Audit & Advisory Services. IT Disaster Recovery Audit 2015 Report Date January 28, 2015
|
|
- Bathsheba Burns
- 6 years ago
- Views:
Transcription
1 Audit & Advisory Services IT Disaster Recovery Audit 2015 Report Date January 28, 2015
2 Audit & Advisory Services Mission and Function The JCCC Audit & Advisory Services department provides an independent assurance function to management and the Audit Committee of the Board of Trustees 2
3 Scope & Objectives Ensure a documented Disaster Recovery Plan (DRP) exists for the college, and that it s kept up-to-date and securely stored Determine that systems and other resources that are required to support critical business processes have been identified and prioritized in the event of a disruption Verify that a detailed plan for the recovery of information system facilities has been established through the development, testing, and implementation of strategies for recovering critical business processes until full operations are restored
4 Key Administrators Phil Mein Systems Manager / Information Technology Security Officer Sandra Warner Deputy CIO / Director, Administrative Computing Services Mary O Sullivan Director, Client Support Services Shannon Ford Director, Academic Technology Services Denise Moore VP, Information Services / CIO, recently retired Dr. Barbara Larson EVP, Finance & Administrative Services
5 Executive Summary The IS Department uses a layered approach for recovery: One level of protection is provided via daily back-ups of critical data These back-ups are stored off-site to increase protection of data Additional level of protection is data center redundancy Redundant systems are located in the OCB Building and provide failover capability in the event of a Regnier Center outage This provides protection for instances such as equipment failure, but may not be sufficient in cases such as large scale tornado however off-site recovery sites (i.e. hot site) have been cost prohibitive in the past. New cloud based DR technology has emerged which presents an accessible solution. The IS department is already pursuing that option JCCC already has many components of a comprehensive Disaster Recovery Plan in place. A more comprehensive plan with a strategic focus is warranted and our recommendations support the development of such a plan
6 Offsite Recovery Facilities A fully operational back-up site decreases the risk of being unable to provide critical IS services in the event of an emergency. However, these sites have historically been prohibitively expensive, and the college has not pursued this option Newer, cloud based DR technology is available which makes this service more accessible The college has contracted with an outside provider to provide off-site recovery for critical systems The provider offers an affordable, sustainable, and secure method for the college to replicate its data The agreement was approved in September 2014, and Active Directory replication is complete for the employee domain IS plans to replicate the data from other critical systems through FY16
7 Offsite Recovery Facilities Recommendations We recommend the IS department continue to pursue strategies to replicate the identified first level applications (College Website, Active Directory, Banner and Central Authentication System) to the outside provider s site. In addition: IS should continue to evaluate the potential expansion of critical IS resources or other offsite recovery providers appropriate to each specific system Update the DR plan accordingly Risk: MediumX
8 Business Impact Analysis A Business Impact Analysis (BIA) includes: An inventory of all systems The associated Recovery Time Objectives (RTOs) for each system A cost/benefit risk assessment that identifies and includes the critical systems in a backup and disaster recovery arrangement This cost / benefit analysis is important, as the college does not want to spend more money on a disaster recovery solution than the financial loss or other consequences that would be experienced in the absence of such a system, resulting in data loss
9 Business Impact Analysis Recommendation We recommend that IS work with college business units to develop a Business Impact Analysis (BIA) that can be used to: Prioritize recovery efforts of the college s critical business processes Identify the underlying IS systems (including thirdparty systems), applications, and other resources needed to support such processes Using the Recovery Time Objectives (RTOs) identified in the BIA for critical services and key IS systems, appropriate strategies can be included in the DR plan. Risk: Medium
10 Systems Recovery Procedures Systems recovery is crucial to meet Recovery Time Objectives in the event of a disaster The JCCC IS Department has failover capability for many of the college s crucial servers They routinely perform restoration of data files and folders and are confident in the ability to restore from archived media Backup tapes would only be needed in the event a failover component was unavailable However, in order to be prepared for a disaster, preparation for all scenarios is important JCCC has most of its systems recovery procedures documented. Our recommendation will help facilitate the completion of procedures for all critical systems necessary to support preparedness efforts
