|
|
Recent Compliance News
DisasterRecovery and Business Continuity Planning Considerations for Email Disaster recovery and business continuity planning considerations
are crucial when deploying any email system. Not only is it important to have a
plan in the event of a local outage, but careful consideration should also be
given to the chance of an entire site failure. In the event of a disaster, the
first system that needs to be brought online is communications. E-mail is the
ideal method of communication, but users need access and the environment has to
be able to withstand a major service interruption.
Issues include, failing over to the backup site is a manual process and most systems do not include a mechanism to fail back to the primary site. Getting the primary site back online is a labor- and network-intensive process. Another is that most email systems do not utilize compression, which results in additional network bandwidth consumption. - more info
Now that
you have a disaster recovery plan in place, you still have work to
do.
Disaster
planning is an essential component of preserving your enterpriseÂ’s assets. With
a written disaster plan, your enterprise can reduce the risk of disaster and
minimize losses. The Janco Disaster
Recovery Plan Template is perfect for small and medium-sized institutions
that do not have in-house preservation staff. The Janco Disaster Recovery Plan Template
is also valuable for large enterprises that need to develop separate but related
plans for multiple buildings, locations, or branches. The Janco Disaster Recovery Plan Template
can help you create a plan for disaster prevention and response. Enter data
into the online template to create a customized disaster plan for your
enterprise. This plan will help you:
According to Janco Associates, the primary factor
in the activiation of Disaster Recovery and Business Continuity Plans is
computer hardware failure.
When the
World Health Organization (WHO) raises the pandemic threat alert to Level 6 what
affect does that have on business continuity? Enterprises will have to do more than
tell sick employees to stay home and healthy ones to wash their
hands. When a
pandemic strikes your enterprise the business continuity and disaster recovery
plans need to allow IT workers to manage computer systems from home. There is no other alternative but to have
them in the office. A Level
6 alert means that company officials will be asked by the U.S. Centers for
Disease Control and Prevention to undertake a number of efforts to fight any
pandemic -- including the appointment of a workplace Pandemic Coordinator or
team. The
Pandemic Coordinator is responsible for monitoring employees to ensure they
follow basic rules of hygiene, such as washing hands, and to make sure that
breathing masks are available. If a worker becomes sick, the Pandemic Coordinator must
ensure they go home. The real
issue is not sick employees, but an inability to get supplies and
deliveries. If your
enterprise is in a locality that gets to pandemic levels of infection your
enterprise is going to see issues like suppliers not being able to get
deliveries to you because they are sick. This will be a regional issue, even if
your organization is not directly affected by the flu.
In an effort to drive profitability and rein in costs,
businesses are continually seeking to improve operational capabilities. Primary
to this objective are today's burgeoning network infrastructures, which are
continually being asked to do more. Applications are becoming more sophisticated
and mission-critical. More software is written to take advantage of dynamic IP
parameters. In addition, an economic slowdown has companies relying on
network-based technologies that reduce Total Cost of Ownership (TCO) and save
money. Consolidation is another trend bolstering IT efficiencies. Servers and storage are often the
first affected by a consolidation initiative. However, data center consolidation
is just as important in terms of optimizing infrastructure security, compliance
and integrity. The flourishing area of unified communications (UC) offers
further testimony to the increased significance of the network. UC provides
substantial benefit to the enterprise in terms of capabilities that allow staff
to collaborate in real time, access critical information and communicate
seamlessly with coworkers and customers -- regardless of
location.
Whether you
are a for profit business, a bank, a government agency, hospital the risk of
compromising private information is very high. Business relies heavily on
technology today and business risk often is technology dependent. The
possibility of litigation is part of business. There has always been a risk in
doing business, but because technology and today's business are so intertwined,
business risk has a
higher threat level. This has prompted many to encrypt workstations and mobile
computers in order to protect critical business data. If you have
rolled out encryption,
how do you maintain your IT service quality when the hard disk drive fails? How
do you plan and prepare for a data loss when the userÂ’s computer is
encrypted? These are all issues that should be considered when putting
together a data disaster plan. In addition, data recovery, one of the more
common missing elements of a disaster recovery plan, should also be factored in
because it can serve as the “Hail Mary” attempt when all other options have been
exhausted.
Just because your disaster recovery business
continuity plan includes a plan
for backing up your data
to a outsource provider does
not mean that your enterprise is safe. Carbonite, EMC's Mozy, and Amazon's
Simple Storage Service (S3) are providers in the growing online backup market.
The services let consumers and enterprises back up their data over the Internet
for later retrieval if a hard drive or another component should fail. Carbonite
targets its service toward home and small-business users. Carbonite is suing storage vendor
Promise Technology, saying repeated failures of Promise gear have caused
"significant data loss" at Carbonite. In the lawsuit, Carbonite said it
bought more than $3 million (US Dollars) worth of Promise VTrak Raid products
beginning in 2006. In several incidents starting in January 2007, the service
provider suffered data loss because the Promise gear failed to support recovery
from physical drive errors and array errors. The data losses caused "substantial
damage" to Carbonite's business, the company alleged.
Mail and calendaring are playing an increasingly critical
role in day-to-day business communication and work flow. Mailing, scheduling,
task assignment, shared resource The types of issues that the administrators need to plan for
are
Tape backup has been the traditional
solution for backing up data on computer systems since the late 1960Â’s. While tape backup remains
a viable long-term archiving method for most large and small organizations, many
issues limit its usefulness. First, with the huge growth in data
volumes, mandated requirements for longer retention and faster access, and
greater reliance on data and technology backup windows are shrinking. Second, because backing up is not easy or
quick, many organizations do not backup often enough to protect themselves. Third, tape is not the most reliable
medium – hardware failures, media failures, and human errors are common. Tape
management is a constant IT headache and administrative costs are high.
Organizations now are looking for new
solution that provide a continuum of protection schemes that include storage
array-based data protection, remote replication for recovery after a failure or
disaster, and business continuity during outages and common IT maintenance
procedures.
Most aspects of business continuity and disaster recovery planning
apply to terrorist attacks and pandemics just as much as to fires, hurricanes,
floods, earthquakes, and other natural and manmade disasters.
Every
IT manager knows the importance of having an effective and fast disaster
recovery (DR) plan. Organizations without an adequate plan may find themselves
out of business quickly after experiencing a major disaster. Organizations that
ensure survival following a disaster understand the basics of creating a good
plan. A
disaster recovery is a response to a declared disaster or a regional disaster.
It is the restoration or recovery of an entire Agent computer. A disaster
recovery plan describes how an organization is to deal with potential disasters.
Just as a disaster is an event that makes the continuation of normal functions
impossible, a disaster recovery plan consists of the precautions taken so that
the effects of a disaster will be minimized, and the organization will be able
to either maintain or quickly resume mission-critical functions. Typically,
disaster recovery planning involves an analysis of business processes and
continuity needs; it may also include a significant focus on disaster
prevention. The
Disaster Recovery Planning
Template (DRP) can be used for any sized
enterprise. The
template and supporting material have been updated to be Sarbanes-Oxley
compliant. The complete package includes:
The keywords for disaster recovery and business continuity
(DR/BC)are copies and distance. For DR/BC, you must have more than one data
copy, and copies must be stored some distance away from the primary data center
on different physical machines - remote replication is the standard for
DR/BC. Deciding how and where to replicate depends on your needs
and your available locations. Some organizations will replicate from the primary
data center to one remote location; others replicate the same data to multiple
locations. Organizations with branch offices often replicate from each branch to
a central DR site, and then backup data from there. Configuring DR/BC implementation depends on two important
factors that each organization must identify - recovery time objectives
(RTO) and recovery point objectives (RPO). RTO defines how quickly data can
be restored. Some operations and data types can tolerate very little time to
recover, while others can survive longer delays. RPO defines how much data
loss can be tolerate,d and that determines how often data is replicated. Many
organizations define different RTOs and RPOs across the enterprise - uniformity
is not important as long as you can easily and affordably match data types to
protection levels.
The question of whether or not an enterprise can
manage disaster is perhaps an incomplete one considering humans have been given
the will and desire to survive through the most challenging circumstances. In
order to maintain the continuity of business, it is essential to be able to have
the necessary backup or secondary switch that you can turn on, and keep going.
Before
selecting a Disaster Recovery strategy, the Disaster Recovery planner should
refer to the company's business continuity plan which should specify the key
metrics of Recovery Point Objective (RPO) and Recovery Time Objective (RTO) for
various business processes. The metrics specified for the business processes
must then be mapped to the underlying IT systems and infrastructure that support
those processes. While
it is important to have Disaster RPOs and RTOs in place, here is something to
think about: what if the critical data you are currently using becomes corrupt?
What if someone accidentally deletes some portion? Well, the IT manager will
head over into the most recent backup data, and simply recover. But because when
there is no crisis as such, the data backup is usually done on a 24-hour, daily
basis, think about the situation you are creating for the organization -- the
daily RTO and RPO back is up 24-24 (24 hours each), while an enterprise may
define the disaster RTO and RPO to be 4-4. In the event of an unplanned incident
which is not necessarily a disaster, you cannot get to the data until 24 hours
later, which means that unless you 'declare' the organization to be in a state
of disaster, you will have lost 24 hours worth of data!
