JancoJanco Forum

News Feed

Feed
Description

Janco Mobile Pages

Home
Search
Templates
Salary Survey
HandiGuides
Job Descriptions
Individual Policies
Compliance Tools
White Papers
Update Service
Bundles - Special Offers
CIO Infrastructure Tool Kit
Promotions
About Us

Sensitive Information

Client Server Management

 

 

 

Sarbanes Oxley Compliance

Sarbanes-Oxley Compliance Resource Kit

Buy

Sarbanes-Oxley Section 404 requires that:

  • Enterprises have an enterprise wide security policy;
  • Enterprises have enterprise wide classification of data for security, risk, and business impact;
  • Enterprises have security related standards and procedures;
  • Enterprises have formal security based documentation, auditing, and testing in place;
  • Enterprise enforce separation of duties; and
  • Enterprises have policies and procedures in place for Change Management, Help Desk, Service Requests, and changes to applications, policies, and procedures.

To meet these needs the Sarbanes Oxley Compliance Resource Kit, which comes in four editions (Standard, Silver, Gold, and Platinum) contains:

  • Security Policies (all editions);
  • Threat & Vulnerability Assessment Tool (all editions);
  • Business & IT Impact Questionnaire Risk Assessment Tool (all editions);
  • Safety Program Template (all editions);
  • Disaster Recovery Template (all editions);
  • Outsourcing guide update to reflect what you vendors need to do (all editions);
  • Software tool to monitor key data files (all editions);
  • Internet and IT Job Descriptions (Silver, Gold, and Platinum Editions) and;
  • IT Service Management Template (Platinum Edition).

 

Security Template

Security Manual 

                                              
The plan is 178 pages and includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement.  The electronic document includes proven written text and examples for your security plan.
View The Table of Contents And A Few Pages         

Disaster Recovery Planning TemplateDisaster Recovery Plan (DRP)

                 
This Disaster Recovery Plan (DRP) can be used as a template for any enterprise.   DRP is sent to you via e-mail in WORD and/or PDF format. Included is a 13 page Business Impact Questionnaire as well as a 3 page Job Description for the Disaster Recovery Manager. View a the Table of Contents and sample pages [Adobe PDF]


IT Job DescriptionsIT Job Descriptions

                           

The 220 Internet and IT Position Descriptions are in Word for Windows format.  Includes positions from CIO and CTO to Wireless and Metrics Managers.  View The Table of Contents And A Few Pages

 


IT Service Management ITSM ITILThe IT Service Management Template

                          
The  IT Service Management Template contains policies, standards,  procedures and metrics for Change Control, Help Desk and Service Request processing.  ITSM template also contains several easy to implement forms and conforms with ITIL. View The Table of Contents And A Few Pages

 

 Practical Guide IT Oursourcing

Practical Guide for IT Outsourcing

               

The guide is 91 packed pages and includes everything needed to plan for, negotiate, and manage an outsourcing process within an enterprise. 
View a the Table of Contents and sample pages [Adobe PDF]


 

Safety Program TemplateSafety Program Template

Safety Program is 60 pages and includes everything needed to customize the Safety Program to fit your specific requirement.  The Safety was updated in December of 2004 and reflects the latest issues associated with the most recent legislation (Sarbanes Oxley).

 

 

 

 

Site Map

Minimun and Standard Power Protection for Workstations for DRP and BCP

DRP BCP Power RequirementsPersonal computers and remote servers often are damaged by subtle anomalies that users never see, such as sags, surges, spikes, brownouts, line noise, frequency variation, switching transients and harmonic distortion. A business on typical utility power is subjected to these hidden power problems every day and complete outages several times a year. Solutions that you should implement for all such equipment include:

  • Minimum - Surge suppressors address the power surges, but have no effect on the under-voltage and variance conditions that can erode equipment health over time or zap it in an instant.
  • Standard - Uninterruptible Power Systems (UPSs)  protect your IT systems by conditioning incoming power to smooth out the sags and spikes that are all too common on the grid and other primary sources of power Providing ride-through power to cover for sags or short-term outages (30 – 60 minutes, typically).
- more

Disaster planning, emergency preparedness, or business continuity

Disaster planning, emergency preparedness, or business continuity (and experts note that there are differences) -  the goals are ultimately the same:  to get an organization back up and running in the event of an interruption.  The problem causing the interruption could be one computer crashing or an entire network crashing.  Or it could be an electrical outage or the result of a terrorist activity.  The goal is to have some contingency plans in the event of a problem.  A disaster recovery plan exists to preserve the organization so that it can continue to offer its services. 

 

A disaster recovery plan is a users' guide - the documentation - for how to preserve an organization.  In order for a plan to be useful, it must be created before an interruption occurs.  Business continuity is disaster recovery.  Lost revenue is a driving force in business continuity.  The reason to do a recovery plan is essentially to keep the funding coming in and the services going, and the clients being served.

 

  • Emergency planning are those procedures and steps done immediately after an interruption to business.
  • Disaster recovery are the steps taken to restore some functions so that some level of services can be offered.
  • Business continuity is restoration planning, completing the full circle to get your organization back to where it was before an interruption.

In order to write your plan, you have to do some planning. This planning is the process that will get you to the step where you then commit your plan to paper - you canÂ’t write a plan until you do the preparation.  The most difficult thing is getting started; the second most difficult task is keeping the plan current.

- more

The Difference Between Disaster Recovery Planning and Business Continuity Planning Defined

Disaster Recovery Planning (DRP) is the process by which you resume business after a disruptive event.  This typically means that you can get the enterprise computers, networks, and data base operational. The event might be something huge-like an earthquake or the terrorist attacks on the World Trade Center-or something small, like malfunctioning software caused by a computer virus.

Given the human tendency to look on the bright side, many business executives are prone to ignoring "disaster recovery" because disaster seems an unlikely event. However Janco has found that over one third of all enterprises have had to activate their Disaster Plans in the last few years.

Business Continuity Planning (BCP) suggests a more comprehensive approach to making sure you can keep the enterprise going and meet it business objectives. This goes beyond the enterprise computers, networks and data bases.  However, the two terms are married under the acronym DR/BC or DRP/BCP. At any rate, Disaster Recovery Planning and/or Business Continuity Planning facilitate how a company will keep functioning after a disruptive event until its normal facilities are restored. 

- more

Disaster Recovery Business Continuity Scope

Disaster Recovery Business Continuity Scope

Recognizing the scope of the requirements, Janco suggests that you purchase the Disaster Recovery Business Continuity Template  and the do the following:

  • Conduct a business impact assessment. This involved a crossfunctional team to evaluate the business requirements and tier data based on the importance to our business operations.
  • Protect data and applications. It was important to back up data frequently to ensure records are kept, so we needed to upgrade
    our backup equipment to a faster version to reduce the time it took to complete a backup cycle.
  • Review power and connectivity options. We needed to add uninterrupted power supplies (UPS) and connectivity for critical servers, network connections and selected personal computers to keep the most essential applications running in case of a power outage.
  • Document, test and update the disaster preparedness plan. Part of the Janco Disaster Recovery and Business Continuity Template plan needs you to include updated configuration diagrams of the hardware, software and network components to be used in the recovery. The plan also needed to include logistical details, such as travel to backup sites and spending authorization for emergency needs.
  • Consider telecommunications alternatives. Often taken for granted, telecommunications backup involving redundancy and alternatives needed to be in place - and in the case of spot outages, redundancy may be enough. For larger outages, alternative communications vehicles, including wireless phones, wireless data cards and satellite phones, had to be considered.
- more

Testing is Critical to Disaster Recovery Planning

Importance of testing is critical to the disaster recovery and business continuity planning.

All good disaster recovery and contingency plans start with having a good solid backup of data. Although systems and applications can be reinstalled and reconfigured, data cannot be rebuilt out of thin air. The key to having a good backup is to make sure the data is correct and can be successfully restored. This is not always as easy as it seems. One company had such an issue. Their backup administrator did not correctly follow procedures and when he thought he was doing a backup, he actually was not writing anything. When they tried to restore a database, they found out all the tapes were blank.

- more

Cost of Disaster Recovery Backup Is High For Many Enterprises
The need for de-duplication is increasing for many organizations as they gather ever-growing volumes of data. At the same time, they are looking for ways to reduce storage costs, improve efficiencies and provide adequate disaster recovery capabilities. The key benefit is the ability to lessen the Total Cost of Ownership (TCO) of storage hardware by eliminating redundant blocks of data and then allowing organizations to replicate that data -- if required -- to a second system for offsite storage. That can remove the need for tape. Data de-duplication not only allows companies to reduce the disk space needed for backup and restore, but it can increase performance and reliability while reducing demands for rack space, power and cooling. Further, it can reduce the bandwidth requirements for data transfer by 90 percent or more. - more

Pandemic Alert Level 5 Requires DRP/BCP Plans be Activated

The World Health Organization has raised the pandemic alert over the spread of swine flu to phase 5.

