Information Privacy and Security Program Title:

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Information Privacy and Security Program Title:"

Transcription

1 Page: 1 of 11 I. PURPOSE: The purpose of this standard is to protect the safety of our workforce members and mitigate potential risk(s) that could materially affect the ability of the facility to remain operational and/or continue service. II. DEFINITIONS: A. Administrators means the individuals responsible for the technical administration of information assets, including networks, systems, applications, and databases. B. Facility Leadership means the individuals responsible for the management at a Tenet Facility, including, but not limited to, the CEO, CFO, CIO, CNO, COO, Compliance Officer, Regional Privacy Officer, or their designated appointees. C. Additional capitalized terms used herein are defined in the Information Privacy & Security Glossary of Definitions. III. STANDARD: This standard defines the minimum requirements to plan for the identification, protection, and recovery of critical information assets in the event of a disaster. These documents serve as a supplement to the Facility s Disaster Recovery Plan (DRP). Tenet Facility Leadership will develop, implement and maintain a comprehensive Contingency Planning Program. A. Contingency Planning Program Each Tenet Facility is responsible for developing, implementing and maintaining a comprehensive Contingency Plan. The Contingency Plan must encompass, but is not limited to, the Data Criticality Analysis, Data Backup Plan, Emergency Response Plan, Business Continuity Plan and Disaster Recovery Plan. The Contingency Planning Program must consist of six major components. Each is discussed in greater detail in Section IV. Procedure. Data Criticality Analysis (DCA) Data Backup Plan (DBP) Emergency Response Plan (ERP) Business Continuity Plan (BCP) Disaster Recovery Plan (DRP) Contingency Testing Plan (CTP)

2 Page: 2 of 11 B. The following standards must be agreed-upon and approved by Tenet Facility Leadership: 1. A Contingency Planning Program budget must be allocated to support plan development and maintenance 2. A Key Disaster Scenario must be defined and used as the basis to design, develop, activate and execute the Contingency Plan (CP) 3. Contingency Planning Program administrators must be entrusted with the responsibility to develop, implement, maintain, test and execute a Data Criticality Analysis, Data Backup Plan, Business Continuity Plan, Emergency Response Plan, and Disaster Recovery Plan 4. Key Disaster Scenario The Key Disaster Scenario must be used as the basis to design and develop the Contingency Plan. The Key Disaster Scenario represents the worst-case conditions of a disaster, which: a. Is severe in magnitude b. Occurs at the worst possible time c. Inflicts majority loss of critical resources to conduct business d. Requires implementation of the CP 5. Budget Requirements The principal budget requirements are for labor, supplies and services to fulfill component obligations of the Contingency Planning Program; specifically to develop and implement the: a. Data Criticality Analysis b. Data Backup Plan c. Business Continuity Plan, Emergency Response Plan and Disaster Recovery Plan d. Contingency testing plan, including testing for the BCP, ERP and DRP e. Recovery plan maintenance of the BCP, ERP and DRP f. Disaster training and awareness program

3 Page: 3 of 11 g. Other potential network, hardware and software in support of the Contingency Planning Program 6. Emergency Response Team (ERT) The ERT is the key disaster recovery team and is activated in the initial phase of an emergency. The ERT s primary roles during a disaster include: a. Ensuring the safety of individuals b. Providing initial response review c. Making decisions regarding the level of disaster response d. Planning, coordinating, exercising, managing and maintaining the Contingency Plan e. Coordinating plan development, response and recovery with all department managers. Prior to an emergency, the ERT must approve the recovery resources and procedures documented in the BCP, ERP and DRP. The ERT must include management from the following areas: Administration (CEO, COO) Chairperson Regional Privacy Officer and Compliance Officer Information Security Officer Information Systems Facility Security Human Resources Accounting (CFO) Public Relations IV. PROCEDURE: Contingency Planning requires information to be documented, or actions to be taken, within each component of the Contingency Planning Program. These are listed in the following sections below. The information and actions are sufficient to develop individual components of the program, but shall not be considered all-inclusive.

4 Page: 4 of 11 A. Data Criticality Analysis (DCA) Each Tenet Facility is responsible for conducting a DCA to identify essential business functions that must be recovered in the event of a disaster for the Tenet Facility to remain operational. The DCA is used to identify mission critical applications and data sets so as to determine the recovery priority of this information in the event of a loss of availability. The DCA may be used in conjunction with cost-benefit analysis to determine recovery strategies and to help target information that shall be backed up and relied upon in the event of an emergency. 1. Target Organization: Tenet Facility. 2. Task: Classify systems based on availability requirements, thereby identifying critical business systems required to recover. 3. Deliverable: Completed Data Criticality Analysis worksheet for all systems. 5. Secondary Responsibility: As delegated. 6. Frequency: Annually, upon addition of a new application, or after significant business change. 7. Components of the DCA: a. List of business impacts (patient care impact, revenue loss, penalties, extra expenses) per function. b. List of business impacts over time per function. c. Availability ranking by category per application. Category designations should be made as follows: (1) Category 4: Critical system that cannot be unavailable for any length of time. Redundant systems with full backups are required. (2) Category 3: Critical system that cannot be unavailable for longer than 24 hours. Backups must be retained at an offsite location from which they could be retrieved within 24 hours. Disaster recovery procedures must allow for recovery and restoration within 24 hours.

5 Page: 5 of 11 B. Data Backup Plan (DBP) (3) Category 2: System that cannot be unavailable for longer than 72 hours. Backups must be retained at an off-site location from which they could be retrieved within 72 hours. Disaster recovery procedures must allow for recovery and restoration within 72 hours. (4) Category 1: System that must be restored, but can be made unavailable for a period longer than 72 hours. Backups must be retained at an off-site location from which they could be retrieved within a reasonable amount of time. Disaster recovery procedures must document recovery and restoration procedures. (5) Category 0: System that will not need to be restored following a disaster. Backups may be retained, but are not required. Disaster recover procedures may document recovery and/or restoration procedures. Information essential to the Tenet Facility (as identified in the DCA and regardless of format) shall be backed up, stored in a secured facility away from the primary source location. This information must be available upon recall for recovery purposes (tape, compact disc, microfiche, film, video, paper, etc.) with procedures for the recall/recovery contained in the DBP. Each Tenet Facility is responsible for developing, implementing and maintaining a Data Backup Plan to document this process. See EC.PS Backup Security Standard for more information. 1. Target Organization: Tenet Facility. 2. Task: Ensure that critical data has been regularly backed up and stored offsite in a secured location. 3. Deliverable: Data backups and documentation for critical function data, as identified in the DCA. 5. Secondary Responsibility: As delegated. 6. Frequency: Weekly, daily and/or incrementally, as needed.

6 Page: 6 of Components of the Backup Plan: a. Contact list b. List of critical data c. Schedule of backups d. Retention periods e. Off-site storage facility rotation schedule (See EC.PS Technical Controls Security Standard for further information). C. Emergency Response Plan (ERP) Each Tenet Facility is responsible for developing, implementing and maintaining an ERP that lists critical resources and procedures to be followed beginning at the onset of a potential emergency(s) through the time a disaster declaration (initiation of the DRP) has been made. The ERP is to cover the handling of or dealing with, actual events as they are identified. Example: fire, tornado, etc. 1. Target Organization: Tenet Facility. 2. Task: Develop, implement, test and maintain the ERP. 3. Deliverable: Procedures document outlining the initial response procedures following an emergency, but before a declared disaster. 5. Secondary Responsibility: Emergency Response Team (ERT) or as delegated. 6. Frequency: Annually, upon addition of a new application, or after a significant business change. 7. Components of the ERP: a. Team Identification and Contact Lists (ERT, business function recovery teams) b. Personnel Safety and Evacuation Procedures c. Damage Assessment Procedures

7 Page: 7 of 11 d. Disaster Criteria e. Notification Procedures f. Command Center Logistics g. Disaster Alert Procedures h. Disaster Declaration Procedures D. Business Continuity Plan (BCP) Each Tenet Facility is responsible for developing, implementing and maintaining a BCP that outlines how the Tenet Facility should continue to conduct critical business operations while recovering from an emergency and/or declared disaster. The BCP is to cover those steps to be followed to specifically maintain or continue operations when an adverse event(s) would otherwise impact the function(s) of a facility. This may or may not be in relationship to an emergency. Example: post-fire / tornado, staff shortage/illness, supplies, etc. 1. Target Organization: Tenet Facility. 2. Task: Develop, implement, test and maintain the BCP. 3. Deliverable: Procedures document outlining how the Tenet Facility should continue business operations for systems with critical data, as identified in the DCA. 5. Secondary Responsibility: Emergency Response Team (ERT) or as delegated. 6. Frequency: Annually, upon addition of a new application, or after a significant business change. 7. Components of the BCP: a. Team Structure Team Leader and alternates, team members, contact numbers b. Team Notification Procedures c. Business continuity procedures for critical systems d. Documentation procedures for critical systems.

8 Page: 8 of 11 E. Disaster Recovery Plan (DRP) Documented procedures to restore and recover the Tenet Facility s critical information assets shall be developed, implemented and maintained for each facility. The DRP shall list resources and recovery procedures for critical systems. This includes systems supported outside the Tenet Facility, as well as those critical systems provided by and/or managed by Tenet. 1. Target Organization: Tenet Facility Information Systems Providers (internal and external). 2. Task: Develop, implement, test and maintain the DRP. 3. Deliverable: Procedures document for recovery and restoration of systems following a disaster. 5. Secondary Responsibility: As delegated. 6. Frequency: Annually, upon addition of a new application, or after a significant business change. 7. Components of the DRP: a. Team Structure Team Leader and alternates, team members, contact numbers b. Team Notification Procedures c. Location of Recovery Facilities d. Backup Tape Requirements and Retrieval Processes e. response Procedures for critical systems f. Recovery Procedures for critical systems g. Resumption Procedures for critical systems h. Restoration and Return Procedures for critical systems F. Contingency Testing Plan (CTP) Documented processes will be used when testing the Tenet Facility s entire Contingency Planning Program, including the BCP and the DRP. Included with

