IT Risk Identification and Disaster Recovery. Mark Fenech BSc MBA CRISC CBCI January 2014

Size: px
Start display at page:

Download "IT Risk Identification and Disaster Recovery. Mark Fenech BSc MBA CRISC CBCI January 2014"

Transcription

1 IT Risk Identification and Disaster Recovery Mark Fenech BSc MBA CRISC CBCI January 2014

2

3 ISO 31000:2009 Risk Management Standard Risk Assessment Process Risk Context Risk Identification Risk Analysis Risk Evaluation Risk Treatment 3

4 Risk Identification ISACA's information criteria/goals Criteria that information must satisfy to be useful to the business A more structured approach 4

5 Risk Essentials Risk = f(impact, Probability) Human are biased when doing risk assessments We tend to give a higher priority to risks that - have occurred recently - are closer to us 5

6 ISACA's Information Criteria Some examples from COBIT 4.1 and 5 Availability Confidentiality Efficiency (information as a service) Effectiveness (information as a product) Relevancy Currency 6

7 7

8 Business Continuity Business Continuity (plans) for Equipment, materials and resources IT (e.g. redundancy) HR (e.g. succession planning) Facilities (e.g. alternate sites) Suppliers (outsourced activities/common supplies) The capability of the organization to continue delivery of products and services at acceptable predefined levels following a disruptive incident. (GPG2013) 8

9 Disaster Recovery The strategies and plans for recovering and restoring the organizations technological infrastructure and capabilities after a serious interruption. (GPG2013) Mostly redundancy, but not always (incl. passwords/updates, BIA priority lists) 9

10 When PIXAR deleted Toy Story 2 Internet Disruption (2008) Marsa Bridge (2010, Business Continuity) Drop Chemicals (2011, Business Continuity) Crypto Locker Case in Malta (2013) and backups 10

11 Uptime 11

12 SLA/OLA Downtime per year 90% (0.9) 36.5 days 99% (0.99) 3.6 days 99.9% (0.999) 8.7 hours 99.99% (0.9999) 52 minutes % ( ) 5 minutes Measuring uptime: network/system metrics End user experience is what counts! 12

13 Disaster Recovery will not solve all your problems! Get the basics right... TIA942 Software Bugs 13

14 Software Bugs This is NOT Disaster Recovery An SME had 1. a program writing data at the wrong location (e.g. name and surname swapped) COMPENSATED BY 2. a program reading data from the wrong location (e.g. name and surname swapped) Reading the database with a new version resulted in problems that were not solved when switching over to the 2nd site. 14

15 Major Cloud Services Providers Risks Data Location, Security Procedures Transparency, Commingled Data, Vendor Lock-In, Data Ownership (logs?), CSP going out of business, Forensic Audits Penetration Detection, Access Control, Compliance, Disaster Recovery 15

16 Cloud Services Provider Monthly Backup and Recovery Service Levels Monthly Uptime Percentage Service Credit <99.9% (8.7 hours per year) 10% <99% (3.6 days per year) 25% Example: 100GB Database, 1000GB Bandwidth Costs EUR 215 per month Refunds: 10% = EUR 21.50, 25% = EUR

17 Cloud Services Provider Contract This SLA and any applicable Service Levels do not apply to any performance or availability issues: 1. Due to factors outside [the vendor's] reasonable control (for example, a network or device failure external to [vendors's] data centers); : : iii. The Service Credits awarded in any billing month shall not, under any circumstance, exceed Customer's monthly Service fees for that billing month. 17

18 Typical Replication Technique 18

19 19

20 Disaster Recovery Plans Objectives Assumptions Prerequisites Dependencies High-level diagram Recovery procedure Reconstruction 20

21 Disaster Recovery Plans Contact details Definitions Exercise logs Inventory Related documents and contracts 21

22 Disaster Recovery Exercises Prolonged switch over of live operations 24 hour (2 hour) switch over of live operations Parallel Processing Availability of secondary setup to selected users (no live data is modified or keyed in during exercise) 22

23 Metrics Percentage of systems that are classified formally (through a BIA process) Percentage of systems with DRPs that comply with BIA guidelines Average time since last recovery exercise Number of DRPs that were confirmed less than 12/24 months ago (exercise/validation/review) Percentage of successful exercises in the past 12 months 23

24 Thank You! Questions? 24

Business Unit CONTINGENCY PLAN

Business Unit CONTINGENCY PLAN Contingency Plan Template Business Unit CONTINGENCY PLAN Version 1.0 (Date submitted) Submitted By: Business Unit Date Version 1.0 Page 1 1 Plan Review and Updates... 3 2 Introduction... 3 2.1 Purpose...

