for the differences between business continuity planning and disaster recovery planning, because there is a difference between having insurance to cover a disaster and strategizing so that an organization can continue to thrive under adverse conditions. [Nem97] The point is that it is not sufficient to make recovery plans and buy insurance policies for disaster recovery, when so many things can go wrong, and create an unanticipated impact. 12

18 Chapter 3 Creating a business continuity plan 3.1 The outline A business continuity plan is cyclical in nature. The reason for this is, that most organizations constantly change themselves. They develop, grow, introduce new workflows and processes, and the created plan becomes obsolete relatively soon. Therefore, it is imperative that the plan must be reviewed and updated regularly, in order to reflect on any changes that might have occurred. Unless mentioned otherwise, the bibliography used throughout this chapter is [Hal04], [Lam02], [Rik03] and [SS95]. 3.2 Initiation of the plan Policy An organization's security policy must be at the foundation of every BC plan. Usually, it is issued by the senior management of the company, and expresses that a BC plan needs to be created and implemented. This policy delegates authority to the people in charge of developing the plan, and allows the planning activity to commence. It may provide basic guidelines for the plan, a timeframe in which the plan is expected to be ready, budget expectations, or even specific requirements Defining responsibilities The responsibilities for a BC plan must be clearly declared. While it is a good idea for those responsibilities to be given to a senior- 13

19 3. CREATING A BUSINESS CONTINUITY PLAN level manager, frameworks should also allow delegation of particular tasks to staff with the appropriate business and technical expertise. Along with planning responsibilities, incident management responsibilities also need to be specified. Though it is worth considering to map those within the normal company management hierarchy, it is not necessary. If the organizational structure is too complicated, it should be simplified, because complex day-to-day management does not work well in times of crisis. 3.3 Requirements and strategies Identifying business threats The most important resources for an IT-based organization could be divided into three types: technology, information, and people. In this phase of plan development, it should be considered what threats may negatively affect the ability to use, or readily access those resources. Technology threats include failure of IT, fire, power failure, natural disasters, various cybernetic attacks, viruses, theft, sabotage, terrorism, or vandalism. Information resources often closely depend on technology, so any threat that affects technology can also lead to loss of information. Additionally, the data must be protected against alteration, misuse, fraud, theft, fabrication, and end of information carrier lifespan. Threats to people include disease outbreaks, resignations, the inability of the organization to employ new people, pregnancy, strikes, adverse weather conditions, or unavailability of transportation or office access. Conducting threat identification workshops within the organization is a very good approach, because some threats are industryspecific, and not obvious at all. There are also other resource types 14

20 3. CREATING A BUSINESS CONTINUITY PLAN worth considering, such as premises, equipment, services, or communications. Every threat has a typical and a worst-case scenario, and the plan should cover both, according to their likelihood. Additionally, both permanent and temporary resource loss scenarios should be considered. Generally, the resources that need protecting would need to be listed by examining the most vital business processes, and trying to find out what resources they need to keep running. However, as this paper is focused on information system continuity planning, other resources will not be discussed in detail Risk and impact analysis It is necessary to identify, quantify and prioritize the level of risk to the business continuity of the organization. Risk is a factor that considers the likelihood of the threat actually occurring, and its impact on the organization's properties, such as those mentioned in The seriousness of each risk depends on the particular organization. For example, a company that mostly operates within a vendor chain values this position, and making their deliveries, more so than its public image. The higher the likelihood of a threat occurring, the higher the risk. This likelihood can range from rare to almost certain, although specifying it exactly can be very difficult at times. Likewise, the risk grows with the consequences of a particular threat. The consequences can move on a scale from minor to catastrophic, and specifying the consequences of a threat is usually easier than determining its likelihood. As the relations between specific factors in risk analysis are rather complex, they are illustrated by the figure 3.1. Most BC plans characterize the risks as low, medium, high, or critical. High or critical risks would be those that are likely to occur, and would result in major consequences. Therefore, preparing to face them is of high priority. An organization should make it clear what level of risk it considers acceptable, and which treats can be ignored because their consequences or their likelihood are too insignificant. This phase is often referred to as business impact analysis (BIA). 15