11 Systems Recovery Procedures Recommendation We recommend the IS department complete development of all of its step-by-step recovery procedures. These procedures should : Outline critical IS systems and networks Their recovery time objective (RTO) Delineate the steps needed to restart, reconfigure and recover them Include relevant supplier contacts, sources of expertise for recovering disrupted systems Facilitate coordination between IS divisions to ensure an integrated approach Risk: Medium We recommend that, where systems are supported by third party suppliers, the reliance on the third party to provide support during incidents should be clearly defined, including details of support hours and key supplier contacts Risk: Low
12 Comprehensive Disaster Recovery (DR) Plan A comprehensive DR plan can Identify exposures to internal and external threats Establish mechanisms to provide effective protection and recovery for critical systems Any event that could have an adverse impact on continued IS operations should be considered The IS department has many components of a DR Plan in place. However a more comprehensive plan with a strategic focus is warranted to help ensure critical IS services can resume in the event of a disaster
13 Comprehensive DR Plan Recommendation We recommend that the IS department develop a comprehensive DR plan that is based on a complete Business Impact Analysis and the establishment of Recovery Time Objectives which will help in identifying risk, critical information systems and the costs associated with addressing these risks. Appropriate staff should be trained on the plan. A review of best practices highlighted critical components that should be addressed in a well defined and comprehensive plan. That detailed information has been provided to IS staff. Risk: Medium
14 Summary of Recommendations Recommendation Risk Level Management Response Offsite Recovery Facilities: We recommend the IS department continue working on replicating the identified first level applications (College Website, Active Directory, Banner and Central Authentication System) to the outside provider s site. In addition: Continue to evaluate the potential expansion of critical IS resources or other offsite recovery providers appropriate to the each particular system Medium Information Services enthusiastically embraces this finding. We appreciate the opportunity to share our progress in this critical area. Business Impact Analysis We recommend that IS work with college business units to develop a Business Impact Analysis (BIA) that can be used to Prioritize recovery efforts of the college s critical business processes and Identify the underlying IS systems (including third party systems), applications and other resources needed to support such processes Using the Recovery Time Objectives (RTOs) identified in the BIA for critical services and key IS systems, appropriate strategies can be included in the DR plan. Medium Information Services will partner with internal and external resources to implement this finding. Systems Recovery Procedures We recommend the IS department complete development of all of its step-by-step recovery procedures. These procedures should : Outline critical IS systems and networks Their recovery time objective (RTO) Delineate the steps needed to restart, reconfigure and recover them Include relevant supplier contacts, sources of expertise for recovering disrupted systems Facilitate coordination between IS divisions to ensure an integrated approach We recommend that, where systems are supported by third party suppliers, the reliance on the third party to provide support during incidents should be clearly defined, including details of support hours and key supplier contacts Medium Low Information Services will partner with internal and external resources to implement this finding. Comprehensive Disaster Recovery Plan We recommend that the IS department develop a comprehensive DR plan that is based on a complete Business Impact Analysis and Recovery Time Objectives which will help in identifying risk, critical information systems and the costs associated with addressing these risks. Appropriate staff should be trained on the plan Medium Information Services will partner with internal and external resources to implement this finding. Responses provided by Sandra Warner, Deputy CIO / Director Administrative Computing Services
15 Report Distribution We wish to thank the Information Services for their assistance in this review. The staff were extremely helpful to us and open to suggestions in their ongoing work to maintain a high level of customer service and quality operations. If you have any questions concerning this report, please do not hesitate to contact Audit & Advisory Services. Report CC Trustee Jerry Cook Trustee Greg Musil Dr. Joe Sopcich Dr. Barbara Larson Phil Mein Sandra Warner Mary O Sullivan Shannon Ford
Any observations not included in this report were discussed with your staff at the informal exit conference and may be subject to follow-up.
Larry Mandel Vice Chancellor and Chief Audit Officer Audit and Advisory Services 401 Golden Shore, 4th Floor Long Beach, CA 90802-4210 562-951-4430 562-951-4955 (Fax) lmandel@calstate.edu June 5, 2018
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 13 Business Continuity
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 13 Business Continuity Objectives Define business continuity Describe the components of redundancy planning List disaster recovery
More informationINFORMATION SECURITY- DISASTER RECOVERY
Information Technology Services Administrative Regulation ITS-AR-1505 INFORMATION SECURITY- DISASTER RECOVERY 1.0 Purpose and Scope The objective of this Administrative Regulation is to outline the strategy
More informationSubject: Audit Report 18-84, IT Disaster Recovery, California State University, Sacramento
Larry Mandel Vice Chancellor and Chief Audit Officer Audit and Advisory Services 401 Golden Shore, 4th Floor Long Beach, CA 90802-4210 562-951-4430 562-951-4955 (Fax) lmandel@calstate.edu October 23, 2018
More informationAny observations not included in this report were discussed with your staff at the informal exit conference and may be subject to follow-up.
Larry Mandel Vice Chancellor and Chief Audit Officer Audit and Advisory Services 401 Golden Shore, 4th Floor Long Beach, CA 90802-4210 562-951-4430 562-951-4955 (Fax) lmandel@calstate.edu October 10, 2018
More informationSubject: Audit Report 16-50, IT Disaster Recovery, California State University, Fresno
Larry Mandel Vice Chancellor and Chief Audit Officer Office of Audit and Advisory Services 401 Golden Shore, 4th Floor Long Beach, CA 90802-4210 562-951-4430 562-951-4955 (Fax) lmandel@calstate.edu February
More informationTUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY
JUNE 2017 TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY OVERVIEW The intent of this document is to provide external customers and auditors with a high-level overview of the Tufts Health Plan Corporate
More informationNetwork Performance, Security and Reliability Assessment
Network Performance, Security and Reliability Assessment Presented to: CLIENT NAME OMITTED Drafted by: Verteks Consulting, Inc. 2102 SW 20 th Place, Suite 602 Ocala, Fl 34474 352-401-0909 ASSESSMENT SCORECARD
More informationBusiness Continuity Planning
Information Systems Audit and Control Association www.isaca.org Business Continuity Planning AUDIT PROGRAM & INTERNAL CONTROL QUESTIONNAIRE The Information Systems Audit and Control Association With more
More informationDISASTER RECOVERY PRIMER
DISASTER RECOVERY PRIMER 1 Site Faliure Occurs Power Faliure / Virus Outbreak / ISP / Ransomware / Multiple Servers Sample Disaster Recovery Process Site Faliure Data Centre 1: Primary Data Centre Data
More informationPublic Safety Canada. Audit of the Business Continuity Planning Program
Public Safety Canada Audit of the Business Continuity Planning Program October 2016 Her Majesty the Queen in Right of Canada, 2016 Cat: PS4-208/2016E-PDF ISBN: 978-0-660-06766-7 This material may be freely
More information10 Reasons Why Your DR Plan Won t Work
10 Reasons Why Your DR Plan Won t Work Jim Damoulakis CTO, GlassHouse Technologies, Inc. Sept. 29, 2005 DR Vision Imagine Prepared to handle multiple categories of disaster Clearly documented policies
More informationInformation Technology Disaster Recovery Planning Audit Redacted Public Report
1200, Scotia Place, Tower 1 10060 Jasper Avenue Edmonton, Alberta T5J 3R8 edmonton.ca/auditor Information Technology Disaster Recovery Planning Audit Redacted Public Report June 12, 2018 City of Edmonton
More informationModule 4 STORAGE NETWORK BACKUP & RECOVERY
Module 4 STORAGE NETWORK BACKUP & RECOVERY BC Terminology, BC Planning Lifecycle General Conditions for Backup, Recovery Considerations Network Backup, Services Performance Bottlenecks of Network Backup,
More informationPro2SQL. OpenEdge Replication. for Data Reporting. for Disaster Recovery. March 2017 Greg White Sr. Progress Consultant Progress
Pro2SQL for Data Reporting OpenEdge Replication for Disaster Recovery March 2017 Greg White Sr. Progress Consultant Progress 1 Introduction Greg White Sr. Progress Consultant (Database and Pro2) 2 Replication
More informationTSC Business Continuity & Disaster Recovery Session
TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives
More informationDisaster Recovery Self-Audit
Disaster Recovery Self-Audit Disaster Recovery Audit There are 3 steps to this process: 1. Identify all data and IT-related functions (like credit card processing, documents on your file server, member
More informationISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION
ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project
More informationContinuity of Business
White Paper Continuity of Business SAS Continuity of Business initiative reflects our commitment to our employees, to our customers, and to all of the stakeholders in our global business community to be
More informationDisaster recovery strategic planning: How achievable will it be?