More information

OpenStack Private Cloud Hosting in an Tier 3 Data Centre. G-Cloud Lot 1 IaaS

OpenStack Private Cloud Hosting in an Tier 3 Data Centre. G-Cloud Lot 1 IaaS OpenStack Private Cloud Hosting in an Tier 3 Data Centre This is service provides a dedicated private cloud environment built on the open source technology, OpenStack. This is service provides a dedicated

More information

IT Audit in the Cloud

IT Audit in the Cloud IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust

More information

Sound Transit Internal Audit Report - No. 2014-6

Sound Transit Internal Audit Report - No. 2014-6 Sound Transit Internal Audit Report - No. 2014-6 Maturity Assessment: Information Technology Division Disaster Recovery Planning Report Date: June 5, 2015 Table of Contents Page Executive Summary 2 Background

More information

Services Providers. Ivan Soto

Services Providers. Ivan Soto SOP s for Managing Application Services Providers Ivan Soto Learning Objectives At the end of this session we will have covered: Types of Managed Services Outsourcing process Quality expectations for Managed

More information

Service Level Agreement

Service Level Agreement Between State Agency Here after called "1st Party" And Vendor Here after called "2nd Party" Document Classification: Public Page 1 of 7 Table of Contents Table of Contents... 2 1. SCOPE OF SERVICE... 3

More information

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain 1. What is the most common planned performance duration for a continuity of operations plan (COOP)? A. 30 days B. 60 days C. 90 days D. It depends on the severity of a disaster. 2. What is the business

More information

DRAFT Disaster Recovery Policy Template

DRAFT Disaster Recovery Policy Template DRAFT Disaster Recovery Policy Template NOTE: This is a boiler plate template much information is needed from to finalizeconsider this document pre-draft FOREWARD... 3 Policy Overview...

More information

Top Ten Technology Risks Facing Colleges and Universities

Top Ten Technology Risks Facing Colleges and Universities Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

Business Continuity and Capacity Building

Business Continuity and Capacity Building Business Continuity and Capacity Building April 10, 2015 Business Continuity and Capacity Building April 10, 2015 1 / 14 Developing Institutional Business Continuity Plans and Implications for Capacity

More information

HA / DR Jargon Buster High Availability / Disaster Recovery

HA / DR Jargon Buster High Availability / Disaster Recovery HA / DR Jargon Buster High Availability / Disaster Recovery Welcome to Maxava s Jargon Buster. Your quick reference guide to Maxava HA and industry technical terms related to High Availability and Disaster

More information

B U S I N E S S C O N T I N U I T Y P L A N

B U S I N E S S C O N T I N U I T Y P L A N B U S I N E S S C O N T I N U I T Y P L A N 1 Last Review / Update: December 9, 2015 Table of Contents Purpose...3 Background...3 Books and Records Back-up and Recovery...4 Mission Critical Systems...

More information

ESKITP6032 IT Disaster Recovery Level 2 Role

ESKITP6032 IT Disaster Recovery Level 2 Role Overview This sub-discipline is about the competencies required in order to manage all aspect of Disaster Recovery (DR), as it applies to IT within an. ESKITP6032 1 Performance criteria You must be able

More information

Indicative Requirements for Cloud Service Providers. connect communicate collaborate

Indicative Requirements for Cloud Service Providers. connect communicate collaborate Requirements Document Cloud Services connect communicate collaborate www.geant.net This document has been produced with the financial assistance of the European Union. The contents of this document are

More information

2014 NABRICO Conference

2014 NABRICO Conference Business Continuity Planning 2014 NABRICO Conference September 19, 2014 6 CityPlace Drive, Suite 900 St. Louis, Missouri 63141 314.983.1200 1520 S. Fifth Street, Suite 309 St. Charles, Missouri 63303 636.255.3000