21 3. CREATING A BUSINESS CONTINUITY PLAN Threats benefit from Vulnerabilities protect against. increase increase/ jeopardize Security Functions decrease Risks Resources are met by introduce increases 1 have Security Requirements Value Figure 3.1: Risk relation diagram [Sta05] Prevention and recovery strategies For each of the risks that the organization has not chosen to ignore, a strategy must be implemented to prevent the risk from taking place, or recovering afterwards. These strategies will provide an outline of the actions to be taken in the event of the threat occurring. The choice of BC strategies is important, because it often affects the overall design of the system. For each of the strategies, a more detailed tactical plan has to be created, which will show how the response and recovery will be executed. It is important to consider several criteria when deciding which strategy to choose: Overall cost and time of implementing the strategy, including deployment, training and testing. Level of protection the strategy offers. Other potential benefits, or drawbacks, to the organization. The amount of time it takes to restore normal operations. 16

22 3. CREATING A BUSINESS CONTINUITY PLAN Various strategies have various costs and levels of effectiveness. Whether it pays off to implement an expensive strategy, or is safe to trust a less reliable one, greatly depends on the level of the risk. It is a good idea to establish crisis teams in advance. Those teams may or may not be the same for each recovery strategy. Clear objectives, responsibilities, and roles need to be assigned to specific members of the team. Authorities and means of communication within the team should also be covered. [HSOO] 3.4 Plan Implementation The phase should begin with a short planning process, where specific details are set, the implementation objectives are rehearsed for the last time, and the team is synchronized. It is a good idea to divide the implementation process into two or three parts, dealing with standby arrangements and risk reduction measures, or recovery plans and strategies respectively. The particular mode of implementation often differs greatly from plan to plan, because steps to ensure continuity for various companies are rarely the same. 3.5 Operation and management Testing the BC plan Before completing the planning process, the plan needs to be tested thoroughly. This is done mostly to identify possible shortcomings and flaws of the plan, and to ensure that it works as expected. However, it is also done to evaluate effectiveness of the plan, and give the management of the organization a feeling of confidence. As testing a large-scale plan may take a lot of time, it is important to consider what testing would do to day-to-day operations of the company. If the testing would disrupt business processes as much as a disaster, it would defeat the whole purpose of planning. Testing needs to be repeated until the plan matches the carefully set performance criteria. 17

23 3.5.2 Training and awareness of the staff 3. CREATING A BUSINESS CONTINUITY PLAN Although this is normally not part of the planning process, even the best laid plans can (and often do) go astray, because the details of the plans may not be effectively communicated to the people responsible for their implementation. Thus, I believe that training the staff is an important step on the way to business continuity. Clearly, a plan is only as good as the ability of the organization to implement it. And that ability is highly dependent upon how familiar and proficient are the staff members with the BC plan, as well as executing the tasks. Even the least complicated plans require many complex and interdependent tasks to be executed in coordination, and under pressure. It is unthinkable that the first time the staff will be reading and trying to understand the plan, will be during the stressful hours following a disaster. But they also cannot be expected to read the BC plan diligently, and learn their role by heart in advance, no matter how well it is documented. Actually, it would be idealistic to expect that most of them will even skim through the plan once. [Mor98] Consequently, it is very important to take care that the plan is conveyed to the employees in as efficient a way as possible. Keith Hearnden describes and evaluates in his work a number of ways of doing that. [Hea95] As the most effective way, he considers a personal memo delivered to each and every employee, and compulsory training to induce the plan. Though a little less effective, a less obtrusive approach would be to incorporate the plan into staff handbook, conducting an optional training, or sending the plan to everybody in an . As poor, or even disastrous, he describes choosing an approach which relies on the initiative of the employees. Documentation only available on request, or even no formal procedure, such as word of mouth, can be an unpleasant setback for the BC plan quality. [Pat99] Hearnden also claims that only a third of companies incorporate said policies into their terms and conditions of employment, and that only about 28 per cent of employees receive proper instructions and training regarding an organizations' computer systems and security policies. 18

24 3.5.3 Reviewing of the plan 3. CREATING A BUSINESS CONTINUITY PLAN As mentioned in the beginning of this chapter (3.1), the BCP is a cyclical plan. Because the environment of the plan changes all the time, each plan must have a framework within which it can be reviewed and modified on both a periodical basis and in response to changes in the company policy, or with respect to results of the testing of the plan. Among other impulses that require changes in the plan belong changes in laws or regulations concerning the plan, developments and upgrades within the organizations IT infrastructure, changes in the market, and many other things that affect the organization in all but the most subtle ways. If a misconception in the plan is detected, the planning process must restart in order to modify the former plan accordingly. 3.6 Common business continuity planning pitfalls There are several common pitfalls one should heed when creating a business continuity plan. It is considered to be a a strong indication of low quality when the plans fall into one of the listed categories [Lam02]: Incomplete - The BCP process is not complete. Outputs such as the business continuity plan and policy either do not exist, or exist in incomplete form. Inadequate - The plan and strategies can't deal with the level of risk that the organization deems acceptable. Impractical - The plan is not practical or achievable within the organization's constraints (manpower, time, and budget, for example). Overkill - The plan is overly elaborate or costly with respect to the overall level of business risk that the organization is willing to take. 19

Last year s terrorist attacks in the US have

Last year s terrorist attacks in the US have Will your keep running if disaster strikes? Following the eight steps of the ning cycle can help you be prepared. Wing Lam Ensuring Business Continuity 1520-9202/02/$17.00 2002 IEEE Last year s terrorist

More information

Risk Assessment Guide

Risk Assessment Guide KirkpatrickPrice Assessment Guide Designed Exclusively for PRISM International Members KirkpatrickPrice. innovation. integrity. delivered. KirkpatrickPrice Assessment Guide 2 Document Purpose The Assessment

More information

Business Continuity Planning in IT

Business Continuity Planning in IT Introduction: Business Continuity Planning in IT The more your business relies on its IT systems, the more you need to consider how unexpected disruptions might affect your business. These disruptions

More information

Unit Guide to Business Continuity/Resumption Planning

Unit Guide to Business Continuity/Resumption Planning Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions

More information

What You Should Know About Cloud- Based Data Backup

What You Should Know About Cloud- Based Data Backup What You Should Know About Cloud- Based Data Backup An Executive s Guide to Data Backup and Disaster Recovery Matt Zeman 3Fold IT, LLC PO Box #1350 Grafton, WI 53024 Telephone: (844) 3Fold IT Email: Matt@3FoldIT.com

More information

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies

More information

Why Should Companies Take a Closer Look at Business Continuity Planning?

Why Should Companies Take a Closer Look at Business Continuity Planning? whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters

More information

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY The Define/Align/Approve Reference Series NEEDS BASED PLANNING FOR IT DISASTER RECOVERY Disaster recovery planning is essential it s also expensive. That s why every step taken and dollar spent must be

More information

Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

FORMULATING YOUR BUSINESS CONTINUITY PLAN

FORMULATING YOUR BUSINESS CONTINUITY PLAN WHITE PAPER Page 0 Planning for the Worst Case Scenario: FORMULATING YOUR BUSINESS CONTINUITY PLAN 9 Wing Drive Cedar Knolls, NJ 07927 www.nac.net Page 1 Table of Contents Overview... 2 What is Disaster

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

TO AN EFFECTIVE BUSINESS CONTINUITY PLAN

TO AN EFFECTIVE BUSINESS CONTINUITY PLAN 5 STEPS TO AN EFFECTIVE BUSINESS CONTINUITY PLAN Introduction The Snowpocalypse of 2015 brought one winter storm after another, paralyzing the eastern half of the United States. It knocked out power for

More information

Best Practices in Disaster Recovery Planning and Testing

Best Practices in Disaster Recovery Planning and Testing Best Practices in Disaster Recovery Planning and Testing axcient.com 2015. Axcient, Inc. All Rights Reserved. 1 Best Practices in Disaster Recovery Planning and Testing Disaster Recovery plans are widely

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning Business Continuity Planning and Disaster Recovery Planning Ed Crowley IAM/IEM 1 ISC 2 Key Areas of Knowledge Understand business continuity requirements 1. Develop and document project scope and plan

More information

Emergency Response and Business Continuity Management Policy

Emergency Response and Business Continuity Management Policy Emergency Response and Business Continuity Management Policy Owner: John Duffy, Registrar & Secretary Last updated: September 2012 Version: 04 Document control Date Version Author Changes To be populated

