- ISO 27031 Complaint Disaster Recovery Business Compliant Template Released
- Lessons Learned from Japanese Disasters
- CIO and IT Manager Productivity Tools
Version 6.2 of the Disaster Recovery Business Continuity Template Released
ISO 27031 compliance requirements met by DR BC Template
Version 6.2 of the Disaster Recovery Business Continuity Template Released - With the recent release of the final issues of the ISO 27031 Information Technology - Security Techniques - Guidelines for information and communication readiness for business continuity by the International Standards Organization, Janco has updated it template to show how it fully complies with the standard.
The ISO Standard defines the Information and Communication Technology (ITC) Requirements for Business Continuity (IRBC) program that supports the mandate for an infrastructure that supports business operations when an event or incident with its related disruptions affects the continuity of critical business functions. This includes security of crucial data as well as enterprise operations.
The ISO standard centers around fours areas; Plan, Do, Check, and Act.
- Plan - Establish a Disaster Recovery Business Continuity policy with objectives, metrics, and processes relevant to managing risk and improving the enterprise's Information and Communication Technology ability and readiness to operate at the level defined within the parameters of the enterprise's overall disaster recovery and business continuity objectives.
- Do - Implement and operate the Disaster Recovery and Business Continuity policies, procedures, controls, and processes.
- Check - Assess and monitor the performance metrics as defined within the Disaster Recovery and Business Continuity policy metrics and communicate the results to the management of the enterprise. This process can be done via an audit, a test of the plan, or an actual execution of the plan via a post event analysis session.
- Act - Modify the Disaster Recovery and Business Continuity policies, procedures, and metrics based on the "Check" (audit, test, or execution of the plan) in order to improve the Disaster Recovery and Business Continuity Policy.
Disaster Recovery and Business Continuity Lessons Learned From the Japanese Disasters
Once a disaster occurs and the DRP and BCP are activated, many risks and exposures are faced -- both operational and systemic. In talking with its clients after the recent earthquake, Janco has compiled a list of lessons learned:
- The success of the recovery is directly related to the quality of the plan, the training provided, and the testing that has occurred before the disaster occurs.
- Power failures take down telecommunications - network providers and individual phone batteries require electricity. Circuits will be overload and land lines may take some time to restore. Cell phones can not work if they can not be recharged or cell towers are down.
- Travel and transportation will be restricted - plan for road closures, police blockades, disabled vehicles, limited rental car availability and dwindling fuel supplies. If individuals leave the immediate area they may not be allowed to return.
- Personnel issues will be your primary concern - plans should take into account employees' personal needs. If the disaster is wide spread then employees are concerned about their families and can not focus completely of the recovery process.
- Assume that all the right people will not be there in time to declare the a disaster has occurred nor to begin the recovery process.
- Everyone will be under stress and tempers will be short - leadership is what will make the recovery successful
- Assume that no electronic copy of the plan will be available for some time - have an updated paper copy that can be used immediately.
- Critical facilities should not be located in close proximity. If the primary recovery facility, media, or network are in the same general area they may be affect as well.
- Resources should be staged in safe areas - switching equipment, generators and fuel tanks should be located above flood levels. In addition the assumption should be made that recovery at the impacted site could take several days if not weeks or months.
- Data management challenges will arise - backup systems should not require physical connectivity to your infrastructure. When the recovery process begins you need to assume that nothing is working - hardware, software, media, and license keys.
- Insurance coverage is often inadequate - understand your coverage before disaster strikes, and document activities for adjusters. Also understand that insurance adjuster's primary goal is to limit the liability of the insurance carrier not to fill every one of your enterprise's needs.
- The authors have been in situations where adjusters "argued" that a piece of equipment was usable and would not approve replacement equipment. In situations like that remember that the objective is to get the business back in an operational more - bite the bullet and do what is necessary to get the business back in operation.
- Cash is king but document how it is spent. After the fact the proof of expenditures will be needed for reimbursement from the business and with proper documentation from the insurance company.
- Hardware may be damaged - develop and test a plan for replacing equipment and for disposing of unusable devices. With technology it often is less expensive to replace equipment than to repair. Create a location where damaged equipment is placed and log the reason it is there so that after the fact decisions can be made on what to do with the equipment.
These are just some of the lessons leaned. The Disaster Recovery Business Continuity Template has been chosen by over 3,000 enterprises in over 90 countries. It is the industry standard.
Janco's tools are your solution to improved productivity
Why re-invent the wheel when these tools provide you with the industry standard best practices in a way that can make your standout as a manager and leader who can get things done is quickly and cost effectively.