Information Privacy and Security Program Title:
|
|
- Cynthia Anis Simmons
- 8 years ago
- Views:
Transcription
1 Page: 1 of 11 I. PURPOSE: The purpose of this standard is to protect the safety of our workforce members and mitigate potential risk(s) that could materially affect the ability of the facility to remain operational and/or continue service. II. DEFINITIONS: A. Administrators means the individuals responsible for the technical administration of information assets, including networks, systems, applications, and databases. B. Facility Leadership means the individuals responsible for the management at a Tenet Facility, including, but not limited to, the CEO, CFO, CIO, CNO, COO, Compliance Officer, Regional Privacy Officer, or their designated appointees. C. Additional capitalized terms used herein are defined in the Information Privacy & Security Glossary of Definitions. III. STANDARD: This standard defines the minimum requirements to plan for the identification, protection, and recovery of critical information assets in the event of a disaster. These documents serve as a supplement to the Facility s Disaster Recovery Plan (DRP). Tenet Facility Leadership will develop, implement and maintain a comprehensive Contingency Planning Program. A. Contingency Planning Program Each Tenet Facility is responsible for developing, implementing and maintaining a comprehensive Contingency Plan. The Contingency Plan must encompass, but is not limited to, the Data Criticality Analysis, Data Backup Plan, Emergency Response Plan, Business Continuity Plan and Disaster Recovery Plan. The Contingency Planning Program must consist of six major components. Each is discussed in greater detail in Section IV. Procedure. Data Criticality Analysis (DCA) Data Backup Plan (DBP) Emergency Response Plan (ERP) Business Continuity Plan (BCP) Disaster Recovery Plan (DRP) Contingency Testing Plan (CTP)
2 Page: 2 of 11 B. The following standards must be agreed-upon and approved by Tenet Facility Leadership: 1. A Contingency Planning Program budget must be allocated to support plan development and maintenance 2. A Key Disaster Scenario must be defined and used as the basis to design, develop, activate and execute the Contingency Plan (CP) 3. Contingency Planning Program administrators must be entrusted with the responsibility to develop, implement, maintain, test and execute a Data Criticality Analysis, Data Backup Plan, Business Continuity Plan, Emergency Response Plan, and Disaster Recovery Plan 4. Key Disaster Scenario The Key Disaster Scenario must be used as the basis to design and develop the Contingency Plan. The Key Disaster Scenario represents the worst-case conditions of a disaster, which: a. Is severe in magnitude b. Occurs at the worst possible time c. Inflicts majority loss of critical resources to conduct business d. Requires implementation of the CP 5. Budget Requirements The principal budget requirements are for labor, supplies and services to fulfill component obligations of the Contingency Planning Program; specifically to develop and implement the: a. Data Criticality Analysis b. Data Backup Plan c. Business Continuity Plan, Emergency Response Plan and Disaster Recovery Plan d. Contingency testing plan, including testing for the BCP, ERP and DRP e. Recovery plan maintenance of the BCP, ERP and DRP f. Disaster training and awareness program
3 Page: 3 of 11 g. Other potential network, hardware and software in support of the Contingency Planning Program 6. Emergency Response Team (ERT) The ERT is the key disaster recovery team and is activated in the initial phase of an emergency. The ERT s primary roles during a disaster include: a. Ensuring the safety of individuals b. Providing initial response review c. Making decisions regarding the level of disaster response d. Planning, coordinating, exercising, managing and maintaining the Contingency Plan e. Coordinating plan development, response and recovery with all department managers. Prior to an emergency, the ERT must approve the recovery resources and procedures documented in the BCP, ERP and DRP. The ERT must include management from the following areas: Administration (CEO, COO) Chairperson Regional Privacy Officer and Compliance Officer Information Security Officer Information Systems Facility Security Human Resources Accounting (CFO) Public Relations IV. PROCEDURE: Contingency Planning requires information to be documented, or actions to be taken, within each component of the Contingency Planning Program. These are listed in the following sections below. The information and actions are sufficient to develop individual components of the program, but shall not be considered all-inclusive.
