PROVIDED BY THE SYSTEMS AUDIT GROUP, Inc.
turnkey BC/DR plan development
- BC/DR testing: planning, designing, management & evaluation
- "Outside Audit" of organization's BC/DR plan adequacy
- Consultation on BC/DR plan development
BC/DR PLANNING, WITHOUT DESTROYING YOUR BUDGET!
60th BC/DR Plan completed in the Regulatory environment
by The Systems Audit Group, Inc.
Specialty industries include: Public corps., SaaS Providers, Biotech/pharma, Community Banks, Credit Unions, Insurance companies, HIPAA, SOX, & SEC
Newton, Ma -- The Systems Audit Group, Inc., has recently completed
its 60th Business-Continuity/Disaster-Recovery plan for
institutions within the regulatory environment.
Designed to meet regulatory requirements for comprehensiveness as well as to meet the business needs of the institutions
themselves, these plans have proven both extremely practical as well as economical, and the approach of The Systems Audit Group, Inc., has formed the basis of presentations to many Professional Associations, as well as HIPAA educational seminars.
According to Steven Lewis, consulting specialist at The Systems Audit Group, Inc.,
"...in our experience with so many organizations, we have seen how ideas and concerns from each one can benefit others. In this way the Disaster/Continuity plan becomes something which is also used to cope with the day-to-day "mini" disasters - in addition to satisfying the requirements of the regulatory agencies."
Lewis added that, "...in our approach, rather than try to invent specific scenario's (such as a specific type of emergency at a regional Nuclear plant), we have taken advantage of the fact that all disasters - including a nuclear emergency - can be divided into one or more of the following three components:
-- loss of information
(for example, due to equipment malfunctions),
-- loss of access to information, facilities, equipment, etc.
(for example due to computer lines or facilities being damaged, local political demonstrations, flooding, quarantine, etc.),
-- loss of personnel
(for example, due to pandemic, terrorist attack, etc.)"
"Working with management, we first evaluate the risks, vulnerabilities and interdependencies of each function in order to develop a Business Impact Analysis (BIA), including Recovery Time Objectives (RTO's) and Recovery Point Objectives (RPO's) for each function.
We then develop specific guidelines and procedures to be followed with respect to each of the organization's functions under each eventuality.
Following that, we develop a "Testing Methodology" designed to "prove" that the recovery plans can actually work, and schedule out an appropriate series of tests to meet the needs of the organization. We then monitor and manage the actual testing as required by management, preparing evaluations and remediation recommendations for management."
Lewis continued that "the result of our approach produces testable results ready for the board
or top-management to approve, with a minimum of time and effort for operational management, and embodying the unique wisdom and knowledge of the organization itself."