9 Page: 9 of 11 this documentation will be the date and scope of each exercise/test validating the procedures of the tested plans 1. Target Organization: Tenet Facility. 2. Task: Test the facility s Contingency Planning Program. 3. Deliverable: Procedures document outlining the process used to test the facility s Contingency Planning Program. 5. Secondary Responsibility: As delegated. 6. Frequency: Annually. 7. Components of the CTP: a. Procedures to review the DCA to ensure that all systems are represented and appropriately categorized. b. Procedures to review the DBP to ensure that all appropriate systems are included in the plan. Test the DBP to ensure that systems are backed up in accordance with the plan, and that backup media can be retrieved within an acceptable period of time. c. Procedures to review the ERP to ensure that procedures contained therein are relevant and appropriate. d. Procedures to review the BCP to ensure that all appropriate systems are included in the plan. Test the BCP to ensure that adequate documentation (paper documents) are available in the event of a disaster, and that business continuity processes are effective. e. Procedures to review the DRP to ensure that all appropriate systems are included in the plan. Test the DRP to ensure that the recovery facility is accessible, contact lists are current, team structures are current, backup tapes are available, and response, recovery, resumption, and restoration procedures are documented for all appropriate systems. f. Record(s) of reviews, updates and exercises/testing conducted.

10 Page: 10 of 11 G. Contingency Plan Maintenance The Tenet Facility s Contingency Plan should be updated whenever the need for changes is identified. These updates should be approved using a structured approval process, as outlined by Tenet Facility Leadership. Typically, updates should be made after the annual contingency plan testing, after installation of a new system, or after a significant business change. H. Awareness and Training Appropriate personnel should be trained on the Tenet Facility s contingency planning procedures. Documentation should be maintained for all training classes conducted. V. IMPLEMENTATION: A. Tenet Facility WITHOUT Regional Privacy Officer 1. The Tenet Facility Compliance Officer, Tenet Facility Information Security Officer, and Tenet Facility Compliance Committee are responsible for distribution and oversight of Information Privacy and Standards at the facility level. 2. Tenet Facility will a. Adopt this standard and where necessary develop specific written procedures in order for the Tenet Facility to operationalize this standard; b. Develop appropriate methods to monitor adherence to the written procedures; and c. Report monitoring activity to the Tenet Facility Compliance Officer and Tenet Facility Information Security Officer. B. Tenet Facility WITH Regional Privacy Officer 1. The Regional Privacy Officer, Tenet Facility Information Security Officer, and Tenet Facility Compliance Committee are responsible for distribution and oversight of Information Privacy and Standards at the facility level.

11 Page: 11 of Tenet Facility will C. Home Office a. Adopt this standard and where necessary develop specific written procedures in order for the Tenet Facility to operationalize this standard; b. Develop appropriate methods to monitor adherence to the written procedures; and c. Report monitoring activity to the Regional Privacy Officer. 1. Tenet s Information Privacy/Security Office will work with the Tenet Facility Compliance Officers, Tenet Facility Information Security Officers and Tenet Facility Compliance Committee to develop, maintain, and update procedures and standards for protecting the privacy of PHI and other Confidential/Proprietary information and affording patients their rights with respect to their PHI. 2. Tenet Home Office and Tenet Regional Offices must incorporate these standards into their specific policies and procedures where necessary. VI. REFERENCES: - EC.PS Information Privacy and Security Administration Policy - EC.PS Information Security Policy - EC.PS Backup Security Standard - Information Privacy & Security Glossary of Definitions - Business Continuity & Disaster Preparedness

How to Plan for Disaster Recovery and Business Continuity

How to Plan for Disaster Recovery and Business Continuity A TAMP Systems White Paper TAMP Systems 1-516-623-2038 www.drsbytamp.com How to Plan for Disaster Recovery and Business Continuity By Tom Abruzzo, President and CEO Contents Introduction 1 Definitions

More information

Technology Recovery Plan Instructions

Technology Recovery Plan Instructions State of California California Information Security Office Technology Recovery Plan Instructions SIMM 5325-A (Formerly SIMM 65A) September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF

More information

IT Disaster Recovery Plan Template

IT Disaster Recovery Plan Template HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned

More information

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement

More information

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322 Business Continuity and Disaster Recovery Job Descriptions Table of Contents Business Continuity Services Organization Chart... 2 Director Business Continuity Services Group... 3 Manager of Business Recovery

More information

William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University

William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University Competitive Leadership- Twelve Principles For Success Brian Billick Chapter 3 Be Be Prepared The time

More information

Information Privacy and Security Program Title:

Information Privacy and Security Program Title: 1 Page: 1 of 7 I. PURPOSE: 1 The purpose of this standard is to provide direction for Tenet regarding auditing and monitoring requirements. Logging and auditing of actions within networks, systems, and

More information

Disaster Recovery Plan Documentation for Agencies Instructions

Disaster Recovery Plan Documentation for Agencies Instructions California Office of Information Security Disaster Recovery Plan Documentation for Agencies Instructions () November 2009 SCOPE AND PURPOSE The requirements included in this document are applicable to

More information

Business Continuity & Recovery Plan Summary

Business Continuity & Recovery Plan Summary Introduction An organization s ability to survive a significant business interruption is determined by the company s ability to develop, implement, and maintain viable recovery and business continuity

