WHY DO I NEED DATA PROTECTION SERVICES?



Similar documents
Risk Assessment Guide

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY

Does it state the management commitment and set out the organizational approach to managing information security?

Planning a Backup Strategy

The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them

Presents Design Planning for the Records Center of the Future

Business Continuity Planning in IT

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM

Read this guide and you ll discover:

HIPAA Security Alert

The 7 Disaster Planning Essentials

Operational Risk Publication Date: May Operational Risk... 3

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 125. When Disaster Strikes Are You Prepared?

How To Protect Decd Information From Harm

Business Continuity and Disaster Planning

Advent. Disaster Recovery: Options for Investment Managers. A White Paper from Advent Software and CyGem Ltd. Advent Software, Inc.

RECORDS MANAGEMENT RECORDS MANAGEMENT SERVICES. Cost-Effective, Legally Defensible Records Management

PART 10 COMPUTER SYSTEMS

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

HIPAA Compliance and the Protection of Patient Health Information

ISO Controls and Objectives

Business Continuity Planning and Disaster Recovery Planning

Internal Control Guide & Resources

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

HIPAA Security. 6 Basics of Risk Analysis and Risk Management. Security Topics

ANNEXURE 07: CHECK-LIST FOR OFF-SITE STORAGE FACILITIES

Table of Contents... 1

Considerations for Outsourcing Records Storage to the Cloud

Business Continuity Planning (BCP) / Disaster Recovery (DR)

Policy Document. IT Infrastructure Security Policy

DATA BREACH COVERAGE

Ensure Absolute Protection with Our Backup and Data Recovery Services. ds-inc.com (609)

BNA FEDERAL CREDIT UNION DISASTER RECOVERY PLAN

KEEPING PATIENT INFORMATION SAFE AND SECURE IN THE CLOUD

HIPAA Security COMPLIANCE Checklist For Employers

EXIN Information Security Foundation based on ISO/IEC Sample Exam

Reducing Corporate Risk: Best-practices Data Protection Strategy. for Remote and Branch Offices (ROBOs) Best-practices Data Protection Strategy

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1

SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION

Nine Steps to Smart Security for Small Businesses

ISO IEC ( ) INFORMATION SECURITY AUDIT TOOL

Cyber and Data Security. Proposal form

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

7QUESTIONSYOUNEEDTOASKBEFORE CHOOSINGACOLOCATIONFACILITY FORYOURBUSINESS

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii

ISO27001 Controls and Objectives

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Managing Information Resources and IT Security

Creating a Business Continuity Plan for your Health Center

Information Resources Security Guidelines

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Standard: Information Security Incident Management

by: Scott Baranowski Community Bank Auditors Group Best Practices in Auditing Record Retention, Safeguarding Paper Documents, GLBA and Privacy

Major Risks and Recommended Solutions

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

VMware vcloud Air HIPAA Matrix

Music Recording Studio Security Program Security Assessment Version 1.1

Physical Security Policy

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS

WHY BUSINESS CONTINUITY PLANS FAIL

12 Little-Known Facts and Insider Secrets Every Business Owner Should Know About Backing Up Their Data and Choosing a Remote Backup Service

Little-Known Facts and Insider Secrets Every Business Owner Should Know About Backing Up Their Data and Choosing a Remote Backup Service

Business Continuity Plan

CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS

Cyber-insurance: Understanding Your Risks

This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered business sensitive.

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP)

INFORMATION TECHNOLOGY SECURITY STANDARDS

Cyber Threats: Exposures and Breach Costs

TECHNOLOGY AND INNOVATION DEPARTMENT BACKUP AND RECOVERY REVIEW AUDIT SEPTEMBER 23, 2014

Effective IT Risk Management for Small Businesses

NCUA LETTER TO CREDIT UNIONS

Information Security Awareness Training

This policy is not designed to use systems backup for the following purposes:

IT Disaster Recovery and Business Resumption Planning Standards

FOOD DEFENSE STRATEGIES: Four Ways to Proactively Protect Your Brand

Supplier Security Assessment Questionnaire

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE

Joseph Suchocki HIPAA Compliance 2015

Operational Risk Assessment Overview

Valdosta Technical College. Information Security Plan

Directed Circuits Meet Today s Security Challenges in Enterprise Remote Monitoring. A White Paper from the Experts in Business-Critical Continuity TM

HIPAA RISK ASSESSMENT

Top Ten Technology Risks Facing Colleges and Universities

Transcription:

WHY DO I NEED DATA PROTECTION SERVICES? Data processing operations have evolved with breathtaking speed over the past few years, expanding from very large mainframe operations to small business networks. Today, most business enterprises, whether large or small, cannot function without their electronic data; ushering in a new age of risk and vulnerability to their continued existence. Critical data loss is expensive, may involve illegal acts, and can seriously threaten the continued survivability of the unprepared business. At a minimum, recovery of lost data can be very expensive. Moreover, the recently enacted Sarbanes Oxley law provides civil and criminal penalties for some companies if data supporting financial reporting cannot be recovered on a timely basis. Protection of critical and compliance data must be taken very seriously. Your job may depend upon it. A large distributor of periodicals and newspapers operated via branch offices throughout the United States and Canada. The home office relied on wide area networks to receive critical data input from the field, but depended on each branch to protect its own locally produced data. One branch, located in a downtown office, was destroyed by a fire, which consumed the entire row of buildings in the block. Having faithfully backed up their critical data, the staff relied on a fireproof safe in an upstairs office for protection. It took seven days for the fire department to cool the ashes enough to permit a search for the safe. It was found in the basement cavity; and when opened the company found the plastic covering for their media had melted and the tapes were unreadable. The State of Ohio backed up critical data from one of their networks to a removable storage device, but delegated responsibility for offsite storage to an IT intern. Sadly, one night the intern s car was broken into and the device stolen. It was soon discovered that the device contained personal data of a

very large number of state employees. The state incurred a huge unbudgeted expense estimated to be in excess of $3,000,000 to implement identity theft and credit monitoring measures for the affected employees Careful advance planning can make all the difference. Soon after word of the 9/11 World Trade Center disaster began to spread, a data protection company contacted an affected client to offer assistance. As a result, the client declared a disaster and began to activate their disaster recovery plan. The data protection company delivered critical media to the client s recovery site located on Long Island in time for recovery operations to begin by 3:00 PM the same day. The company survived and has now fully recovered.

Past studies have shown there is a 100% certainty of losing critical data from every computer enterprise at least once in a five year period. For those businesses that follow best practices guidelines for protecting their data, recovery can be simple and easy; those who don t are very likely to cease operations within two years. WHY AM I AT RISK? Data in electronic form is vulnerable to loss or corruption unless protective measures are taken. Risk takes many forms, and nothing short of a thorough understanding of internal and external threats will permit IT professionals to develop plans and design actions to protect their critical data. From its earliest days the industry has recognized the absolute necessity for strong measures designed to permit timely recovery from serious loss. To insure the survival of their critical data IT professionals have adopted a series of best practices to eliminate or mitigate the risk. All credible threats must be taken seriously. THREATS Threats can come from both internal and external sources, all of which must be considered in developing a recovery plan. Internal threats include equipment failure, power surges, employee dishonesty, sabotage, fire, flooding and environmental contamination just to mention a few. The greatest threat, however, is employee negligence, carelessness, user error, unintentional mistakes or improper operating procedures. External threats can affect a single building or an entire region. Acts of nature, (such as hurricanes, tornadoes, floods, blizzards, and earthquakes), frequently shut down major data processing operations when they occur. Other external threats such as power failure, communication failure, environmental contamination, urban riots, strikes, localized explosions and transportation disasters can also shut down computer operations.

Cause of data losses by number of events (incident rates) 1in2 1in3 1in4 1in5 1 in 10 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 1. Lost or stolen laptops 2. Improperly disposed of computer equipment 3. User errors 4. Improperly transferred backup media 5. Inappropriate access to IT resources 6. Insufficient controls in business procedures 7. Insufficient controls on IT procedures 8. Internet threats, attacks and hacks 9. Employee manipulation and malfeasance 10. Accidentaldamage to computing equipment 11. Inappropriate usage of IT resources 12. Violation of polices 13. Unauthorized access to IT resources 14. Insufficient auditing, monitoring and reporting 15. IT vulnerabilities 16. Insufficient IT controls Source: ITPolicyCompliance.com, 2007 LEADING CAUSES OF DATA LOSS CONSEQUENCES Data compiled by the Disaster Recovery Institute finds that the majority of businesses experiencing a serious loss of critical data will fail within two years. The reason is simple: They are not prepared to deal with the consequences. These include bad publicity, loss of customer confidence, loss of internal workflow, loss of sales capability, inability to process customer orders, loss of cash flow, and the extremely high cost of manual restoration of critical databases. In short, a business that is unable to quickly recover computer operations is at high risk for failure.

RISK MITIGATION AND ELIMINATION The diligent IT professional who understands and follows approved best practices guidelines will design programs and procedures that will cover all credible threats. However, many small and medium businesses may not have access to such knowledge. Offsite data protection professionals can help you develop a plan that prepares you for a full and timely recovery. Their facilities and services are designed with these concerns in mind to provide you with the ultimate protection. HOW CAN AN OFFSITE DATA PROTECTION COMPANY HELP? Your offsite data protection company can assist you with developing your disaster recovery plan and a backup strategy. They can work with you in determining your business requirements, recovery point objectives and backup methodologies. Recovery point objectives have been traditionally associated with restoring specific operations and data, but are increasingly being concerned with corporate governance and privacy legislation. All of these issues should be reviewed to determine your resource allocation in dollars and manpower, as well as offsite data storage requirements. Once your expectations are clearly defined, they can be converted into a Service Level Agreement (SLA) between you and your offsite data protection vendor to provide certain critical services. Basic data protection services include the following: CONTROLLED ACCESS Controlling who has access to your critical data is a matter of serious concern. Your data protection vendor will advise you in setting up protocols and levels of access for you and your staff. Thereafter, these will be strictly enforced, insuring that only authorized persons are able to gain access to your offsite media. Visitor access to the facilities

is closely controlled, and is not permitted unless they are properly identified and have a clear reason for being there. No one other than your authorized staff and member employees are ever allowed direct access to your media. FACILITY SECURITY Offsite data protection facilities operate in a high security, fire resistive environment. Security features include central station alarms, automatic fire suppression systems, video monitoring systems, zone controls and strict standard operating procedures. Security systems and operating procedures have been expanded to cover courier vehicles as well. Employees undergo background checks and periodic drug testing. ENVIRONMENTAL CONTROLS Media vaults are designed to provide a clean, climate controlled environment

which will meet the standards established by media manufacturers. Temperature and humidity are maintained within established ranges. Vaults are kept dust and contaminant free. EMERGENCY ACCESS Emergencies happen, often at times which are very inconvenient. Your offsite data protection vendor offers 24 X 7 emergency access to your media. If your system crashes in the middle of the night or at half time of the Super Bowl, a phone call will get your backup media delivered to you quickly and securely. COURIER SERVICE Once your backup strategy and schedules have been determined, it is important to send the removable media offsite as quickly as possible. Your offsite data protection vendor will assist you in this task by providing scheduled courier services. Courier vehicles are well maintained, climate controlled and equipped with security alarm systems. Many vendors also track vehicle routes and locations via GPS tracking systems. INVENTORY TRACKING AND AUDIT TRAILS Offsite data protection companies use sophisticated software tools and bar code technology to track clients inventories. Use of these features, along with strict standard operating procedures, ensure accuracy, accountability, and reliability in protecting your offsite media. In today s regulatory environment your vendor is prepared to assist you in proving chain of custody and in providing audit trails for all media entrusted to their care. Often they are able to provide clients with secure, online access to their records inventory. DISASTER RECOVERY AND TESTS Recovering from a disaster is the raison d etre for offsite media storage. Your offsite data protection vendor will work with you to pre-determine the required response

when your plan is activated. They will become your partner in assisting you with your recovery. Periodic tests are a frequently overlooked, yet essential part of recovery plans. Your vendor will approach tests in the same way they handle fully declared disasters. You can consider them a member of your recovery team. BENEFITS OF WORKING WITH AN OFFSITE DATA PROTECTION COMPANY Your offsite data protection vendor provides complete offsite data protection services for all types of magnetic and sensitive media. Their services can be customized to meet your exacting standards. You can expect the following benefits:

EFFICIENCY Your vendor can become and extension of your IT staff by performing functions that will free them up for more productive tasks. CUTTING COSTS While your ultimate goal must be eliminating or reducing risk to your computer enterprise, your vendor can work with you to find the most cost effective way to accomplish this goal. ACCURACY State of the art software tools, standardized operating procedures, and a well trained, professional staff will insure accuracy in your vendor s business transactions with you. ACCOUNTABILITY Trust is the most important element in your relationship with an offsite data protection vendor. Their software systems know exactly what media is located at the facility, to whom it belongs and where it is located. When auditors demand high standards of accountability, offsite data protection companies are prepared to meet their requirements. AUDIT TRAILS Many clients must meet strict regulatory requirements. Chain of custody and tape movement history issues are often the subject of performance audits. Your vendor is prepared to provide documentation for all transactions and to provide evidence of those transactions in a court of law. RELIABILITY Your offsite data protection vendor is prepared to meet both your scheduled and emergency needs on a 24 X 7 basis. When you need them the most, they will be there.

BENEFITS OF WORKING WITH A PRISM INTERNATIONAL MEMBER Offsite data protection companies who belong to PRISM International (Professional Records & Information Services Management) have invested in improving their professionalism and awareness of key industry issues. PRISM International is a not-forprofit trade association, provides educational and advocacy resources to promote smart information management solutions for its members and the business public. Our members operate in 60 countries around the world. OUR GOALS Professional Development Professional Ethics and Guidelines Research and Information Networking and Forums Organizational Relationships Public Awareness

PRISM International Headquarters 8735 W. Higgins Road, Suite 300 Chicago, IL 60631, USA +1.847.375.6344 Fax: +1.847.375.6343 info@prismintl.org This publication provided courtesy of: Copyright 2012 PRISM International All Rights Reserved

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information