Posted: Fri May 28, 2004 8:18 pm Post subject: Securing the Disaster Recovery Plan
I am told it is a good idea to treat the disaster recovery plan and confidential. I guess that's to prevent anyone trying to damage the organization having the inside track on your recovery operations.
Does anyone have any policies on this? Could you direct me?
I'd suggest that this should be part of your general information security policy.
The data in your disaster recovery plan is, in essence, just another piece of restricted data. Your organization should have an over-arching policy in place for this, covering classification of data as well. In other words, the data chould be classified at a suitable level, and then appropriate security applied for that level.
It is unlikely many people will have a specific policy in place for DRP security, in my opinion.
Posted: Sat Aug 06, 2005 12:54 am Post subject: What if management wants a public portion?
I've been tasked with creating a publicly available (well, to our customers, not quite public) portion of our new DRP. This is in response to more and more of our larger customers requesting it in order to do business with us. Have any of you handled this and what is the recommendation?
For a plan to be useful, it must be available when necessary, hence the need for the appropriate personnel to have a copy of the plan offsite. After all, what good is a plan that is destroyed along with the building in which it is housed?
Our solution is to seal the printed plan in an envelope, using tamper-proof tape. This way, the plan can be stored offsite while maintaining a degree of security. All copies are also numbered and tracked when assigned.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum