We will work to ensure that strategies and plans are in place to counteract interruptions to business activities and to protect critical business processes from the effects of major failures of information systems or disasters and to ensure their timely resumption. A managed program and process shall be developed and maintained for business continuity throughout the organization that addresses the information security requirements needed for the organization's business continuity.
The program and process shall bring together the following key elements of business continuity management:
i. identifying all the assets involved in critical business processes ii. considering the purchase of suitable insurance which may form part of the overall business continuity process, as well as being part of operational risk management iii. ensuring the safety of personnel and the protection of information assets and organizational property iv. formulating and documenting business continuity plans addressing information security requirements in line with the agreed business continuity strategy
We will work with the organization's subject matter experts to define a process that will develop a Disaster Recovery framework based on HITRUST controls which will ensure recovery of critical systems and applications. The primary goal, is the delivery of a consistent process to be used by the organization to implement an IT Disaster Recovery program leveraging the Business Impact Analysis and Risk Analysis to allow each organization to meet the following objectives:
Identify, classify and manage vulnerabilities based on their relative risk to the company
Develop and provide a data center Disaster Recovery plan
Testing of the Disaster Recovery plan and the data center secondary site
Conduct the business impact analysis (BIA). The BIA helps identify and prioritize information systems and components critical to supporting the organization’s mission/business processes. A template for developing the BIA is provided to assist the user.
Identify preventive controls. Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life cycle costs.
Develop the contingency planning policy statement. A formal policy provides the authority and guidance necessary to develop an effective contingency plan.
Create contingency strategies. Thorough recovery strategies ensure that the system may be recovered quickly and effectively following a disruption.
Develop an information system contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system unique to the system’s security impact level and recovery requirements.
Ensure plan testing. Testing validates recovery capabilities, whereas training prepares recovery personnel for plan activation and exercising the plan identifies planning gaps; combined, the activities improve plan effectiveness and overall organization preparedness.
Ensure plan maintenance. The plan should be a living document that is updated regularly to remain current with system enhancements and organizational changes.
NexTTyme LLC PO Box 620328 Charlotte, NC 28262 Email: Inbox@nexttyme.com