PROVIDED BY THE SYSTEMS AUDIT GROUP, Inc.
turnkey BC/DR plan development
- BC/DR testing: planning, designing, management & evaluation
- "Outside Audit" of organization's BC/DR plan adequacy
- Consultation on BC/DR plan development
BC/DR PLANNING, WITHOUT DESTROYING YOUR BUDGET!
60th BC/DR Plan completed in the Regulatory environment
by The Systems Audit Group, Inc.
Specialty industries include: Public corps., Local Government, SaaS Providers, Biotech/pharma, Community Banks, Credit Unions, Insurance companies, HIPAA, SOX, & SEC
Cambridge, MA -- The Systems Audit Group, Inc., has recently completed
its 60th Business-Continuity/Disaster-Recovery plan for
institutions within the regulatory environment.
Designed to meet regulatory requirements for comprehensiveness as well as to meet the business needs of the institutions
themselves, these plans have proven both extremely practical as well as economical, and the approach of The Systems Audit Group, Inc., has formed the basis of presentations to many Professional Associations, as well as HIPAA educational seminars.
According to Steven Lewis, President of The Systems Audit Group, Inc.,
"...in our experience with so many organizations, we have seen how ideas and concerns from each one can benefit others. In this way the Disaster/Continuity plan becomes something which is also used to cope with the day-to-day "mini" disasters - in addition to satisfying the requirements of the regulatory agencies."
Lewis added that, "...in our approach, rather than try to invent specific scenario's (such as a specific type of emergency at a regional Nuclear plant), we have taken advantage of the fact that all disasters - including a nuclear emergency - can be divided into one or more of the following three components:
-- loss of information
(for example, due to equipment malfunctions),
-- loss of access to information, facilities, equipment, etc.
(for example due to computer lines or facilities being damaged, local political demonstrations, flooding, quarantine, etc.),
-- loss of personnel
(for example, due to pandemic, terrorist attack, etc.)"
"Working with management, we first evaluate the risks, vulnerabilities and interdependencies of each function in order to develop a Business Impact Analysis (BIA), including Recovery Time Objectives (RTO's) and Recovery Point Objectives (RPO's) for each function.
We then develop specific guidelines and procedures to be followed with respect to each of the organization's functions under each eventuality.
Following that, we develop a "Testing Methodology" designed to "prove" that the recovery plans can actually work, and schedule out an appropriate series of tests to meet the needs of the organization. We then monitor and manage the actual testing as required by management, preparing evaluations and remediation recommendations for management."
With respect to testing, Lewis stressed that, while many organizations have developed BD/DR plans, not as many have actually put them through systematic tests.
Often, organizations are focused on key deliverables such as "medical services," "product delivery," "public safety," etc. They often, however neglect to test support areas such as "payroll," "sending out invoices," "collecting taxes," etc, which are crucial for the organization to keep operating.
Testing all of these areas requires detailed planning in order to asses the ability to correctly restore backed-up files, remotely operate from home and/or distributed locations, communicate with 3rd-parties such as banks for funds transfer, etc.
These tests need to be organized and planned in a comprehensive fashion so that both correctness and completeness can be guranteed, as well as to be able to pinpoint and correct problems in areas where the initial testing did not work as expected.
In summary, Lewis stated that "the result of our approach produces testable results ready for the board
or top-management to approve, with a minimum of time and effort for operational management, and embodying the unique wisdom and knowledge of the organization itself."