---

ISO Security Domains

Security Manual Template

ISO27001 - CobiT

ISO Security Domains - BS ISO/IEC 27001:2005 is the new standard to IS for ISO/IEC 17799:2005 (BS 7799-1:2005). The standard provides a specification for an Information Security Management System and the foundation for third party audit and certification. BS ISO/IEC 27001:2005 also ensures effective information security management is established and maintained through a continual improvement process, and implements the Organization for Economic Co-operation and Development (OECD) principles governing the security of information systems and network.

This ISO standard is comprised of 11 distinct domains of information security.  The Janco Security Manual Template addresses each security domain through the document. In addition, specific chapters and appendix items can me mapped directly to each domain. The table below shows this mapping:

he Janco Security Manual Template address all of the issues associated with ISO domains.  Specifically the eleven ISO domains are covered in the following sections of the template:

ISO Security Domains	Security Template Chapter
Security Policy	Security General Policy
Organization of Information Security	Responsibility
Asset Management	Insurance
Human Resource Security	Physical Control Facility Design
Physical and Environmental Security	Physical Control Data/Software Security
Communications and Operations Management	Responsibility
Access Control	Physical Control Access Control
Information System Acquisition, Development, and Maintenance	Process, Forms, & Checklists Appendix
Information Security Incident Management	Incident Reporting Procedure
Business Continuity Management	Internet and IT Contingency Planning
Compliance	Minimum & Mandated Security Standards Best Practices to Manage Compliance

 

 

---

 

 

Security Management News

---

BC/DR Planning More complex

As enterprise operations, including netwwork access with mobile computing, BYOD, SmartPhones, and tablets become more advanced and complex, solutions to restore companies back to business as usual after downtime are now more difficult. Preparing a DR plan can take months but in the midst of a disaster, you only have minutes to execute it.

 

Some Disaster Recovery and Business Continuity current articles:

1. Business Continuity Plan Has to be in Place Now  Business continuity plan is something that every organization needs to have in place before a disaster happens.  Every day somewhere in the world disasters are...
2. Top 10 Disasters That Need to be Planned for  Top 10 disasters that businesses should plan for Disasters Happen – How do you balance the business continuity disaster recovery risk and investment equation? Is...
3. Disaster Recovery High Risk Users Disaster Recovery High Risk Users There are three types of high risk users in disaster recovery and business continuity planning. They are: People who do...
4. Disaster Recovery Misconceptions  Disaster Recovery - What are the major misconceptions when a disaster occurs with IT systems? Can your systems can not support your company's day-to-day operations?...
5. Safety Program For Disaster Recovery Plan  Safety Program needs to be integrated into the Disaster Recovery Business Continuity Plan A safety program should be in place before disasters occur. Hurricanes, tornadoes,...

 

- more info

---

Pandemic in China a concern

- more info

---

What is the cost of downtime?

If your people can continue working for days without systems your cost of downtime is relatively low. If your business is tied to your systems or work cannot be processed your downtime cost may be high. We have had both sets of clients, a small architecture firm accounting system went down and they were comfortable with it being down for a few days.

However another customer, a lumber mill, shut down after someone tripped over a power cord. A server failed, and more than 200 workers were paid for doing nothing. That human error cost the company $10,000.

So calculate the cost of downtime in terms of labor paid, productivity lost, and all the other factors. Presenting such a number to your customer in terms of costs per hour or day can make a compelling argument for a solid business continuity plan.

MTPOD is the maximum amount of time that an enterprise's key products or services can be unavailable or undeliverable before its stakeholders see unacceptable consequences.

 

- more info

---

Top 10 list for Business Continuity and Disaster Recovery Planning

Top 10 lists for Disaster Recovery and Business Continuity Planning:

1. Top 10 tips for Disaster Recovery in a Small Business – best way to protect your data (16.3) Disaster Recovery for a Small Business Baseline for best practices defined in Janco’s Disaster Recovery Business Continuity Template. As requirements for avoiding downtime become increasingly...
2. Top 10 Disaster Recovery Best Practices (16.1) As requirements for avoiding downtime become increasingly stringent, administrators need tools and platforms that can help them plan, design, and implement disaster recovery strategies that...
3. Top 10 Reasons Why Disaster Recovery Business Continuity Plans Fail (14.6) In the recession many organizations put disaster recovery and business continuity on the back burner. As a result those plans are not as functional as...
4. Best of Breed Disaster Recovery Business Continuity (13.2) Best of Breed solutions for disaster recovery and business continuity has four key components: High Availability – Best of breed requires service that have high...
5. 10 Backup Best Practices supplementing a disaster recovery and business continuity solution with the cloud (13.2) 10 Backup best practices -  supplementing a disaster recovery and business continuity back-up solution with the cloud Backup best practices are used by many CIOs...