More information

Business Continuity Plan

Business Continuity Plan Business Continuity Plan IMMEDIATE ACTIONS Manager/Supervisor 1. Ensure emergency services contacted 2. Ensure safety of personnel 3. Co-ordinate with the emergency services 4. Contact Senior members of

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS 5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS 1 Introduction As small and mid-sized companies rely more heavily on their computer networks to

More information

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM Business Continuity Planning and Disaster Recovery Planning Ed Crowley IAM/IEM 1 Goals Compare and contrast aspects of business continuity Execute disaster recovery plans and procedures 2 Topics Business

More information

IT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST

IT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST INFORMATION TECHNOLOGY & MANAGEMENT IT Checklist INTRODUCTION A small business is unlikely to have a dedicated IT Department or Help Desk. But all the tasks that a large organization requires of its IT

More information

Business Continuity and Disaster Planning

Business Continuity and Disaster Planning WHITE PAPER Business Continuity and Disaster Planning A guide to preparing for the unexpected Robert Drewniak Director, Strategic & Advisory Services Disasters are not always the result of high winds and

More information

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services

More information

Chapter 1: An Overview of Emergency Preparedness and Business Continuity

Chapter 1: An Overview of Emergency Preparedness and Business Continuity Chapter 1: An Overview of Emergency Preparedness and Business Continuity After completing this chapter, students will be able to: Describe organization and facility stakeholder needs during and after emergencies.

More information

Disaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery

Disaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery Disaster Recovery 1.1 Introduction Every day, there is the chance that some sort of business interruption, crisis, disaster, or emergency will occur. Anything that prevents access to key processes and

More information

Business Continuity Plan

Business Continuity Plan Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions

More information

CISM Certified Information Security Manager

CISM Certified Information Security Manager CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective

More information

The 7 Disaster Planning Essentials

The 7 Disaster Planning Essentials The 7 Disaster Planning Essentials For Any Small Business Little-Known Facts, Mistakes And Blunders About Data Backup And IT Disaster Recovery Every Business Owner Must Know To Avoid Losing Everything

More information

Identifying & Managing IT Risks to Your Business

Identifying & Managing IT Risks to Your Business Identifying & Managing IT Risks to Your Business In a competitive business environment, every organization operates in a climate of risk. It is never possible to remove all risk from a business, but it

More information

The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them

The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them If your data is important to your business and you cannot afford to have your operations halted for days even weeks due to data loss or

More information

About Dorset Connects

About Dorset Connects About Dorset Connects Dorset Connects, a Chadds Ford, PA based IT consulting firm, was founded on the premise of providing businesses with a simplified way to procure, implement and manage their technology

More information

Temple university. Auditing a business continuity management BCM. November, 2015

Temple university. Auditing a business continuity management BCM. November, 2015 Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program

More information

Planning and Implementing Disaster Recovery for DICOM Medical Images

Planning and Implementing Disaster Recovery for DICOM Medical Images Planning and Implementing Disaster Recovery for DICOM Medical Images A White Paper for Healthcare Imaging and IT Professionals I. Introduction It s a given - disaster will strike your medical imaging data

More information

Disaster Preparedness & Response

Disaster Preparedness & Response 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 A B C E INTRODUCTION AND PURPOSE REVIEW ELEMENTS ABBREVIATIONS NCUA REFERENCES EXTERNAL REFERENCES Planning - Ensuring

More information

Assessment of natural hazards, man made hazards, technical and societal related risks and associated impact.

Assessment of natural hazards, man made hazards, technical and societal related risks and associated impact. Aon Business Continuity Planning The Aon Business Continuity Planning practice provides consulting services that allow Aon clients to measure and manage their strategic and tactical risks through Crisis

More information

IT Disaster Recovery Plan Template

IT Disaster Recovery Plan Template HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain 1. What is the most common planned performance duration for a continuity of operations plan (COOP)? A. 30 days B. 60 days C. 90 days D. It depends on the severity of a disaster. 2. What is the business

More information

Our Colorado region is offering a FREE Disaster Recovery Review promotional through June 30, 2009!

