Tornadoes. Pandemic outbreaks. Disaster can strike at any time. And now, there are cyber concerns to worry about. Ransomware. Denial of Service. Email phishing.
If the worst happens, will you be ready? Organizations face loss of business, infrastructure, or key employees, and many companies that aren’t prepared never recover after a significant event. We can help you to avoid their fate.
Regardless of whether it’s a natural or man-made disaster or other disruptive event, you need to prepare for the continuity of systems and business operations.
We can help you develop plans that are appropriate and realistic for your business needs, while also complying with relevant regulatory requirements. We can also assess your existing processes, scenarios, and documented procedures to help identify potential weaknesses so your company is adequately prepared to address future business continuity challenges.
The following are examples of engagements we’ve recently performed in this area:
- Develop the policies, procedures, and detailed plans related to security incident response based on guidance within NIST 800-61 Computer Security Incident Handling Guide in order to satisfy incident response requirements for NIST 800-53 Security and Privacy Controls.
- Facilitate the annual disaster recovery and business continuity tabletop testing process.
- Compare the business impact analysis and risk assessment to the DRP/BCP to verify the plans adequately address identified risks and align with Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO).
- Assess the hardware and software disaster recovery strategies designed to prevent system failures and outages.
- Review legacy applications and older infrastructure components which may contain “single points of failure” and evaluate the controls that have been established to prevent such occurrences.
- Develop a contingency plan based on guidance within NIST 800-34 Contingency Planning Guide in order to satisfy NIST 800-53 contingency planning requirements.
- Assess the current business continuity and disaster recovery plans to identify any gaps or areas for improvement, including an assessment of compliance with relevant industry standards and regulations (GLBA).
- Develop a process for DRP and BCP maintenance and testing.
- Review management’s strategy for personnel communication methods and training of personnel with responsibilities for recovery of systems and key business processes.