April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona Disaster recovery strategic planning: How achievable will it be? Prudence Marasigan Ernst & Young Advisory Services, Senior Manager prudence.marasigan@ey.com
More informationAGENDA ITEM: 3.4 DATE OF MEETING: 3 MAY 2018 INFORMATION MANAGEMENT, TECHNOLOGY & GOVERNANCE COMMITTEE
AGENDA ITEM: 3.4 INFORMATION MANAGEMENT, TECHNOLOGY & GOVERNANCE COMMITTEE DATE OF MEETING: 3 MAY 2018 Subject: Approved and Presented by: Prepared by: Other Committees and meetings considered at: Considered
More informationIntroduction to Business continuity Planning
Week - 06 Introduction to Business continuity Planning 1 Introduction The purpose of this lecture is to give an overview of what is Business Continuity Planning and provide some guidance and resources
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationASSURING BUSINESS CONTINUITY THROUGH CONTROLLED DATA CENTER
ASSURING BUSINESS CONTINUITY THROUGH CONTROLLED DATA CENTER IT Audit, Information Security & Risk Insight Africa 2014 Johnson Falana CISA,MIT,CEH,Cobit5 proverb814@yahoo.com Overview Information technology
More informationSOUTH AFRICAN LIBRARY FOR THE BLIND (SALB)
Name of Institution SOUTH AFRICAN LIBRARY FOR THE BLIND (SALB) Bid Number SALB 2019/01/01 A Description ICT Disaster Recovery and ICT Business Continuity Services to SALB Date Published 20/03/2019 Closing
More informationUF CEMP Support Group Annex: IT Group
UF CEMP Support Group Annex: IT Group Lead Representatives Office of Vice President and Chief Information Officer (CIO) Supporting Departments External Partners Academic Technology Computing and Networking
More informationIPMA State of Washington. Disaster Recovery in. State and Local. Governments
IPMA State of Washington Disaster Recovery in State and Local Governments Disaster by the Numbers Over 70% of agencies had some sort of data loss incident in 2012 Under 5% report that they were able to
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationBusiness Continuity Plan Executive Overview
Business Continuity Plan Executive Overview In terms of business continuity and disaster recovery planning, Harland Clarke s mission is to ensure the availability of critical business functions and Information
More informationBusiness Continuity and Disaster Recovery. Ed Crowley Ch 12
Business Continuity and Disaster Recovery Ed Crowley Ch 12 Topics Disaster Recovery Business Impact Analysis MTBF and MTTR RTO and RPO Redundancy Failover Backup Sites Load Balancing Mirror Sites Disaster
More informationAUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014
UNITED NATIONS DEVELOPMENT PROGRAMME AUDIT OF UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY Report No. 1173 Issue Date: 8 January 2014 Table of Contents Executive Summary
More informationCopyright 2012 EMC Corporation. All rights reserved.