 

- more info

---

Disaster Planning is Required for Virtual Applications

A number of customers using the Microsoft-hosted Dynamics CRM Online and its Office 365 cloud service were reporting performance problems.
 
One CRM Online customer said problems began in the morning. The @MSCloudUS twitter account acknowledged the Office 365 problems, starting in the afternoon (EST).

The Disaster Planning Template addresses these issues. On the CRM Online front, "performance is slow for most users, to the point that some can’t use CRM at all," one Microsoft CRM user said. His company is based in the U.S., he said, but international users of the system were affected, as well.

A Microsoft spokesperson said, "We were made aware of a few customers experiencing difficulty using their Microsoft Dynamics CRM Online service this morning.  The customer impact was limited to some organizations in North America and has been resolved.  Microsoft takes any downtime seriously, and customers will be reimbursed service charges per the terms of our SLA which guarantees  99.9% uptime."

- more info

---

Tools for Disaster Recovery planing

When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing field. Safe recovery distances can also mean painfully slow replication and backup across the WAN in addition to the costs to accomplish this.

Janco's "Disaster Recovery and Business Continuity Template" leads the way to implementation of the latest disaster recovery technologies and cost savings strategies. Enterprise of all sizes can build a functional disaster recovery plan with this tool and make your own disaster recovery efforts more efficient.

1. Reasons why electronic forms are the future  Why use electronic forms? Electronic forms allow for the exchange of information more quickly, easily, and dependably than ever before. The Internet, mobile devices and...
2. 10 point checklist for disaster recovery  10 point checklist for disaster recovery HR, Legal and Media Communications Disaster Recovery 10 Point Checklist A list of 10 questions to rank how comprehensive...
3. Top 10 Disaster Recovery Best Practices  As requirements for avoiding downtime become increasingly stringent, administrators need tools and platforms that can help them plan, design, and implement disaster recovery strategies that...
4. Top 10 Selection Criteria for a Disaster Recovery Cloud Provider  Cloud disaster recovery business continuity When looking for cloud providers of Disaster Recovery and Business Continuity Services you need to establish that they will be...
5. Disaster Recovery Misconceptions  Disaster Recovery - What are the major misconceptions when a disaster occurs with IT systems? Can your systems can not support your company’s day-to-day operations?...

- more info

---

Social media a disaster planning tools

Government agencies are turning to social media technology to manage disasters and improve public safety.

A growing number of agencies are tapping into Facebook and Twitter to monitor events and provide near real-time notifications. And some are now taking social media a step further by communicating internally or sharing information and comments across offices or agencies.

A September Congressional Research Service report, Social Media and Disasters: Current Uses, Future Options, and Policy Considerations, noted that social media already plays an important role in disasters, but the use of the technology for emergency management is growing.

In Fort Worth and Tarrant County in Texas, for instance, a joint emergency operations center has switched on social media tools that improve communication across dozens of agencies and departments throughout the state. Police, firefighters, healthcare providers and others use push-to-talk radio, cellular telephony, and text messaging (including text documents and file sharing) to interact with an IP telephony infrastructure located in a response center. This allows teams to coordinate immediate responses, regardless of the underlying communications technology.

• CIO IT Infrastructure Policy PDF (All of the policies below which come as individual MS Word files)
• Backup and Backup Retention Policy
• Blog and Personal Web Site Policy (Includes electronic Blog Compliance Agreement Form)
• BYOD Access and Use Policy (Includes electronic BYOD Access and Use Agreement Form)
• Incident Communication Plan Policy (Updated to include social networks as a communication path)
• Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (Includes 5 electronic forms to aid in the quick deployment of this policy)
• Mobile Device Access and Use Policy
• Patch Management Policy
• Outsourcing Policy
• Record Management, Retention, and Destruction Policy
• Sensitive Information Policy (HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form)
• Service Level Agreement (SLA) Policy Template with Metrics
• Social Networking Policy (includes electronic form)
• Telecommuting Policy (includes 3 electronic forms to help to effecively manage work at home staff)
• Travel and Off-Site Meeting Policy
• IT Infrastructure Forms

- more info

---

Wiring meltdown can be a disaster

The design of data centers and large computer rooms always includes a cooling system. Yet many IT devices are located in distributed spaces outside of the computer room in closets, branch offices, and other locations that were never designed with provisions for cooling IT equipment. The power density of IT equipment has increased over time and the result is that distributed IT equipment such as VoIP routers, switches or servers often overheat or fail prematurely due to inadequate cooling.