4 Page: 4 of 11 A. Data Criticality Analysis (DCA) Each Tenet Facility is responsible for conducting a DCA to identify essential business functions that must be recovered in the event of a disaster for the Tenet Facility to remain operational. The DCA is used to identify mission critical applications and data sets so as to determine the recovery priority of this information in the event of a loss of availability. The DCA may be used in conjunction with cost-benefit analysis to determine recovery strategies and to help target information that shall be backed up and relied upon in the event of an emergency. 1. Target Organization: Tenet Facility. 2. Task: Classify systems based on availability requirements, thereby identifying critical business systems required to recover. 3. Deliverable: Completed Data Criticality Analysis worksheet for all systems. 5. Secondary Responsibility: As delegated. 6. Frequency: Annually, upon addition of a new application, or after significant business change. 7. Components of the DCA: a. List of business impacts (patient care impact, revenue loss, penalties, extra expenses) per function. b. List of business impacts over time per function. c. Availability ranking by category per application. Category designations should be made as follows: (1) Category 4: Critical system that cannot be unavailable for any length of time. Redundant systems with full backups are required. (2) Category 3: Critical system that cannot be unavailable for longer than 24 hours. Backups must be retained at an offsite location from which they could be retrieved within 24 hours. Disaster recovery procedures must allow for recovery and restoration within 24 hours.
5 Page: 5 of 11 B. Data Backup Plan (DBP) (3) Category 2: System that cannot be unavailable for longer than 72 hours. Backups must be retained at an off-site location from which they could be retrieved within 72 hours. Disaster recovery procedures must allow for recovery and restoration within 72 hours. (4) Category 1: System that must be restored, but can be made unavailable for a period longer than 72 hours. Backups must be retained at an off-site location from which they could be retrieved within a reasonable amount of time. Disaster recovery procedures must document recovery and restoration procedures. (5) Category 0: System that will not need to be restored following a disaster. Backups may be retained, but are not required. Disaster recover procedures may document recovery and/or restoration procedures. Information essential to the Tenet Facility (as identified in the DCA and regardless of format) shall be backed up, stored in a secured facility away from the primary source location. This information must be available upon recall for recovery purposes (tape, compact disc, microfiche, film, video, paper, etc.) with procedures for the recall/recovery contained in the DBP. Each Tenet Facility is responsible for developing, implementing and maintaining a Data Backup Plan to document this process. See EC.PS Backup Security Standard for more information. 1. Target Organization: Tenet Facility. 2. Task: Ensure that critical data has been regularly backed up and stored offsite in a secured location. 3. Deliverable: Data backups and documentation for critical function data, as identified in the DCA. 5. Secondary Responsibility: As delegated. 6. Frequency: Weekly, daily and/or incrementally, as needed.
6 Page: 6 of Components of the Backup Plan: a. Contact list b. List of critical data c. Schedule of backups d. Retention periods e. Off-site storage facility rotation schedule (See EC.PS Technical Controls Security Standard for further information). C. Emergency Response Plan (ERP) Each Tenet Facility is responsible for developing, implementing and maintaining an ERP that lists critical resources and procedures to be followed beginning at the onset of a potential emergency(s) through the time a disaster declaration (initiation of the DRP) has been made. The ERP is to cover the handling of or dealing with, actual events as they are identified. Example: fire, tornado, etc. 1. Target Organization: Tenet Facility. 2. Task: Develop, implement, test and maintain the ERP. 3. Deliverable: Procedures document outlining the initial response procedures following an emergency, but before a declared disaster. 5. Secondary Responsibility: Emergency Response Team (ERT) or as delegated. 6. Frequency: Annually, upon addition of a new application, or after a significant business change. 7. Components of the ERP: a. Team Identification and Contact Lists (ERT, business function recovery teams) b. Personnel Safety and Evacuation Procedures c. Damage Assessment Procedures
7 Page: 7 of 11 d. Disaster Criteria e. Notification Procedures f. Command Center Logistics g. Disaster Alert Procedures h. Disaster Declaration Procedures D. Business Continuity Plan (BCP) Each Tenet Facility is responsible for developing, implementing and maintaining a BCP that outlines how the Tenet Facility should continue to conduct critical business operations while recovering from an emergency and/or declared disaster. The BCP is to cover those steps to be followed to specifically maintain or continue operations when an adverse event(s) would otherwise impact the function(s) of a facility. This may or may not be in relationship to an emergency. Example: post-fire / tornado, staff shortage/illness, supplies, etc. 1. Target Organization: Tenet Facility. 2. Task: Develop, implement, test and maintain the BCP. 3. Deliverable: Procedures document outlining how the Tenet Facility should continue business operations for systems with critical data, as identified in the DCA. 5. Secondary Responsibility: Emergency Response Team (ERT) or as delegated. 6. Frequency: Annually, upon addition of a new application, or after a significant business change. 7. Components of the BCP: a. Team Structure Team Leader and alternates, team members, contact numbers b. Team Notification Procedures c. Business continuity procedures for critical systems d. Documentation procedures for critical systems.