1 TRANSFORM IT+BUSINESS+YOURSELF DISASTER RECOVERY FOR MISSION CRITICAL APPLICATIONS EMC FORUM 2012 SKOPJE Dejan Živanović Presales Manager Dejan.Zivanovic@emc.com 2 Cloud A New Architecture Old World
More informationWHITE PAPER. Title. Managed Services for SAS Technology
WHITE PAPER Hosted Title Managed Services for SAS Technology ii Contents Performance... 1 Optimal storage and sizing...1 Secure, no-hassle access...2 Dedicated computing infrastructure...2 Early and pre-emptive
More informationManagement s Response to the Auditor General s Review of Management and Oversight of the Integrated Business Management System (IBMS)
APPENDI 2 ommendation () () 1. The City Manager in consultation with the Chief Information Officer give consideration to the establishment of an IBMS governance model which provides for senior management
More informationMemorandum APPENDIX 2. April 3, Audit Committee
APPENDI 2 Information & Technology Dave Wallace, Chief Information Officer Metro Hall 55 John Street 15th Floor Toronto, Ontario M5V 3C6 Memorandum Tel: 416 392-8421 Fax: 416 696-4244 dwwallace@toronto.ca
More informationBUSINESS CONTINUITY PLAN Document Number: 100-P-01 v1.4
BUSINESS CONTINUITY PLAN Document Number: 100-P-01 v1.4 2016 DR Committee 1 Table of Contents REVISION HISTORY... 3 PURPOSE... 3 POLICY... 3 DR COMMITTEE... 3 POLICY MANAGEMENT... 3 EMPLOYEE TRAINING AND
More informationWhat you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered
What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered Over the last decade, cloud backup, recovery and restore (BURR) options have emerged
More informationPrinciples for BCM requirements for the Dutch financial sector and its providers.
Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011
More informationSAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx
SAMPLE REPORT Business Continuity Gap Analysis Report Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx COMMERCIAL-IN-CONFIDENCE PAGE 1 OF 11 Contact Details CSC Contacts CSC
More informationDisaster Recovery Is A Business Strategy
Disaster Recovery Is A Business Strategy A White Paper By Table of Contents Preface Disaster Recovery Is a Business Strategy Disaster Recovery Is a Business Strategy... 2 Disaster Recovery: The Facts...
More informationNext Generation Backup: Better ways to deal with rapid data growth and aging tape infrastructures
Next Generation Backup: Better ways to deal with rapid data growth and aging tape infrastructures Next 1 What we see happening today. The amount of data businesses must cope with on a daily basis is getting
More informationBusiness Continuity and Disaster Recovery
Business Continuity and Disaster Recovery Index Section Title 1. Executive Summary 2. Policy Statement 3. Strategy 4. Governance 5. Key Documentation 6. Testing 1 Executive Summary Business Continuity
More informationDisaster recovery planning for health care data and HIPAA compliance regulations
Disaster recovery care data and HIPAA compliance regulations Disaster recovery care Disaster recovery planning takes on special importance in health care organizations dealing with patients and care delivery.
More informationREPORT 2015/149 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/149 Audit of the information and communications technology operations in the Investment Management Division of the United Nations Joint Staff Pension Fund Overall results
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 12 Contingency Planning
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 12 Contingency Planning Learning Objectives Recognize the need for contingency planning Describe the major components of
More informationBUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW
BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business
More informationCreating and Testing Your IT Recovery Plan
WHITEPAPER Creating and Testing Your IT Recovery Plan Regular tests of your IT disaster recovery plan can mean the difference between a temporary inconvenience or going out of business. quorum. 201 Quorum,
More informationHow to Conduct a Business Impact Analysis and Risk Assessment
How to Conduct a Business Impact Analysis and Risk Assessment By Larry Pedrazoli Business Recovery Analyst Miller Brewing Company February 2006 Project Management Institute, La Crosse, WI Chapter Agenda
More informationDisaster Recovery and Business Continuity Planning (Mile2)
Disaster Recovery and Business Continuity Planning (Mile2) Course Number: DRBCP Length: 4 Day(s) Certification Exam This course will help you prepare for the following exams: ABCP: Associate Business Continuity
More informationAfter the Attack. Business Continuity. Planning and Testing Steps. Disaster Recovery. Business Impact Analysis (BIA) Succession Planning
After the Attack Business Continuity Week 6 Part 2 Staying in Business Disaster Recovery Planning and Testing Steps Business continuity is a organization s ability to maintain operations after a disruptive
More informationDell helps you simplify IT
Dell helps you simplify IT Workshops the first step. Reduce desktop and data center complexity. Improve productivity. Innovate. Dell IT Consulting Services New Edition 2011 Introduction Are you spending
More informationDisaster Recovery Solutions for Oracle Database Standard Edition RAC. A Dbvisit White Paper By Anton Els
Disaster Recovery Solutions for Oracle Database Standard Edition RAC A Dbvisit White Paper By Anton Els Copyright 2017 Dbvisit Software Limited. All Rights Reserved V3, Oct 2017 Contents Executive Summary...