To properly specify the appropriate cooling solution for a wiring closet, the temperature at which that closet should operate must first be specified. IT equipment vendors usually provide a maximum temperature under which their devices are designed to operate. For active IT equipment typically found in a wiring closet, this temperature is usually 104 F (40 C). This is the maximum temperature at which the vendor is able to guarantee performance and reliability for the stated warranty period. It is important to understand that although the maximum published operating temperature is acceptable per the manufacturer, operating at that temperature will not generally provide the same level of availability or longevity as operating at lower temperatures. Because of this, some IT equipment vendors also publish recommended operating temperatures for their equipment in addition to the maximum allowed. Typical recommended operating temperatures from IT equipment vendors are between 70 F (21 C) and 75° F (24 C).

Follow us at https://twitter.com/@itmanagercio

- more info

---

Crisis communication

In order to shape an effective crisis communications plan, all options, both traditional and non-traditional, should be considered and utilized within the objectives and strategy of the organization.

Methods of more common crisis communication strategies include:

• Phone Trees
• E-mail Blasts
• Mass Notification Systems (SMS/Telephone)
• Hotlines and Pre-Recorded Messages
• Radio and TV (Mass Broadcasts)
• Formal Statements
• Press Releases
• Press Conferences
• An Incident-Specific Website.

Methods of some non-traditional crisis communication strategies include:

• Social Media Sites
• RSS Feeds and Blogging
• Podcasts
• Smart Phone Mobile Applications
• Image Sharing Sites
• Widgets on Pre-Existing Webpages.

- more info

---

Cloud based disaster recovery

Protecting business means protect ongoing access to functional applications, servers and data; traditionally that means backing up data. However, backing up the data is only part of the equation. If you can’t restore the data, the backup effort is useless. If a business relies on tape backup alone, restoration is easy only for the simplest failure, and only if everything goes perfectly.

If a hard disk fails and all the backup tapes are good and the staff is practiced at doing the repair and restore, then you might be able to simply buy a replacement part and get things up within a couple of hours – though the data will be from last night’s backup. If the problem is more complicated and involve s a replacement server for instance, you will probably need a day or two to get new hardware in place before you even begin to recover.

- more info

---

Economic impacts from disasters

The UK government is publishing a series of background papers that have been commissioned as part of the Foresight project on Improving Future Disaster Anticipation and Resilience.

The latest paper, Indirect economic impacts from disasters aims to:

• Provide a review of existing evidence and case studies to outline and illustrate the types of indirect and long term economic impact that disasters can have;
• Summarise previous similar work highlighting any apparent temporal trends apparent comparing direct and indirect losses; and
• Explore economic impact on countries other than country in which a disaster has occurred.

Read the paper (PDF).

- more info

---

5 factore impacting time to return to normal operations after a disaster

The time it takes for a business to return to something like normal operating levels depends on a number of key issues:

 

• Overall damage assessment - can you trade from your existing premises and what stock, supplies, equipment and other key assets are recoverable and what is not recoverable
• Your insurance coverage and how quickly your claim can be processed
• Any government assistance you can access
• Communication with employees, customers and suppliers
• An assessment of the business's fnancial position
• Developing a plan to reopen your business.

- more info

---

IT pros not equiped to audit disaster plans

Although business continuity is in many ways relatively straightforward, it is not really a technical or scientific discipline compared with security or quality. Auditors need fixed points of reference for comparisons. Standards (in various guises) provide them with a route map to follow. This allows them to check the process, but not really the effectiveness, of the program. For example, it is easy to check the number of employees who have been through a business continuity management induction, but much more difficult to determine if this has had any impact upon corporate resilience.

This factor has often caused full-time BC practitioners to claim that they alone can properly audit a BC plan or program. There might be some justification for this. An ISO inspector, for instance, could successfully audit a hospital for its compliance against pre-agreed hygiene standards, but would not be credible at determining a surgeon's technical competence at performing a difficult operation.

However, few BC practitioners have the formal audit skills that colleagues in internal audit possess. Many consultants try to gain these skills by undertaking various audit training courses, but often find the concentration on process and compliance frustrating.

- more info

---

Top 10 tips for Disaster Recovery

Disaster Recovery for a Small Business

Baseline for best practices defined in Janco's Disaster Recovery Business Continuity Template.

As requirements for avoiding downtime become increasingly stringent, administrators need tools and platforms that can help them plan, design, and implement disaster recovery strategies that can meet those needs.

1. Analyze single points of failure
2. Backup frequently
3. Keep Updated notification trees
4. Be aware of current events
5. Plan for worst-case scenarios
6. Clearly document recovery processes
7. Centralize information
8. Create test plans and scripts
9. Retest regularly
10. Perform comprehensive recovery and business continuity test

Related posts:

1. Top 10 Disaster Recovery Best Practices  As requirements for avoiding downtime become increasingly stringent, administrators need tools and platforms that can help them plan, design, and implement disaster recovery strategies that...
2. 10 point checklist for disaster recovery 10 point checklist for disaster recovery HR, Legal and Media Communications Disaster Recovery 10 Point Checklist A list of 10 questions to rank how comprehensive...
3. 10 Backup Best Practices supplementing a disaster recovery and business continuity solution with the cloud  10 Backup best practices -  supplementing a disaster recovery and business continuity back-up solution with the cloud Backup best practices are used by many CIOs...
4. Business Continuity and Disaster Recovery Tips  Business Continuity and Disaster Recovery Tips Business continuity requires that you are prepared to deal to with a disaster and is one of the only...
5. 8 Characteristics of a Good Disaster Recovery Manager  8 Characteristics of a Good Disaster Recovery Manager The characteristics of a good disaster recovery manager and leader in a crisis like a recovery process...

- more info

---

Are you prepared for a disaster

According to a recent study, the average loss for businesses when a disaster occurs is $12,500 per hour. To reduce the risk of losing critical business information, you need complete protection of your important files and mission-critical applications.

Natural disasters, system crashes, theft, and cyber attacks can all lead to data and financial loss. To protect against these losses and minimize negative business impacts, you need to follow a few basic guiding principles to keep your data safe and your business running.

 

The template and supporting material have been updated to be Sarbanes-Oxley compliant.  The complete package includes:

• Disaster Recovery Plan Template
• Business and IT Impact Analysis Questionnaire
• Work Plan

With the template is a 3 page Job Description for the Disaster Recovery Manager.  The Disaster Recovery Plan Template PREMIUM Bundle contains 11 additional key job descriptions.

- more info

---

Backup straegy for remote sites

Disaster Recovery Business Continuity Planning Challenges for Remote Sites

The best contingency a business can take is to implement a data backup and disaster recovery plan. This will safeguard critical systems and data so that, should disaster strike, a business can get back on track with only minimal downtime.

• Know your data - which systems are most important and how long can a business continue without them? Sensitive legal and financial information may fall into this group.
• Location - onsite storage is useful for the speedy recovery of backed-up data, but single-site storage alone will not form a robust disaster recovery plan. Local storage must be supplemented with remote offsite backup (more than one location if possible) to ensure the security of data. Transferring data to a remote storage site means that, after the fire, systems can be restored as soon as a firm is ready to continue business.
• Cost Effictiveness - Using on-premise and remote storage adds a layer of security to data backup and disaster recovery plan. However, some businesses are dissuaded by the perceived cost and management involved in offsite storage.
• Backing up and carrying on - Data is the lifeblood of a business. It is therefore essential that a company takes steps to address the security of its most valuable asset, especially as the volume of its data grows.

 

- more info

---

Pandemic get closer

According to Centers for Disease Control and Prevention (CDC), nearly 40,000 Americans die annually from seasonal flu. And most experts agree that the human race is long overdue for an influenza pandemic far more deadly than the H1N1 pandemic of 2009–2010. The threat from Mother Nature goes far beyond the flu.

More than 400 new U.S. cases of West Nile virus [infection] emerged in the last week in an outbreak that remains the 2nd worst on record but has begun to show signs of slowing. So far this year [2012], 3545 cases have been reported to federal health officials as of 25 September 2012, up from 3142 reported the week before, the CDC said in its weekly update of outbreak data. About 38 per cent of all cases have been reported in Texas. Other states with large numbers of cases include Mississippi, Michigan, South Dakota, Louisiana, Oklahoma, and California.