Our Colorado region is offering a FREE Disaster Recovery Review promotional through June 30, 2009! Disaster Recovery Review FREE Promotional Offer Our Colorado region is offering a FREE Disaster Recovery Review promotional through June 30, 2009! This review is designed to help the small business better

More information

QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT

QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT Rok Bojanc ZZI d.o.o. rok.bojanc@zzi.si Abstract: The paper presents a mathematical model to improve our knowledge of information security and

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 13 Business Continuity Objectives Define environmental controls Describe the components of redundancy planning List disaster recovery

More information

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Information Security Management: Business Continuity Planning Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Overview BCP: Definition BCP: Need for (Why?) BCP: When BCP: Who

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

EXIN Information Security Foundation based on ISO/IEC 27002. Sample Exam

EXIN Information Security Foundation based on ISO/IEC 27002. Sample Exam EXIN Information Security Foundation based on ISO/IEC 27002 Sample Exam Edition June 2016 Copyright 2016 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored

More information

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1 AUDITING A BCP PLAN Thomas Bronack Auditing a BCP Plan presentation Page: 1 What are the Objectives of a Good BCP Plan Protect employees Restore critical business processes or functions to minimize the

More information

Application Security in the Software Development Lifecycle

Application Security in the Software Development Lifecycle Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO

More information

Enterprise level security, the Huddle way.

Enterprise level security, the Huddle way. Enterprise level security, the Huddle way. Security whitepaper TABLE OF CONTENTS 5 Huddle s promise Hosting environment Network infrastructure Multiple levels of security Physical security System & network

More information

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning Business Continuity and Disaster Recovery Planning Jeffrey P. Back 2009 Oncore Associates, LLC Business Continuity Planning Business continuity planning is the way an organization can prepare for and aid

More information

BUSINESS CONTINUITY PLAN

BUSINESS CONTINUITY PLAN How to Develop a BUSINESS CONTINUITY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A BUSINESS CONTINUITY PLAN? CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN CHAPTER

More information

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning The world has experienced a great deal of natural and man-made upheaval and destruction in the past few years, including tornadoes,

More information

Interactive-Network Disaster Recovery

Interactive-Network Disaster Recovery Interactive-Network Disaster Recovery BACKGROUND IT systems are vulnerable to a variety of disruptions, ranging from mild (e.g., short-term power outage, disk drive failure) to severe (e.g., terrorism,

More information

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP)

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP) Preface Computer systems are the core tool of today s business and are vital to every business from the smallest to giant organizations. Money transactions, customer service are just simple examples. Despite

More information

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES APPENDIX 1 DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES March 2008 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS EXECUTIVE SUMMARY...1

More information

IIABSC 2015 - Spring Conference

IIABSC 2015 - Spring Conference IIABSC 2015 - Spring Conference Cyber Security With enough time, anyone can be hacked. There is no solution that will completely protect you from hackers. March 11, 2015 Chris Joye, Security + 1 2 Cyber

More information

Company Management System. Business Continuity in SIA

Company Management System. Business Continuity in SIA Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT

More information

White Paper AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING AND SOLUTIONS FOR IT AND TELECOM DECISION MAKERS. Executive Summary

White Paper AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING AND SOLUTIONS FOR IT AND TELECOM DECISION MAKERS. Executive Summary AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING AND SOLUTIONS FOR IT AND TELECOM DECISION MAKERS Executive Summary Today s businesses rely heavily on voice communication systems and data networks to such

More information

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

BUSINESS CONTINUITY POLICY

BUSINESS CONTINUITY POLICY BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility

More information

WHY DO I NEED DATA PROTECTION SERVICES?

WHY DO I NEED DATA PROTECTION SERVICES? WHY DO I NEED DATA PROTECTION SERVICES? Data processing operations have evolved with breathtaking speed over the past few years, expanding from very large mainframe operations to small business networks.

More information

HIPAA Security COMPLIANCE Checklist For Employers

HIPAA Security COMPLIANCE Checklist For Employers Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

Good Security. Good Business

Good Security. Good Business Good Security Good Business Good Security Good Business Attorney-General s foreword Small business plays a crucial role, not only in our nation s economy but in Australian society. We often make decisions

More information

IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement

More information

Offsite Disaster Recovery Plan

Offsite Disaster Recovery Plan 1 Offsite Disaster Recovery Plan Offsite Disaster Recovery Plan Presented By: Natan Verkhovsky President Disty Portal Inc. 2 Offsite Disaster Recovery Plan Introduction This document is a comprehensive

More information

BACKUP ESSENTIALS FOR PROTECTING YOUR DATA AND YOUR BUSINESS. Disasters happen. Don t wait until it s too late.

