Tag Archives: DR / BC

Backup Policy Updated

Backup Policy Updated

Backup Policy

Backup Policy includes everthing that is need to be in full compliance with all mandated security requirement.

Backup Policy Updated as well as the CIO IT Infrastructure Policy Bundle. The policy has just been updated to take into account everything from GDPR to cloud storage and security implications.

The Backup Policy addresses the issues that you struggle with including:

  • How safe are your information assets in transit and at reset?
  • What protections are in place to prevent hacker access?
  • Does your backup and retention process meet all of your compliance requirements?
  • Who can gain access to your data?
  • What KPI metrics do you have in place?
  • Will the use of the data ensure successful recovery?

Managing backup and recovery in today’s environment is a multi-dimensional challenge with both near and long term business requirements. Recent technological developments in disk backup have had a positive impact on short term data retention requirements (see also BYOD policy). But these improvements do not replace the need to execute and deliver on a long term data retention strategy which includes:

  • Business and Regulatory Requirements Demand a Long-term Plan
  • Manage and Contain Your Total Cost of Ownership (TCO)
  • Encrypt Your Data for Secure Long-term Retention
  • Weigh the Environmental Impacts and Minimize Power and Cooling Costs
  • Simplify Management of the Entire Solution

Best of Breed solution

A “Best of Breed” backup policy and strategy considers how to:

  • Back up critical application data – across mixed operating systems and storage configurations
  • Restore desktops and mobile users quickly
  • Restore systems to dissimilar hardware or virtual systems
  • Back up data and system information to off site locations, so that you can quickly recover your business even from a total loss of your facility
  • Leverage new cloud based backup offerings to properly secure, back up,and archive critical data.

Order Backup Policy Backup Policy Download Selected Pages

See also:

Please follow and like us
error

10 Point Power Checklist Disaster Recovery and Business Continuity

10 Point Power Checklist Disaster Recovery and Business Continuity

10 Point Power Checklist Disaster Recovery and Business Continuity

10 point power checklist that adddresses the issues associated with power after an event that disrupts a network, availability of power to recover and run the network often is critical.

10 Point Power Checklist Disaster Recovery and Business Continuity needs to be incorporated into the disaster recovery – business continuity plan. The Disaster Recovery Business Continuity template contains many checklists and best practices to follow. The checklist  includes:

  1. Electricity, water, broken wires do not mix. Review all electrical and plumbing plans in detail.
  2. Understand the minimum power requirements to be operational.
  3. Have an adequate fuel supply to operate backup power sources. If the outage lasts for more than 30 days will the faciulity be ale to continue operations.
  4. Set reasonable response times for standby generator.
  5. Maintain your equipment and test it operations. Test at least once a quarter and review supplies on hand.
  6. Understand your environment and geography.
  7. Set up generators in an “open environment”. Carbon monoxide fumes can build up and poison people.
  8. Quarterly review your load.
  9. Meet all mandated compliance requirements. See Compliance Management Kit.
  10. Optionally contract for a rental power source.

A full description of each of these is contained in the template.  If followed, the chance the plan will be a workable one, are significantly improved.

 

Disaster Recovery Plan TemplateOrder DRP BCP TemplateDownload Disaster Plan Sample

For more information read also:

Please follow and like us
error

Compliance Mandates

Compliance Mandates – Companies Impacted

Compliance Mandates come from multiple sources.  How companies are impacted by them varies by size of company and the markets they serve.

Compliance Mandates impact every company that does business on the Internet. Few companies are impacted by all of the mandates. In the U.S. the most impactful is the CaCPA inacted by Califorinia and the GDPR from the EU

The EU has implemented a single privacy and compliance mandate.  In the U.S. that is not the case as of yet.  The U.S. Congress has talked about it but, as of yet, there is no consensus on what that legislation will look like.  Until that occurs the various states, and California in particular, will set the rules.

The standards for user privacy and control drove the released of an update to its Security Manual Template which identifies mandated user rights and enterprise responsibilities related to privacy protection. Janco reviewed in detail the California Consumer Privacy Act of 2018 (CaCPA) and generated a detail list of user rights and business responsibilities that are mandated.  The CaCPA requirements are very complex and significant resources will have to be allocated for organizations to comply with these new mandates.  These mandates will impact all organizations that have an Internet presence in the U.S. and California in particular.  The compliance deadline is January 1, 2020.