- more info

---

DRP Critical Component of Risk Management

Disaster Recovery (DR) is a critical component of IT disaster planning and risk mitigation strategies, and compounded in difficulty by ever growing data volumes, distributed computing, and new technologies. How can you get creative in protecting more data, recovering more swiftly, but also saving some money?

Download this outline learn how the Janco Disaster Recovery Business Continuity Template can reduce RPOs and RTOs even more. 

Disaster Recovery Guide
Business Continuity Planning

ISO 27001, ISO 27002, ISO 17799, Sarbanes-Oxley, and HIPAA Compliant

         

 

What is Disaster Recovery and how does the Disaster Recovery Planning Template help?

This DRP Template can be used for any sized enterprise.  

The template and supporting material have been updated to be Sarbanes-Oxley compliant.  The complete package includes:

• Disaster Recovery Planning and Business Continuity Template
• Business and IT Impact Analysis Questionnaire
• Work Plan
• Disaster Recovery / Business Continuity Audit Program

With lost data being a competitive liability, there is no room for downtime in today's business world.

- more info

---

What is Rescue Point Objective (RPO)?

CIOs, CSO's, BC Managers constantly will work to improve their restoration point objective (RPO) and also recovery time objectives (RTO) by means of performing fast, non-disruptive backups, in addition to by performing data rescue. All comprehensive data safety solutions involve many criteria and contingencies.

Here are examples of the things that can fail with your data as well as backup requirements that must be addressed:

• Accidental or malicious removal of critical data - Requirement that provides enable you to quickly and easily get back individual files and folders.
• Data that is displaced or corrupted over a period of time - Requirement to spin back individual records to renovate database corruptions. The ability to get back data from any previous moment in time, and have it as granular as is feasible.
• A crashed disk - Requirement to recoup a disk volume takes a different approach than recovering a single file, but it really should be done just as promptly, and with automation to help keep operational disruptions to the minimum.
• A server failure - Requirement to bring back operations when replacing a broken server may just be complicated by the desire to install different drivers within the new system if the hardware is not an exact match. It helps to get the capability to move the coating workload to a standby server (with completely different hardware) or virtual server while system is being exchanged or repaired.
• A local or local disaster - Requirement as you lose an entire company to fire, flood, and other disaster, have a newly released copy of your important info in another location that is certainly outside the disaster area.
• Remote offices and side branch offices - Requirement to undertake a process in place to with minimal technical assistance as remote and branch offices often would not have the luxury of experiencing an on-site technical resource to help you in backups and restores.
• Resource-intensive backup processes - Requirement frequent and even continuous backup which is not resource-intensive.
• Security breaches - Necessity to secure data. If moving data between internet websites, it needs to be protected from potential stability breaches. A breach involving data security, whether actual damage is complete or not, can be devastating towards your company's reputation, as dozens of great enterprises and government agencies have found in recent years.

- more info

---

Disaster Recovery Template helps to manage expectations

In regards to disaster recovery and business continuity, clear expectations allow the enterprise executive to understand the process they will go through if a disaster does occur.

Expectations are one of the most important elements when finalizing a successful plan.  An open flow of communication between the recovery team and the end user will allow both parties to define exactly what they can expect from one another, with no surprises.  The mantra for setting  expectations is under represent and over deliver, so that an recovery team can be the hero that save the company tens of thousands of dollars and thusly offering value.

- more info

---

Disaster recovery done in place should use outside experts

Many organizations simply do not have the luxury of being able to move to an alternative recovery site following a physical disruption. In these cases disaster recovery plans should include the support of a disaster recovery company that will aid the internal recovery and incident team to mitigate against secondary damage, administer triage to the affected areas and expedite the correct equipment, methods and manpower to restore their facility as quickly as possible to a suitable working environment, so that service can be resumed.

Such disaster recovery responders will be on 24/7 standby to attend the client site. The responder will have conducted a survey of the site in advance of an incident, noting critical information so that any recovery and restoration objectives will be expedited without delay.

Speed of response is vital: in order to reduce the level of disruption and physical secondary damage; and to limit the time in which function is lost. Dealing with an incident within the first few hours may reduce the total time of the disruptive event by weeks.

