Backup

Sep 25 2008   11:06AM GMT

Outsourcing your data backup process – SAS70

Posted by: sas70expert
Third-party services, Management, Backup, SAS 70

During the SAS70 audit, an examination will be performed on your data backup process. If you have outsourced this to a local vendor, you are still responsible for making sure that your data is kept safe, secure, and is backed up properly. Hosted or online backup processes are very attractive for small to medium size businesses. Why? They don’t have to maintain the expertise internally and the IT equipment is expensive.

 

How best do you manage your backup provider? Be sure to have a service level agreement in place. The service level agreement should provide you response times for when you need help. And you will! When you need to find that lost report that is due for your presentation today, you will want the file restored today – NOT in 24-36 hours. In addition, review your own internet connection as you will need a fast one to transfer your data. Does your outsourced vendor take care of your needs?   

Outsourcing your data backup process – SAS70

 

During the SAS70 audit, an examination will be performed on your data backup process. If you have outsourced this to a local vendor, you are still responsible for making sure that your data is kept safe, secure, and is backed up properly. Hosted or online backup processes are very attractive for small to medium size businesses. Why? They don’t have to maintain the expertise internally and the IT equipment is expensive.

 

How best do you manage your backup provider? Be sure to have a service level agreement in place. The service level agreement should provide you response times for when you need help. And you will! When you need to find that lost report that is due for your presentation today, you will want the file restored today – NOT in 24-36 hours. In addition, review your own internet connection as you will need a fast one to transfer your data. Does your outsourced vendor take care of your needs?   

Sep 10 2008   12:16AM GMT

11th Commandment - Thou shalt perform the data backup process. – SAS70

Posted by: sas70expert
Management, Compliance, Auditing, Backup, SAS 70

It’s Monday at 9am, Your server data has been lost. You ask for the backup tape to perform the restore and determine that Friday night backup process failed. You don’t want to start the week off by committing such a sin as to not follow the 11^th commandment. The backup data process must occur according to your company schedule and any identified failures should be noted and resolved. In addition, don’t make the mistake of keeping your backup tape on-site. A SAS70 audit that focuses on computer operations will examine your processes to confirm that you are adequately performing data backups. The SAS 70 audit will monitor your compliance with your Company policy – are you required to perform full or incremental backups? How do you know that your backup process was successful? A daily log should be received to indicate which file directories and files were backed up and if it was successful. In addition, your backup software should perform a verification process. When an auditor performs the SAS70 audit, one of the common mistakes by the Management is to forget to review the backup log. Who is in charge of your backup process?  SAS70ExPERT at gmail.com

Jul 27 2008   1:46AM GMT

Data Breaches – Do you have a plan? SAS70

Posted by: sas70expert
Disaster Recovery, Networking, Incident response, Security, Compliance, Risk management, Auditing, CIO, DataCenter, Backup & recovery, Backup, SAS 70

You should have a disaster recovery plan when a data breach occurs within your Company. SAS 70 audits mostly will require you to have a plan documented, but the details of the plan are usually not adequately reviewed. Every disaster recovery plan should have basic requirements which include:

1. Who to call when an Exchange server malfunctions?
2. What do you do when a fire occurs in your Datacenter? Do you use the fire extinguisher? Pull the fire alarm? Or run out the front door and call the fire department on your cell phone. There are many tasks that must be done to prevent a catastrophe and each has to be assigned.
3. Where do you report when the Datacenter is flooded? Do you meet at the local coffee shop or the CIO’s home? You need to designate a safe site so that you are quickly able to establish communication and implement the disaster recovery plan.
4. When does the disaster plan take effect? Is it implemented when a laptop is lost? Or an i-Phone is missing? Or is it when a more serious virus causes your network to go down? You have to know when to ring the disaster bells or the CEO, CIO, CFO will not take you seriously if you call him daily about the missing cell phone.
5. How do stop a virus from causing your entire network from disruption or just your access to internet or emails? Do you unplug the network or do you call third party services and report the issue?

 

If a disaster occurs - consider it like your home were burning….your most critical asset….a disaster recovery plan requires forethought and an impact analysis to make sure that your Company can still function on a day to day basis. Make sure you have a Disaster Recovery Plan ready for your SAS70 audit and so that you can come to work the next day.  Trackback URL

Jul 1 2008   5:45PM GMT

Do you need the Secret Service to guard your data? – SAS70

Posted by: sas70expert
Security management, Third-party services, Administration, Database issues, Disaster Recovery, Networking, Active Directory, Network security, Storage, Security, Network monitoring, Servers, Microsoft Windows, Information risk management, Management, Security Program Management, Risk management, human factors, Database, Database Management Systems, business/IT alignment, Access, Financials, Access control, Industry Solutions, Data center operations, Network Management Systems, Data center design, Network, CIO, DataCenter, DataManagement, CEO, management software, Single sign-on, FTP, CFO, cooling systems, Backup & recovery, Exchange, Backup, power systems, SAS 70, budget, bugeting, CSO

It’s election year and security to protect some of our most valuable assets is being discussed more frequently – including politicians and data privacy requirements (proposed Regulation S-P). Does that mean you should be considering the Secret Service to guard your data? I don’t think so; however, you should have a plan to manage risk of data loss. This plan should contain proactive thinking that promotes a culture of prevention. A SAS70 audit will assist you in determining your vulnerabilities and identifying weaknesses in information technology network; however, you must continually assess and evaluate scenarios, and stay informed of the latest and greatest networking threats. Communication and training are key to a data protection plan. What are some of the other characteristics?SAS70expert@gmail.com

 

Jun 11 2008   12:47AM GMT

Exchange and Email

Posted by: sas70expert
Disaster Recovery, Auditing, Email, Backup & recovery, Exchange, Backup, SAS 70

SAS70 audits do not require disaster recovery to be audited; however, backups of email can be critical to survival of a Company should they be sued.

The process to back up emails can be expensive and time-consuming. I tried clustering Exchange servers. It was a mistake from the start – it became too complicated, I had to add 3 additional staff, hardware and don’t forget the licensing costs.

There are some appliances that make it easier to replicate to Exchange and other major mail servers. What appliances worked best for you? Or are there other techniques you can recommend to expedite the email backup process?