Compliance Management is an issue that every organization needs to address.

Compliance Management KitOrder Compliance management KitDownload Selected Pages

See also

Please follow and like us
error

Top 10 Press Release Best Practices

Top 10 Press Release Best Practices

 

Formal media and incident communications plan needs to be in place before an event occurs.

Top 10 Press Release Best Practices – Whenever enterprises are impacted by negative (cyberattacks) or positive events communication with the media is critical – Press Releases should be the first source for factual and informational communication with the media.

 

Top 10 best practices are:

  1. Perform extensive research – get your facts straight
  2. Don’t assume anything – double check everything
  3. Don’t belittle or talk down to anyone
  4. Don’t oversell your product or service
  5. Don’t over-write or bloat the release
  6. Create a clever subject line
  7. Don’t jump the gun when sending your release
  8. Optimize the Press Release for Internet Search Engines
  9. Maintain an internal list of trusted reporters and editors
  10. Be available and responsive right after a press release is issued

Top 10 Press Release Best PracticesOrder media communication PolicyDownload Selected media communication Policy Pages

Other posts:

Please follow and like us
error

What is HIPAA

What is HIPAA and how can an enerprise comply with the mandated requirements

What is HIPAA Privacy Rule – provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.

There also is a HIPAA Security Rule – It specifies a series of administrative, physical, and technical safeguards for covered entities to use to assure the confidentiality, integrity, and availability of electronic protected health information. This places unique challenges to the Business Continuity and Disaster Recovery Planning processes.

What is HIPAA

What is HIPAA and how does it impact overall Compliance Management?

Federal and state government regulations (see state compliance requirements) can be a big problem for today’s organizations. There are more than 100 such regulations in the U.S. alone, and that number continues to grow. These are in addition to industry-specific mandates. They are all designed to safeguard the confidentiality, integrity, and availability of electronic data from information security breaches. So, what are the consequences if your organization fails to comply? Heavy fines and legal action. In short, it’s serious.

Read On HIPAA Compliance

Order DRP BCP SecurityDownload Table of Contents Security and DRP templates

 

Please follow and like us
error

Top 10 Reasons Disaster Recovery Fails

Top 10 Reasons Disaster Recovery Fails

Top 10 Reasons Disaster Recovery Fails have been identified by Janco. Over 90% of all mid-sized to large enterprises have disaster recovery and business continuity plans in place — that is not enough to avert disaster as only 40% of those plans have not major defects. The top 10 causes for those failures are:

Top 10 Reasons Disaster Recovery Fails

Disaster Recovery and Business Continuity are necessary enterprise infrastructure processes that have correctable defects that can make plans fail.

  • Backups do not work
  • Not identifying every potential event that can jeopardize the infrastructure and data that the enterprise depends
  • Forgetting or ignoring the cross-training of personnel in disaster recovery and business continuity
  • Not including a communication processes which will work when your communication infrastructure is lost
  • Not having sufficient backup power – both capacity and durations
  • Having a recovery plan in place but not listing priorities of which resources need to be restored first
  • No physical documentation of your Disaster Recovery and Business Continuity plan
  • Disaster Recovery and Business Continuity plan that has not been tested adequately
  • Passwords are not available to the Disaster Recovery and Business Continuity team
  • Disaster Recovery and Business Continuity plan is not up to date

Order Disaster Recovery Business Continuity Template Download Selected Pages Disaster Recovery Business Continuity Template

See also:

Please follow and like us
error

Hot Topics

Hot Topics February 2019

Hot Topics - CIO Management Toolkit

CIO Management Tool Kit address all of the areas presented on this blog this past month. This is a complete set of tools that every top-level IT professionals from the CIO down needs to have.

Hot Topics February 2019 that had posts and comments. The CIO Management Tool Kit is a must have.  It is the foundation for IT Managers who are “World Class” performers.

