Backup Policy includes everthing that is need to be in full compliance with all mandated security requirement.
Backup Policy Updated as well as the CIO IT Infrastructure Policy Bundle. The policy has just been updated to take into account everything from GDPR to cloud storage and security implications.
The Backup Policy addresses the issues that you struggle with including:
How safe are your information assets in transit and at reset?
What protections are in place to prevent hacker access?
Does your backup and retention process meet all of your compliance requirements?
Who can gain access to your data?
What KPI metrics do you have in place?
Will the use of the data ensure successful recovery?
Managing backup and recovery in today’s environment is a multi-dimensional challenge with both near and long term business requirements. Recent technological developments in disk backup have had a positive impact on short term data retention requirements (see also BYOD policy). But these improvements do not replace the need to execute and deliver on a long term data retention strategy which includes:
Business and Regulatory Requirements Demand a Long-term Plan
Manage and Contain Your Total Cost of Ownership (TCO)
Encrypt Your Data for Secure Long-term Retention
Weigh the Environmental Impacts and Minimize Power and Cooling Costs
Simplify Management of the Entire Solution
Best of Breed solution
A “Best of Breed” backup policy and strategy considers how to:
Back up critical application data – across mixed operating systems and storage configurations
Restore desktops and mobile users quickly
Restore systems to dissimilar hardware or virtual systems
Back up data and system information to off site locations, so that you can quickly recover your business even from a total loss of your facility
Leverage new cloud based backup offerings to properly secure, back up,and archive critical data.
10 Point Power Checklist Disaster Recovery and Business Continuity
10 point power checklist that adddresses the issues associated with power after an event that disrupts a network, availability of power to recover and run the network often is critical.
10 Point Power Checklist Disaster Recovery and Business Continuity needs to be incorporated into the disaster recovery – business continuity plan. The Disaster Recovery Business Continuity template contains many checklists and best practices to follow. The checklist includes:
Electricity, water, broken wires do not mix. Review all electrical and plumbing plans in detail.
Understand the minimum power requirements to be operational.
Have an adequate fuel supply to operate backup power sources. If the outage lasts for more than 30 days will the faciulity be ale to continue operations.
Set reasonable response times for standby generator.
Maintain your equipment and test it operations. Test at least once a quarter and review supplies on hand.
Understand your environment and geography.
Set up generators in an “open environment”. Carbon monoxide fumes can build up and poison people.
Formal media and incident communications plan needs to be in place before an event occurs.
Top 10 Press Release Best Practices – Whenever enterprises are impacted by negative (cyberattacks) or positive events communication with the media is critical – Press Releases should be the first source for factual and informational communication with the media.
Top 10 best practices are:
Perform extensive research – get your facts straight
Don’t assume anything – double check everything
Don’t belittle or talk down to anyone
Don’t oversell your product or service
Don’t over-write or bloat the release
Create a clever subject line
Don’t jump the gun when sending your release
Optimize the Press Release for Internet Search Engines
Maintain an internal list of trusted reporters and editors
Be available and responsive right after a press release is issued
What is HIPAA and how can an enerprise comply with the mandated requirements
What is HIPAA Privacy Rule – provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.
There also is a HIPAA Security Rule – It specifies a series of administrative, physical, and technical safeguards for covered entities to use to assure the confidentiality, integrity, and availability of electronic protected health information. This places unique challenges to the Business Continuity and Disaster Recovery Planning processes.
What is HIPAA and how does it impact overall Compliance Management?
Federal and state government regulations (see state compliance requirements) can be a big problem for today’s organizations. There are more than 100 such regulations in the U.S. alone, and that number continues to grow. These are in addition to industry-specific mandates. They are all designed to safeguard the confidentiality, integrity, and availability of electronic data from information security breaches. So, what are the consequences if your organization fails to comply? Heavy fines and legal action. In short, it’s serious.
Top 10 Reasons Disaster Recovery Fails have been identified by Janco.Over 90% of all mid-sized to large enterprises have disaster recovery and business continuity plans in place — that is not enough to avert disaster as only 40% of those plans have not major defects. The top 10 causes for those failures are:
Disaster Recovery and Business Continuity are necessary enterprise infrastructure processes that have correctable defects that can make plans fail.
Backups do not work
Not identifying every potential event that can jeopardize the infrastructure and data that the enterprise depends
Forgetting or ignoring the cross-training of personnel in disaster recovery and business continuity
Not including a communication processes which will work when your communication infrastructure is lost
Not having sufficient backup power – both capacity and durations
Having a recovery plan in place but not listing priorities of which resources need to be restored first
No physical documentation of your Disaster Recovery and Business Continuity plan
Disaster Recovery and Business Continuity plan that has not been tested adequately
Passwords are not available to the Disaster Recovery and Business Continuity team
Disaster Recovery and Business Continuity plan is not up to date