Server enclosures provide access
control options such as lock-and-key, electronic control, RFID local readers and
access cards.
Disaster planning is complex; the written plan is
the result of a wide range of preliminary activities. The entire process is most
efficient if it is formally assigned to one person who acts as the disaster
planner for the institution and is perhaps assisted by a planning team or
committee. The enterprise's director may play this primary role or may delegate
the responsibility, but it is important to remember that the process must be
supported at the highest level of the organization if it is to be effective. The
planner should establish a timetable for the project and should define the scope
and goals of the plan, which will depend largely on the risks faced by the
enterprise.
The Disaster Recovery Planning Template dot com RSS
News feed has just been launched. The focus of the feed is Disaster
Recovery Planning and Security related issues. This feed joins the IT management series of feeds
published by Janco Associates, Inc. The feeds include:
Victor Janulaitis, CEO of Janco and the IT
Productivity Center said "IT infrastructure productivity is the core of our
firm's practice. We have created a set of tools to improve the productivity and
quality of service provided by the IT function. With the IT Service Management
Template and our Sarbanes Oxley Compliance Resource Kit enterprises of all sizes
can quickly implement best practices." In addition he said. "... the IT Service
Management template is now included in the CIO Productivity Bundle." The CIO
Productivity Bundle, which is Sarbanes-Oxley compliant can be found at http://www.itproductivity.org/offer_cio.htm. The IT Service Management Template ( http://www.itproductivity.org/itsm.htm
) contains policies, standards, procedures and metrics for Change Control, Help
Desk and Service Request processing. The ITSM Template also contains the IT
Productivity Center's Business and IT Impact Questionnaire, a Change Control
Request Form and an Internet Use Approval Form. The template comes as a word
document which can be used as a template to create customized procedures for any
size enterprise. The Sarbanes-Oxley Compliance Resource Kit (http://www.itproductivity.org/SOX.htm
) which was released in January now has a Platinum Edition which contains the IT
Service Management Template. Janco also announced the activation of its new web
site www.it-toolkits.com. The site provides productivity tools for IT and the
Chief Information Officer in particular. Included are Janco's Browser Study, CIO
Productivity Kit, Disaster Recovery Template, Security Template, IT Salary
Survey, IT Job Descriptions, and Sarbanes-Oxley Compliance Resource
Kit.
Swiss and Belgian police have shut down a major
component of the eDonkey file-sharing network, used mainly to trade copies of
copyrighted movies and music.
Razorback 2 was the biggest server on the eDonkey
peer-to-peer (P2P) network, which transfers data from user to user. Music companies have blamed P2P piracy for causing a drastic downturn in sales, and Hollywood is
trying to prevent a similar impact on the movie business.
"Swiss authorities arrested the site's operator at
his residence in Switzerland this morning and searched his home," the MPA said
in a statement. "At the same time, on the authority of a local magistrate,
Belgian police seized the site's servers located at an Internet hosting center
in Zaventem near Brussels." As of last year, eDonkey was estimated to have up to
3 million users spread over 100 to 200 servers. Razorback2 was the most popular
server, used by about 1 million users.
The
Disaster Recovery and Business Continuity Template Version 4.0 was just
released. It is a MS Word document that can be used as a DRP - BCP template for
any enterprise. The template and supporting material have been updated to be
Sarbanes-Oxley and HIPAA compliant. The Disaster Planning Template
includes: New with version 4.0 are: Go to http://www.e-janco.com/drp.htm
Today it still performs police duties, but as the
lone public communications system left in the city, it also carries VoIP traffic
that is the lifeline for many city businesses.
The storm wiped out wireline phone service and
cellular networks, and those that it didn't destroy outright couldn't be kept up
because the city could not get fuel to the backup generators needed to keep the
networks running, Meffert told an audience at a session during Spring VON 2006
this week.
The challenge comes after the report details the long
list of tragedies that last yearÂ’s deadly hurricane wrought, including more than
1,330 deaths and $96 billion in property damage. In terms of communications, 38
centers that normally handled 911 calls failed, while 3 million customers lost
phone service.
The report urges a wide variety of players to build
this new culture, including myriad federal agencies and tens of thousands of
state and local emergency first responder agencies. And it calls on private
citizens and the private sector to take part.
|
|
Federal and state government
regulations can be a big problem for today's organizations. There
are more than 100 such regulations in the U.S. alone, and that
number continues to grow. These are in addition to industry-specific
mandates. They are all designed to safeguard the confidentiality,
integrity, and availability of electronic data from information
security breaches. So, what are the consequences if your
organization fails to comply? Heavy fines and legal action. In
short, it's serious.