More information

CA API Management SaaS

CA API Management SaaS SaaS Listing CA API Management SaaS 1. Introduction This document provides standards and features that apply to the CA API Management SaaS offering ( Service ) provided to the Customer and defines the

More information

Business Continuity Planning

Business Continuity Planning Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why

More information

Service availability (in the clouds)

Service availability (in the clouds) Warsaw, 24 th of March 2014 Service availability (in the clouds) Aleksander P. Czarnowski, AVET INS / EuroCloud Polska Page 1 of 16 Table of Contents 1. Introduction... 3 2. Availability concept for IaaS,

More information

Virtualization & Covance Inc.

Virtualization & Covance Inc. Virtualization & Cloud Computing Environment Oleg Trigub Covance Inc. Agenda Disaster Recovery Challenges Benefits of Private Cloud DR RPO versus RTO Data Replication among Data Centers Is DR in the Cloud

More information

Things You Need to Know About Cloud Backup

Things You Need to Know About Cloud Backup Things You Need to Know About Cloud Backup Over the last decade, cloud backup, recovery and restore (BURR) options have emerged as a secure, cost-effective and reliable method of safeguarding the increasing

More information

Data In The Cloud: Who Owns It, and How Do You Get it Back?

Data In The Cloud: Who Owns It, and How Do You Get it Back? Data In The Cloud: Who Owns It, and How Do You Get it Back? Presented by Dave Millier, Soban Bhatti, and Oleg Sotnikov 2013 Sentry Metrics Inc. Agenda Reasons for Cloud Adoption How Did My Data Get There?

More information

WHITE PAPER. How to choose and implement your cloud strategy

WHITE PAPER. How to choose and implement your cloud strategy WHITE PAPER How to choose and implement your cloud strategy INTRODUCTION Cloud computing has the potential to tip strategic advantage away from large established enterprises toward SMBs or startup companies.

More information

Adopting Cloud Computing with a RISK Mitigation Strategy

Adopting Cloud Computing with a RISK Mitigation Strategy Adopting Cloud Computing with a RISK Mitigation Strategy TS Yu, OGCIO 21 March 2013 1. Introduction 2. Security Challenges Agenda 3. Risk Mitigation Strategy Before start using When using 4. Policy & Guidelines

More information

Unit Guide to Business Continuity/Resumption Planning

Unit Guide to Business Continuity/Resumption Planning Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions

More information

Best Practices in Disaster Recovery Planning and Testing

Best Practices in Disaster Recovery Planning and Testing Best Practices in Disaster Recovery Planning and Testing axcient.com 2015. Axcient, Inc. All Rights Reserved. 1 Best Practices in Disaster Recovery Planning and Testing Disaster Recovery plans are widely

More information

Perforce Backup Strategy & Disaster Recovery at National Instruments. Steven Lysohir

Perforce Backup Strategy & Disaster Recovery at National Instruments. Steven Lysohir Perforce Backup Strategy & Disaster Recovery at National Instruments Steven Lysohir 1 Why This Topic? Case study on large Perforce installation Something for smaller sites to ponder as they grow Stress

More information

Vendor Due-Diligence & Vendor Management

Vendor Due-Diligence & Vendor Management Vendor Due-Diligence & Vendor Management Eclectic Guidance: Cybersecurity, Privacy & Validated Systems Matt Stamper, Virtual CISO CISO in Residence CyberFlow Analytics Proud Member of ISACA MPIA, MS, CISA,

More information

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and

More information

White Paper: ISO 22301 Business Continuity Management An Overview. ISO 22301 Business Continuity Management An Overview

White Paper: ISO 22301 Business Continuity Management An Overview. ISO 22301 Business Continuity Management An Overview White Paper: ISO 22301 Business Continuity Management An Overview ISO 22301 Business Continuity Management An Overview Introduction As incidents such as malicious activism, terrorist attacks and environmental

More information

Proposal for Business Continuity Plan and Management Review 6 August 2008

Proposal for Business Continuity Plan and Management Review 6 August 2008 Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.

More information

NETWORK SERVICES WITH SOME CREDIT UNIONS PROCESSING 800,000 TRANSACTIONS ANNUALLY AND MOVING OVER 500 MILLION, SYSTEM UPTIME IS CRITICAL.

NETWORK SERVICES WITH SOME CREDIT UNIONS PROCESSING 800,000 TRANSACTIONS ANNUALLY AND MOVING OVER 500 MILLION, SYSTEM UPTIME IS CRITICAL. NETWORK SERVICES WITH SOME CREDIT UNIONS PROCESSING 800,000 TRANSACTIONS ANNUALLY AND MOVING OVER 500 MILLION, SYSTEM UPTIME IS CRITICAL. Your Credit Union information is irreplaceable. Data loss can result

More information

Technology Risk Management

Technology Risk Management 1 Monetary Authority of Singapore Technology Risk Guidelines & Notices New Requirements for Financial Services Industry Mark Ames Director, Seminar Program ISACA Singapore 2 MAS Supervisory Framework Impact

More information

By: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015

By: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015 Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level June 9, 2015 By: Tracy Hall MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company,

More information

White Paper. Lifecycle Disaster Recovery Costs

White Paper. Lifecycle Disaster Recovery Costs White Paper Lifecycle Disaster Recovery Costs Lifecycle Disaster Recovery Costs Do you really understand the costs to a financial institution for IT Disaster Recovery? Most professionals working in a

More information

What s the Path? Information Life-cycle part of Vendor Management

What s the Path? Information Life-cycle part of Vendor Management Disclaimer The materials provided in this presentation and any comments or information provided by the presenter are for educational purposes only and nothing conveyed or provided should be considered

More information

CISM Certified Information Security Manager

CISM Certified Information Security Manager CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective

More information

Cisco Disaster Recovery: Best Practices White Paper

Cisco Disaster Recovery: Best Practices White Paper Table of Contents Disaster Recovery: Best Practices White Paper...1 Introduction...1 Performance Indicators for Disaster Recovery...1 High Level Process Flow for Disaster Recovery...2 Management Awareness...2

More information

A Managed Storage Service on a Hybrid Cloud

A Managed Storage Service on a Hybrid Cloud A Managed Storage on a Hybrid Cloud Business Context Sustainability Improve procurement & contract management Embrace and optimise advances in technology Environmental improvement & carbon reduction Global

More information

Checklist of ISO 22301 Mandatory Documentation

Checklist of ISO 22301 Mandatory Documentation Checklist of ISO 22301 Mandatory Documentation 1) Which documents and records are required? The list below shows the minimum set of documents and records required by ISO 22301:2012 (the standard refers

More information

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

BCM and DRP - RFP Template

BCM and DRP - RFP Template BCM and DRP - The Supreme Council of Information & Communication Technology ictqatar PUBLICATION DATE Document Reference This document should be used as an example of the contents of an RFP for business

More information

Session 11 : (additional) Cloud Computing Advantages and Disadvantages

Session 11 : (additional) Cloud Computing Advantages and Disadvantages INFORMATION STRATEGY Session 11 : (additional) Cloud Computing Advantages and Disadvantages Tharaka Tennekoon B.Sc (Hons) Computing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Cloud

More information

24/7 Monitoring Pro-Active Support High Availability Hardware & Software Helpdesk. itg CloudBase

24/7 Monitoring Pro-Active Support High Availability Hardware & Software Helpdesk. itg CloudBase 24/7 Monitoring Pro-Active Support High Availability Hardware & Software Helpdesk Onsite Support itg CloudBase Pro-Active managed it support services for one single cost per month covers all aspects of

More information

OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT

OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Audit Manager: Lynne Prizzia, CISA, CRISC Senior Auditor:

More information

Negotiating Contracts That Will Keep our Clouds Afloat: You re going to put THAT in a cloud? Meteorologist: Daniel T. Graham

Negotiating Contracts That Will Keep our Clouds Afloat: You re going to put THAT in a cloud? Meteorologist: Daniel T. Graham Negotiating Contracts That Will Keep our Clouds Afloat: You re going to put THAT in a cloud? Meteorologist: Daniel T. Graham The dynamic provisioning of IT capabilities, whether hardware, software, or

More information

AUSTRACLEAR REGULATIONS Guidance Note 10

AUSTRACLEAR REGULATIONS Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

Enterprise level security, the Huddle way.