  • IT Job Market Growth – A look back at 2018 and prior years. IT Job Market growth exploded in 2018 with over 107,000 new jobs added.
  • Cloud Based ERP –  Cloud based ERP,projects typically increase costs, take a long time to implement and require large and specialized staffs.
  • Top 10 Disaster Recovery Best Practices – Top 10 Disaster Recovery Best Practices as defined by over three decades of DR and BC practice by Janco Associates.  Experience is based on having operated in earthquake zones, hurricanes, and terrorist attacks.
  • IT organization Building Process – Over the past three decades Janco Associates and its principles have created a set of 300 IT Job descriptions that are viewed by many as the industry standard. As a natural extension of that offering Janco has documented its IT job classification system.
  • Top 10 Net Neutrality Issues – Top 10 Net Neutrality advantages for the general public are all centered around the factor that without it the Internet will not longer be a universally accepted standard infrastructure.
  • CIO Posts from January 2019 – CIO Posts are those that we know are related to the management of the IT function and how they relate to what is important.

Download Table of Contents CIO  Management Kit Order CIO  Management Kit

Please follow and like us
error

Top 10 Disaster Recovery Best Practices

Top 10 Disaster Recovery Best Practices every organization needs to follow

Disaster Recovery Plan

DR / BC planning requires a robust program that is constantly updated and monitored

Top 10 Disaster Recovery Best Practices as defined by over three decades of DR and BC practice by Janco Associates.  Experience is based on having operated in earthquake zones, hurricanes, and terrorist attacks.

Janco’s principles created the Disaster Recovery Plan that was implemented by Merrill Lynch (ML) on 911.  The plan was activated within minutes of the attack and only 52 seconds of transactions were lost.  The top 10 best practices that are followed in all DR/BC plans that have been created by us are.

  1. Focus on operations – people and process that drive the enterprise are the primary issues that DR and BC are controllable. Implementing a planning and recovery environment is an ideal time to define an approach based on best practices that address the process and people issues effectively.  In the case of ML the plan was activated in the computer room while the CIO was on a plane over the Atlantic.
  2. Have at least one recovery site in place – Before an event there need to be plans in place for not only operation of computer but also for location of operations staff. Cloud managed computer operations can work when a disaster is in a limited ares.  However it is is wide ranged like a hurricane the issues can be problematic.
  3. Train everyone on how to execute the DR and BC – People are the front line when it comes to supporting the enterprise. A staff that has not been properly trained in the use of the DR and BC when an event occurs will we hindrance. Everyone must have the knowledge and skills to provide the right support. The primary focus is to reduce downtime, it also delivers better performance and a faster ROI through better and wiser use of IT assets.
  4. Have a clear definition for declaring when a disaster or business interruption occurs that will set the DR and BC process into motion – There needs to be a clear processes for allocating resources based on their criticality and availability requirements. This will define the “rules of the road” for who does what and when while minimizing the factors that can negatively impact enterprise operations.
  5. Integrate DRP and BCP with change management – Changes are inevitable in any sizable environment. It is difficult to keep up with the flood of new applications, technologies, and new tools. That is why it is essential to design, implement, and continuously improve change and configuration management processes.
  6. Focus on addressing issues BEFORE they impact the enterprise – When you are aiming to operate at the speed of business, after-the-fact fixes do not make the grade. These days, you need to anticipate trouble and head it off before it happens. It is important to identify risks across people, process, and technology so that appropriate countermeasures can be implemented. You should also make sure that vendors provide an appropriate level of support including proactive features such as critical patch analysis and change management support.
  7. Have an Incident Communications Plan in place – The incident communication plan should cover all interested parties from customers to employees and investors.
  8. Validate that all technology is properly installed and configured right from the start – a technology solution that is properly implemented in terms of its hardware, firmware, and software will dramatically reduce problems and downtime in the future. Proper initial configuration can also save time and reduce issues with upgrades, hot patches, and other changes.
  9. Monitor the processes and people to know what critical – many of today’s enterprises are experiencing a capacity crisis as they reach the limits of reduced budgets, older facilities and legacy infrastructures. Space is tight. Power and cooling resources are over-burdened. Implementing new solutions in inefficient environments may limit their ability to recover from an event. An assessment that examines and analyzes the enterprises environment’s capabilities and requirements can provide valuable information to help improve efficiency.
  10. Test often – a DR BC plan is not a static document.  Things change and new individuals are involved as staff changes.

