Disaster Recovery Compliance Requirements

Today's business environment is characterized by mounting pressure to comply with a growing variety of laws and regulations concerning IT standards and controls. To create a pathway to compliance for your enterprise requires having a clear understanding of your current control environment and a solid plan for creating policies that promote compliance.

Order Disaster Plan TemplateDownload Selected Pages  Disaster Plan Template

Many regulations require companies to support more stringent availability standards. Several new acts and regulations, directed at specific industries or a broad cross-section of companies, mandate the protection of business data and system availability. Businesses may incur financial or legal penalties for failing to comply with these data or business availability requirements.

  • HIPAA - Health Insurance Portability and Accountability Act - ensures that only properly authorized individuals have access to confidential patient health data and provides long-term guidelines to secure confidential information. HIPAA mandates a fiveday maximum turnaround on requests for information.

  • SOX - Sarbanes-Oxley Act - mandates that CEOs and CFOs attest to the truthfulness of financial reports and to the effectiveness of internal financial controls. Sarbanes-Oxley mandates a required timeframe in which to report financial results - each quarter and at year-end. Failure to make these deadlines can result in financial penalties.

  • BASEL II - New Basel Capital Accord - requires financial institution capital reserves to include operational and credit risks and includes IT security risk as a principal operational risk. Basel II also requires business resiliency standards for any financial institution doing business in the EU.

  • Gramm-Leach-Bliley Financial Services Modernization Act - limits access to non-public information to those with a "need to know" and requires safeguarding of customer financial information. Loss of important data can lead to penalties for the financial institution.

  • Patriot Act - Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act - defines what information can be made available to federal and local authorities for those suspected of terrorism or terrorist-related activities. This act requires contacted institutions to respond within a specific timeframe to requests for information from databases.

Today's business environment is characterized by mounting pressure to comply with a growing variety of laws and regulations concerning IT standards and controls. To create a pathway to compliance for your enterprise requires having a clear understanding of your current control environment and a solid plan for creating policies that promote compliance.

The International Standards Organization (ISO) has developed two specifications on the governance of information security, ISO 17799 and ISO 27001. Both have originated from British Standards, BS7799 parts 1 and 2, which have been used to certify over 2,500 organizations around the world. ISO 17799 is an international code of practice, or implementation framework, for information security best practices. ISO 27001 serves as the auditing and certification standard for the ISO 17799 framework with 133 information security controls covering eleven domains and also specifies how to design an ISO-certified Information Security Management System (ISMS). Further, ISO 27001 also specifies the Plan-Do- Check-Act (PDCA) model for continual quality improvement, which is the same PDCA model used in ISO 9001 Total Quality Management (TQM) initiatives. According to the Institute of Internal Auditors (IIA), the PDCA cycle helps “the organization to know how far and how well it has progressed” and “influences the time and cost estimates to achieve compliance. ” BSI Management Systems, the world's largest ISO certification body and the author of BS7799 standards, defined the ISMS as “a systematic approach to managing sensitive company information so that it remains secure. ISMS encompasses people, processes, and IT systems. ”

Order DRP BCP TemplateDownload DRP BCP Selected Pages

Recovery plan chosen by over 3,000 enterprises worldwide

The DRP template is over 200 pages and includes everything needed to customize the Disaster Recovery Plan to fit your specific requirement. The electronic document includes proven written text and examples for the following major sections of a disaster recovery plan:

  • Plan Introduction
  • Business Impact Analysis - including a sample impact matrix
  • DRP Organization Responsibilities pre and post disaster - drp checklist
  • Backup Strategy for Data Centers, Departmental File Servers, Wireless Network servers, Data at Outsourced Sites, Desktops (In office and "at home"), Laptops and PDA's
  • Recovery Strategy including approach, escalation plan process and decision points
  • Disaster Recovery Procedures in a check list format
  • Plan Administration Process
  • Technical Appendix including definition of necessary phone numbers and contact points
  • Job Description for Disaster Recovery Manager (3 pages long) - entire disaster recovery team job descriptions are available
  • Work Plan to modify and implement the template. Included is a list of deliverables for each task. (Risk Assessment and Vulnerability Assessment)

There is a extensive section that show how a full test of the DRP can be conducted. It includes

  • Disaster Recovery Manager Responsibilities
  • Distribution of the Disaster Recovery Plan
  • Maintenance of the Business Impact Analysis
  • Training of the Disaster Recovery Team
  • Testing of the Disaster Recovery Plan
  • Evaluation of the Disaster Recovery Plan Tests
  • Maintenance of the Disaster Recovery Plan

Click on the link below to get the DRP/BC sample pages now and make it part of your disaster recovery toolkit.

Order DRP BCP TemplateDownload DRP BCP Selected Pages