Disaster Business Continuity

Security Policies Procedures

Job Descriptions

IT Salary Survey

 

Janco

RSS Standard XML
RSS Latest 25 items
RSS Latest 10 items
RSS Latest 5 items
RSS Historical Feed

Other Feeds

RSS IT Productivity Center
RSS eJobDescription
RSS psrinc
RSS IT-Toolkits
RSS Disaster Planning

 

Sample Safety ProgramSafety Program Template

Revision History

Order Safety Program Download Safety Program

 

Effective management of worker safety and health protection is a decisive factor in reducing the extent and the severity of work-related injuries and illnesses. Effective management addresses all work-related hazards, including the potential hazards that could result from a change in worksite conditions or practices. Additionally, it addresses hazards whether or not they are regulated by government standards.

Version 2.3 - January 2010

  • Added Work at Alternative Location Safety Checklist (i.e. Work at Home)
  • Updated Inspection Checklist

Version 2.2 - April 2009

  • Updated to be compliant with mandated Federal, California, New York, Texas, and Illinois regulations
  • Updated to use standard CSS WORD style sheet
  • Saved in WORD 2007 format

 

 

 


Safety Program News




Disaster Plan - Yes or No

In many businesses, disaster recovery plans (DRPs) are often inadequate or outdated and in small to mid-sized businesses the situation is even worse: only a relatively small percentage have any form of plan. Why do so many businesses have such a lackadaisical approach to disaster recovery planning? Probably because it is a long and complicated process that ties up key personnel, can be costly to produce, and will change over time so it has a limited shelf life. And why spend time producing a document that may well never be needed? But any business that does not create a DRP is gambling that disasters will not strike and gambling with the livelihood of its employees and with the investments of shareholders and stakeholders.

Gartner, a leading research and advisory company, 40% of businesses that encounter a disaster close their doors within the following five years. For the 60% that do survive, the expenses that result from a loss of continuity can be significant.

According to Janco Associates, an International Disaster Recovery - Business Continuity consultancy the most common form of enterprise wide disaster is related to power outages.  Janco has found that in disaster recovery and business continuity cases it has reviewed the following is true:

  • Over one third companies take more than a day to recover from a major power outage caused by events like hurricanes and extensive disasters.
  • Over eleven percent of companies take more than a week to recover from these events.
  • The typical time to reconfigure a network that has not been planned for can take up to 72 hours - if the resources are available.
  • Data that is lost (not backup up electronically) can take weeks to re-enter if there is paper trail and if there is none the data can be lost forever.
  • Over 85 percent of companies that experience a computer disaster and do not have a Disaster Recovery - Business Continuity Plan go out of business within 18 months.

 

- more info



Scope of Disaster Planning is expanding as world events escalate

Disaster Planning scope continues to expand.  The volcanic ash air travel crisis caught many by surprise but in hindsight it was a predictable outcome of an event which was almost inevitable. What other such outliers are there? Continuity Central believes that using the huge experience of our global readership of business continuity managers many of these can be identified in advance.

If you add terroist attacks at infrastructure that can cause widespread environmental damage like the oil rig explosion in the gulf, the events to be considered are almost infinate.

A Yellowstone eruption, which would be a super volcand, would make the ash problems from the Icelandic volcano look like a minor event.  It would impact the entire US except Calfinoria. According to the Yellowstone Volcano Observatory the last supervolcanic eruption occurred 74,000 years ago at the Toba Caldera in Sumatra, Indonesia. Other known supervolcanoes around the world, include Long Valley in eastern California, Toba in Indonesia, and Taupo in New Zealand. In addition other potential supervolcanoes include large caldera volcanoes of Japan, Indonesia, and South America.

- more info



Touch screens are a security risk according to U of Penn

A University of Pennsylvania researcher presented a paper at the Usenix conference analyzing "Smudge Attacks on Smartphone Touch Screens."

Security Policies and Procedures and Audit Program

Based on his results, "the practice of entering sensitive information via touchscreens needs careful analysis," said the researchers. "The Android password pattern, in particular, should be strengthened." But they cautioned that any touchscreen device, including ATMs, voting machines, and PIN entry devices in retail stores, could be susceptible to smudge attacks.

Touchscreens, of course, are an increasingly common feature of mobile computing devices. According to one market research firm, 363 million touchscreen mobile devices will be sold in 2010, an increase of 97% over last year's sales. But are passwords entered via touchscreens secure?

- more info



The key elements of business continuity management defined

DRP Security Template

Writing and testing a disaster recovery plan is one of the key elements of business continuity management. Traditionally business continuity and disaster recovery (DR) planning have always been separated between the business and the information technology department. It has long been recognised that this ‘divide’ creates more problems than it solves, after all most businesses could not continue to operate successfully if their IT services were unavailable for a period of time, depending on the nature of your business this may well range from a few hours to several days. The recent launch of BS25999 has established a business continuity management (BCM) standard which intrinsically links BCM, incident management, and IT DR. Essentially the key message is to have true business continuity you must also have strong IT DR capability.

DRP Timeline

A disaster recovery plan should interface with the overall business continuity management plan, be clear and concise, focus on the key activities required to recover the critical IT services, be tested reviewed and updated on a regular basis, have an owner, and enable the recovery objectives to be met.

- more info



External Drives are a security risk

The Department of the Navy's CIO Privacy Office was notified on July 27 that a Naval headquarters office had been burglarized, and that the thieves had stolen at least 10 laptops DRP/BCP Security Templates and nine external hard drives. In the initial reporty by the Privacy Office said that one laptop contained a file with passwords and user names; personal financial data including bank accounts, investment accounts, and credit card information; a personal contact list with cell phone numbers, addresses, and birth dates; "government only" contract information; discrimination and hostile work environment correspondence; and other sensitive information.

Upon investigation, the Navy found that the laptop contained "high risk" personally identifiable information on only eight people. And the external hard drives were either still in their boxes or encrypted when taken. 

The incident emphasizes the importance of security policies and continued vigilance over insider threats, according to Navy department of the CIO privacy team lead  who disclosed the breach in a blog post on the Navy CIO's Web site.

"External hard drives are becoming as vulnerable as thumb drives," Muck wrote. "A best practice should be to physically secure them at the end of each work day."

The Navy Privacy Offices advised employees to never store personally identifiable information or unencrypted user names and passwords on government computers. And he reminded of the importance of inventory control policies.

- more info



What Does Disaster Recovery and Business Continuity Mean

Disaster Recovery Business Continuity PlaningThe IT industry continues to add emphasis and focus to Disaster Recovery and Business Continuity Planning. While the concept has been around for many years, Disaster Recovery has a different connotation today. As business technology and software applications have advanced, Disaster Recovery has come to mean more than simply the ability to get your systems back online after a power outage. Companies are now expected to recover from unforeseen disasters, and retrieve contracts, memos, invoices, signatures and all other critical documents with minimal interruption.

There is little doubt of the importance of an effective backup plan if a natural or man-made disaster destroys your business records. Many companies, however, still have yet to implement a Disaster Recovery plan, believing that the chance of it happening to them is too slim.

The reality is that an organization may declare a disaster for a number of reasons, including:

  • Extreme weather conditions
  • Prolonged power or communications failure
  • Robbery or other criminal activity
  • Civil unrest
  • Terrorist acts
- more info



End of life for XP will increase security risk

Three out of four companies will soon face more security risks because they continue to run the soon-to-be-retired Windows XP  Service Pack 2 (SP2), a report published today claimed.

According to Toronto, Canada-based technology provider, 77 percent of the organizations it surveyed are running Windows XP SP2 on 10 percent or more of their PCs. Nearly 46 percent of the 280,000 business computers they analyzed rely on the aged operating system.

- more info



Remote Branch Offices are a Disaster Recovery Business Continuity Risk

Distributed data at remote and branch offices (ROBOs) continues to grow substantially year after year. Leaving this data unprotected or inadequately protected poses, serious business risks for organizations. Protection approaches require careful consideration as factors such as technical complexity, capital and operational costs, and expertise of personnel must be taken into account.

Local disk-based data protection strategies improve backup efficiency and reliability over tape-based ones. Consolidation of edge data to the core data center may introduce further efficiencies. Data de-duplication can drive both backup-to-disk and consolidation adoption.

- more info