RSS News Feed Feed Description


DRP & Security Templates 
Disaster Recovery Plan  and Security Manual
Bundle
 

 

The Disaster Recovery - Business Continuity / Security Manual Template Bundle contain the two most critical components of most enterprise's support infrastructure.  This bundle comes in three versions plus there is an update service for both the DRP - BC and Security Manual.  Both of the templates are ISO 27000 (formerly ISO 17799), Sarbanes-Oxley, PCI, and HIPAA compliant.  In addition the Security Manual template has extensive audit checklists can be used as is to validate your security procedures are compliant with HIPAA and ISO 27000.

The Disaster Recovery / Business Continuity and Security Manual Template bundle comes in three versions - Standard, Premium, and Gold.
 
  Standard Premium Gold
 
Disaster Planning / Business Continuity Template (WORD) X X X
Security Manual Template X X X
Business Impact Questionnaire (21 pages) X X X
Threat and Vulnerability Assessment Form X X X

25 full IT Job Descriptions:

  • Chief Information Officer (CIO)

  • Chief Compliance Officer (CCO)

  • Chief Security Officer (CSO)

  • VP Strategy and Architecture

  • Director e-Commerce

  • Database Administrator

  • Data Security Administrator

  • Manager Data Security

  • Manager Database

  • Manager Disaster Recovery

  • Manager Disaster Recovery and Business Continuity

  • Manager Facilities and Equipment

  • Manager Media Library Support

  • Manager Network and Computing Services

  • Manager Network Services

  • Manager Site Management

  • Manager Training and Documentation

  • Manager Voice and Data Communication

  • Manager Wireless Systems

  • Capacity Planning Supervisor;

  • Disaster Recovery Coordinator

  • Disaster Recovery - Special Projects Supervisor

  • Network Security Analyst

  • System Administrator - Unix

  • System Administrator - Windows

  X X
204 IT Job Descriptions (WORD each as an individual file using long file names includes the  25 job descriptions listed above)     X
Update Service Available X X X

 

 

Disaster Recovery Plan (DRP)

This Disaster Recovery Plan (DRP) can be used as a template for any enterprise.   DRP is sent to you via e-mail in WORD and/or PDF format. Included is a 23 page Business Impact Questionnaire as well as a 3 page Job Description for the Disaster Recovery Manager. The  Disaster Recovery Plan Template PREMIUM Bundle contains 11 additional key job descriptions.

  • Plan Introduction

  • Business Impact Analysis

  • DRP Organization Responsibilities

  • Backup Strategy

  • Recovery Strategy 

  • Disaster Recovery Procedures Check List

  • Plan Administration Process

  • Technical Appendix

  • 3 page Job Description for Disaster Recovery Manager

  • Work Plan

The template is ISO 17799, SOX, and HIPAA compliant

 

 

Security Manual  

The Template includes everything needed to customize the Internet and Information Technology Security Manual to comply with Sarbanes-Oxley. The Security Manual Template PREMIUM Edition  contains 16 detail job descriptions.

The electronic document includes proven written text and examples for the following major sections for your topics / security plan:

  • ISO 17799, Sarbanes-Oxley, HIPAA, and Patriot Act Compliance

  • Security Manual Introduction

  • Risk Analysis

  • Staff Member Roles

  • Physical Security 

  • Facility Design, Construction and Operational Considerations

  • Media and Documentation

  • Data and Software Security

  • Network Security

  • Internet and Information Technology contingency Planning

  • Travel and Off=Site Meetings

  • Insurance

  • Outsourced Services

  • Waiver Procedures

  • Incident Reporting Procedures

  • Access Control Guidelines

  • Sample Forms

    • Business and IT Impact Questionnaire

    • Threat & Vulnerability Assessment Tool

    • Security Violation Reporting form

    • Security Audit form

    • Inspection Check List

    • New Employee Security form

    • Security Access Application form

     

    •  

     

    Summary of Bundle Offering

      Standard Premium Gold
    Disaster Recovery Business Continuity Word Template x x x
    Security Manual Word Template x x x
    25 DR/BC and Security Job Descriptions Word and PDF   x  
    204 IT and Internet Job Descriptions Word (Includes the 25 DR/BC and Security Job Descriptions)     x
    Update Service Available Yes Yes Yes

     

     

    Current News

    ISO 17799 - disaster recovery - business continuity defined

    SO 17799 is often used as a generic term to describe what are actually two different documents: ISO17799 (also ISO 27002), which is a set of security controls (a code of practice), and ISO 27001 (formerly BS7799-2), which is a standard 'specification' for an Information Security Management System (an ISMS).

    DRP Security Template  DRP BCP Audit

    ISO 17799 establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The objectives outlined provide general guidance on the commonly accepted goals of information security management. ISO/IEC 17799:2005 contains best practices of control objectives and controls in the following areas of information security management:

    • security policy;
    • organization of information security; 
    • asset management;
    • human resources security;
    • physical and environmental security;
    • communications and operations management;
    • access control;
    • information systems acquisition, development and maintenance;
    • information security incident management;
    • business continuity management;
    • compliance.

    The control objectives and controls in ISO/IEC 17799 are intended to be implemented to meet the requirements identified by a risk assessment. ISO/IEC 17799 is intended as a common basis and practical guideline for developing organizational security standards and effective security management practices, and to help build confidence in inter-organizational activities

     more info

     

    Disaster Planning is Complex

    An increasing number of professionals know that small-scale emergencies can be contained if staff members are prepared to react quickly. Damage can be limited even in the face of a large-scale disaster. For example, cultural institutions in Charleston, South Carolina, formed a consortium that focused on disaster preparedness several years before they were hit by a hurricane. Many of those institutions sustained only minor damage because they were able to put their early warning procedures into operation.

    Disaster planning is complex; the written plan is the result of a wide range of preliminary activities. The entire process is most efficient if it is formally assigned to one person who acts as the disaster planner for the institution and is perhaps assisted by a planning team or committee. The enterprise's director may play this primary role or may delegate the responsibility, but it is important to remember that the process must be supported at the highest level of the organization if it is to be effective. The planner should establish a timetable for the project and should define the scope and goals of the plan, which will depend largely on the risks faced by the enterprise.

    more info

     

    Disaster recovery business continuity team leader tasks

    The tasks that the leader of a disaster recovery business continuity project needs to complete are:

    •  Establish BC program lifecycle processes within your organization
    • Assess business and technology requirements for a BC plan
    • Evaluate business continuity risks to your organization
    • Identify and select cost-effective BC recovery strategies
    • Organize an effective BC team
    • Develop a BC plan document
    • Coordinate BC plan with external entities
    • Develop an effective test plan for testing the BC plan
    • Organize and conduct successful BC plan tests
    • Establish a process for maintaining the BC plan
    • Implement a BC plan change management process
    • Understand the main differences between a disaster recovery plan, emergency response plan, crisis management plan, and business continuity plan
     more info

     

    Business continuity after a terroist attack or a pandemic

    Most aspects of business continuity and disaster recovery planning apply to terrorist attacks and pandemics just as much as to fires, hurricanes, floods, earthquakes, and other natural and manmade disasters.  Business Continuity However, there are a number of areas that need to be re-visited because of the uniqueness of these types of interruptions. 

    • Communication - While communication is important in any disaster recovery scenario, it is particularly critical in the event of a terrorist attack or a pandemic. Employees and their families may be personally threatened, and they may be exposed to rumors and panics, it is particularly important that they receive accurate, up-to-date information on safety and health issues. Employees also need detailed information on company policies and procedures for working in the new environment, and open communication channels to company officials to help resolve personal and work-related issues in high-stress situations.
    • Security and Connectivity - Enterprises must plan to provide secure and reliable access to corporate networks for employees who work in their homes, hotels, or other remote locations. Administrators must have a plan for distributing software to remote computers, ensuring security on computers outside of the corporate firewall, and providing backup and data encryption capabilities to mitigate the risk of mobile devices with sensitive data being lost or stolen.
    • Collaboration and Re-Engineered Processes - Planners and developers must re-engineer business processes so they can continue without face-to-face interaction between employees.

     

     more info

     

    Business continutiy defined

    Disaster Recovery Plan Template
    In the simplest of terms, it is good business for a company to secure its assets. CIO under the direction of CEOs and enterprise shareholders must be prepared to budget for and secure the necessary resources to support business continuity.

    It is necessary that an appropriate administrative structure be created to effectively deal with crisis management. This will ensure that all concerned understand who makes decisions, how the decisions are implemented, and what the roles and responsibilities of participants are. Personnel used for crisis management should be assigned to perform these roles as part of their normal duties and not be expected to perform them on a voluntary basis. Regardless of the organization - for profit, not for profit, faith-based, non-governmental - its leadership has a duty to stakeholders to plan for its survival.

    OrderDownload Table of Contents

    With the explosion of technology into every facet of the day-to-day business environment there is a need to define an effective infrastructure to support operating environment; have a strategy for the deployment and technology; and clearly define responsibilities and accountabilities for the use and application of technology.