- more info

---

Developing a Disaster Recovery Testing Process

Most real disasters are much less well-structured than a test - so if you can't make the test work when you can plan for it in advance and stage everything just right, what chance will you have if the big one hits?

One way to get a workable DR plan is to do some up-front scenario analysis after the BIA is done and build up a set of layered responses to incidents of increasing severity. For the least serious impacts you can engineer high availability solutions - essentially disaster avoidance strategies. For disasters you can't avoid, you can build routine operational processes (things like rolling cluster upgrades, managed application failover, deliberate load shifting) that let you practice for a real problem, so your people are familiar with most of the work they'll need to do in a disaster. That will also exercise most of the technologies you'll need and ensure they're working reliably - and that the disaster won't be their first use.

- more info

---

Major Disaster Recovery Failure with an Outsource Provider

Virginia's Department of Motor Vehicles along with 25 other state agencies  hasn't been able to process requests for licenses and ID cards. These systems are supposed to be up and running six days after the outages started to appear.Northrop Grumman  manages Virginia's IT infrastructure under a $2.3 billion IT services contract.

The Virginia Information Technologies Agency (VITA) said in a statement that teams have been working throughout the weekend to restore data. In a nutshell, the IT infrastructure of the state of Virginia was reportedly crushed by an EMC storage area network failure. The Richmond Times-Dispatch reports that several systems are still down. The same paper said that Northrop Grumman will have to pay a fine for the failure. And the real kicker is that recently revised its contract with Northrop Grumman and extended the deal for three years. The state paid an additional $236 million for better service from Northrop Grumman.

Highlights of the Revised Contract - Operational Efficiencies

• Consolidates and strengthens Performance Level Standards with a 15% increase in penalties across the board if Northrop Grumman fails to perform on clearly identified and measured performance standards. - PAY-UP 
• Improves Incident Response teams to determine technology failures and expedite repair - FAILED
• Institutes clear performance measurements for Northrop Grumman that agencies can easily track - FAILED
• Adds new services to contract such as improved disaster recovery and enhanced security features - FAILED

Among the key parts of the VITA statement:

Successful repair to the storage system hardware is complete, and all but three or possibly four agencies out of the 26 agency systems have been restored. Agencies continue to perform verification testing.

Progress continues, but work is not yet complete for the three or four agencies that have some of the largest and most complex databases. These databases make the restoration process extremely time consuming. The unfortunate result is the agencies will not be able to process some customer transactions until additional testing and validation are complete.

According to the manufacturer of the storage system (EMC), the events that led to the outage appear to be unprecedented. The manufacturer reports that the system and its underlying technology have an exemplary history of reliability, industry-leading data availability of more than 99.999% and no similar failure in one billion hours of run time.

The outage was blamed on the failure of two circuit boards installed and maintained by EMC. It is a big disconcerting that two circuit boards can bring down a state’s IT infrastructure for nearly a week.

Among the things that don't add up in the Virginia IT outage:

• Why wouldn't these boards be replaced quickly?
• Why was there a single point of failure?
• Service was restored for 16 agencies, but 10 require a lengthy restoration of data. Where was the disaster planning? After all, Northrop Grumman touted its disaster recovery for the state just two years ago.
• Where did the IT management fail?

- more info

---

Compliance with ISO 22301 Business Continuity Standard

Business continuity contributes to the development of a more resilient society. Organizations without an effective BCMS in place risk significant vulnerability and the resulting impact on their employees, customers and suppliers. BS ISO 22301 gives your organization access to the requirements of a BCMS that will enable your organization to prepare for disruptive incidents that might otherwise prevent you from achieving your objectives.

The standard can be used to assess an organization’s ability to meet its own continuity needs and obligations and establish a business continuity management policy that provides a framework for implementing effective business continuity arrangements.

- more info

---

Testing Business Continuity Plans - Over 1/3 fail

Testing at least once per month is important to maintain engineering best practices, to comply with stringent standards for data protection and recovery, and to gain confidence and peace of mind. In the midst of disaster is not the time to determine the flaws in your backup and recovery system. Backup alone is useless without the ability to efficiently recover, and technologists know all too well that the only path from "ought to work" to "known to work" is through testing.

A recent study found that only 16 percent of companies test their disaster recovery plan each month, with over half testing just once or twice per year, if ever. Adding to the concern, almost one-third of tests resulted in failure.

- more info