8 Page: 8 of 11 E. Disaster Recovery Plan (DRP) Documented procedures to restore and recover the Tenet Facility s critical information assets shall be developed, implemented and maintained for each facility. The DRP shall list resources and recovery procedures for critical systems. This includes systems supported outside the Tenet Facility, as well as those critical systems provided by and/or managed by Tenet. 1. Target Organization: Tenet Facility Information Systems Providers (internal and external). 2. Task: Develop, implement, test and maintain the DRP. 3. Deliverable: Procedures document for recovery and restoration of systems following a disaster. 5. Secondary Responsibility: As delegated. 6. Frequency: Annually, upon addition of a new application, or after a significant business change. 7. Components of the DRP: a. Team Structure Team Leader and alternates, team members, contact numbers b. Team Notification Procedures c. Location of Recovery Facilities d. Backup Tape Requirements and Retrieval Processes e. response Procedures for critical systems f. Recovery Procedures for critical systems g. Resumption Procedures for critical systems h. Restoration and Return Procedures for critical systems F. Contingency Testing Plan (CTP) Documented processes will be used when testing the Tenet Facility s entire Contingency Planning Program, including the BCP and the DRP. Included with
9 Page: 9 of 11 this documentation will be the date and scope of each exercise/test validating the procedures of the tested plans 1. Target Organization: Tenet Facility. 2. Task: Test the facility s Contingency Planning Program. 3. Deliverable: Procedures document outlining the process used to test the facility s Contingency Planning Program. 5. Secondary Responsibility: As delegated. 6. Frequency: Annually. 7. Components of the CTP: a. Procedures to review the DCA to ensure that all systems are represented and appropriately categorized. b. Procedures to review the DBP to ensure that all appropriate systems are included in the plan. Test the DBP to ensure that systems are backed up in accordance with the plan, and that backup media can be retrieved within an acceptable period of time. c. Procedures to review the ERP to ensure that procedures contained therein are relevant and appropriate. d. Procedures to review the BCP to ensure that all appropriate systems are included in the plan. Test the BCP to ensure that adequate documentation (paper documents) are available in the event of a disaster, and that business continuity processes are effective. e. Procedures to review the DRP to ensure that all appropriate systems are included in the plan. Test the DRP to ensure that the recovery facility is accessible, contact lists are current, team structures are current, backup tapes are available, and response, recovery, resumption, and restoration procedures are documented for all appropriate systems. f. Record(s) of reviews, updates and exercises/testing conducted.
10 Page: 10 of 11 G. Contingency Plan Maintenance The Tenet Facility s Contingency Plan should be updated whenever the need for changes is identified. These updates should be approved using a structured approval process, as outlined by Tenet Facility Leadership. Typically, updates should be made after the annual contingency plan testing, after installation of a new system, or after a significant business change. H. Awareness and Training Appropriate personnel should be trained on the Tenet Facility s contingency planning procedures. Documentation should be maintained for all training classes conducted. V. IMPLEMENTATION: A. Tenet Facility WITHOUT Regional Privacy Officer 1. The Tenet Facility Compliance Officer, Tenet Facility Information Security Officer, and Tenet Facility Compliance Committee are responsible for distribution and oversight of Information Privacy and Standards at the facility level. 2. Tenet Facility will a. Adopt this standard and where necessary develop specific written procedures in order for the Tenet Facility to operationalize this standard; b. Develop appropriate methods to monitor adherence to the written procedures; and c. Report monitoring activity to the Tenet Facility Compliance Officer and Tenet Facility Information Security Officer. B. Tenet Facility WITH Regional Privacy Officer 1. The Regional Privacy Officer, Tenet Facility Information Security Officer, and Tenet Facility Compliance Committee are responsible for distribution and oversight of Information Privacy and Standards at the facility level.
11 Page: 11 of Tenet Facility will C. Home Office a. Adopt this standard and where necessary develop specific written procedures in order for the Tenet Facility to operationalize this standard; b. Develop appropriate methods to monitor adherence to the written procedures; and c. Report monitoring activity to the Regional Privacy Officer. 1. Tenet s Information Privacy/Security Office will work with the Tenet Facility Compliance Officers, Tenet Facility Information Security Officers and Tenet Facility Compliance Committee to develop, maintain, and update procedures and standards for protecting the privacy of PHI and other Confidential/Proprietary information and affording patients their rights with respect to their PHI. 2. Tenet Home Office and Tenet Regional Offices must incorporate these standards into their specific policies and procedures where necessary. VI. REFERENCES: - EC.PS Information Privacy and Security Administration Policy - EC.PS Information Security Policy - EC.PS Backup Security Standard - Information Privacy & Security Glossary of Definitions - Business Continuity & Disaster Preparedness
How to Plan for Disaster Recovery and Business Continuity
A TAMP Systems White Paper TAMP Systems 1-516-623-2038 www.drsbytamp.com How to Plan for Disaster Recovery and Business Continuity By Tom Abruzzo, President and CEO Contents Introduction 1 Definitions
More informationTechnology Recovery Plan Instructions
State of California California Information Security Office Technology Recovery Plan Instructions SIMM 5325-A (Formerly SIMM 65A) September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF
More informationDisaster Recovery Plan Documentation for Agencies Instructions
California Office of Information Security Disaster Recovery Plan Documentation for Agencies Instructions () November 2009 SCOPE AND PURPOSE The requirements included in this document are applicable to
More informationWilliam Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University
William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University Competitive Leadership- Twelve Principles For Success Brian Billick Chapter 3 Be Be Prepared The time
More informationInformation Privacy and Security Program Title:
1 Page: 1 of 7 I. PURPOSE: 1 The purpose of this standard is to provide direction for Tenet regarding auditing and monitoring requirements. Logging and auditing of actions within networks, systems, and
More informationB U S I N E S S C O N T I N U I T Y P L A N
B U S I N E S S C O N T I N U I T Y P L A N 1 Last Review / Update: December 9, 2015 Table of Contents Purpose...3 Background...3 Books and Records Back-up and Recovery...4 Mission Critical Systems...
More informationBusiness Continuity & Recovery Plan Summary
Introduction An organization s ability to survive a significant business interruption is determined by the company s ability to develop, implement, and maintain viable recovery and business continuity
More informationBusiness Continuity & Recovery Plan Summary
Introduction An organization s ability to survive a significant business interruption is determined by the company s ability to develop, implement, and maintain viable recovery and business continuity
More informationData Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322
Business Continuity and Disaster Recovery Job Descriptions Table of Contents Business Continuity Services Organization Chart... 2 Director Business Continuity Services Group... 3 Manager of Business Recovery
More informationIT Disaster Recovery Plan Template
HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned
More information<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP
IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement
More informationI.T. Disaster Recovery Plan
I.T. Disaster Recovery Plan Ref 000xxxxQ January, 2015 5, 443 Albany Hwy Victoria Park, WA, 6100 p. 1300 664 136 Info@focusnetworks.com.au www.focusnetworks.com.au I.T. Disaster Recovery Plan - January
More informationThe University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1
Version 3.1 November 22, 2004 TABLE OF CONTENTS PART 1: DISASTER RECOVERY EXPECTATIONS... 3 OVERVIEW...3 EXPECTATIONS PRIOR TO AN INCIDENT OCCURRENCE...3 EXPECTATIONS PRIOR TO A DISASTER OCCURRENCE...4
More informationFINAL AUDIT REPORT WITH RECOMENDATIONS Information Technology No. 11-001
FINAL AUDIT REPORT WITH RECOMENDATIONS Information Technology No. 11-001 SUBJECT: Review of Emergency Plans DATE: September 24, 2010 for Critical Information Technology Operations and Financial Systems
More informationDisaster Recovery Policy
Disaster Recovery Policy INTRODUCTION This policy provides a framework for the ongoing process of planning, developing and implementing disaster recovery management for IT Services at UCD. A disaster is
More informationSAMPLE IT CONTINGENCY PLAN FORMAT
SAMPLE IT CONTINGENCY PLAN FORMAT This sample format provides a template for preparing an information technology (IT) contingency plan. The template is intended to be used as a guide, and the Contingency
More informationBUSINESS CONTINUITY PLAN OVERVIEW
BUSINESS CONTINUITY PLAN OVERVIEW INTRODUCTION The purpose of this document is to provide Loomis customers with an overview of the company s Business Continuity Plan (BCP). Because of the specific and
More informationSTEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY 27 2015
STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY 27 2015 AGENDA: Emergency Management Business Continuity Planning Q & A MONTH DAY, YEAR TITLE OF THE PRESENTATION 2 CANADIAN RED CROSS Disaster
More informationSCOPE; ENFORCEMENT; AUTHORITY; EXCEPTIONS
Title: DRAFT USG Continuity of Operation Plan Policy Policy Number: 2009-Julian Date Topical Security Area: Document Type: Standard Pages: Words: Lines: 5 1,387 182 Issue Date: May-09 Effective Date: Immediately
More informationDisaster Recovery Planning Procedures and Guidelines
Disaster Recovery Planning Procedures and Guidelines A Mandatory Reference for ADS Chapter 545 New Reference: 06/01/2006 Responsible Office: M/DCIO File Name: 545mal_060106_cd44 Information System Security
More informationContingency Plan for HIPAA
TEMPLATE SUITE FOR BUSINESS CONTINUITY PLAN FOR SMALL BUSINESS (LESS THAN 50 EMPLOYEES) INCLUDES Total Cost: $549 Business Impact Analysis Enterprise Business Impact Analysis Survey Short (15 pages) Example
More informationBACKUP AND CONTIGENCY PLANS (DISASTER RECOVERY)
BACKUP AND CONTIGENCY PLANS (DISASTER RECOVERY) PURPOSE The purpose of this policy is to describe the backup and contingency plans, including disaster recovery planning, that will be implemented to ensure
More informationDISASTER RECOVERY PLANNING GUIDE
DISASTER RECOVERY PLANNING GUIDE AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING FOR JD EDWARDS SOFTWARE CUSTOMERS www.wts.com WTS Disaster Recovery Planning Guide Page 1 Introduction This guide will provide
More informationCreating a Business Continuity Plan for your Health Center
Creating a Business Continuity Plan for your Health Center 1 Page Left Intentionally Blank 2 About This Manual This tool is the result of collaboration between the Primary Care Development Corporation
More informationWhy Should Companies Take a Closer Look at Business Continuity Planning?
whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters
More informationThe Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)
Information Technology Disaster Recovery Policy Policy Statement This policy defines acceptable methods for disaster recovery planning, preparedness, management and mitigation of IT systems and services
More informationEMERGENCY PREPAREDNESS PLAN Business Continuity Plan
EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic
More informationDisaster Recovery Plan Overview for Customers. Sage ERP Online
Disaster Recovery Plan Overview for Customers Sage ERP Online Table of Contents 1.0 Executive Summary... 3 1.1 The Plan... 3 1.2 Determining Factors... 4 2.0 Disaster Recovery Strategy... 5 2.1 Summary
More information15 Organisation/ICT/02/01/15 Back- up
15 Organisation/ICT/02/01/15 Back- up 15.1 Description Backup is a copy of a program or file that is stored separately from the original. These duplicated copies of data on different storage media or additional
More informationVital Records Management
National Archives and Records Administration Northeast Region Vital Records Management A Briefing for Federal Agencies Pentagon, September 11, 2004 Federal Records A record is anything created or received
More informationBusiness Unit CONTINGENCY PLAN
Contingency Plan Template Business Unit CONTINGENCY PLAN Version 1.0 (Date submitted) Submitted By: Business Unit Date Version 1.0 Page 1 1 Plan Review and Updates... 3 2 Introduction... 3 2.1 Purpose...
More informationCISM Certified Information Security Manager
CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective
More informationIdentify and Protect Your Vital Records
Identify and Protect Your Vital Records INTRODUCTION The Federal Emergency Management Agency s Federal Preparedness Circular 65 states The protection and ready availability of electronic and hardcopy documents,
More informationOffsite Disaster Recovery Plan
1 Offsite Disaster Recovery Plan Offsite Disaster Recovery Plan Presented By: Natan Verkhovsky President Disty Portal Inc. 2 Offsite Disaster Recovery Plan Introduction This document is a comprehensive
More informationContinuity of Operations Planning. A step by step guide for business
What is a COOP? Continuity of Operations Planning A step by step guide for business A Continuity Of Operations Plan (COOP) is a MANAGEMENT APPROVED set of agreed-to preparations and sufficient procedures
More informationEvaluation of the Railroad Retirement Board s Disaster Recovery Plan Report No. 06-08, August 14, 2006 INTRODUCTION
Evaluation of the Railroad Retirement Board s Disaster Recovery Plan Report No. 06-08, August 14, 2006 INTRODUCTION This report presents the results of the Office of Inspector General s evaluation of the
More informationQ uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper
This quick reference guide provides an introductory overview of the key principles and issues involved in IT related disaster recovery planning, including needs evaluation, goals, objectives and related
More informationNEEDS BASED PLANNING FOR IT DISASTER RECOVERY
The Define/Align/Approve Reference Series NEEDS BASED PLANNING FOR IT DISASTER RECOVERY Disaster recovery planning is essential it s also expensive. That s why every step taken and dollar spent must be
More informationDisaster Recovery Planning
Disaster Recovery Planning This is a brief guide, with a suggested table of contents, to help you get started with putting together your Disaster Recovery Plan (DRP) Pensar can assist you in completing
More information85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff
85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff Because a business continuity plan affects all functional units within the organization, each functional unit must participate
More informationDISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS
Appendix L DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS I. GETTING READY A. Obtain written commitment from top management of support for contingency planning objectives. B. Assemble
More informationFederal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION
Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT
More informationBusiness Continuity and the Cloud. Aaron Shaver US Signal, Solution Architect