    The template comes as both a WORD document utilizing a CSS style sheet that is easily modifiable. 

     more info

     

    Security Breaches Are a Disaster Recovery Business Continuity Concern

    DRP BCP SecurityServers are so compact that they could be removed from the building in a briefcase. When you consider the magnitude of the IT investment, and the value of the data and applications that ride on it, you can appreciate the critical importance of protecting it from unauthorized access.  This is especially true after a disaster - anyone can walk off with you enterprise's key assets.

    Server enclosures provide access control options such as lock-and-key, electronic control, RFID local readers and access cards.  

    • Keys can be matched to individual cabinets, multiple cabinets of a certain type (such as containing networking equipment, telephone company equipment or servers), or any other combination desired.
    • Electronic control can provide multiple types of access, such as remote control, timed control, card reader control or a combination of all of these methods.
    • Diversified access-control strategies enable you to manage access at the level of function and/or individual, while a top-level disaster recovery administrator has a master key.
     more info

     

    Wi-Fi Proves Itself in a Disaster Area When Hurricane Katrina hit New Orleans, the only communication system that had not broken down was the wireless mesh network deployed in the downtown area to support surveillance cameras credited with reducing the citys prestorm violent-crime rate.

    Today it still performs police duties, but as the lone public communications system left in the city, it also carries VoIP traffic that is the lifeline for many city businesses.

    The storm wiped out wireline phone service and cellular networks, and those that it didn't destroy outright couldn't be kept up because the city could not get fuel to the backup generators needed to keep the networks running, Meffert told an audience at a session during Spring VON 2006 this week.

    more info

     

    Email Disaster Recovery and Business Continuity Requirements

     BuyTable of Contents

    Disaster Recovery and Business Continuity for email requires at least six factors to be included when the plan is created.  They are:

    • Emergency backup for primary mail server
    • Ability to send and receive emails
    • View "some" email history
    • Retain history during the recovery period
    • Spam and virus filtering
    • After the fact synchronization with primary email server

    Based on working with thousands of customers, Janco Associates has developed a Disaster Recovery and Business Continuity Template that includes everything that you need to create a custom Disaster Plan.

    You can download a full copy of the table of contents by going to http://www.e-janco.com/Register_drp.asp.

     more info

     

    Disaster plans are not keeping up with increased volumes Data volumes are expanding rapidly and many Disaster Recovery and Business Continuity plans are not keeping up.  It is estimated that over half of large US enterprises had 11 terabytes or more of unstructured data - business documents, virtual machine images, email, media files, etc. - in their environments, with annual growth rates hovering around 60%. This is compounded by a 20% or more annual growth rate for transactional data, historically the bulk of data processing. With remote office staffing levels in decline, IT's ability to track and secure these growing data sets is in jeopardy. more info

     

    Business Continuity Planning Key to Business Operations

    Business Continuity planning is key requirement for running any modern enterprise that takes its operations and its clients seriously. With so many potential disasters looming that can befall an organization at any time, it seems unwise not to take actions to prepare for and try to prevent the devastating impact of such catastrophes.

    Disaster Business Continuity

    There is a multiplicity of benefits in planning for Business Continuity and disaster planning within your organization. Not only will your data, hardware, software, etc., be better protected, but the people that compose your organization will be better safeguarded should a disaster occur. In addition, employees will be informed and rehearsed as to what actions to take to immediately start the recovery process and ensure business continuity if disaster strikes.

    Without this type of preparation any unexpected event can severely disrupt the operation, continuity, and effectiveness of your business. Disabling events can come in all shapes and varieties. They can vary from the more common calamities like hard drive corruption, building fires or flooding to the rarer, yet more severe and often longer lasting disruptions that can occur on a city-wide or even national basis; events such as disruptions in transport (oil crises, metro shut-downs, transport worker, strikes, etc.), infrastructure weakening from terrorist attacks, or even severe loss of staff due to illness like a pandemic flu. All of these strikes a blow at an organization's struggle for business continuity.

    For smaller companies the impact of  even lesser disasters can hit much harder. For example, unexpected non-availability of key workers alone could be catastrophic, potentially causing as much disruption to business continuity as technological hardship, especially if it occurs during the height of the company's busy season. If only one person is trained to do particular and/or essential tasks, their unexpected absence can severely disrupt productivity.

     more info

     

     

     

    ©  2001 - 2009 Janco Associates, Inc. - ALL RIGHTS RESERVED --  Revised: 06/16/09.