Disaster Recovery Plan Template DRP Sample DRP Template

Disaster Recovery Plan TemplateOrder Disaster Plan TemplateDownload Selected Pages Disaster Plan Template

Please follow and like us
error

Disaster Recovery Business Continuity

Disaster Recovery Business Continuity Template – 2019 Version Released

Disaster Recovery Business Continuity has just been updated and the 2019 Version has just been released.  The changes to this version are:

  • Updated all included job descriptions
  • Updated all included forms
    • Disaster Recovery electronic forms
    • Safety Program electronic forms
  • Added co-location checklist
  • Audit Program Updated
  • Administrative changes
    Disaster Recovery Business Continuity Template

    2019 Version now available for immediate download

    • Changed core document to exclude job descriptions and forms which are delivered in their own directories
    • Business and IT Impact Questionnaire is delivered in its own and comes as a MS WORD, pdf, and eBook electronic format
    • 3 included job descriptions are delivered in their own directory

The chapters of the template are:

  • Plan Introduction
  • Business Impact Analysis
  • Backup Strategy
  • Recovery Strategy
  • Disaster Recover Organization
  • Disaster Recovery Organizational Procedures
  • Plan Administration
  • Appendix – Full of tools and checklists

Also included as separate MS Word and/or eBook electronic files in thier own directories:

  • Job Descriptions – Disaster Recovery Manager,  Manager Disaster Recovery and Business Continuity
  • Disaster Recovery electronic forms – Business Continuity Site Evaluation Checklist, Business Continuity LAN Node Inventory, Business Continuity Location Contact Numbers, Business Continuity Off-Site Inventory, Business Continuity Personnel Location, Business Continuity Plan Distribution, Business Continuity Remote Location Contact Information, Business Continuity Server Registration, Business Continuity Team Call List, and  Business Continuity Vendor List
  • Safety Program electronic forms – Area Safety Inspection, Employee Job Hazard Analysis, First Report of Injury, Inspection Checklist – Alternative Locations, Inspection Checklist – Computer Server Data Center, Inspection Checklist – Office Locations, New Employee Safety Checklist,Safety Program Contact List, and Training Record
  • Business Imact Analysis Questionnaire – PDF and MS WORD Formats
  • Business Impact Analysis electronic form  – Application and File Server Inventory
  • eBook versions – Disaster Recovery Business Continuity Template and the DPR Audit Program

Disaster Recovery Plan TemplateOrder Disaster Plan TemplateDownload Selected Pages Disaster Plan Template

See also:

Please follow and like us
error

DRP BCP Audit

DRP BCP Audit Update Released

DRP BCP Audit ProgramDRP BCP Audit Update Released with updates that have been implemented to see that the latest mandated requirements of ISO, the U.S., and the EU are complied with.

This Disaster Recovery / Business Continuity Audit program identifies control objectives that are meet by the audit program. There are approximately 50 specific items that the audit covers in the 17 page audit program. Included are references to specific tools that will assist you in addressing any defects or shortcoming the audit uncovers.

The Audit program covers the following control objectives:

  • Ensure that adequate and effective contingency plans have been established to support the prompt recovery of crucial enterprise functions.
  • Ensure that all mandated disaster recovery, business continuity, and security requirements have adequate compliance policies.
  • Ensure the survival of the business and to minimize the implications of a major enterprise and/or I T failure.
  • Ensure that all the potential risks to the enterprise are identified and assessed.
  • Ensure the optimum contingency arrangements are selected and cost effectively provided.
  • Ensure that an authorized and documented disaster recovery / business continuity plan is created, maintained up-to-date, and securely stored.
  • Ensure that the recovery plan is periodically tested.
  • Ensure that all internal and external parties are fully aware of their responsibilities and commitments.
  • Ensure that appropriate liaison is maintained with external parties (i.e. insurers, emergency services, suppliers, etc. ).
  • Ensure that both the damaged and recovery sites are secure and that systems are securely operated.
  • Ensure that systems and procedures are adequately and accurately documented.
  • Ensure that public and media relations would be effectively addressed.

The audit programs is available as a standalone item. In addition it is included with several of Janco’s offerings.  They are:

Order DRP Audit ProgramDownload Selected Pages DRP Audit Program

Please follow and like us
error