Business Continuity and the Cloud Aaron Shaver US Signal, Solution Architect Overview What is BC/DR? Why should businesses have a strategy? Why do many business choose not to? How does the cloud change
More informationAttachment to Data Center Services Multisourcing Service Integrator Master Services Agreement
Attachment to Data Center Services Multisourcing Service Integrator Master Services Agreement DIR Contract No. DIR-DCS-MSI-MSA-001 Between The State of Texas, acting by and through the Texas Department
More informationEducation and Workforce Development Cabinet POLICY/PROCEDURE. Policy Number: EDU-06 Effective Date: April 15, 2006 Revision Date: December 20, 2012
Education and Workforce Development Cabinet POLICY/PROCEDURE Policy Number: EDU-06 Effective Date: April 15, 2006 Revision Date: December 20, 2012 Subject: Backup Procedures Tower and Server Farms Policy:
More informationStandard Operating Procedure Contingency Planning Guidance
Standard Operating Procedure Contingency Planning Guidance Version Date: 20080702 Effective Date: 20080707 Expiration Date: 20110707 Responsible Office: Office of the Chief Information Officer 1 Document
More informationBusiness Continuity Planning (BCP) / Disaster Recovery (DR)
Business Continuity Planning (BCP) / Disaster Recovery (DR) Introduction Interruptions to business functions can result from major natural disasters such as earthquakes, floods, and fires, or from man-made
More informationDisaster Recovery Policy
Disaster Recovery Policy Organizational Functional Area: Policy for: Executive Division Bank Disaster Recovery Program Board Reviewed: September 14, 2011 Department/Individual Responsible for Maintaining/Updating
More informationThe more recent Scotiabank survey reconfirms the lack of planning on the part of SME owners for their exit from their business.
Introduction Succession Planning Succession planning is a process through which an enterprise prepares for and implements the transition of responsibilities and the transferral of ownership of its business.
More informationDisaster Recovery. Stanley Lopez Premier Field Engineer Premier Field Engineering Southeast Asia Customer Services and Support
Disaster Recovery Stanley Lopez Premier Field Engineer Premier Field Engineering Southeast Asia Customer Services and Support Categories of Risk Financial Operational Reputational Market share Revenue
More informationCITY UNIVERSITY OF HONG KONG Business Continuity Management Standard
PUBLIC Version: 1.0 CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief
More informationBusiness Continuity Planning and Disaster Recovery Planning
4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business
More informationBusiness Continuity Plans- Technology. Preparation Instructions. Inventory and Assessment. System Backup Procedures
Business Continuity Plans- Technology Preparation Instructions Lutheran Community Services Northwest has operational offices in almost 30 separate locations throughout the states of Washington, Oregon,
More informationBusiness Continuity and Disaster Recovery Planning from an Information Technology Perspective
Business Continuity and Disaster Recovery Planning from an Information Technology Perspective Presenter: David Bird, Director of Sales, Business Technology Consultant phone: 215-672-7100 email: dbird@quatro.com
More informationCONTINUITY OF OPERATIONS PLAN TEMPLATE
CONTINUITY OF OPERATIONS PLAN TEMPLATE For Long-Term Care Facilities CALIFORNIA ASSOCIATION OF HEALTH FACILITIES DISASTER PREPAREDNESS PROGRAM TABLE OF CONTENTS TABLE OF CONTENTS...2 SECTION 1: INTRODUCTION...3
More informationMidsize Enterprise Summit Business Continuity Questions
Select Q&A, D. Scott, F. DeSalvo Research Note 6 February 2003 Midsize Enterprise Summit Business Continuity Questions Current events have created a new awareness of the importance of business continuity
More informationBusiness Continuity Plan
Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions
More informationDisaster Recovery for Small Businesses
Technical White Paper Disaster Recovery for Small Businesses A disaster recovery plan helps you understand what data is critical to your business operations and how to best protect it from unexpected failures.
