Category Archives: Regulation

08.28.15
by

Understand How Disaster Recovery and Business Continuity Interrelate

Understanding the importance of Disaster Recovery within a Business Continuity plan has become more important as data types and regulatory requirements have become more complex.

To begin, the difference of disaster recovery and business continuity must be understood. Both disciplines describe a company’s preparation for the mitigation of risks to continued operations. Disaster recovery applies to the technology operations of the business. Whereas, business continuity has a larger scope that includes technology, physical assets and manual business processes such as workflow, customer service and more. As stated in the StandBy article BCP vs DRP “A mistake often made by organisations is that ‘we have an IT DR Plan, we are all ok“.  That is not the case.  You need to have a Business Continuity Plan in place for critical personnel, key business processes, recovery of vital records, critical suppliers identification, contacting of key vendors and clients etc.”

Developing business continuity planThe complexity of these plans has increased along with their importance. For the disaster recovery plan, regulation has added a level of sophistication that was not required as it is today. Data backup and recovery strategies must meet company policies regarding regulatory requirements, data breaches, ability to respond to court orders, and more.

There are real life situations that require the ability to “look back in time”. Consider that data is not only required to be backed up for protection of a catastrophic event, but, it also needs to be restored in different ways for different purposes and meet varying requirements. A request can be made from a government regulatory body to retrieve data from a certain date or from a past event. This requires coordinated strategies and testing to ensure these types of requests can be accomplished. Data Backup strategies must be planned and tested to assure all company requirements regarding data retention and recovery are met.

Data types have become more complex as the Internet of Things has expanded the scope of what data is, where it comes from and what it looks like. As we stated earlier in this Blog in the post THE IOT IS RENDERING YOUR OLD DATA BACK AND RECOVERY PLAN OBSOLETE, “Businesses are integrating the IoT with their mission critical applications at an accelerated rate. There is a need for data from specialized devices and applications to be made available to business applications. The data being generated from devices in trucks, shipping docks, and house water meters are being integrated with core business processes for analytics and advanced business processing. So, this data has now become corporate data.”

Data recovery and its interrelationship with business continuity plans must be understood and then reevaluated to meet modern requirements. Consult with professionals that understand theses complex relationships, such as Salvus Data Consultants, of Texas.

02.09.15
by

Recovery Time is a Critical Element of a Financial Institution’s Business Continuity Plan

Data Recovery time is a critical part of meeting the FFIEC IT exam for financial institutions.

The Business Impact Analysis was a section added to the FFIEC (Federal Financial Institutions Examination Council) Business Continuity Planning Booklet in 2008. The Business Continuity Planning Booklet is one of 12 that, in total, comprise the FFIEC IT Examination Handbook.

Banking regulation

 

According to the FFIEC, a business impact analysis (BIA) is the first step in the business continuity planning process and should include the:

  • Assessment and prioritization of all business functions and processes, including their interdependencies, as part of a work flow analysis;
  • Identification of the potential impact of business disruptions resulting from uncontrolled, non-specific events on the institution’s business functions and processes;
  • Identification of the legal and regulatory requirements for the institution’s business functions and processes;
  • Estimation of maximum allowable downtime, as well as the acceptable level of losses, associated with the institution’s business functions and processes; and
  • Estimation of recovery time objectives (RTOs), recovery point objectives (RPOs), and recovery of the critical path

The last two points are of special importance. Being able to recover your data is not the whole issue. Being able to recover your data in a time frame that meets business objectives is critical.

As we have stated in our post Don’t Forget These Things When Data Backup And Recovery Processes Are Being Developed, a major part of the backup and recovery process is the physical network. To name just a few of the factors that impact the infrastructure design would be the frequency of the backups, the required time for the restore to be completed for effectiveness, the medium the data resides, the proximity of the backup location to the original site, etc. Networks may be under-powered to meet data backup and recovery requirements.

Recovery depends on more issues than just recovering from a catastrophic event. Data backup and recovery strategies must also meet company policies regarding regulatory requirements, data breaches, ability to respond to court orders, and more. This requires coordinated strategies and testing. Data Backup strategies must be planned and tested to assure all company requirements regarding data retention and recovery are met.

Outsourcing data backup processes is an approach that can be considered to have expert guidance from Data Backup specialist that know their field. Outsourcing to an American managed service provider is often the preferred choice; especially if the data can remain within the control of the company and only the backup and recovery procedures are performed remotely by the data backup and recovery MSP.

To discuss data backup and recovery processes further, as they apply to regulatory requirements, contact Salvus Data Consultants. Salvus uses Tivoli Storage Management (TSM) remotely to manage Data backup and recovery while you maintain control of your data.