Enterprise level security, the Huddle way. Enterprise level security, the Huddle way. Security whitepaper TABLE OF CONTENTS 5 Huddle s promise Hosting environment Network infrastructure Multiple levels of security Physical security System & network

More information

Cloud Vendor Evaluation

Cloud Vendor Evaluation Cloud Vendor Evaluation Checklist Life Sciences in the Cloud Cloud Vendor Evaluation Checklist What to evaluate when choosing a cloud vendor in Life Sciences Cloud computing is radically changing business

More information

ASX SETTLEMENT OPERATING RULES Guidance Note 10

ASX SETTLEMENT OPERATING RULES Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

Our consultancy team will provide guidance throughout the process helping you to produce the necessary documentation and raise staff awareness.

Our consultancy team will provide guidance throughout the process helping you to produce the necessary documentation and raise staff awareness. Service Definition Business Continuity Plan Overview of Service Sapphire provides a bespoke service, working with your organisation to develop a comprehensive Business Continuity Plan (BCP) designed to

More information

ITSM Governance In the world of cloud computing

ITSM Governance In the world of cloud computing ITSM Governance In the world of cloud computing Housekeeping Welcome to the Webinar Use the control panel to ask questions Can you see & hear us? enter your name & city to confirm Type Your Questions Here

More information

Planning a Backup Strategy

Planning a Backup Strategy Planning a Backup Strategy White Paper Backups, restores, and data recovery operations are some of the most important tasks that an IT organization performs. Businesses cannot risk losing access to data

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Peter Spier Managing Director PCI and Risk Assurance Fortrex Technologies Agenda Instructor Biography Background On

More information

DISASTER RECOVERY WITH AWS

DISASTER RECOVERY WITH AWS DISASTER RECOVERY WITH AWS Every company is vulnerable to a range of outages and disasters. From a common computer virus or network outage to a fire or flood these interruptions can wreak havoc on your

More information

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston Protecting Official Records as Evidence in the Cloud Environment Anne Thurston Introduction In a cloud computing environment, government records are held in virtual storage. A service provider looks after

More information

VERITAS Volume Replicator in an Oracle Environment

VERITAS Volume Replicator in an Oracle Environment VERITAS Volume Replicator in an Oracle Environment Introduction Remote replication of online disks and volumes is emerging as the technique of choice for protecting enterprise data against disasters. VERITAS

More information

Information Security Management Systems

Information Security Management Systems Information Security Management Systems Øivind Høiem CISA, CRISC, ISO27001 Lead Implementer Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector

More information

Version: 1.5 2014 Page 1 of 5

Version: 1.5 2014 Page 1 of 5 Version: 1.5 2014 Page 1 of 5 1.0 Overview A backup policy is similar to an insurance policy it provides the last line of defense against data loss and is sometimes the only way to recover from a hardware

More information

G-Cloud 6 Service Definition DCG Cloud Disaster Recovery Service

G-Cloud 6 Service Definition DCG Cloud Disaster Recovery Service G-Cloud 6 Service Definition DCG Cloud Disaster Recovery Service 1 of 19 CONTACT INFORMATION Guy Silver T: 07733 008799 E: guy.silver@dcggroup.com W: www.dcggroup.com Data Continuity Group Limited, Bridge

More information

Continuity of Operations Planning. A step by step guide for business

Continuity of Operations Planning. A step by step guide for business What is a COOP? Continuity of Operations Planning A step by step guide for business A Continuity Of Operations Plan (COOP) is a MANAGEMENT APPROVED set of agreed-to preparations and sufficient procedures

More information

Barracuda Backup Server. Introduction

Barracuda Backup Server. Introduction Barracuda Backup Server Introduction Backup & Recovery Conditions and Trends in the Market Barracuda Networks 2! Business Continuity! Business today operates around the clock Downtime is very costly Disaster

More information

Draft Information Technology Policy

Draft Information Technology Policy Draft Information Technology Policy Version 3.0 Draft Date June 2014 Status Draft Approved By: Table of Contents 1.0 Introduction... 6 Background... 6 Purpose... 6 Scope... 6 Legal Framework... 6 2.0 Software

