|
|
|
Disaster Recovery Business Continuity Pit Falls
IT is directed to cut cost and DRP / BCP pays the price... |
|
 In these turbulent economic times, it is easy for many of us to forget the basics and fall into the trap that disaster and business continuity planning are an optional activity. Here are some common pit falls to avoid.
- Not having an adequately documented Disaster Recovery / Business Continuity Plan - Not having a plan is fatal - having a plan that does not cover all the bases in a step-by-step manner can be worse because of a false sense of security that it would provide.
- Having your plan only in an electronic version - Be sure to store the documentation at multiple locations and verify that all key personnel have easy access to the manuals.
- Not foreseeing all of the disasters that can occur - Focus on location and geography. Do you live on an earthquake fault, tornado belt, or in a flood zone? How stable is the power source - are there frequent interruptions from thunderstorms or rolling blackouts?
- Having a plan that only a few people are trained or know about - What if those individuals who are trained are not available? Train as many employees as possible and see that they are geographically dispersed in case of a large environmental disaster that affects all local employees.
- Depending on one communication channel to notify staff a disaster has occurred - Relying on single telephone tree to notify staff during a disaster. If the power goes out in your facility and no one is there to report it, will your disaster recovery/business continuity staff be informed?
- Not having enough backup up power to cover an outage of several days - Many disasters last several days, if not weeks. Not having enough power may limit your ability to move key resources out of the disaster region.
- Not knowing what is critical to operations - What is needed to keep the enterprise running? Are there some functions and systems that you can operate without for several days?
- Not testing the adequacy of your backups - It does not matter how good your plan is if your backup data is not adequate to meet the task. Testing the media and processes regularly cannot be stressed enough.
- Not testing your plan - Regularly conduct data fire drills to test every possible scenario, from basic power failures to catastrophic events that could result in multiple months of devastation.
- Not have necessary passwords and software keys - Password protection is a key goal for data security, you need to store your system passwords and software keys in several geographically separate, secure locations. Make sure that more than one IT staff person has to these and that these passwords are promptly changed / tested when key personnel leave the company.
- Not having an up-to-date plan up to date - Have at least one individual responsible for updating your plan. Revisit the plan at least on a quarterly basis.
The Disaster Recovery Planning (DRP) / Business Continuity template can be used by any size enterprise. The template and supporting material have been updated to be Sarbanes-Oxley compliant. The Disaster Recovery Planning Documentation comes as a Word document and includes:
- Disaster Recovery Plan Template
- Business and IT Impact Analysis Questionnaire
- Work Plan
- Disaster Recovery & Business Continuity Audit Program
Read on... Order Now
|
|
| |
|
|
In This Issue |
|
Disaster Recovery Business
Continuity
Pit Falls |
|
IT Infrastructure Leads to Cost Control |
|
Record Management |
|
Security Audit Program |
|
|
|
IT Infrastructure Drives Cost Control |
|
In today's business environment there is a need to define an effective infrastructure to support operating environment; have a strategy for the deployment and technology; and clearly define responsibilities and accountabilities for the use and application of technology.
Read on... |
|
|
|
Record Management Retention and Disposition Policy |
|
Template comes in MS WORD format and is easily modified to meet the needs of enterprises of all sizes. It comes with a dozen forms which can be used immediately to create a record retention and disposition schedule.
Download Sample.... |
|
|
|
Security Audit Program |
|
The audit program is one that either an external auditor, internal auditor can use to validate the compliance of the Information Technology and the enterprise to the ISO 27000 Series (ISO27001 and ISO27002), Sarbanes-Oxley, HIPAA, and PCI-DSS.
Read on... |
|
|
Join Email List