More information

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY 27 2015

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY 27 2015 STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY 27 2015 AGENDA: Emergency Management Business Continuity Planning Q & A MONTH DAY, YEAR TITLE OF THE PRESENTATION 2 CANADIAN RED CROSS Disaster

More information

Business Continuity & Recovery Plan Summary

Business Continuity & Recovery Plan Summary Introduction An organization s ability to survive a significant business interruption is determined by the company s ability to develop, implement, and maintain viable recovery and business continuity

More information

B U S I N E S S C O N T I N U I T Y P L A N

B U S I N E S S C O N T I N U I T Y P L A N B U S I N E S S C O N T I N U I T Y P L A N 1 Last Review / Update: December 9, 2015 Table of Contents Purpose...3 Background...3 Books and Records Back-up and Recovery...4 Mission Critical Systems...

More information

Disaster Recovery Policy

Disaster Recovery Policy Disaster Recovery Policy INTRODUCTION This policy provides a framework for the ongoing process of planning, developing and implementing disaster recovery management for IT Services at UCD. A disaster is

More information

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1 Version 3.1 November 22, 2004 TABLE OF CONTENTS PART 1: DISASTER RECOVERY EXPECTATIONS... 3 OVERVIEW...3 EXPECTATIONS PRIOR TO AN INCIDENT OCCURRENCE...3 EXPECTATIONS PRIOR TO A DISASTER OCCURRENCE...4

More information

SCOPE; ENFORCEMENT; AUTHORITY; EXCEPTIONS

SCOPE; ENFORCEMENT; AUTHORITY; EXCEPTIONS Title: DRAFT USG Continuity of Operation Plan Policy Policy Number: 2009-Julian Date Topical Security Area: Document Type: Standard Pages: Words: Lines: 5 1,387 182 Issue Date: May-09 Effective Date: Immediately

More information

SAMPLE IT CONTINGENCY PLAN FORMAT

SAMPLE IT CONTINGENCY PLAN FORMAT SAMPLE IT CONTINGENCY PLAN FORMAT This sample format provides a template for preparing an information technology (IT) contingency plan. The template is intended to be used as a guide, and the Contingency

More information

Creating a Business Continuity Plan for your Health Center

Creating a Business Continuity Plan for your Health Center Creating a Business Continuity Plan for your Health Center 1 Page Left Intentionally Blank 2 About This Manual This tool is the result of collaboration between the Primary Care Development Corporation

More information

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS) Information Technology Disaster Recovery Policy Policy Statement This policy defines acceptable methods for disaster recovery planning, preparedness, management and mitigation of IT systems and services

More information

Offsite Disaster Recovery Plan

Offsite Disaster Recovery Plan 1 Offsite Disaster Recovery Plan Offsite Disaster Recovery Plan Presented By: Natan Verkhovsky President Disty Portal Inc. 2 Offsite Disaster Recovery Plan Introduction This document is a comprehensive

More information

I.T. Disaster Recovery Plan

I.T. Disaster Recovery Plan I.T. Disaster Recovery Plan Ref 000xxxxQ January, 2015 5, 443 Albany Hwy Victoria Park, WA, 6100 p. 1300 664 136 Info@focusnetworks.com.au www.focusnetworks.com.au I.T. Disaster Recovery Plan - January

More information

BUSINESS CONTINUITY PLAN OVERVIEW

BUSINESS CONTINUITY PLAN OVERVIEW BUSINESS CONTINUITY PLAN OVERVIEW INTRODUCTION The purpose of this document is to provide Loomis customers with an overview of the company s Business Continuity Plan (BCP). Because of the specific and

More information

BACKUP AND CONTIGENCY PLANS (DISASTER RECOVERY)

BACKUP AND CONTIGENCY PLANS (DISASTER RECOVERY) BACKUP AND CONTIGENCY PLANS (DISASTER RECOVERY) PURPOSE The purpose of this policy is to describe the backup and contingency plans, including disaster recovery planning, that will be implemented to ensure

More information

Continuity of Operations Planning. A step by step guide for business

Continuity of Operations Planning. A step by step guide for business What is a COOP? Continuity of Operations Planning A step by step guide for business A Continuity Of Operations Plan (COOP) is a MANAGEMENT APPROVED set of agreed-to preparations and sufficient procedures

More information

Identify and Protect Your Vital Records

Identify and Protect Your Vital Records Identify and Protect Your Vital Records INTRODUCTION The Federal Emergency Management Agency s Federal Preparedness Circular 65 states The protection and ready availability of electronic and hardcopy documents,

More information

FINAL AUDIT REPORT WITH RECOMENDATIONS Information Technology No. 11-001

FINAL AUDIT REPORT WITH RECOMENDATIONS Information Technology No. 11-001 FINAL AUDIT REPORT WITH RECOMENDATIONS Information Technology No. 11-001 SUBJECT: Review of Emergency Plans DATE: September 24, 2010 for Critical Information Technology Operations and Financial Systems

More information

DISASTER RECOVERY PLANNING GUIDE

DISASTER RECOVERY PLANNING GUIDE DISASTER RECOVERY PLANNING GUIDE AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING FOR JD EDWARDS SOFTWARE CUSTOMERS www.wts.com WTS Disaster Recovery Planning Guide Page 1 Introduction This guide will provide