More information

Documentation. Disclaimer

Documentation. Disclaimer HOME UTORprotect DOCUMENTATION AMS/ROSI SERVICES CONTACT Documentation Disaster Recovery Planning Disaster Recovery Planning Disclaimer The following project outline is provided solely as a guide. It is

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

5 Essential Benefits of Hybrid Cloud Backup

5 Essential Benefits of Hybrid Cloud Backup 5 Essential Benefits of Hybrid Cloud Backup QBR is a backup, disaster recovery (BDR), and business continuity solution targeted to the small to medium business (SMB) market. QBR solutions are designed

More information

Certified Information Security Manager (CISM)

Certified Information Security Manager (CISM) Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security

More information

HOSTEDMIDEX.CO.UK. Additional services are also available according to Client specific plan configuration.

HOSTEDMIDEX.CO.UK. Additional services are also available according to Client specific plan configuration. HOSTEDMIDEX.CO.UK THIS SERVICE LEVEL AGREEMENT (SLA) DEFINES GUARANTEED SERVICE LEVELS PROVIDED TO CLIENT BY THE SUPPLIER. I. Service Definition Lanmark Technical Services Ltd trading as mailhosted.co.uk

More information

Cloud Computing Backgrounder

Cloud Computing Backgrounder Cloud Computing Backgrounder No surprise: information technology (IT) is huge. Huge costs, huge number of buzz words, huge amount of jargon, and a huge competitive advantage for those who can effectively

More information

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility Your Guide to Cost, Security, and Flexibility What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility 10 common questions answered Over the last decade, cloud backup, recovery

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

Cloud Computing Contracts Top Issues for Healthcare Providers

Cloud Computing Contracts Top Issues for Healthcare Providers Cloud Computing Contracts Top Issues for Healthcare Providers North Carolina Bar Association Health Law Section Annual Meeting NC Bar Center Cary, North Carolina April 23, 2015 Presenters Kathryn Brucks,

More information

April 2014. Understanding the Benefits of Cloud Backup/Disaster Recovery Solutions

April 2014. Understanding the Benefits of Cloud Backup/Disaster Recovery Solutions April 2014 S P E C I A L R E P O R T Understanding the Benefits of Cloud Backup/Disaster Recovery Solutions Table of Contents Introduction... 3 Why Invest in Backup/DR Solutions?... 4 How Does Cloud Backup/DR

More information

The Difference Between Disaster Recovery and Business Continuance

The Difference Between Disaster Recovery and Business Continuance The Difference Between Disaster Recovery and Business Continuance In high school geometry we learned that a square is a rectangle, but a rectangle is not a square. The same analogy applies to business

More information

a Disaster Recovery Plan

a Disaster Recovery Plan Construction of a Disaster Recovery Plan David Godwin, Sr. Sales Engineer March 18, 2014 Objectives Understand What Disaster Recovery is? Why is Disaster Recovery Needed? Effectively assist customers or

More information

Disaster Recovery Committee. Learning Resource Center Specialist

Disaster Recovery Committee. Learning Resource Center Specialist This document is intended to provide operational procedures and serve as a reference for the Key Information Technology Personnel at Community Higher Ed Disaster Recovery Community Higher Ed Disaster Recovery

More information

CLOUD COMPUTING DUE DILIGENCE A CHECKLIST FOR LAW FIRMS. Practice Better

CLOUD COMPUTING DUE DILIGENCE A CHECKLIST FOR LAW FIRMS. Practice Better A CHECKLIST FOR LAW FIRMS CLOUD COMPUTING DUE DILIGENCE Cloud service providers are springing up daily. Some are big, and some are small... making your decision to know where to start more difficult. This

More information

Information Services IT Security Policies B. Business continuity management and planning

Information Services IT Security Policies B. Business continuity management and planning Information Services IT Security Policies B. Business continuity management and planning Version 1 Date created: 28th May 2009 Approved by Directorate: 2nd July 2009 Review date: 1st July 2010 Primary

More information

How to Set Up Disaster Recovery for HP OO

How to Set Up Disaster Recovery for HP OO HP OO 10 OnBoarding Kit Community Assistance Team How to Set Up Disaster Recovery for HP OO Various global and sector-specific regulations, as well as standards such as COBIT DS4, ISO 2031 and others,