More informationMinimizing Computer Data Loss Risks With Online Backup. Seven Devastating but Common Computer Backup Mistakes
With Online Backup Seven Devastating but Common Computer Backup Mistakes Fact: Your Company has a 93% chance of going out of business if this one event happens and you have a 15% chance this one event
More informationSan Francisco Chapter. Information Systems Operations
Information Systems Operations Overview Operations as a part of General Computer Controls Key Areas of focus within Information Systems Operations Key operational risks Controls generally associated with
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Business Continuity Management Standard for IT Systems This standard is applicable to all VCU School of Medicine
More informationDisaster Recovery & Business Continuity. James Adamson Library Systems Office
Disaster Recovery & Business Continuity James Adamson Library Systems Office Library Management Information Data Services Financial Procurement Cataloging Inventory/searching Circulation Central Library
More informationIT Disaster Recovery and Business Resumption Planning Standards
Information Technology Disaster Recovery and Business IT Disaster Recovery and Business Adopted by the Information Services Board (ISB) on May 28, 1992 Policy No: Also see: 500-P1, 502-G1 Supersedes No:
More informationBusiness Continuity and Disaster Recovery Policy
Maine State Government Dept. of Administrative & Financial Services Office of Information Technology (OIT) Business Continuity and Disaster Recovery Policy I. Statement The Office of Information Technology
More information9 TH ANNUAL ENERGY & FACILITIES CONFERENCE LEAVENWORTH WA
9 TH ANNUAL ENERGY & FACILITIES CONFERENCE LEAVENWORTH WA Getting to Know SERVPRO SERVPRO s independently owned and operated Franchises have been helping business owners recover from disasters for over
More informationBuilding and Maintaining a Business Continuity Program
Building and Maintaining a Business Continuity Program Successful strategies for financial institutions for effective preparation and recovery Table of Contents Introduction...3 This white paper was written
More informationOverview. Emergency Response. Crisis Management
Prudential Financial s Preparedness Strategy Overview Emergency Response, Crisis Management, Business Continuation, Technology Disaster Recovery & Health Crisis Preparedness Prudential is committed to
More informationDisaster Recovery Planning. By Janet Coggins
Comp 5940 Project Disaster Recovery Planning By Janet Coggins Janet H. Coggins Page 1 11/21/2004 Table of Contents List of each Section....Page 2 Section 1 Executive Summary Overview of the scope of the
More informationBME CLEARING s Business Continuity Policy
BME CLEARING s Business Continuity Policy Contents 1. Introduction 1 2. General goals of the Continuity Policy 1 3. Scope of BME CLEARING s Business Continuity Policy 1 4. Recovery strategies 2 5. Distribution
More informationPAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA
Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationBusiness Continuity Planning for Risk Reduction
Business Continuity Planning for Risk Reduction Ion PLUMB ionplumb@yahoo.com Andreea ZAMFIR zamfir_andreea_ileana@yahoo.com Delia TUDOR tudordelia@yahoo.com Faculty of Management Academy of Economic Studies
More informationINSIDE. Preventing Data Loss. > Disaster Recovery Types and Categories. > Disaster Recovery Site Types. > Disaster Recovery Procedure Lists
Preventing Data Loss INSIDE > Disaster Recovery Types and Categories > Disaster Recovery Site Types > Disaster Recovery Procedure Lists > Business Continuity Plan 1 Preventing Data Loss White Paper Overview
More informationOhio Conference for Payroll Professionals Disaster Recovery
Ohio Conference for Payroll Professionals Disaster Recovery Speaker Bruce E. Phipps CPP 2011 APA Payroll Man of the Year Principal Product Manager US Legislative Analyst ORACLE Corporation bruce.phipps@oracle.com
More informationEvaluating and Improving Your Business Continuity Plan
Evaluating and Improving Your Business Continuity Plan As presented to the Northeast Florida IIA Chapter January 23, 2015 Contact Information Karen Weir, MAC, CISA, CBCP Manager kweir@accretivesolutions.com
More informationState of South Carolina Policy Guidance and Training
State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Business Continuity Management Policy June 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy
More informationGOVERNMENT FINANCE OFFICERS ASSOCIATION OF MISSOURI SPRING 2012 CONFERENCE IT DISASTER PLAN
GOVERNMENT FINANCE OFFICERS ASSOCIATION OF MISSOURI SPRING 2012 CONFERENCE IT DISASTER PLAN 2012 Sikich LLP. All Rights Reserved. Presented by: Scott Wegner Partner, Director Networking Services Sikich
More informationFederal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK
Federal Financial Institutions Examination Council FFIEC Business Continuity Planning BCP FEBRUARY 2015 IT EXAMINATION H ANDBOOK Table of Contents Introduction 1 Board and Senior Management Responsibilities
More information1. Backup and Recovery Policy
POLICY TITLE: POLICY #: IT - 2 DATE DRAFTED: 09/23/05 APPROVED DATE: 09/23/05 REVISION DATE: BRIEF DESCRIPTION: Backup and Recovery Policy Minimum requirements for the creation and retention of computer
More informationBusiness Continuity Management
