var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-35754314-2']); _gaq.push(['_setDomainName', 'securityeverafter.com']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();

Tuesday, October 4, 2011

Control 19: Data Recovery Capability

Develop a written plan that identifies all business owners and the processes needed by them to restore normal operations. Interview the business owners to better understand the dependencies needed to do their normal activities.

Conduct annual tabletop exercises with each business process owner. Use mock scenarios that consider availability loss of people, facilities and technology. Identify and document any gaps identified in the exercise and invite the business process owner to determine if they should be corrected or accepted. Working through this process will help engage the business units as they focus on recovering their operation to a normal state.

Test backup and restore operations on a regular and recurring basis. Create specific procedures that walk the user through how to manually backup and restore data. Just like with Incident Response, this work often occurs during high-pressure moments. Having a written procedure will help ensure critical steps are not missed. Document estimated recovery times for systems and applications. Strive to identify anything that has the potential to keep this from being successful.

No comments:

Post a Comment