It is a fact that damage to reputation even from an unsatisfied customer can have a cost. No organization can function in the 21st century without a well articulated contingency plan from a simple back-up plan to one involving relocating to a fully functional site for reconstitution.
We help organization plan for any information system contingency building on risk management and impact assessment in the event of disruption in availability, integrity and confidentiality. Making your infrastructure resilient is our first priority and then we prepare your organization in the event a catastrophic strike to your information systems operation.
A comprehensive plan will comprise the following steps:
1. Conduct a business impact assessment to classify information systems by level of criticality to the functioning of organization
2. Articulate steps to increase infrastructure resiliency
-UPS, generator, high availability, additional preventive controls,
3.Determine the scope of efforts for recovery plan
-prioritize resources according to information systems criticality
-baseline the cost of downtime compared to cost of recovery
-derive a point in time estimate for recovery
-outline sequential phases of recovery
-identify logistics of recovery operation (alternate facilities, personnel, equipment, software, system components, vital records..)
4.Conduct a thorough cost benefit analysis taking into account critical systems and level of operational recovery during reconstitution, factoring actual costs for alternate site relocation, environment, logistics, services, parts and software providers, retrieval of back up
5.Plan the logistics of recovery
-hardware, software, preventive controls equipment for reconstitution, alternate site, electronic and other records, supporting equipment & infrastructure, SLA, MOU with vendors and supporting service providers ( back up media off-site storage retrieval)
6.Establish roles and responsibilities for each phase of the recovery
-management team,media relations, transportation ,telecommunication, operating system, application recovery, security team etc
-training, testing
7.Documenting the final plan articulating steps and processes in 3 phases
-incident determination and notification
-start of recovery phase
-reconstitution phase