Business Continuity Management cliftonlarsonallen.com Introductions Brian Pye CliftonLarsonAllen Senior Manager Business Risk Services group 15 years of experience with Business Continuity Megan Moore
More informationRecommended Practice for a Continuity of Operations Plan
Recommended Practice for a Continuity of Operations Plan Approved January 25, 2008 APTA Security Infrastructure Working Group Approved August 4, 2008 APTA Technical Oversight Authorized September 26, 2008
More information9/3/2009. Information Systems Disaster Recovery. Learning Objectives. Why have a plan? unexpected? APPA-Institute for Facilities Management
Information Systems Disaster Recovery APPA-Institute for Facilities Management J. Craig Klimczak, D.V.M., M.S. Vice-Chancellor for Technology St. Louis Community College 300 South Broadway St. Louis, MO
More informationSecurity Architecture. Title Disaster Planning Procedures for Information Technology
Category Applicability Title Disaster Planning Procedures for Information Technology All Public Entities (See the Applicability section below.) Standard - A degree or level of requirement that all jurisdictions
More informationVersion: 1.5 2014 Page 1 of 5
Version: 1.5 2014 Page 1 of 5 1.0 Overview A backup policy is similar to an insurance policy it provides the last line of defense against data loss and is sometimes the only way to recover from a hardware
More informationContinuity of Operations Plan Template
Continuity of Operations Plan Template Office of Water (4608-T) EPA 817-B-14-007 November 2014 Please note: The golden key sticky notes located throughout the template provide additional information and
More informationProtecting your Enterprise
Understanding Disaster Recovery in California Protecting your Enterprise Session Overview Why do we Prepare What is? How do I analyze (measure) it? What to do with it? How do I communicate it? What does
More informationAll-Hazard Continuity of Operations Plan. [Department/College Name] [Date]
d All-Hazard Continuity of Operations Plan [Department/College Name] [Date] TABLE OF CONTENTS SECTION I: INTRODUCTION... 3 Executive Summary... 3 Introduction... 3 Goal... 4 Purpose... 4 Objectives...
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More informationHong Kong Baptist University
Hong Kong Baptist University Disaster Recovery Standard FOR INTERNAL USE ONLY Date of Issue: JULY 2012 Revision History Version Author Date Revision 1.0 Information Security Subcommittee (ISSC) July 2012
More informationDisaster Recovery Planning Process
Disaster Recovery Planning Process By Geoffrey H. Wold Part I of III This is the first of a three-part series that describes the planning process related to disaster recovery. Based on the various considerations
More informationTable of Contents ESF-12-1 034-00-13
Table of Contents Primary Coordinating Agency... 2 Local Supporting Agencies... 2 State, Regional, and Federal Agencies and Organizations... 2 Purpose... 3 Situations and Assumptions... 4 Direction and
More informationTufts Health Plan Corporate Continuity Strategy
Tufts Health Plan Corporate Continuity Strategy July 2015 OVERVIEW The intent of this document is to provide external customers and auditors with a highlevel overview of the Tufts Health Plan Corporate
More informationOur Colorado region is offering a FREE Disaster Recovery Review promotional through June 30, 2009!
Disaster Recovery Review FREE Promotional Offer Our Colorado region is offering a FREE Disaster Recovery Review promotional through June 30, 2009! This review is designed to help the small business better
More informationSupervisory Policy Manual
This module should be read in conjunction with the Introduction and with the Glossary, which contains an explanation of abbreviations and other terms used in this Manual. If reading on-line, click on blue
More informationBusiness Continuity and Crisis Management
Business Continuity and Crisis Management Crisis Management, Business Continuity and The Incident Command System Understanding Differences and Putting it all together? by Max Ckonjevic FBCI, CBCP 1 Objectives
More informationAMERICAN INVESTORS GROUP, INC. BUSINESS CONTINUITY PLAN (BCP)
Ten Critical Elements AMERICAN INVESTORS GROUP, INC. BUSINESS CONTINUITY PLAN (BCP) 1. Data back-up and recovery (hard copy and electronic) 2. All mission critical systems 3. Financial and operational
More informationDisaster Recovery Planning
Assess, Adjust, Improve An LXI Publication Page 1 of 11 Your company's ability to recover is a high priority. In a survey by Contingency Planning & Management Magazine of 1437 contingency planners, 76%
More informationDisaster Recovery Planning for Health care Providers
E-Guide Disaster Recovery Planning for Health care Providers For hospitals, timely access to patient data is critical for maintaining normal operations during a natural or man-made disaster. This Eguide
More informationPlanning for Disaster. Ramesh Ramani CISM CGEIT ramani@pcsuae.com 02 June 2010
Planning for Disaster Ramesh Ramani CISM CGEIT ramani@pcsuae.com 02 June 2010 Agenda Disaster Management-Introduction Examples BCP and IT Continuity Process of Disaster Management-PDCA Disaster Management
More informationBACKUP SECURITY GUIDELINE
Section: Information Security Revised: December 2004 Guideline: Description: Backup Security Guidelines: are recommended processes, models, or actions to assist with implementing procedures with respect
More information