More information

Why. Your business. Needs. a Disaster RecoveryPlan. www.iconz-webvisions.com

Why. Your business. Needs. a Disaster RecoveryPlan. www.iconz-webvisions.com Why Your business Needs a Disaster RecoveryPlan 1 Disaster recovery is something that every business must plan for, but not many think about. A Disaster Preparedness Survey among 900 SMEs in the Asia-Pacific

More information

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013 An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information

More information

19. Planning. 19 PLANNING p1

19. Planning. 19 PLANNING p1 19. Planning Summary Planning involves the proactive coordination of activities in the medium to long term, with the intention of achieving a unified effort towards a common objective. Planning consists

More information

SERVICE SCHEDULE INFRASTRUCTURE AND PLATFORM SERVICES

SERVICE SCHEDULE INFRASTRUCTURE AND PLATFORM SERVICES SERVICE SCHEDULE INFRASTRUCTURE AND PLATFORM SERVICES This Product Schedule Terms & Conditions is incorporated into a Services Agreement also comprising the General Terms and Conditions which the Customer

More information

Why Should Companies Take a Closer Look at Business Continuity Planning?

Why Should Companies Take a Closer Look at Business Continuity Planning? whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters

More information

State of South Carolina Policy Guidance and Training

State of South Carolina Policy Guidance and Training State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Business Continuity Management Policy June 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy

More information

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP 2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level Tracy L. Hall, MBCP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C.

More information

IBM G-Cloud Microsoft Windows Active Directory as a Service

IBM G-Cloud Microsoft Windows Active Directory as a Service IBM G-Cloud Microsoft Windows Active Directory as a Service Service Definition IBM G-Cloud Windows AD as a Service 1 1. Summary 1.1 Service Description This offering is provided by IBM Global Business

More information

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES APPENDIX 1 DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES March 2008 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS EXECUTIVE SUMMARY...1

More information

CLOUD SERVICES FOR EMS

CLOUD SERVICES FOR EMS CLOUD SERVICES FOR EMS Greg Biegen EMS Software Director Cloud Operations and Security September 12-14, 2016 Agenda EMS Cloud Services Definitions Hosted Service Managed Services Governance Service Delivery

More information

DOCUMENT HISTORY LOG. Description

DOCUMENT HISTORY LOG. Description Effective Date: 02/26/2013 Page 2 of 16 DOCUMENT HISTORY LOG Status (Baseline/ Revision/ Canceled) Document Revision Effective Date Baseline 1.0 02/19/2003 Revision 1.1 03/12/2003 Description Revision

More information

Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations

Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations Topics What is SaaS? How does SaaS differ from managed hosting? Advantages of SaaS

More information

Lunch & Learn Series Subscribe!

Lunch & Learn Series Subscribe! Lunch & Learn Series Noon on the 3 rd Tuesday of each month Security.uconn.edu for detailed information L&L RFC Subscribe! Presentation schedule is still being worked out Contact Jason Pufahl (jason.pufahl@uconn.edu)

More information

Have a Plan of ATTACK. Not a panic attack. 10 September 2003 IBM Internal Use Only Jarrett Potts, Tivoli Sales Enablement

Have a Plan of ATTACK. Not a panic attack. 10 September 2003 IBM Internal Use Only Jarrett Potts, Tivoli Sales Enablement IBM Software Group Have a Plan of ATTACK Not a panic attack 10 September 2003 IBM Internal Use Only Jarrett Potts, Tivoli Sales Enablement Abstract This session will show the difference between Business

More information

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies

More information

2011 Morrison & Foerster LLP All Rights Reserved mofo.com. Risk, Governance and Negotiation in the Cloud: Capture Benefits and Reduce Risks

2011 Morrison & Foerster LLP All Rights Reserved mofo.com. Risk, Governance and Negotiation in the Cloud: Capture Benefits and Reduce Risks 2011 Morrison & Foerster LLP All Rights Reserved mofo.com Risk, Governance and Negotiation in the Cloud: Capture Benefits and Reduce Risks 14 September 2011 Presenters Alistair Maughan Morrison & Foerster

More information