More information

Disaster Recovery Policy

Disaster Recovery Policy Disaster Recovery Policy Organizational Functional Area: Policy for: Executive Division Bank Disaster Recovery Program Board Reviewed: September 14, 2011 Department/Individual Responsible for Maintaining/Updating

More information

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic

More information

Disaster Recovery Planning Procedures and Guidelines

Disaster Recovery Planning Procedures and Guidelines Disaster Recovery Planning Procedures and Guidelines A Mandatory Reference for ADS Chapter 545 New Reference: 06/01/2006 Responsible Office: M/DCIO File Name: 545mal_060106_cd44 Information System Security

More information

CISM Certified Information Security Manager

CISM Certified Information Security Manager CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective

More information

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY The Define/Align/Approve Reference Series NEEDS BASED PLANNING FOR IT DISASTER RECOVERY Disaster recovery planning is essential it s also expensive. That s why every step taken and dollar spent must be

More information

Disaster Recovery Planning

Disaster Recovery Planning Disaster Recovery Planning This is a brief guide, with a suggested table of contents, to help you get started with putting together your Disaster Recovery Plan (DRP) Pensar can assist you in completing

More information

Contingency Plan for HIPAA

Contingency Plan for HIPAA TEMPLATE SUITE FOR BUSINESS CONTINUITY PLAN FOR SMALL BUSINESS (LESS THAN 50 EMPLOYEES) INCLUDES Total Cost: $549 Business Impact Analysis Enterprise Business Impact Analysis Survey Short (15 pages) Example

More information

Why Should Companies Take a Closer Look at Business Continuity Planning?

Why Should Companies Take a Closer Look at Business Continuity Planning? whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters

More information

9 TH ANNUAL ENERGY & FACILITIES CONFERENCE LEAVENWORTH WA

9 TH ANNUAL ENERGY & FACILITIES CONFERENCE LEAVENWORTH WA 9 TH ANNUAL ENERGY & FACILITIES CONFERENCE LEAVENWORTH WA Getting to Know SERVPRO SERVPRO s independently owned and operated Franchises have been helping business owners recover from disasters for over

More information

Vital Records Management

Vital Records Management National Archives and Records Administration Northeast Region Vital Records Management A Briefing for Federal Agencies Pentagon, September 11, 2004 Federal Records A record is anything created or received

More information

THE CAPITAL MARKETS DISASTER RECOVERY GUIDELINES

THE CAPITAL MARKETS DISASTER RECOVERY GUIDELINES THE CAPITAL MARKETS DISASTER RECOVERY GUIDELINES Guideline PART I PRELIMINARY 1. Title 2. Application 3. Definition of disaster recovery for purposes of these Guidelines 4. Background to Guidelines 5.

More information

15 Organisation/ICT/02/01/15 Back- up

15 Organisation/ICT/02/01/15 Back- up 15 Organisation/ICT/02/01/15 Back- up 15.1 Description Backup is a copy of a program or file that is stored separately from the original. These duplicated copies of data on different storage media or additional

More information

Business Continuity and Disaster Recovery Policy

Business Continuity and Disaster Recovery Policy Maine State Government Dept. of Administrative & Financial Services Office of Information Technology (OIT) Business Continuity and Disaster Recovery Policy I. Statement The Office of Information Technology

More information

Q uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper

Q uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper This quick reference guide provides an introductory overview of the key principles and issues involved in IT related disaster recovery planning, including needs evaluation, goals, objectives and related

More information

Disaster Recovery. Stanley Lopez Premier Field Engineer Premier Field Engineering Southeast Asia Customer Services and Support

Disaster Recovery. Stanley Lopez Premier Field Engineer Premier Field Engineering Southeast Asia Customer Services and Support Disaster Recovery Stanley Lopez Premier Field Engineer Premier Field Engineering Southeast Asia Customer Services and Support Categories of Risk Financial Operational Reputational Market share Revenue

More information

Business Unit CONTINGENCY PLAN

Business Unit CONTINGENCY PLAN Contingency Plan Template Business Unit CONTINGENCY PLAN Version 1.0 (Date submitted) Submitted By: Business Unit Date Version 1.0 Page 1 1 Plan Review and Updates... 3 2 Introduction... 3 2.1 Purpose...

More information

Business Continuity and Disaster Planning

Business Continuity and Disaster Planning WHITE PAPER Business Continuity and Disaster Planning A guide to preparing for the unexpected Robert Drewniak Director, Strategic & Advisory Services Disasters are not always the result of high winds and

More information

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS Appendix L DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS I. GETTING READY A. Obtain written commitment from top management of support for contingency planning objectives. B. Assemble

More information

Protecting your Enterprise

Protecting your Enterprise Understanding Disaster Recovery in California Protecting your Enterprise Session Overview Why do we Prepare What is? How do I analyze (measure) it? What to do with it? How do I communicate it? What does