WHO says that based on assessment of all available information and following several expert consultations raised the current level of influenza pandemic alert from phase 4 to 5.

While making the annoucement, WHO stated that all countries should immediately activate their pandemic preparedness plans. At this stage, effective and essential measures include heightened surveillance, early detection and treatment of cases, and infection control in all health facilities.

- more

Disaster Planning for a Pandemic

In disaster planning when a pandemic occurs the data center exists but people are in separate locations. The Disaster Planning and Business Continuity Planning processes need to make the user and business operating experience as similar as possible so that the work environment is the same in the remote site (often home) as in the office. A key requirement is to increase remote access capabilities in addition before the pandemic occurs the following planning needs to take place:

  • Define necessary staff levels for critical business processes
  • Identify who can work remotely and who has to be in the office
  • Validation of vaccinations for key staff members
  • Identify the lights out processing issues for computer operations staff
  • Identify the network and remote access capacity requirements - what percent of workers do you need to be on the system for the enterprise to continue to operate
  • Train and test of users and IT staffs in how to operate from remote locations Require key employees to work from remote site at least once a month
  • Validate broadband capacity to remote sites (home users)
  • Have copies of disaster plan available in remote site
  • Put in place process for the synchronization of OS system patches and VPN updates - if the workstations are not used frequently disable the auto update features for security updates but maintain a process to see that they workstations are up-to-date.
  • Define specific requirements for security and PCI-DSS when the disaster plan is activated for a pandemic.
  • Define change management and version control processes to be used and how they will be controlled during the pandemic.
- more

How to get started with a Disaster Planning process

Getting started with a disaster recovery / business continuity plan may seem daunting, but is not. The process starts by addressing the needs of the business - not the IT department.

  • Access the enterprise's operating environment - Identify critical business functions and then determine which systems, applications and data must be available to keep each function running smoothly.
  • Conduct an IT business impact analysis - Develop a hierarchy of business functions and processes based on their importance to operations. You will most likely find that, although some systems need to be up and running as soon as possible after a disaster, other systems can wait.
  • Establish a team with enterprise wide management experience and responsibility -  Gather representatives from across the business, from IT to human resources and facilities management. Each member should contribute to both the development of the disaster recovery plan and its execution. Be sure to define their responsibilities and the reporting hierarchy in the event of a disaster and to equip them with mobile technology, so they can make decisions spontaneously.
  • Develop budgets and funding sources - A disaster recovery plan is only as effective as the resources that are committed to it. Once you have determined what it will require to support your business recovery objectives, you need to identify the tools and procedures needed to meet them. Be specific about the cost of these mechanisms, as well as the financial risk of disaster, so you can build a realistic business case.
  • Define specific responsibilities and tasks - Spell out tasks, responsibilities and roles - not only to revive systems, but also to provide access to users and enable operations to continue even under compromised circumstances.
  • Re-evaluate what has been created and keep it up to date - Test it, reexamine it and update it regularly - once a year, twice a year or even quarterly. Also, remember that there are continuing advancements in disaster recovery technology. Keep revisiting your options to take advantage of faster, more-cost-effective solutions.
- more

Google Designs its Servers With DRP and BCP in Mind

Most companies buy servers from the likes of Dell, Hewlett-Packard, IBM, or Sun Microsystems. But Google, which has hundreds of thousands of servers and considers running them part of its core expertise, designs and builds its own. Google has designed its own servers and each server has its own 12-volt battery to supply power if there's a problem with the main source of electricity. Since 2005 Google's data centers have been composed of standard shipping containers--each with 1,160 servers and a power consumption that can reach 250 kilowatts.

- more

A disaster occurs -- now what?

