IT preparedness
Relevant IT contingency plans that are effective and tested can help reduce your business risks considerably. The D Unitas ensure that your IT contingency plans are up-to-date and tested.
What do YOU do when disaster strikes?
A company today must assume that they will be affected by interruptions to a greater or lesser extent. It can be anything from disconnected internet connection over ransomware attacks, theft of data to physical destruction of data center or tragic events leading to loss of vital data for the company.
Perhaps you are subject to directives such as GDPR, NIS 2, DORA, etc., which all dictate conditions that can only be complied with if you have proven and documented contingency plans and tests of these.
It requires insight into own systems and processes, just as an organization must be formed around the subject.
Can we meet external requirements such as regulatory requirements? Can we live up to agreement requirements (e.g. an SLA) with our customers? Can we live up to our own wishes and requirements? Does our preparedness match our risk appetite?
In all cases, it is important to have elaborate emergency plans. These plans must, among other things, contain an overall description of roles and responsibilities, communication plans, strategic decisions, etc., followed by a number of scenarios that must enable the company to handle the current emergency situation.
A good plan...
If you are completely without IT contingency plans, this is a good 1-2-3 way to start...
1
First get a handle on your basic Disaster Recovery plan, which ensures a basic restore of critical systems in the event of a serious breakdown.
2
Upgrade to true IT contingency plan with roles, responsibilities, action cards and communication plan.
3
TEST your plans - both managerially and technically. Test regularly!.
Remember to get the management involved!
Your technicians can probably handle restoring and handling the technical aspects. But... it is at least as important that the management is involved in the plans, both in terms of ensuring strong crisis management, but also communication and concrete action plans.
Unitas has strong experience in dressing management even in large companies and international groups. We hold concrete tests that always give rise to an aha experience, but in the long run strengthen decision-making efforts considerably and with great efficiency as a result.
Where shall we begin?
Depending on the maturity of your business and available technical capabilities, there are several places to start.
Basis is a Disaster Recovery Plan, which must ensure that, as a minimum, the company's critical systems can be safely recreated from a backup.
Next, you can move on to a real IT contingency plan, where targets for RPO/RTO are defined and compliance tested.
There are several good standards to work from, and for most small and medium-sized companies, templates from sikkerdigital.dk will be a starting point. Larger or more mature companies can use the ISO standard, which is somewhat more comprehensive.
Either way can Unitas help with both the preparation and testing of plans. We have the right certifications to be able to audit tests.
IT Disaster Recovery and IT Contingency Plans form an integrated part of Unitas' CISO-as-a-Service.
Contact us for a chat about what is the right level for your company and how we can get started efficiently and pragmatically, so we ensure that you have an effective tool on the day you need it!