More information

Disaster Recovery Plan Overview for Customers. Sage ERP Online

Disaster Recovery Plan Overview for Customers. Sage ERP Online Disaster Recovery Plan Overview for Customers Sage ERP Online Table of Contents 1.0 Executive Summary... 3 1.1 The Plan... 3 1.2 Determining Factors... 4 2.0 Disaster Recovery Strategy... 5 2.1 Summary

More information

Recommended Practice for a Continuity of Operations Plan

Recommended Practice for a Continuity of Operations Plan Recommended Practice for a Continuity of Operations Plan Approved January 25, 2008 APTA Security Infrastructure Working Group Approved August 4, 2008 APTA Technical Oversight Authorized September 26, 2008

More information

Business Continuity Management

Business Continuity Management Business Continuity Management cliftonlarsonallen.com Introductions Brian Pye CliftonLarsonAllen Senior Manager Business Risk Services group 15 years of experience with Business Continuity Megan Moore

More information

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT

More information

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective Business Continuity and Disaster Recovery Planning from an Information Technology Perspective Presenter: David Bird, Director of Sales, Business Technology Consultant phone: 215-672-7100 email: dbird@quatro.com

More information

San Francisco Chapter. Information Systems Operations

San Francisco Chapter. Information Systems Operations Information Systems Operations Overview Operations as a part of General Computer Controls Key Areas of focus within Information Systems Operations Key operational risks Controls generally associated with

More information

Evaluation of the Railroad Retirement Board s Disaster Recovery Plan Report No. 06-08, August 14, 2006 INTRODUCTION

Evaluation of the Railroad Retirement Board s Disaster Recovery Plan Report No. 06-08, August 14, 2006 INTRODUCTION Evaluation of the Railroad Retirement Board s Disaster Recovery Plan Report No. 06-08, August 14, 2006 INTRODUCTION This report presents the results of the Office of Inspector General s evaluation of the

More information

Prudential Standard LPS 232

Prudential Standard LPS 232 Prudential Standard LPS 232 Business Continuity Management Objective and key requirements of this Prudential Standard This Prudential Standard aims to ensure that each life company implements a whole of

More information

Virginia Commonwealth University School of Medicine Information Security Standard

Virginia Commonwealth University School of Medicine Information Security Standard Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Business Continuity Management Standard for IT Systems This standard is applicable to all VCU School of Medicine

More information

Midsize Enterprise Summit Business Continuity Questions

Midsize Enterprise Summit Business Continuity Questions Select Q&A, D. Scott, F. DeSalvo Research Note 6 February 2003 Midsize Enterprise Summit Business Continuity Questions Current events have created a new awareness of the importance of business continuity

More information

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Business Continuity and the Cloud. Aaron Shaver US Signal, Solution Architect

Business Continuity and the Cloud. Aaron Shaver US Signal, Solution Architect Business Continuity and the Cloud Aaron Shaver US Signal, Solution Architect Overview What is BC/DR? Why should businesses have a strategy? Why do many business choose not to? How does the cloud change

More information

Disaster Recovery & Business Continuity. James Adamson Library Systems Office

Disaster Recovery & Business Continuity. James Adamson Library Systems Office Disaster Recovery & Business Continuity James Adamson Library Systems Office Library Management Information Data Services Financial Procurement Cataloging Inventory/searching Circulation Central Library

More information

Attachment to Data Center Services Multisourcing Service Integrator Master Services Agreement

Attachment to Data Center Services Multisourcing Service Integrator Master Services Agreement Attachment to Data Center Services Multisourcing Service Integrator Master Services Agreement DIR Contract No. DIR-DCS-MSI-MSA-001 Between The State of Texas, acting by and through the Texas Department

More information

Meaningful Use and Core Requirement 15

Meaningful Use and Core Requirement 15 Meaningful Use and Core Requirement 15 How can I comply the lack of time and staff... www.compliancygroup.com 1 Meaningful Use and Core Requirement 15 Meaningful Use Protection of Protected Health Information

More information

85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff

85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff 85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff Because a business continuity plan affects all functional units within the organization, each functional unit must participate

More information

Table of Contents ESF-12-1 034-00-13

Table of Contents ESF-12-1 034-00-13 Table of Contents Primary Coordinating Agency... 2 Local Supporting Agencies... 2 State, Regional, and Federal Agencies and Organizations... 2 Purpose... 3 Situations and Assumptions... 4 Direction and

More information

Business Continuity. Disaster Recovery Plan

Business Continuity. Disaster Recovery Plan Business Continuity Disaster Recovery Plan Emergency Contact Persons Phyllis Hollis, President & CEO O: (212) 916 3888 Cell: (917) 804 8021 Email: phollis@cavusecurities.com Kinchen Bizzell, Managing Director,

More information

Education and Workforce Development Cabinet POLICY/PROCEDURE. Policy Number: EDU-06 Effective Date: April 15, 2006 Revision Date: December 20, 2012

Education and Workforce Development Cabinet POLICY/PROCEDURE. Policy Number: EDU-06 Effective Date: April 15, 2006 Revision Date: December 20, 2012 Education and Workforce Development Cabinet POLICY/PROCEDURE Policy Number: EDU-06 Effective Date: April 15, 2006 Revision Date: December 20, 2012 Subject: Backup Procedures Tower and Server Farms Policy:

More information

State of South Carolina Policy Guidance and Training

State of South Carolina Policy Guidance and Training State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Business Continuity Management Policy June 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy

More information

Disaster Recovery Planning. By Janet Coggins

Disaster Recovery Planning. By Janet Coggins Comp 5940 Project Disaster Recovery Planning By Janet Coggins Janet H. Coggins Page 1 11/21/2004 Table of Contents List of each Section....Page 2 Section 1 Executive Summary Overview of the scope of the

More information

Business Continuity Planning (BCP) / Disaster Recovery (DR)

Business Continuity Planning (BCP) / Disaster Recovery (DR) Business Continuity Planning (BCP) / Disaster Recovery (DR) Introduction Interruptions to business functions can result from major natural disasters such as earthquakes, floods, and fires, or from man-made

More information

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard PUBLIC Version: 1.0 CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief

More information

GOVERNMENT FINANCE OFFICERS ASSOCIATION OF MISSOURI SPRING 2012 CONFERENCE IT DISASTER PLAN

GOVERNMENT FINANCE OFFICERS ASSOCIATION OF MISSOURI SPRING 2012 CONFERENCE IT DISASTER PLAN GOVERNMENT FINANCE OFFICERS ASSOCIATION OF MISSOURI SPRING 2012 CONFERENCE IT DISASTER PLAN 2012 Sikich LLP. All Rights Reserved. Presented by: Scott Wegner Partner, Director Networking Services Sikich

More information

Version: 1.5 2014 Page 1 of 5

Version: 1.5 2014 Page 1 of 5 Version: 1.5 2014 Page 1 of 5 1.0 Overview A backup policy is similar to an insurance policy it provides the last line of defense against data loss and is sometimes the only way to recover from a hardware

More information

Evaluating and Improving Your Business Continuity Plan

Evaluating and Improving Your Business Continuity Plan Evaluating and Improving Your Business Continuity Plan As presented to the Northeast Florida IIA Chapter January 23, 2015 Contact Information Karen Weir, MAC, CISA, CBCP Manager kweir@accretivesolutions.com

More information

Business Continuity Planning for Schools, Departments & Support Units

Business Continuity Planning for Schools, Departments & Support Units Business Continuity Planning for Schools, Departments & Support Units 1 What is Business Continuity Planning? Examples Planning for an adverse, major or catastrophic event that would cause a disruption

More information

Standard Operating Procedure Contingency Planning Guidance

Standard Operating Procedure Contingency Planning Guidance Standard Operating Procedure Contingency Planning Guidance Version Date: 20080702 Effective Date: 20080707 Expiration Date: 20110707 Responsible Office: Office of the Chief Information Officer 1 Document

More information

Business Continuity Plan

Business Continuity Plan Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

Business Continuity Plans- Technology. Preparation Instructions. Inventory and Assessment. System Backup Procedures

Business Continuity Plans- Technology. Preparation Instructions. Inventory and Assessment. System Backup Procedures Business Continuity Plans- Technology Preparation Instructions Lutheran Community Services Northwest has operational offices in almost 30 separate locations throughout the states of Washington, Oregon,

More information

The more recent Scotiabank survey reconfirms the lack of planning on the part of SME owners for their exit from their business.

The more recent Scotiabank survey reconfirms the lack of planning on the part of SME owners for their exit from their business. Introduction Succession Planning Succession planning is a process through which an enterprise prepares for and implements the transition of responsibilities and the transferral of ownership of its business.

More information

Disaster Recovery for Small Businesses

Disaster Recovery for Small Businesses Technical White Paper Disaster Recovery for Small Businesses A disaster recovery plan helps you understand what data is critical to your business operations and how to best protect it from unexpected failures.

More information

Minimizing Computer Data Loss Risks With Online Backup. Seven Devastating but Common Computer Backup Mistakes

Minimizing Computer Data Loss Risks With Online Backup. Seven Devastating but Common Computer Backup Mistakes With Online Backup Seven Devastating but Common Computer Backup Mistakes Fact: Your Company has a 93% chance of going out of business if this one event happens and you have a 15% chance this one event

More information

CONTINUITY OF OPERATIONS PLAN TEMPLATE

CONTINUITY OF OPERATIONS PLAN TEMPLATE CONTINUITY OF OPERATIONS PLAN TEMPLATE For Long-Term Care Facilities CALIFORNIA ASSOCIATION OF HEALTH FACILITIES DISASTER PREPAREDNESS PROGRAM TABLE OF CONTENTS TABLE OF CONTENTS...2 SECTION 1: INTRODUCTION...3

More information

Security Architecture. Title Disaster Planning Procedures for Information Technology

Security Architecture. Title Disaster Planning Procedures for Information Technology Category Applicability Title Disaster Planning Procedures for Information Technology All Public Entities (See the Applicability section below.) Standard - A degree or level of requirement that all jurisdictions

More information

PARKES SHIRE COUNCIL BUSINESS CONTINUITY POLICY

PARKES SHIRE COUNCIL BUSINESS CONTINUITY POLICY PARKES SHIRE COUNCIL BUSINESS CONTINUITY POLICY PARKES SHIRE COUNCIL BUSINESS CONTINUITY POLICY CONTENTS INTRODUCTION... 1 PURPOSE... 1 POLICY... 1 DEFINITIONS... 1 RESPONSIBILITY... 1 RELATED DOCUMENTATION...