More informationBusiness Resiliency in the Cloud: Reality or Hype?
Business Resiliency in the Cloud: Reality or Hype? Karen Jaworski Senior Director, Product Marketing EVault, a Seagate Company 8/10/2012 2012 EVault, Inc. All Rights Reserved 1 Who is EVault? Cloud-Connected
More information3.3 Understanding Disk Fault Tolerance Windows May 15th, 2007
3.3 Understanding Disk Fault Tolerance Windows May 15th, 2007 Fault tolerance refers to the capability of a computer or network to continue to function when some component fails. Disk fault tolerance refers
More informationLeveraging ITIL to improve Business Continuity and Availability. itsmf Conference 2009
Leveraging ITIL to improve Business Continuity and Availability Samuel Lo MBA, MSc, CDCP, PMP, CISSP, CISA Data Centre Services Manager COL Limited Strictly Business itsmf Conference 2009 25 February 2009
More informationWhite Paper: Backup vs. Business Continuity. Backup vs. Business Continuity: Using RTO to Better Plan for Your Business
Backup vs. Business Continuity: Using RTO to Better Plan for Your Business Executive Summary SMBs in general don t have the same IT budgets and staffs as larger enterprises. Yet just like larger organizations
More informationAchieving Rapid Data Recovery for IBM AIX Environments An Executive Overview of EchoStream for AIX
Achieving Rapid Data Recovery for IBM AIX Environments An Executive Overview of EchoStream for AIX Introduction Planning for recovery is a requirement in businesses of all sizes. In implementing an operational
More informationFlorida State University
Florida State University Disaster Recovery & Business Continuity Planning Overview October 24, 2017 1 Key Readiness Questions Has your department identified the business functions and infrastructure that
More informationBUSINESS CONTINUITY AND DISASTER RECOVERY POLICY
BUSINESS CONTINUITY AND DISASTER RECOVERY POLICY Manual OCTOBER 2, 2016 CHILDREN IN FREEDOM (CIF) CIF P.O.Box 25286-00100, Kenya, Africa, NY, USA (c) 2016 Page 1 Contents ACKNOWLEDGEMENT... 0 1.0 STATEMENT...
More informationStandard for Security of Information Technology Resources
MARSHALL UNIVERSITY INFORMATION TECHNOLOGY COUNCIL Standard ITP-44 Standard for Security of Information Technology Resources 1 General Information: Marshall University expects all individuals using information
More informationINTERNAL AUDIT DIVISION REPORT 2017/138
INTERNAL AUDIT DIVISION REPORT 2017/138 Audit of business continuity in the United Nations Organization Stabilization Mission in the Democratic Republic of the Congo There was a need to implement the business
More informationChapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS
Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power
More informationGlobal Statement of Business Continuity
Business Continuity Management Version 1.0-2017 Date January 25, 2017 Status Author Business Continuity Management (BCM) Table of Contents 1. Credit Suisse Business Continuity Statement 3 2. BCM Program
More informationSTRATEGIC PLAN. USF Emergency Management
2016-2020 STRATEGIC PLAN USF Emergency Management This page intentionally left blank. Organization Overview The Department of Emergency Management (EM) is a USF System-wide function based out of the Tampa
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationDR Planning. Presented by. Matt Stolk Associate Director Northwest Regional Data Center Florida State University
DR Planning Presented by Matt Stolk Associate Director Northwest Regional Data Center Florida State University Why are we here? Over the last couple of years, business continuity has become more of a priority
More informationTemplate. IT Disaster Recovery Planning: A Template
Template IT Disaster Recovery Planning: A Template When disaster strikes, business suffers. A goal of business planning is to mitigate disruption of product and services delivery to the greatest degree
More information2014 NASCIO Recognition Award Nomination
2014 NASCIO Recognition Award Nomination TITLE: Network Communication Partnerships for Public Safety and Economic Opportunity CATEGORY: Cross Boundary Collaboration and Partnerships CONTACT: Shannon Barnes
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationBusiness Continuity: How to Keep City Departments in Business after a Disaster
Business Continuity: How to Keep City Departments in Business after a Disaster Shannon Spence, PE Red Oak Consulting, an ARCADIS group Agenda Security, Resilience and All Hazards The Hazards Cycle and
More informationTable of Contents. Sample
TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION... 4 1.1 GOALS AND OBJECTIVES... 5 1.2 REQUIRED REVIEW... 5 1.3 APPLICABILITY... 5 1.4 ROLES AND RESPONSIBILITIES SENIOR MANAGEMENT AND BOARD OF DIRECTORS...
