Disaster Recovery Plan Policy
1. Overview Since disasters happen so rarely, management often ignores the disaster recovery planning process. It is important to realize that having a contingency plan in the event of a disaster gives neaPay a competitive advantage. This policy requires management to financially support and diligently attend to disaster contingency planning efforts. Disasters are not limited to adverse weather conditions. Any event that could likely cause an extended delay of service should be considered. The Disaster Recovery Plan is often part of the Business Continuity Plan.
2. Purpose This policy defines the requirement for a baseline disaster recovery plan to be developed and implemented by neaPay that will describe the process to Consensus Policy Resource Community • Data Backup and Restoration Plan: Detail which data is backed up, the media to which it is saved, where that media is stored, and how often the backup is done. It should also describe how that data could be recovered. • Equipment Replacement Plan: Describe what equipment is required to begin to provide services, list the order in which it is necessary, and note where to purchase the equipment. • Mass Media Management: Who is in charge of giving information to the mass media? • Also provide some guidelines on what data is appropriate to be provided. After creating the plans, it is important to practice them to the extent possible. Management should set aside time to test implementation of the disaster recovery plan. Table top exercises should be conducted annually. During these tests, issues that may cause the plan to fail can be discovered and corrected in an environment that has few consequences. The plan, at a minimum, should be reviewed an updated on an annual basis.
5. Policy Compliance
5.1 Compliance Measurement The Infosec team will verify compliance to this policy through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the policy owner.
5.2 Exceptions Any exception to the policy must be approved by the Infosec Team in advance.
5.3 Non-Compliance An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
6 Related Standards, Policies and Processes None.
7 Definitions and Terms The following definition and terms can be found in the SANS Glossary located at: https://www.sans.org/security-resources/glossary-of-terms/ • Disaster
Ready to start your next project with us? Give us a call or send us an email and we will get back to you as soon as possible!