SAS 70

Jul 27 2008   1:46AM GMT

Data Breaches – Do you have a plan? SAS70

Keith Harrell Profile: SAS70ExPERT

You should have a disaster recovery plan when a data breach occurs within your Company. SAS 70 audits mostly will require you to have a plan documented, but the details of the plan are usually not adequately reviewed. Every disaster recovery plan should have basic requirements which include:

  1. Who to call when an Exchange server malfunctions?
  2. What do you do when a fire occurs in your Datacenter? Do you use the fire extinguisher? Pull the fire alarm? Or run out the front door and call the fire department on your cell phone. There are many tasks that must be done to prevent a catastrophe and each has to be assigned.
  3. Where do you report when the Datacenter is flooded? Do you meet at the local coffee shop or the CIO’s home? You need to designate a safe site so that you are quickly able to establish communication and implement the disaster recovery plan.
  4. When does the disaster plan take effect? Is it implemented when a laptop is lost? Or an i-Phone is missing? Or is it when a more serious virus causes your network to go down? You have to know when to ring the disaster bells or the CEO, CIO, CFO will not take you seriously if you call him daily about the missing cell phone.
  5. How do stop a virus from causing your entire network from disruption or just your access to internet or emails? Do you unplug the network or do you call third party services and report the issue?

 

If a disaster occurs – consider it like your home were burning….your most critical asset….a disaster recovery plan requires forethought and an impact analysis to make sure that your Company can still function on a day to day basis. Make sure you have a Disaster Recovery Plan ready for your SAS70 audit and so that you can come to work the next day. Sas70Expert@gmail.com

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: