Disaster Recovery Self-Audit

Similar documents
Disaster Prevention Planning Kit Essential Tools to Help Your Company Survive A Disaster

Disaster Planning Essentials and Disaster Planning Checklist

The 10 Disaster Planning Essentials For A Small Business Network

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Introduction. Read on and learn some facts about backup and recovery that could protect your small business.

The 10 Disaster Planning Essentials For Any Small Business Network

BASELINE GENERAL PRACTICE SECURITY CHECKLIST Guide

U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC)

Network Performance, Security and Reliability Assessment

A practical guide to IT security

Cyber security tips and self-assessment for business

Records Information Management

Data Protection in Practice

3.3 Understanding Disk Fault Tolerance Windows May 15th, 2007

OUR CUSTOMER TERMS CLOUD SERVICES - INFRASTRUCTURE

PTS Customer Protection Agreement

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

HIPAA RISK ADVISOR SAMPLE REPORT

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Provided as an educational service by: Introduction

The 10 Disaster Planning Essentials

Security Policies and Procedures Principles and Practices

E-Security policy. Ormiston Academies Trust. James Miller OAT DPO. Approved by Exec, July Release date July Next release date July 2019

Data Storage, Recovery and Backup Checklists for Public Health Laboratories

Keys to a more secure data environment

Checklist: Credit Union Information Security and Privacy Policies

Internet of Things Toolkit for Small and Medium Businesses

Cybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls

Audit & Advisory Services. IT Disaster Recovery Audit 2015 Report Date January 28, 2015

Understanding IT Audit and Risk Management

Nine Steps to Smart Security for Small Businesses

Disaster Recovery Planning Blackout. Katrina

Cybersecurity Checklist Business Action Items

INFORMATION SECURITY- DISASTER RECOVERY

WHITE PAPER- Managed Services Security Practices

10 Hidden IT Risks That Might Threaten Your Business

CONSIDERATIONS BEFORE MOVING TO THE CLOUD

Information Security Data Classification Procedure

The case for cloud-based data backup

Controls Electronic messaging Information involved in electronic messaging shall be appropriately protected.

IT SECURITY FOR NONPROFITS

ADIENT VENDOR SECURITY STANDARD

INFORMATION ASSET MANAGEMENT POLICY

12 Little-Known Facts and Insider Secrets Every Business Owner Should Know About Backing Up Their Data and Choosing a Remote Backup Service

Vendor Security Questionnaire

Security Audit What Why

Cloud Disaster Recovery: Public, Private or Hybrid Cloud Solutions Supporting Disaster Recovery

SECURITY PRACTICES OVERVIEW

Disaster Preparedness and Recovery

Maher Duessel Not for Profit Training July Agenda

Information Security Policy

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Trust Services Principles and Criteria

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Information Technology General Control Review

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 13 Business Continuity

Information Systems. Data Protection Disaster recovery Backups

Start the Security Walkthrough

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

An introductory guide to Disaster Recovery and how it can ultimately keep your company alive. A Publication of

7 LITTLE KNOWN FACTS. Every Business Owner Should Know About Remote Backup

5 Things Small Businesses Need to Know About Disaster Recovery

Natural Disaster Preparation Checklist

NEN The Education Network

DATA BACKUP AND RECOVERY POLICY

BusinessObjects XI Release 2

Backup and Restore Strategies

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

The simplified guide to. HIPAA compliance

ISO27001 Preparing your business with Snare

White Paper: Backup vs. Business Continuity. Backup vs. Business Continuity: Using RTO to Better Plan for Your Business

HIPAA Compliance and OBS Online Backup

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Introduction to Business continuity Planning

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

Risky Business. How Secure is Your Dealership s Information? By Robert Gibbs

OpenDrives storage solutions facilitate smart business continuity strategies.

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

MUNICIPALITY OF NORRISTOWN. Responses to Proposal Questions

Business Continuity Management

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

ACM Retreat - Today s Topics:

CERANET SERVICE LEVEL AGREEMENT

Table of Contents. Sample

Guidance for preparing your business to withstand the unexpected

Vulnerability Assessment. Detection. Aspects of Assessment. 1. Asset Identification. 1. Asset Identification. How Much Danger Am I In?

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

PCI DSS COMPLIANCE DATA

THE PROCESS FOR ESTABLISHING DATA CLASSIFICATION. Session #155

Conducted by Vanson Bourne Research

THE STATE OF CLOUD & DATA PROTECTION 2018

Ohio Living Experiences Superior Security & Support with Zix

Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.

UNCLASSIFIED. Mimecast UK Archiving Service Description

Disaster Recovery and Mitigation: Is your business prepared when disaster hits?

MHA Consulting BCM Metrics Resiliency Through Measurement

Transcription:

Disaster Recovery Self-Audit

Disaster Recovery Audit There are 3 steps to this process: 1. Identify all data and IT-related functions (like credit card processing, documents on your file server, member web portal, a CRM system, critical applications, etc.) you have in place. 2. Classify the importance of the data and functions you ve identified. 3. Apply an appropriate backup and disaster recovery plan to match the value and importance of each asset. Use the following rating system on the impact to your business if you suffered a significant outage or complete loss of the data and processes you ve identified: 0% = Zero Impact 20% = Annoying but Recoverable 40% = Minor Damage with Loss 60% = Disaster with Considerable Loss 80% = Major Disaster with Significant Loss 100% = Total Loss When assessing costs, be sure to factor in loss of tangible sales, client goodwill, costs for re-keying (typing) the data (or any other recovery costs) as well as legal costs associated with failure to deliver on contractual obligations, potential lawsuits, etc. Data Or Business Function Accounting Information Client Data (CRM) If you lost access to this data/functionality for a week or more, what impact would it have on your business? If you lost this data/functionality permanently, what impact would it have on your business? Estimated Cost (Include cost of recreating data, entering it, loss of business, etc.) E-mail Disaster Recovery Audit 2

Contracts And Legal Documents Custom Software and Code Web sites and content Video and Audio recordings Total Costs: Disaster Recovery Audit 3

Determine Your Risk Score How often do you perform a full back up? How often are your backups tested and validated? Every hour - 200 Every day - 100 Every day - 100 Weekly + 50 Weekly + 100 Monthly + 100 Monthly + 200 Never + 200 Do you keep paper records (or scans) you could reference as a source for re-entering lost data? Is your data centralized onto on server or location or scattered across multiple devices and locations? Yes - 100 Consolidated - 100 No + 100 Scattered + 100 Who has access to your computer network? (Check all that apply) How are your backups done? Trusted, computer-savvy - 100 Automatically, offsite - 100 employees Trusted IT support company - 50 Manually by a skilled IT person + 50 Unskilled workers/transitional + 100 Manually by an admin + 100 staff Cleaning crew, maintenance + 200 Not sure + 200 Where is your data stored? How long do you keep a copy of your data? Don t know - 200 Forever - 100 On tape drives, USB devices - 100 One year - 50 Onsite hard drive - 50 Under a year + 50 Offsite in the cloud + 100 We use the same tape/device daily + 100 Do you live in an area or office building that has experienced any of these disasters OR that has a high potential for one of these disasters to occur? (Check all that apply) Tornado, hurricane or severe storm Do you or any of your employees have the ability to do the following? (Check all that apply) + 100 Download files from the Internet + 100 Earthquake + 100 Install non-company approved software + 100 Terrorist attack + 100 Delete files from the server + 100 Fire/problem with another + 100 Access your server remotely + 100 tenant Flood + 100 Create/change their own password + 100 Disaster Recovery Audit 4

Do you store sensitive data that must be protected by law? (Medical records, credit cards, social security numbers, financial data, etc.) Do you have a trusted, professional IT person or firm monitoring your network DAILY for security threats and failed backups? No - 100 No + 200 Yes + 200 Yes - 200 Do you routinely download and backup all data stored on 3 rd party cloud applications (web site files for example)? Do you have a break the glass document for what should happen if a senior executive dies or is disabled? Yes - 200 No + 200 No + 200 Yes - 200 How old is your server and/or other workstations that contain critical data? Do you have the following in place (check all that apply): Under a year old - 100 Signed, acceptable use policy & training + 50 1-3 years old + 50 Monitoring software for the network + 100 3-4 years old + 200 Mobile device policy and monitoring + 100 Over 4 years old + 300 Up-to-date anti-virus & threat monitoring + 100 A firewall that is monitored & updated + 100 Regarding disaster recovery and business continuity, check all that apply: You DO have a written disaster recovery plan You review & update your plan regularly You conduct periodic tests of your plan You DO have an inventory of assets for insurance - 200 You DON T have a disaster recovery plan + 200-100 You DON T update your plan + 100-100 You DON T test your plan ever + 100-100 You DON T have an inventory of assets + 100 Disaster Recovery Audit 5

Scoring: 0 Or Less: Low To No Risk You either don t have very much critical data on your computer or your backup plan is well designed. If this exercise revealed one or two areas you are NOT securing well, you now have the opportunity to resolve those areas immediately. 0-200: Medium Risk Depending on what data is compromised, you will most likely be able to recover it without major catastrophic costs or consequences. HOWEVER, there are certain areas that are more important than others. For example, if you had sensitive data lost or stolen, the consequences from that could be extensive in the form of legal fees, lost customers, lost market share, a harmed reputation and possibly even a lawsuit. 200 Or More: High Risk Your business is extremely vulnerable to various data-erasing disasters, and there is a high chance that you would NOT be able to recover it at all. It is imperative that you strengthen your current backup, security and disaster recovery plan immediately. 93% of companies that lost their data for 10 days or more filed for bankruptcy within one year of the disaster, and 50% filed for bankruptcy immediately. (Source: National Archives and Records Administration in Washington) Disaster Recovery Audit 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback