Facebook Follow



XLM News Janco News Feed

Reddit  Del.icio.us  Stumble Upon  Facebook  
Disaster Recovery Security
Cloud DRP Security
Incident Communication Policy
Security Audit Program

Quality Assurance and Control Bundle

Defining quality means developing expectations or standards of quality. Standards can be developed for inputs, processes, or outcomes; they can be clinical or administrative. Standards can be applied at the level of an individual, facility, or an enterprise. A good standard is explicit, reliable, realistic, valid, and clear. Standards of quality can be developed according to the Dimensions of Quality and should be based on the best scientific evidence available. Stakeholder (including client and community) expectations of quality should also be incorporated in the definition of quality standards. Defined standards or definitions of quality are prerequisites for measuring quality. If standards don’t exist, they must be designed. Although standards are context-specific, universally accepted standards are often a good starting point for developing local standards.

To achieve these goals for Information Technology Janco has combined some of its most popular products to help CIO and IT organizations to meet the most strigent Quality Asssurance and Contol Standards.

Order DRP     Sample DRP

The Quality Assuarance and Quality Control Bundle includes:

IT Service ManagementSecurity PoliciesDisaster PlanningRecord Management Policy

  • IT Infrastructure Template - Included with the template are a HIPAA Audit Program Guide and an ISO 27001 and ISO 27002 Security Process Audit Checklist.  The Template is over 125 pages in length (the full table of contents can be downloaded by clicking on the link above) and the topics covered include:
    • IT Infrastructure, Strategy, and Charter Summary
    • Strategy and Charter Statement of Authority
    • IT Management Structure
    • Compliance
    • Personnel Practices
    • Controls
    • Application Development Standards
    • Service Requests
    • Local Area Network
    • Back-up and Recovery
    • Disaster Recovery Plan
    • Security
    • Access Control - Physical Site
    • Access Control - Software and Data
    • Facility Requirements
    • ISO 27001 & ISO 27002 Audit Checklist
    • HIPAA Audit Program
    • Full Job Description for CIO large enterprise
    • Full Job Description for CIO small enterprise

  • IT Service Management Template -The IT Service Management Policy Template is a 130 page document that contains policies, standards,  procedures and metrics that comply with version 2 and 3 of the ITIL Standard.  Chapters of the template include:
    • Service Requests Policy
    • Service Request Standard
    • Help Desk Policy
    • Help Desk StandardsITIL Service Management
    • Help Desk Procedures
    • Help Desk Service Level Agreement
    • Change Control Standard
    • Change Control Quality Assurance Standard
    • Change Control Management Workbook
    • Documentation Standard
    • Application Version Control Standard
    • Version Control Standard
    • Internet Policy
    • e-Mail Policy
    • Electronic Communication Policy
    • Blog & Personal Web Site Policy
    • Travel and Off-Site Meeting
    • Sensitive Information Policy

  • Security Policy Template - Security Manual for the Internet and Information Technology is over 220 pages in length. The Security Manual template includes both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance).

  • Disaster Recovery Template - The DRP template is over 200 pages and includes everything needed to customize the Disaster Recovery Plan to fit your specific requirement.  The electronic document includes proven written text and examples.

  • Record Management, Retention, and Destruction Policy - The Record Management, Retention, and Destruction policy is a detail template which can be utilized on day one to create a records management process.  Included with the policy are forms for establishing the record management retention and destruction schedule and a full job description with responsibilities for the Manager Records Administration.

Order DRP     Sample DRP

 

 

 

 

 

 

Quality Assurance and Control News



Company fined for not have a disaster business continuity plan

Disaster Planning The US National Futures Association (NFA) has imposed a fine of $75,000 against Capital Market Services LLC (CMS), a Futures Commission Merchant located in New York.

The decision, issued by NFA's Business Conduct Committee, is based on an NFA Complaint filed and a settlement offer submitted by CMS.

Order Disaster PlanDisaster Plan Template

The complaint alleged that CMS failed to implement adequate business continuity and disaster recovery plans and that CMS failed to report all system outages experienced by the firm to its customers and NFA. These outages left customers unable to enter new orders or manage their existing orders. In addition, the Complaint charged CMS with failing to adequately supervise the use of its electronic trading platforms.

NFA Compliance Rule 2-38 requires that 'Members establish and maintain a written BCDR plan to be followed in the event of an emergency or significant business disruption'.

- more info


Classifying systems for business continuity planning

DRP/BCP Security TemplatesEvery IT system has a unique cost vs. time or risk-tolerance profile, it is useful to categorize each application.

One classification of categories is:

  • Mission-critical - applications require continuous availability and synchronous or near real-time failover to an alternate site
  • Business critical - nearly continuous availability, but tolerate recovery times in the minutes
  • Online - support important business processes, but with low usage and infrequent access, with minimal impact if down for a few hours
  • Noncritical - systems or data stores that cause no significant business disruptive if offline for few days or even a week
  • Offline or archival - applications and data are seldom-used systems with large amounts archival information that will not affect business operations if unavailable for a week or more

 Order Disaster Plan TemplateDisaster Plan Sample

In addition to these categories, it is common to apply two standard parameters to applications for DR purposes: the recovery time objective (RTO) and recovery point objective (RPO). The former describes the time window within which an application must be brought online to avoid significant business loss (financial or otherwise), while the latter quantifies the amount of acceptable data loss you’re willing to suffer for a given application. In essence, RTOs focus on application availability and RPOs focus on data loss.

- more info


Disaster Recovery Plan Testing

Disaster Business ContinuityIn your disaster recovery business continuity plans do the availability and data protection solutions work? Are the RTOs and RPOs met? These certainly should be objectives. When disaster plans are tested are the objectives met? Too many times, plans are like neatly trimmed garden paths, which organizations follow to a successful conclusion. They are primers on how to pass the test, but would be of little use in a real disaster, if any number of the staff available for testing were unavailable. Temporary staff wouldn't know enough from the plans to figure out how to execute them, because they're more crib sheets than plans.

To the question of testing parts of the production environment at a time, rather than the whole data center, it's a matter of what the organiztion is trying to learn. Data centers are staffed to run the production environment. Many CIOs have focused on controlling costs and there are no "extra" hands available as a contingency measure, so disaster plans need to address how a few missing, key players would impact recovery effort.

Order Disaster Plan TemplateDisaster Plan Sample

Many disaster plans ignore one of the vital aspects of a data center recovery plan: the assumption the entire staff would be available at time of disaster. These plans just are not mature enough. Whether the organization tests the whole center or a few applications at a time, they need to inject some reality into it by "killing off" a few techs and/or DBAs to see how the disaster recovery plan works.

- more info


Disaster recovery business infrastructure

CIOs need to implement a disaster-ready infrastructure along with it business continuity plans.  Steps they should take include:Cloud DRP Security

  • Plan: When a business disruption threatens your top line and bottom line as well as your brand reputation, no company can afford to take chances.
  • Focus on minimizing recovery time and reducing costs: Depending on your industry, location, number of employees and other considerations, the cost of downtime can range from tens of thousands to more than a million dollars an hour. A business impact analysis and risk assessment will paint a clearer picture of what’s at stake for your organization.
  • Implement data protection and disaster recovery: In the event of a disaster, business-critical personnel need access to systems, data and other resources to keep the business operational. Fortunately, it’s not necessary to double infrastructure and operational expenses in order to meet BC/DR requirements.
  • Implement redundant hardware and intelligent routing: From redundant electronics and advanced routing protocols, to diverse network routes utilizing wide area network services to ensure network connectivity is maintained in the event of an outage or natural disaster.
  • Focus on mainting  continuous business operations: In an already challenging business climate, uninterrupted business operations are crucial to success. Have a business continuity solution that enables customers and employees to experience business as usual, even in the event of disruption.
  • Test it before the event occurs: If is is not tested you have no assurance that it will work.

Order Disaster Plan TemplateDisaster Plan Template

- more info


Small Businesses Not Prepared for Disasters

Cloud DRP SecurityAfter reviewing the preliminary impacts of the recent hurricane on the East Coast, Janco finds that SMBs are not taking disaster preparedness for their computer and networking systems as seriously as they should. SMBs are at risk and most don't take action to prepare for disasters until after they have experienced loss from downtime. The result is that this lack of preparation has a significant impact on their customers and their business.

Over 30% of all Disaster Recover Business Continuity Plans are not current according to data gathered by Janco

There are plenty of partial, outdated, or ineffective disaster and business continuity plans out there - why is it so difficult to get it right?

  • Data collection
  • Data inconsistency
  • Categorization
  • Manageability
  • Maintenance
- more info


Benefits of having a disaster plan

Recently an insurance brokers' association published the results of a survey which looked into the benefits that business continuity plans bring. A disaster planning template is required

Disaster Types

Order Disaster Plan TemplateDisaster Plan Template
The survey was based on just 83 responses from members and insurer partners identified the following benefits:
  • Having a business continuity plan in place will keep businesses trading when they would have otherwise have probably failed due to an incident.
  • Business continuity plans can significantly reduce the cost of disruptions.
  • Companies with business continuity plans benefit from insurance premium discounts, reduced excesses and doors opening to new insurance markets.
  • Having a business continuity plan allows what would otherwise be unacceptable risks to be insured.
- more info


Downtime can cost companies customers

Disaster Planning

Do you know what it would cost your business if your systems and data were unavailable for just an hour, or a day or even a week or more? Various studies conducted after natural disasters such as Hurricane Katrina and other major outages have shown that an estimated 25%never reopen after such a loss, and about 50% will be out of business within 2 years. Even an application and data loss that is not recoverable within three days can permanently impact a company's financial health - in fact, 40% of all businesses will never recover from such a loss. Even a few hours of downtime can ring up a very high price, so it makes financial sense to evaluate your business now, and come up with a backup plan to protect the vital core of your company.

 

Another factor that needs to be considered when evaluating the full extent of a business disruption is that your company doesn't only risk losing data, it risks losing its customers, and that can be very costly. For example, market research firm that conducts customer satisfaction and loyalty studies and has concluded "it takes many fewer resources to retain a satisfied customer coming back than it does to recruit new ones." They estimate that "the ratio of resources spent on retaining existing customers to resources spent on attracting new ones can range from 1 to 2 to as much as 1 to 5, depending on the industry and local market characteristics."

Other impacts can be felt in terms of business records, regulatory reporting, and compliance. A recent report from the U.S. Small Business Agency's Office of Advocacy, "The Impact of Regulatory Costs on Small Firms," indicated that federal regulatory compliance absorbed about 14 percent of U.S. national income."Clearly, even when things are operating smoothly the costs to maintain records and compliance are high, so significant downtime will significantly multiply that expense."

- more info


Expensive weather and climate disasters in the United States

Communication PlanDisaster Recovery and Business Continuity plans need to consider natural weather and events. The effects that natural events have on the environment directly and indirectly may be harmful to people. Forest fires and volcanoes harm air quality. Hurricanes and floods can contaminate water supplies and damage wastewater facilities. Any of these can spread contaminated materials into the environment.

The United States set a record with 12 separate billion-dollar weather/climate disasters in 2011, with an aggregate damage total of approximately $52 billion, according to the National Oceanic and Atmospheric Administration. That is just continuing the trend of the past 30 years.

Expensive Disaster

These incidents have prompted many organizations to reconsider the human element during a crisis or major news event and evaluate how they communicate with employees, suppliers, investors and customers. Emergency and mass notification systems are designed to help organizations communicate to stakeholders during an incident or disruption. However, in response to the high occurrence of prominent disasters in recent years, the marketplace has been flooded with products to address emergency and mass notification needs. The need to diligently evaluate vendors is critical to ensure that services will meet an organization's specific requirements.

- more info


Disaster Life Cycle

A business disruption has a life cycle; it starts small and could potentially become a disaster of epic proportion, depending on its duration. The longer the duration, the greater the disruption to your business. Your organization’s response should shift as an incident evolves from threat to emergency to crisis to disaster. It’s one thing to say access to contract data isn’t essential for a day or two, but what about a week or two? This is why it’s important to protect more than just data. Now that you know what processes are critical to the operation of your business, you can consider threats according to their impact on those critical processes.

To help you mitigate impact to your core processes, your plan should address three key phases:

  • Business Continuity Response - these are the steps you take immediately to sustain your core processes, your primary business priorities
  • Disaster Recovery Response - these are the steps you take to extend your core processes indefinitely and address your secondary priorities
  • Restoration Planning Response - these are the steps you take to restore your business to its pre
    -incident level
- more info


DRP for virtual data centers

Protecting application data from disasters is critical to keeping businesses up and running. Yet traditional disaster recovery solutions were never intended to address the needs of today's virtualized data center.

Outsourcing Template

As a result, the cost and complexity of using traditional disaster recovery products to address data replication needs in highly virtualized environments forces many organizations to forego disaster recovery altogether.

- more info