BACKUP ESSENTIALS FOR PROTECTING YOUR DATA AND YOUR BUSINESS. Disasters happen. Don t wait until it s too late. BACKUP ESSENTIALS FOR PROTECTING YOUR DATA AND YOUR BUSINESS Disasters happen. Don t wait until it s too late. OVERVIEW It s inevitable. At some point, your business will experience data loss. It could

More information

DISASTER RECOVERY PLANNING GUIDE

DISASTER RECOVERY PLANNING GUIDE DISASTER RECOVERY PLANNING GUIDE AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING FOR JD EDWARDS SOFTWARE CUSTOMERS www.wts.com WTS Disaster Recovery Planning Guide Page 1 Introduction This guide will provide

More information

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic

More information

Creating a Business Continuity Plan for your Health Center

Creating a Business Continuity Plan for your Health Center Creating a Business Continuity Plan for your Health Center 1 Page Left Intentionally Blank 2 About This Manual This tool is the result of collaboration between the Primary Care Development Corporation

More information

WHAT IS DISASTER RECOVERY

WHAT IS DISASTER RECOVERY WHAT IS DISASTER RECOVERY The definition of Disaster Recovery' tends to vary widely from company to company and is a difficult term to define because it changes and is so varied in each situation. And

More information

DISASTER RECOVERY 101 3 Steps You Need to Take (Before It s Too Late)

DISASTER RECOVERY 101 3 Steps You Need to Take (Before It s Too Late) DISASTER RECOVERY 101 3 Steps You Need to Take (Before It s Too Late) Introduction... 4 Disaster Recovery vs. Business Continuity... 4 Why You Need to Read this ebook... 5 Chapter 1: The Risks (aka, The

More information

Business Continuity Template

Business Continuity Template Emergency Management Business Continuity Template The Regional Municipality of Wood Buffalo would like to give credit to the Calgary Emergency Management Agency (CEMA) and the Calgary Chamber of Commerce

More information

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION MANAGEMENT AUDIT REPORT OF DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION REPORT NO. 13-101 City of Albuquerque Office of Internal Audit

More information

BUSINESS CONTINUITY PLANNING GUIDELINES

BUSINESS CONTINUITY PLANNING GUIDELINES BUSINESS CONTINUITY PLANNING GUIDELINES Washington University in St. Louis The purpose of this guide is to serve as a tool to all departments, divisions, and labs across the University in building a Business

More information

Music Recording Studio Security Program Security Assessment Version 1.1

Music Recording Studio Security Program Security Assessment Version 1.1 Music Recording Studio Security Program Security Assessment Version 1.1 DOCUMENTATION, RISK MANAGEMENT AND COMPLIANCE PERSONNEL AND RESOURCES ASSET MANAGEMENT PHYSICAL SECURITY IT SECURITY TRAINING AND

More information

Business Continuity Glossary

Business Continuity Glossary Developed In Conjuction with Business Continuity Glossary ACTIVATION: The implementation of business continuity capabilities, procedures, activities, and plans in response to an emergency or disaster declaration;

More information

Disaster Recovery Planning

Disaster Recovery Planning NASA IV & V ANNUAL WORKSHOP 202 The 4th International Workshop on Independent Verification & Validation of Software Disaster Recovery Planning Divya Krishnamoorthy Mailam Engineering College, Mailam. (Affiliated

More information

Disaster Recovery and Business Continuity Plan

Disaster Recovery and Business Continuity Plan Disaster Recovery and Business Continuity Plan Table of Contents 1. Introduction... 3 2. Objectives... 3 3. Risks... 3 4. Steps of Disaster Recovery Plan formulation... 3 5. Audit Procedure.... 5 Appendix

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Clinic Business Continuity Plan Guidelines

Clinic Business Continuity Plan Guidelines Clinic Business Continuity Plan Guidelines Emergency notification contacts: Primary Role Name Address Home phone Mobile/Cell phone Business Continuity Plan Coordinator QSP Business Continuity Plan Coordinator

More information

Q uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper

Q uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper This quick reference guide provides an introductory overview of the key principles and issues involved in IT related disaster recovery planning, including needs evaluation, goals, objectives and related

More information

Table of Contents... 1

Table of Contents... 1 ... 1 Chapter 1 Introduction... 4 1.1 Executive Summary... 4 1.2 Goals and Objectives... 5 1.3 Senior Management and Board of Directors Responsibilities... 5 1.4 Business Continuity Planning Processes...

More information

ASX SETTLEMENT OPERATING RULES Guidance Note 10

ASX SETTLEMENT OPERATING RULES Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

Five keys to a more secure data environment

Five keys to a more secure data environment Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational

More information

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business. www.integrit-network.com

Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business. www.integrit-network.com Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business www.integrit-network.com Business Continuity & Disaster Survival Strategies for the Small & Mid Size Business AGENDA:

More information

Keyfort Cloud Services (KCS)

Keyfort Cloud Services (KCS) Keyfort Cloud Services (KCS) Data Location, Security & Privacy 1. Executive Summary The purposes of this document is to provide a common understanding of the data location, security, privacy, resiliency

More information

Information Security Awareness Training

Information Security Awareness Training Information Security Awareness Training Presenter: William F. Slater, III M.S., MBA, PMP, CISSP, CISA, ISO 27002 1 Agenda Why are we doing this? Objectives What is Information Security? What is Information

More information

NCUA LETTER TO CREDIT UNIONS

NCUA LETTER TO CREDIT UNIONS NCUA LETTER TO CREDIT UNIONS NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA 22314 DATE: December 2001 LETTER NO.: 01-CU-21 TO: SUBJ: ENCL: All Federally Insured Credit Unions Disaster

More information

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

Disaster Recovery 100 Success Secrets

Disaster Recovery 100 Success Secrets Disaster Recovery 100 Success Secrets Disaster Recovery 100 Success Secrets - IT Business Continuity, Disaster Recovery planning and Services Gerard Blokdijk Disaster Recovery 100 Success Secrets Copyright

More information

Disaster Recovery 81 Success Secrets. Copyright by Michelle Stein

Disaster Recovery 81 Success Secrets. Copyright by Michelle Stein Disaster Recovery 81 Success Secrets Copyright by Michelle Stein Notice of rights All rights reserved. No part of this book may be reproduced or transmitted in any form by any means, electronic, mechanical,

More information

Chapter I: Fundamentals of Business Continuity Management

Chapter I: Fundamentals of Business Continuity Management Chapter I: Fundamentals of Business Continuity Management Objectives Define Business Continuity Management (BCM) Define the relationship between BCM and risk management Review BCM responsibilities Identify

More information

Clinic Business Continuity Plan Guidelines

Clinic Business Continuity Plan Guidelines Clinic Business Continuity Plan Guidelines Published: January 2015 Table of Contents Emergency Notification Contacts Primary... 2 Emergency Notification Contacts Backups (in case primary is unavailable)...

More information

Disaster Preparedness for Information Technology

Disaster Preparedness for Information Technology Disaster Preparedness for Information Technology An overview of 4 main components to a disaster recovery plan. For owners or managers of professional offices. Written by Mark Haake, President of Reliance

More information

A CYCLIC APPROACH TO BUSINESS CONTINUITY PLANNING

A CYCLIC APPROACH TO BUSINESS CONTINUITY PLANNING A CYCLIC APPROACH TO BUSINESS CONTINUITY PLANNING JACQUES BOTHA AND ROSSOUW VON SOLMS Port Elizabeth Technikon, s9600426@petech.ac.za and rossouw@petech.ac.za Key words: Abstract: Business Continuity Planning

More information

Business Continuity Planning Instructions

Business Continuity Planning Instructions Business Continuity Planning Instructions Business continuity planning is a proactive planning process that ensures critical services or products are delivered during a disruption. In creating the plan,

More information

A Decision Maker s Guide to Securing an IT Infrastructure

A Decision Maker s Guide to Securing an IT Infrastructure A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose

More information