RSS News Feed Feed Description


DRP & Security Templates 
Disaster Recovery Plan  and Security Manual
Bundle
 

 

The Disaster Recovery - Business Continuity / Security Manual Template Bundle contain the two most critical components of most enterprise's support infrastructure.  This bundle comes in three versions plus there is an update service for both the DRP - BC and Security Manual.  Both of the templates are ISO 27000 (formerly ISO 17799), Sarbanes-Oxley, PCI, and HIPAA compliant.  In addition the Security Manual template has extensive audit checklists can be used as is to validate your security procedures are compliant with HIPAA and ISO 27000.

The Disaster Recovery / Business Continuity and Security Manual Template bundle comes in three versions - Standard, Premium, and Gold.
 
  Standard Premium Gold
 
Disaster Planning / Business Continuity Template (WORD) X X X
Security Manual Template X X X
Business Impact Questionnaire (21 pages) X X X
Threat and Vulnerability Assessment Form X X X

25 full IT Job Descriptions:

  • Chief Information Officer (CIO)

  • Chief Compliance Officer (CCO)

  • Chief Security Officer (CSO)

  • VP Strategy and Architecture

  • Director e-Commerce

  • Database Administrator

  • Data Security Administrator

  • Manager Data Security

  • Manager Database

  • Manager Disaster Recovery

  • Manager Disaster Recovery and Business Continuity

  • Manager Facilities and Equipment

  • Manager Media Library Support

  • Manager Network and Computing Services

  • Manager Network Services

  • Manager Site Management

  • Manager Training and Documentation

  • Manager Voice and Data Communication

  • Manager Wireless Systems

  • Capacity Planning Supervisor;

  • Disaster Recovery Coordinator

  • Disaster Recovery - Special Projects Supervisor

  • Network Security Analyst

  • System Administrator - Unix

  • System Administrator - Windows

  X X
204 IT Job Descriptions (WORD each as an individual file using long file names includes the  25 job descriptions listed above)     X
Update Service Available X X X

 

 

Disaster Recovery Plan (DRP)

This Disaster Recovery Plan (DRP) can be used as a template for any enterprise.   DRP is sent to you via e-mail in WORD and/or PDF format. Included is a 23 page Business Impact Questionnaire as well as a 3 page Job Description for the Disaster Recovery Manager. The  Disaster Recovery Plan Template PREMIUM Bundle contains 11 additional key job descriptions.

  • Plan Introduction

  • Business Impact Analysis

  • DRP Organization Responsibilities

  • Backup Strategy

  • Recovery Strategy 

  • Disaster Recovery Procedures Check List

  • Plan Administration Process

  • Technical Appendix

  • 3 page Job Description for Disaster Recovery Manager

  • Work Plan

The template is ISO 17799, SOX, and HIPAA compliant

 

 

Security Manual  

The Template includes everything needed to customize the Internet and Information Technology Security Manual to comply with Sarbanes-Oxley. The Security Manual Template PREMIUM Edition  contains 16 detail job descriptions.

The electronic document includes proven written text and examples for the following major sections for your topics / security plan:

  • ISO 17799, Sarbanes-Oxley, HIPAA, and Patriot Act Compliance

  • Security Manual Introduction

  • Risk Analysis

  • Staff Member Roles

  • Physical Security 

  • Facility Design, Construction and Operational Considerations

  • Media and Documentation

  • Data and Software Security

  • Network Security

  • Internet and Information Technology contingency Planning

  • Travel and Off=Site Meetings

  • Insurance

  • Outsourced Services

  • Waiver Procedures

  • Incident Reporting Procedures

  • Access Control Guidelines

  • Sample Forms

    • Business and IT Impact Questionnaire

    • Threat & Vulnerability Assessment Tool

    • Security Violation Reporting form

    • Security Audit form

    • Inspection Check List

    • New Employee Security form

    • Security Access Application form

     

    •  

     

    Summary of Bundle Offering

      Standard Premium Gold
    Disaster Recovery Business Continuity Word Template x x x
    Security Manual Word Template x x x
    25 DR/BC and Security Job Descriptions Word and PDF   x  
    204 IT and Internet Job Descriptions Word (Includes the 25 DR/BC and Security Job Descriptions)     x
    Update Service Available Yes Yes Yes

     

     

    Current News

    DisasterRecovery and Business Continuity Planning Considerations for Email

    Disaster recovery and business continuity planning considerations are crucial when deploying any email system. Not only is it important to have a plan in the event of a local outage, but careful consideration should also be given to the chance of an entire site failure. In the event of a disaster, the first system that needs to be brought online is communications. E-mail is the ideal method of communication, but users need access and the environment has to be able to withstand a major service interruption.

    Disaster Planning

    Issues include, failing over to the backup site is a manual process and most systems do not include a mechanism to fail back to the primary site. Getting the primary site back online is a labor- and network-intensive process. Another is that most email systems do not utilize compression, which results in additional network bandwidth consumption.

     more info

     

    What to do after you have created a Disaster Recovery Business Continuity Plan

    Now that you have a disaster recovery plan in place, you still have work to do.

    Disaster Types

    Order Disaster PlanDisaster Plan Template

    • Test your disaster recovery plan at least quarterly. Simply having a plan in place is not enough. Develop and regularly (quarterly) test your plan so that the first time it is executed is not during an emergency. Remember to test under realistic conditions and make the plan robust enough to address extended recovery that may require utilization of new facilities, relocation of staff and involvement of outside personnel.
    • Review and reassign responsibilities at least monthly. Factor in changes to your organization caused by recent layoffs and restructurings. Assign new responsibilities to employees based on the current organizational structure and available resources. Test this updated plan to ensure all tools and protocols are in place to operate during a disaster, reaching out to all parts of the organization and employee family members as well as vendors, government agencies and emergency responders.
    • Update your notification system at least monthly. Critical during any potential interruption, notification should be an integral part of an organizationÂ’s disaster recovery plan. Make sure all contact numbers are up-to-date, allowing the organization to get in touch with key personnel in the event of an emergency. This will also help prioritize methods of communication and track which employees have received messages.
    • Know where staff will work if you lose your facility. Employees are the heart of an organization; however, many human resources aspects are frequently overlooked in disaster recovery planning. Businesses must identify alternate locations where employees can go in the event a primary work location is unavailable and address the physical safety and psychological well-being of employees. Assign backup roles for the inevitable times when key players are not available or missing, and time-sensitive actions need to be taken. Employ cross training to have alternative contacts ready to go.
    • If a Disaster is DECLARED EXECUTE your plan. If an organization has access to hot or cold back-up sites, a common mistake is to wait too long before declaring an emergency and relocating personnel. If an organization is located in an area for which a government evacuation order has been issued, it should declare and relocate immediately.
    • Document your technology infrastructure. Develop procedures for technical recovery scripts that will be deployed to help get your IT infrastructure up and running. Make the scripts comprehensive and easy to understand so people who are not familiar with them can easily follow along.
    • Update your vendor list at least monthly. Strictly enforce change management and control processes to help ensure vendor contacts are current so vital services will be quickly available when needed.
    • Review the use of contractors and outsourced facilities. In the event of a disaster, will your vendors be able to perform their roles in supporting your critical technical infrastructure and business processes? Consider looking at secondary providers as a precaution. Take time to evaluate whether support or maintenance contracts need to be extended or have levels of support modified.
    • Review and test readiness and completeness of offsite data storage. Paper records and backup tapes may be totally lost, destroyed or unavailable. Develop contingencies in the event delivery of offsite-stored data is delayed. Investigate using electronic media - through disk-to-disk backup - to help safeguard and provide backup information.
    • Have a current plan in place to re-build your critical servers. Should a disaster occur, re-building servers from the ground up consumes time and stretches internal IT resources. Consider working with a third-party provider that can simplify these processes by rebuilding your operating systems on its own servers - enabling a speedy and more cost-effective recovery.
     more info

     

    Disaster Planning Protects Assets

    Types of Disasters to Plan for

    Disaster planning is an essential component of preserving your enterpriseÂ’s assets. With a written disaster plan, your enterprise can reduce the risk of disaster and minimize losses. The Janco Disaster Recovery Plan Template is perfect for small and medium-sized institutions that do not have in-house preservation staff.  The Janco Disaster Recovery Plan Template is also valuable for large enterprises that need to develop separate but related plans for multiple buildings, locations, or branches.

    The Janco Disaster Recovery Plan Template can help you create a plan for disaster prevention and response. Enter data into the online template to create a customized disaster plan for your enterprise. This plan will help you:

    • Prevent or mitigate disasters,
    • Prepare for the most likely emergencies,
    • Respond quickly to minimize damage if disaster strikes, and
    • Recover effectively from disaster while continuing to provide enterprise services to your customers and clients
     more info

     

    Causes of Disasters

    Disaster Causes

    According to Janco Associates, the primary factor in the activiation of Disaster Recovery and Business Continuity Plans is computer hardware failure.

     more info

     

    Email Outages Average Almost 1 Hour Per Month A recent Osterman Research survey found that in mid-sized and large organizations, e-mail systems experience a mean of 53 minutes of unplanned downtime during a typical month. That means that during a one-year period, a typical e-mail system will be down for 10.6 hours. This does not include the scheduled maintenance or other scheduled outages that happen on a regular basis. A company considering e-mail recovery or continuity needs to understand the importance of e-mail and its tolerance for e-mail outages. Decision makers need to understand exactly what impact an e-mail outage can have on their business, although many of them do not understand the full impact of an outage. more info

     

    Pandemics Need to be Accounted for in Business Continuity and Disaster Plans

    When the World Health Organization (WHO) raises the pandemic threat alert to Level 6 what affect does that have on business continuity?  Enterprises will have to do more than tell sick employees to stay home and healthy ones to wash their hands.

    When a pandemic strikes your enterprise the business continuity and disaster recovery plans need to allow IT workers to manage computer systems from home.  There is no other alternative but to have them in the office.

    A Level 6 alert means that company officials will be asked by the U.S. Centers for Disease Control and Prevention to undertake a number of efforts to fight any pandemic -- including the appointment of a workplace Pandemic Coordinator or team.

    The Pandemic Coordinator is responsible for monitoring employees to ensure they follow basic rules of hygiene, such as washing hands, and to make sure that breathing masks are available. If a worker becomes sick, the Pandemic Coordinator must ensure they go home.

    The real issue is not sick employees, but an inability to get supplies and deliveries.

    If your enterprise is in a locality that gets to pandemic levels of infection your enterprise is going to see issues like suppliers not being able to get deliveries to you because they are sick.  This will be a regional issue, even if your organization is not directly affected by the flu.

    more info

     

    How does consolication impact Disaster Planning

    In an effort to drive profitability and rein in costs, businesses are continually seeking to improve operational capabilities. Primary to this objective are today's burgeoning network infrastructures, which are continually being asked to do more. Applications are becoming more sophisticated and mission-critical. More software is written to take advantage of dynamic IP parameters. In addition, an economic slowdown has companies relying on network-based technologies that reduce Total Cost of Ownership (TCO) and save money. Consolidation is another trend bolstering IT efficiencies. Servers and storage are often the first affected by a consolidation initiative. However, data center consolidation is just as important in terms of optimizing infrastructure security, compliance and integrity. The flourishing area of unified communications (UC) offers further testimony to the increased significance of the network. UC provides substantial benefit to the enterprise in terms of capabilities that allow staff to collaborate in real time, access critical information and communicate seamlessly with coworkers and customers -- regardless of location.

    more info

     

    Remote and Branch Office Disaster Planning Distributed data at Remote and Branch Offices (ROBO) continues to grow substantially year after year. Leaving this data unprotected or inadequately protected poses serious business risks for organizations. Protection approaches require careful consideration as factors such as technical complexity, capital and operational costs, and expertise of personnel must be taken into account.

    Local disk-based data protection strategies improve backup efficiency and reliability over tape-based ones. Consolidation of edge data to the core data center may introduce further efficiencies. Data de-duplication can drive both backup-to-disk and consolidation adoption.         more info

     

    Business Risk makes Disaster Planning More Complex

    Whether you are a for profit business, a bank, a government agency, hospital the risk of compromising private information is very high.  Business relies heavily on technology today and business risk often is technology dependent. The possibility of litigation is part of business. There has always been a risk in doing business, but because technology and today's business are so intertwined, business risk has a higher threat level. This has prompted many to encrypt workstations and mobile computers in order to protect critical business data.

    If you have rolled out encryption, how do you maintain your IT service quality when the hard disk drive fails? How do you plan and prepare for a data loss when the userÂ’s computer is encrypted?  These are all issues that should be considered when putting together a data disaster plan. In addition, data recovery, one of the more common missing elements of a disaster recovery plan, should also be factored in because it can serve as the “Hail Mary” attempt when all other options have been exhausted.

     more info

     

    Backing up with an Outsource Provider may not be the Right Answer

    Just because your disaster recovery business continuity plan includes  a plan for backing up your data to a outsource provider does not mean that your enterprise is safe.

    Carbonite, EMC's Mozy, and Amazon's Simple Storage Service (S3) are providers in the growing online backup market. The services let consumers and enterprises back up their data over the Internet for later retrieval if a hard drive or another component should fail. Carbonite targets its service toward home and small-business users.

    Carbonite is suing storage vendor Promise Technology, saying repeated failures of Promise gear have caused "significant data loss" at Carbonite.

    In the lawsuit, Carbonite said it bought more than $3 million (US Dollars) worth of Promise VTrak Raid products beginning in 2006. In several incidents starting in January 2007, the service provider suffered data loss because the Promise gear failed to support recovery from physical drive errors and array errors. The data losses caused "substantial damage" to Carbonite's business, the company alleged.

     more info

     

     

     

    ©  2001 - 2009 Janco Associates, Inc. - ALL RIGHTS RESERVED --  Revised: 06/16/09.