Experts Agree You Should Update Your Plan Annually

It goes without saying that every company, regardless of size, needs a concise business continuity plan in case of an emergency. If you don't have a disaster recovery plan or haven't updated yours recently, now is the time to take this critical step to protect your business.

At the same time there are more security requirements that need to be met.  Executive management is depending on you to have the right security policies and procedures in place.

Chief Information Officers and Chief Security Officers need to have DRP and Security policies and procedures in place that address all of the issues of management and these templates meet this need.

DRP BCP Template

Business Continuity

Disaster Planning is lacking in many companies. According to an AT&T Survey of 100 Chicago firms (revenues <$10M), 81 have DR plans, but only 43% have fully tested their plans within the last 12 months and 12% admitted they have never tested their business continuity plans.

DR and BC are now accepted as basics requirement for every business and organization. It is widely accepted that a detailed plan should not only exist, but should be up to date. It should reflect the actual on-going needs of the business activity or function. But how do you ensure that this is actually the case?

If you have a plan, do you know that it will all work? Do you ever audit it, and if so, how? Equally importantly, do you know what your service/resource dependencies are and what their time criticalities are? What of your everyday contingency practices - do they measure up to close scrutiny?

Next to personnel, data is your most irreplaceable asset.  Networks, application hosting platforms, and end user computing environments can be replaced quickly.  However, without your customer lists, product catalogs, inventory, financial records, and other operational data your business cannot recover.

This DRP can be used as a template for any enterprise. The template and supporting material have been updated to be Sarbanes-Oxley, PCI-DSS, ISO 27000, and HIPAA compliant. The template comes as both a Word and static fully indexed PDF document and includes:

• Word 2003 and 2007 Template
• Business and IT Impact Analysis Questionnaire
• Work Plan
• Audit Program

Preparation for an event in light of mandated and industry regulated requirements such as PCI-DSS, HIPAA, ISO, and SOX has two primary parts.

• The first is putting systems in place to completely protect all financial and other data required to meet the reporting regulations and to archive the data to meet future requests for clarification of those reports.
• The second is to clearly and expressly document all these procedures so that in the event of a SOX audit, the auditors clearly see that the DR plan exists and will appropriately protect the data.