More informationTHE STATE OF CLOUD & DATA PROTECTION 2018
THE STATE OF CLOUD & DATA PROTECTION 2018 Survey Results: 10 Findings on how over 800 IT Pros handle Disaster Recovery & Cloud Adoption. INTRODUCTION The Unitrends 2018 annual survey of IT professionals
More informationBackup, Disaster Recovery: Defining & Managing Your Risk. Dave Kinsey - 5/9/17
Backup, Disaster Recovery: Defining & Managing Your Risk Dave Kinsey - 5/9/17 Smart Business... also, generally a Compliance Requirement Shareholders generally do and absolutely should care that backup
More informationRejuvenating BCM - Infrastructure. Business Continuity Awareness Week March 2009
Rejuvenating BCM - Infrastructure Business Continuity Awareness Week 23 27 March 2009 Brigitte Theuma MBCI, CBCMMA, CBCMP, CBCITP, MIAEM 23 March 2009 Total of 5 pages Table of Contents I. ICT Service
More informationThe Key to Disaster Recovery
The Key to Disaster Recovery The key to a high-performing IT disaster recovery plan is having the right mix of solutions to achieve your organization s need for speedy recovery and maximum value. Bluelock
More informationBusiness Continuity Planning
Business Continuity Planning The Unexpected Happens Be Ready Copyright -Business Survival Partners, llc. 2011 - All Rights Reserved www.survivalpartners.biz RISK 2 Risks to National Security A secure and
More informationDisaster Planning Essentials and Disaster Planning Checklist
Disaster Planning Essentials and Disaster Planning Checklist BSSI2 www.bssi2.com /bssi2 L @BSSi2llc I /company/10216017 SECURITY FANATICS www.securityfanatics.com /infosecgurus L @NickAEsp I /company/16213735
More informationBackup vs. Business Continuity
EBOOK Backup vs. Business Continuity 1 datto.com Data protection solutions are essential for businesses of all sizes to implement, regardless of size, industry and geographic location. In this white paper,
More informationDisaster Recovery Committee. Learning Resource Center Specialist
This document is intended to provide operational procedures and serve as a reference for the Key Information Technology Personnel at Community Higher Ed Disaster Recovery Community Higher Ed Disaster Recovery
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationINFORMATION AND COMMUNICATIONS TECHNOLOGY (ICT) DISASTER RECOVERY POLICY AND PROCEDURES
INFORMATION AND COMMUNICATIONS TECHNOLOGY (ICT) DISASTER RECOVERY POLICY AND PROCEDURES Document Control Panel File Reference Number File Name Owner Approver ICT Disaster Recovery-PP-01 ICT Disaster Recovery
More informationCUNY Graduate Center Information Technology. IT Provisioning for Business Continuity & Disaster Recovery Effective Date: April 6, 2018
CUNY Graduate Center Information Technology IT for & Effective Date: April 6, 2018 Introduction Organization Information Technology (IT) is the division of the Graduate Center responsible for voice, video
More informationDisaster Recovery Options
Disaster Recovery Options Balancing Pros and Cons, Objectives and Cost This ebook is written for both technology and non-technology executives who want to know their options and create a plan that appropriately
More informationProtecting VMware vsphere/esx Environments with CA ARCserve
Solution Brief: CA ARCserve R16.5 Complexity ate my budget Protecting VMware vsphere/esx Environments with CA ARCserve Customer Challenges Today, you face demanding service level agreements (SLAs) while
More informationBuyer s Guide: DRaaS features and functionality
Buyer s Guide: DRaaS features and functionality Disaster recovery without a secondary site DRaaS for the midmarket When a server stops responding, for whatever reason, the fastest way to resume service
More informationNottinghamshire Office of the Police & Crime Commissioner & Nottinghamshire Chief Constable