A disaster or business interruption occurs, what do you do?  A quick roadmap to follow is:

  • Do not panic and remain calm! When a disaster or business interruption occurs the first priority number is to ensure the safety of the employees.
  • Evaluate the disaster!  Determine the impact on your personnel and enterprise operations, this evaluation the event is critical in making the decision to activate the disaster recovery business continuity procedures.
  • Communicate with everyone that can be impacted! Communicate with your team, managers, affiliates, and vendors frequently. Even if there is no status to report, do not leave anyone guessing or letting them draw their own conclusions.
  • Know the disaster recovery business continuity plan! Testing the Business Continuity Plan regularly helps everyone in becoming familiar with what will happen and how it will be done.
  • Be decisive! Once you have determined the level of disaster and everyone is safe to operate, it is time to make the decision if you need to implement the business continuity procedures or if the downtime for recovery acceptable.
  • Start the process! Start with recovering the most business critical systems first to restore business operations to a functional level. There should not be any question, which order which applications need to be restored first.
  • Lock down all backups and critical documentation! The first step to the recovery is having a set of data to recover from. This could be anything from archived tape, local disk copy, and a co-location or disaster recovery data center.
  • Use multiple solution paths! Assume that nothing will work and have alternatives in place  
  • Reactivate normal operations! Once the systems are operational, the disaster is over and systems are repaired it is time to move the workloads back to where they were originally.
- more

Disaster Recovery Business Continuity in a Mixed Vendor Environment

How do you create a unified Disaster Recovery Business Continuity Plan when you IT services are outsourced to multiple vendors and some of their facilities are in the same geographical area?  Some vendors are now starting to offer services that are designed to help enterprises get a converged view with which to manage and monitor their entire IT infrastructures, regardless of whether services are delivered by in-house resources or by third-party service providers.

These service providers recognize that enterprises are moving services to specialty vendors such as security providers, network providers or computing services providers, rather than to a single services provider.

 

- more

Facebook Disk Failure Results in Lost Data

Backup Policy & Backup Retentiion PolicyPopular social networking site Facebook.com admitted on a blog post today that over the weekend, a hard drive failure led to the temporary loss of 10% to 15% of its users stored photographs.

According to the company, several drives failed at once during a routine upgrade Friday night.

"You may have noticed in the past day that some photos aren't appearing or are displaying a 'question mark' graphic when you go to view them. We're trying to fully understand what happened, since simultaneous hardware failures like this are rare,"  a Facebook engineer, stated in his blog.

Facebook said its users' photos are safe because it stores multiple copies of the data for disaster recovery and business continuity purposes, and it is working to make the photos affected by the system failure available again as soon as possible.

- more

Portable Disk Backup Device Released

Disk Backup PortableA hard disk drive duplicator has been released. The second generation device is a compact and portable cloning solution with blazing cloning speeds approaching 6GB/min! A full color touch screen provides an easy to use interface, and support for SATA/IDE/USB/Firewire 1394B makes the device an extremely versatile duplicator.

The hand-held unit provides the convenience of on-site as well as "on the bench" cloning. Novice users will appreciate the "wizard" function that steps them through key cloning operations. Advanced software including Clever Copy, Selective Partitions and Master Manager is included with the device. The compact, feature-rich cloning device also features support for verification of the cloned drive using an MD5 signature of target drive. The SuperSonix device is Windows Vista compatible and supports e-SATA and microSATA drives (with optional cables) as well as solid state drives.

- more

Disaster and Business Continuity Preparedness

Disaster Plan Audit IT managers must make disaster planning a top priority if they are to prevent data loss and maintain business continuity in times of crisis. Unfortunately, day-to-day operations too often steal the time that IT professionals should otherwise devote to critical disaster planning and business continuity efforts. Enterprises cannot prepare for yesterday's disaster today. That is why you need Janco's Disaster Recovery and Business Continuity Template.

This comprehensive disaster and business continuity preparedness template includes: 

  • Plan Introduction
  • Business Impact Analysis - including a sample impact matrix
  • DRP Organization Responsibilities pre and post disaster - drp checklist
  • Backup Strategy for Data Centers, Departmental File Servers, Wireless Network servers, Data at Outsourced Sites, Desktops (In office and "at home"), Laptops and PDA's.
  • Recovery Strategy including approach, escalation plan process and decision points
  • Disaster Recovery Procedures in a check list format
  • Plan Administration Process
  • Technical Appendix including definition of necessary phone numbers and contact points
  • Job Description for Disaster Recovery Manager (3 pages long) - entire disaster recovery team job descriptions are available.
  • Work Plan to modify and implement the template.  Included is a list of deliverables for each task. (Risk Assessment and Vulnerability Assessment)

 

- more

 

 

News HTML
SAFE Shopping

© 2000 - 2009 Janco Associates, Inc. - ALL RIGHTS RESERVED -- Revised: 02/14/09