The ability of a business to recover from a systems failure is generally measured by the amount and quality of preparation of the organization for a disaster. A solid disaster recovery plan is made up of several components: (a) a risk assessment of existing information systems identifying the unmitigated or insufficiently mitigated risks along with a plan for reducing or accepting those risks, (b) a disaster recovery methodology and policy that documents expected system availability, acceptable data loss, anticipated recovery time objectives, and a more detailed procedure that can be followed to achieve the policy objectives, and (c) regular testing of the existing disaster recovery plan along with updating of the plan as systems and objectives change.
You can purchase and complete a system risk assessment online by clicking one of the links below. These risk assessment tools utilize the CMS Qualitative Risk Assessment Methodology. Bundles are available for assessing multiple systems.
- Single System Risk Assessment
- Bundle for 2-5 System Risk Assessments
- Bundle for 6-10 System Risk Assessments
- Bundle for 11-20 System Risk Assessments
Developing a plan, policy, and implementing mitigations for known system risks takes time and substantial effort. However, knowing your risks and budgeting for system investments with an eye to reducing the risk of loss of data can help your business survive and grow. Need help? Contact us to discuss how we can be of assistance in this process.
A part of the planning and testing process includes a table top exercise with IT and business leaders. The objective of the table top exercise is to discuss current readiness for a disaster based on a variety of scenarios, to ensure regular communication between leaders of the business and IT staff to properly manage expectations about current preparedness and recoverability, and to help identify issues that require planning or additional effort (such as non-IT issues like where are staff going to physically work during an emergency, will the business be able to operate, who will be responsible for declaring a disaster and coordinating the organization’s response in concert with IT, and what will happen once the emergency situation is over).
Interested in discussing or scheduling a table top exercise? Contact us for more information. Want to read more about NIST’s recommendations for table top exercises? Click here to download the NIST publication 800-84.
Our firm focuses on technology issues, including HIPAA security regulation compliance, copyright, trademark, and related areas of law (such as contracts, trade secrets, and business-related matters). Please contact us by email or by phone at (410) 963-5269 for assistance with your legal questions. Please browse our web site to learn more about what services we offer.