Nottinghamshire Office of the Police & Crime Commissioner & Nottinghamshire Chief Constable Internal Audit Progress Report Audit Committee meeting: December 2014 Nottinghamshire Office of the Police &
More informationEvolved Backup and Recovery for the Enterprise
Evolved Backup and Recovery for the Enterprise with Asigra technology Working gives me confidence in my data protection plan. I know that if I ever need to restore, it will take a few minutes rather than
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationDHS Overview of Sustainability and Environmental Programs. Dr. Teresa R. Pohlman Executive Director, Sustainability and Environmental Programs
DHS Overview of Sustainability and Environmental Programs Dr. Teresa R. Pohlman Executive Director, Sustainability and Environmental Programs DHS Mission DHS Organization Getting to Know DHS Mission: Secure
More informationData Storage, Recovery and Backup Checklists for Public Health Laboratories
Data Storage, Recovery and Backup Checklists for Public Health Laboratories DECEMBER 2018 Introduction Data play a critical role in the operation of a laboratory information management system (LIMS) and
More informationBackup vs. Business Continuity: Using RTO to Better Plan for Your Business
Backup vs. Business Continuity: Using RTO to Better Plan for Your Business Executive Summary SMBs in general don t have the same IT budgets and staffs as larger enterprises. Yet just like larger organizations
More informationUniversity Information Systems. Administrative Computing Services. Contingency Plan. Overview
University Information Systems Administrative Computing Services Contingency Plan Overview Last updated 01/11/2005 University Information Systems Administrative Computing Services Contingency Plan Overview
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationRunning head: Digital Library Disaster 1. Digital Library Disaster Planning. Bryan Hamilton IUPUI. Digital Libraries. Dr.
Running head: Digital Library Disaster 1 Digital Library Disaster Planning Bryan Hamilton IUPUI Digital Libraries Dr. Lamb 4/11/2016 Digital Library Disaster 2 Digital Library Disaster Planning Introduction
More informationThe Problem. Business Continuity/ Disaster Recovery. Course Outline and Structure. The Problem The Coverage. Sean Gunasekera
Course Outline and Structure Week 1 Security Governance Week 2 Managing Security in the organisation Risk Management Week 3 Risk management Breaches, threats, vulnerabilities Week 4 IS security access
More informationMassMutual Business Continuity Disclosure Statement
MassMutual Business Continuity Disclosure Statement Overview Resiliency is a high priority at Massachusetts Mutual Life Insurance Company ( MassMutual or the Company ). To that end, significant investments
More informationINTERNAL AUDIT DIVISION REPORT 2017/037
INTERNAL AUDIT DIVISION REPORT 2017/037 Audit of business continuity and disaster recovery in the secretariat of the United Nations Joint Staff Pension Fund There was need to align the business continuity
More informationINFORMATION TECHNOLOGY SERVICES DISASTER RECOVERY PLAN
INFORMATION TECHNOLOGY SERVICES DISASTER RECOVERY PLAN Revision History Revision Change Date 1.0 DRAFT Disaster Recovery Plan 8/8/2006 1.1 FINAL Disaster Recovery Plan 10/12/2009 2.0 Reviewed 10/15/2009
More informationChapter 1. Storage Concepts. CommVault Concepts & Design Strategies: https://www.createspace.com/
Chapter 1 Storage Concepts 4 - Storage Concepts In order to understand CommVault concepts regarding storage management we need to understand how and why we protect data, traditional backup methods, and
More informationDisaster Recovery Planning Blackout. Katrina
Disaster Recovery 2003 Blackout Before: After: Katrina 1 Sandy Mentor, Ohio Flood Disaster Map 2 It is believed that some of the companies spend up to 25% of their budgets on disaster recovery planning;
More information