RSS News Feed Feed Description


DRP & Security Templates 
Disaster Recovery Plan  and Security Manual
Bundle
 

 

The Disaster Recovery - Business Continuity / Security Manual Template Bundle contain the two most critical components of most enterprise's support infrastructure.  This bundle comes in three versions plus there is an update service for both the DRP - BC and Security Manual.  Both of the templates are ISO 27000 (formerly ISO 17799), Sarbanes-Oxley, PCI, and HIPAA compliant.  In addition the Security Manual template has extensive audit checklists can be used as is to validate your security procedures are compliant with HIPAA and ISO 27000.

The Disaster Recovery / Business Continuity and Security Manual Template bundle comes in three versions - Standard, Premium, and Gold.
 
  Standard Premium Gold
 
Disaster Planning / Business Continuity Template (WORD) X X X
Security Manual Template X X X
Business Impact Questionnaire (21 pages) X X X
Threat and Vulnerability Assessment Form X X X

25 full IT Job Descriptions:

  • Chief Information Officer (CIO)

  • Chief Compliance Officer (CCO)

  • Chief Security Officer (CSO)

  • VP Strategy and Architecture

  • Director e-Commerce

  • Database Administrator

  • Data Security Administrator

  • Manager Data Security

  • Manager Database

  • Manager Disaster Recovery

  • Manager Disaster Recovery and Business Continuity

  • Manager Facilities and Equipment

  • Manager Media Library Support

  • Manager Network and Computing Services

  • Manager Network Services

  • Manager Site Management

  • Manager Training and Documentation

  • Manager Voice and Data Communication

  • Manager Wireless Systems

  • Capacity Planning Supervisor;

  • Disaster Recovery Coordinator

  • Disaster Recovery - Special Projects Supervisor

  • Network Security Analyst

  • System Administrator - Unix

  • System Administrator - Windows

  X X
204 IT Job Descriptions (WORD each as an individual file using long file names includes the  25 job descriptions listed above)     X
Update Service Available X X X

 

 

Disaster Recovery Plan (DRP)

This Disaster Recovery Plan (DRP) can be used as a template for any enterprise.   DRP is sent to you via e-mail in WORD and/or PDF format. Included is a 23 page Business Impact Questionnaire as well as a 3 page Job Description for the Disaster Recovery Manager. The  Disaster Recovery Plan Template PREMIUM Bundle contains 11 additional key job descriptions.

  • Plan Introduction

  • Business Impact Analysis

  • DRP Organization Responsibilities

  • Backup Strategy

  • Recovery Strategy 

  • Disaster Recovery Procedures Check List

  • Plan Administration Process

  • Technical Appendix

  • 3 page Job Description for Disaster Recovery Manager

  • Work Plan

The template is ISO 17799, SOX, and HIPAA compliant

 

 

Security Manual  

The Template includes everything needed to customize the Internet and Information Technology Security Manual to comply with Sarbanes-Oxley. The Security Manual Template PREMIUM Edition  contains 16 detail job descriptions.

The electronic document includes proven written text and examples for the following major sections for your topics / security plan:

  • ISO 17799, Sarbanes-Oxley, HIPAA, and Patriot Act Compliance

  • Security Manual Introduction

  • Risk Analysis

  • Staff Member Roles

  • Physical Security 

  • Facility Design, Construction and Operational Considerations

  • Media and Documentation

  • Data and Software Security

  • Network Security

  • Internet and Information Technology contingency Planning

  • Travel and Off=Site Meetings

  • Insurance

  • Outsourced Services

  • Waiver Procedures

  • Incident Reporting Procedures

  • Access Control Guidelines

  • Sample Forms

    • Business and IT Impact Questionnaire

    • Threat & Vulnerability Assessment Tool

    • Security Violation Reporting form

    • Security Audit form

    • Inspection Check List

    • New Employee Security form

    • Security Access Application form

     

  •  

     

    Summary of Bundle Offering

      Standard Premium Gold
    Disaster Recovery Business Continuity Word Template x x x
    Security Manual Word Template x x x
    25 DR/BC and Security Job Descriptions Word and PDF   x  
    204 IT and Internet Job Descriptions Word (Includes the 25 DR/BC and Security Job Descriptions)     x
    Update Service Available Yes Yes Yes

     

     

    Current News

    Expensive weather and climate disasters in the United States

    Communication PlanDisaster Recovery and Business Continuity plans need to consider natural weather and events. The effects that natural events have on the environment directly and indirectly may be harmful to people. Forest fires and volcanoes harm air quality. Hurricanes and floods can contaminate water supplies and damage wastewater facilities. Any of these can spread contaminated materials into the environment.

    The United States set a record with 12 separate billion-dollar weather/climate disasters in 2011, with an aggregate damage total of approximately $52 billion, according to the National Oceanic and Atmospheric Administration. That is just continuing the trend of the past 30 years.

    Expensive  Disaster

    These incidents have prompted many organizations to reconsider the human element during a crisis or major news event and evaluate how they communicate with employees, suppliers, investors and customers. Emergency and mass notification systems are designed to help organizations communicate to stakeholders during an incident or disruption. However, in response to the high occurrence of prominent disasters in recent years, the marketplace has been flooded with products to address emergency and mass notification needs. The need to diligently evaluate vendors is critical to ensure that services will meet an organization's specific requirements.

    more info

     

    Disaster Life Cycle

    A business disruption has a life cycle; it starts small and could potentially become a disaster of epic proportion, depending on its duration. The longer the duration, the greater the disruption to your business. Your organizationÂ’s response should shift as an incident evolves from threat to emergency to crisis to disaster. ItÂ’s one thing to say access to contract data isnÂ’t essential for a day or two, but what about a week or two? This is why itÂ’s important to protect more than just data. Now that you know what processes are critical to the operation of your business, you can consider threats according to their impact on those critical processes.

    To help you mitigate impact to your core processes, your plan should address three key phases:

    • Business Continuity Response - these are the steps you take immediately to sustain your core processes, your primary business priorities
    • Disaster Recovery Response - these are the steps you take to extend your core processes indefinitely and address your secondary priorities
    • Restoration Planning Response - these are the steps you take to restore your business to its pre
      -incident level
    more info

     

    DRP for virtual data centers

    Protecting application data from disasters is critical to keeping businesses up and running. Yet traditional disaster recovery solutions were never intended to address the needs of today's virtualized data center.

    Outsourcing Template

    As a result, the cost and complexity of using traditional disaster recovery products to address data replication needs in highly virtualized environments forces many organizations to forego disaster recovery altogether.

    more info

     

    Business continuity management will minimise business interruptions

    In addition to this, it is integral for managers to devise business continuity plans to deal with the threats identified by setting out what needs to be done should a certain event occur.

    Cloud DRP SecurityAnd although not possible to avoid all risks, business continuity management (BCM) can minimise the disruption to a business to a great extend, protecting its share price, stakeholder relations, and reputation, among others.

    With that said, BCM is a critical strategic function that cannot be neglected by any organisation whatsoever.

    Still, managers often neglect charting a strategic course for their company's future survival, which in itself poses a huge risk, seeing that there are many internal and external events that could impact on a company's overall performance, such as:

    • the death of the CEO, owner or key staff member
    • fire, flood or earthquake damage - this could hamper operations while organisations repair damages or settle insurance claims
    • an interruption in the supply chain
    • the loss of a major client
    • production line failure or breakdown
    • failure to stay abreast of technological innovation
    • product failure or contaminationinterruption in telecommunications or power supply

     Order BCP Sample BCP

    more info

     

    Tape still used in my DR plans

    Backup PolicyData protection requirements are further necessary to comply with regulated and long periods of data retention. For example, laws about data storage and privacy apply to the vertical markets of the medical industry. HIPAA requires medical companies to store patientÂ’s medical records for five to seven years, and to store their childhood records for the life of the patient. This data also has to be highly secure and easily accessible to address patient care and also for legal reasons, such as a mishap in the office. Laws exist like this in many other industries as well, and a company is advised to research legal strictures on data protection. If there is a law requiring compliance, companies must often store more data for a longer period of time, necessitating secure, cost‐effective storage.

    Order PolicySample Policy

    These requirements build a basis for using tape for data protection in the mid‐market, in part because of the high likelihood that organizations already use some form of tape in their IT set‐ups. Tape continues to be the preferred home for nearly 70 percent of the world's data. Using tape for DR automatically builds on existing infrastructure and practices, and provides cost‐effective long‐term storage that addresses DR and legal compliance.

    more info

     

    Business continuity failures drive RIMs downtime

    Disaster PlanRIM's problems raise some important issues for all business continuity managers:

    • Successful tests do not guarantee that business continuity strategies will work.
    • Holistic business continuity plans need to consider the failure of failover systems and require that strategies are in place to deal with such a situation.
    • High availability systems are not a substitute for conventional business continuity and disaster recovery solutions. The latter provide the belts and braces required for total system assurance.

    According to RIM the downtime was the result of the failure of a core network switch and then the failure of business continuity processes which were meant to kick-in.

    RIM explained the situation in a service message posted on Facebook:

    "The messaging and browsing delays being experienced by BlackBerry users in Europe, the Middle East, Africa, India, Brazil, Chile and Argentina were caused by a core switch failure within RIMÂ’s infrastructure. Although the system is designed to failover to a back-up switch, the failover did not function as previously tested. As a result, a large backlog of data was generated, and we are now working to clear that backlog and restore normal service as quickly as possible. We apologize for any inconvenience, and we will continue to keep you informed."

     

    more info

     

    DisasterRecovery and Business Continuity Planning Considerations for Email

    Disaster recovery and business continuity planning considerations are crucial when deploying any email system. Not only is it important to have a plan in the event of a local outage, but careful consideration should also be given to the chance of an entire site failure. In the event of a disaster, the first system that needs to be brought online is communications. E-mail is the ideal method of communication, but users need access and the environment has to be able to withstand a major service interruption.

    DRP and Security

    Issues include, failing over to the backup site is a manual process and most systems do not include a mechanism to fail back to the primary site. Getting the primary site back online is a labor- and network-intensive process. Another is that most email systems do not utilize compression, which results in additional network bandwidth consumption.

    more info

     

    Blackberry impacted by lastest outage and get negative image in social networks

    The risks of using social media for critical service announcements were highlighted when BlackBerry posted notices of downtime on Social Networking Policyvarious social media channels.

    BlackBerry users in Europe, the Middle East and Africa were unable to use email, BBM and various other services due to a major fault. To inform users of the incident, Blackberry chose to utilize social media, posted a message stating:

    "Some users in EMEA are experiencing issues. We're investigating, and we apologise for any inconvenience."

    This basic message resulted in a stream of abuse and negative comments, with 2,500+ messages being posted on Facebook alone.

    The theme of many of the complaining comments were:

    • Questions about when services would be restored;
    • Questions about whether Blackberry would provide compensation for the downtime;
    • Questions about why Blackberry customer services employees were not responding to comments posted by users;
    • Generally abusive comments by people using the incident as a means of venting existing frustrations with Blackberry.

    The incident shows that companies need to think very carefully about whether unrestricted social media is an appropriate medium for customer service information. If organizations decide to go down this route, it is critical that messages are not just posted and left; they must be monitored and customer care employees must proactively engage with customer responses.

    more info

     

    Egypt Caused CIO to Re-evaluate Disaster Recovery and Business Continuity Plans using remote sites

    The shut down of the Internet in Egypt raised serious disaster recovery and business continuity questions:

    • How are business departments designed and deployed throughout the company globally?

      Disaster Recovery Security

    • How are critical functions dispersed through the various locations?

    An efficiently run business is always looking at its model and adapting to change -not only within the four walls of the company, but also global changes. As we operate in a flat world, businesses need to consider factors that 20 years ago did not exist to the level they do today. Economic and social changes occurring around the globe on a regular basis force businesses to look at all factors from a comprehensive cost perspective. Business models need to adapt when it becomes disadvantageous being in a specific country. Issues such as unstable governments, civil unrest, devalued currency or inflation that cause the cost point to increase and push the business out of a market, (for example, due to increased salaries and cost of living, or industries that are more favorable drawing on your employee pool). There are many more but the point is the dynamics of change outside of a company can greatly influence the inner workings of that company. And where the company goes, so does business continuity and disaster recovery.

    Business continuity and disaster recovery programs must align and adapt with business models no matter how fluid they become, rather than react to those changes once they are in place.

    more info

     

    Continuous Data Protection definition

    The focus on data protection and data recovery in traditional disaster recovery planning methodology reflects a practical reality: it makes little sense to re-host applications or reconnect users to the recovery environmentBackup Policy if they have no data with which to operate. Next to personnel, data is an organizationÂ’s most irreplaceable asset. While other resources used in recovery avail themselves of strategies based either on redundancy or replacement, data cannot be replaced: to protect and recover data, it must be copied (made redundant).

    This has been the focus of much of the discussion of continuity planning: how to make data redundant for safety. Typically, this entails a combination of approaches collectively described as defense in depth. Typically, some attention is paid to making data redundant at the transactional level—to protect against the accidental deletion or corruption of a file or database transaction and to enable recovery to a point in time just prior to the event itself. A number of technologies are available for this purpose, and the term Continuous Data Protection (CDP) has become an umbrella concept.

    more info

     

     

     

    ©  2001 - 2009 Janco Associates, Inc. - ALL RIGHTS RESERVED --  Revised: 06/16/09.