More information

All-Hazard Continuity of Operations Plan. [Department/College Name] [Date]

All-Hazard Continuity of Operations Plan. [Department/College Name] [Date] d All-Hazard Continuity of Operations Plan [Department/College Name] [Date] TABLE OF CONTENTS SECTION I: INTRODUCTION... 3 Executive Summary... 3 Introduction... 3 Goal... 4 Purpose... 4 Objectives...

More information

EMERGENCY MANAGEMENT BUSINESS CONTINUITY PLANNING TEMPLATE

EMERGENCY MANAGEMENT BUSINESS CONTINUITY PLANNING TEMPLATE EMERGENCY MANAGEMENT BUSINESS CONTINUITY PLANNING TEMPLATE A. BUSINESS CONTINUITY PLAN (BCP) To be better prepared, UHCL personnel and its programs may use this form to complete a Business Continuity Plan

More information

Disaster Recovery Planning for Health care Providers

Disaster Recovery Planning for Health care Providers E-Guide Disaster Recovery Planning for Health care Providers For hospitals, timely access to patient data is critical for maintaining normal operations during a natural or man-made disaster. This Eguide

More information

AMERICAN INVESTORS GROUP, INC. BUSINESS CONTINUITY PLAN (BCP)

AMERICAN INVESTORS GROUP, INC. BUSINESS CONTINUITY PLAN (BCP) Ten Critical Elements AMERICAN INVESTORS GROUP, INC. BUSINESS CONTINUITY PLAN (BCP) 1. Data back-up and recovery (hard copy and electronic) 2. All mission critical systems 3. Financial and operational

More information

Information Services IT Security Policies B. Business continuity management and planning

Information Services IT Security Policies B. Business continuity management and planning Information Services IT Security Policies B. Business continuity management and planning Version 1 Date created: 28th May 2009 Approved by Directorate: 2nd July 2009 Review date: 1st July 2010 Primary

More information

White Paper: Librestream Security Overview

White Paper: Librestream Security Overview White Paper: Librestream Security Overview TABLE OF CONTENTS 1 SECURITY OVERVIEW... 3 2 USE OF SECURE DATA CENTERS... 3 3 SECURITY MONITORING, INTERNAL TESTING AND ASSESSMENTS... 4 3.1 Penetration Testing

More information

Building and Maintaining a Business Continuity Program

Building and Maintaining a Business Continuity Program Building and Maintaining a Business Continuity Program Successful strategies for financial institutions for effective preparation and recovery Table of Contents Introduction...3 This white paper was written

More information

BACKUP SECURITY GUIDELINE

BACKUP SECURITY GUIDELINE Section: Information Security Revised: December 2004 Guideline: Description: Backup Security Guidelines: are recommended processes, models, or actions to assist with implementing procedures with respect

More information

Mazzone & Associates, Inc.

Mazzone & Associates, Inc. Mazzone & Associates, Inc. Business Continuity Plan (BCP) Introduction. As a result of our ever-changing and evolving world, it has become necessary for firms in the financial services industry to take

More information

Risk Management of Outsourced Technology Services. November 28, 2000

Risk Management of Outsourced Technology Services. November 28, 2000 Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the

More information

Overview. Emergency Response. Crisis Management

Overview. Emergency Response. Crisis Management Prudential Financial s Preparedness Strategy Overview Emergency Response, Crisis Management, Business Continuation, Technology Disaster Recovery & Health Crisis Preparedness Prudential is committed to

More information

Disaster Recovery Backup Policy. Jane Drews

Disaster Recovery Backup Policy. Jane Drews Disaster Recovery Backup Policy Jane Drews What is Disaster Recovery Knowing how to react properly in an emergency is critical to making the right decisions to minimize damage and quickly restore operations.

More information

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager Document Reference Number Date Title Author Owning Department Version Approval Date Review Date Approving Body UoG/ILS/IS 001 January 2016 Information Security and Assurance Policy Information Security

More information

Ohio Conference for Payroll Professionals Disaster Recovery

Ohio Conference for Payroll Professionals Disaster Recovery Ohio Conference for Payroll Professionals Disaster Recovery Speaker Bruce E. Phipps CPP 2011 APA Payroll Man of the Year Principal Product Manager US Legislative Analyst ORACLE Corporation bruce.phipps@oracle.com

More information

Domain 3 Business Continuity and Disaster Recovery Planning

Domain 3 Business Continuity and Disaster Recovery Planning Domain 3 Business Continuity and Disaster Recovery Planning Steps (ISC) 2 steps [Har10] Project initiation Business Impact Analysis (BIA) Recovery strategy Plan design and development Implementation Testing

More information

IT Disaster Recovery and Business Resumption Planning Standards

IT Disaster Recovery and Business Resumption Planning Standards Information Technology Disaster Recovery and Business IT Disaster Recovery and Business Adopted by the Information Services Board (ISB) on May 28, 1992 Policy No: Also see: 500-P1, 502-G1 Supersedes No:

More information