Develop and Continually Refine a Disaster Recovery / Business Continuity Plan.


Why bother doing this?  Good Security is Proactive, not Reactive. Advance planning will help you to survive business disruptions, whether natural or man-made.  Companies that ignore business continuity planning and specific industry compliance requirements operate under a false sense of invincibility and their officers could face civil or criminal penalties for violations.


Perform a business impact analysis that identifies events and their associated risks:

   Identify common hazards
   Evaluate key issues
   Plan for and reduce the impact of disasters.


Perform a cost-benefit analysis:  Just as there is a cost for implementing a needed control, there's a cost for not implementing it.


Prioritize your business processes and supporting functions, including computer systems and applications

   Determine what are your business’s most critical information assets (electronic customer records, billing data, documents, etc.), and plan how to protect them.

   Protect computers from power fluctuations by using a good quality battery backup system. Prices range from about $40 to over $100, depending on battery backup time and other features.


Ensure that your business continuity plan is routinely tested using effective techniques to assure that the plan will work when you need it.

Next...

top