The Saturn Partners, Inc., has offered evaluation of existing BC plans for some time now. This service is expanded in 2006, to offer clients not only complete evaluations of the current situation, but soup-to-nuts development efforts, plus the TESTING of that new or improved plan once it is completed.
Some of the steps involved include the following:
- Discovery questionnaires and meetings to define scope of project:
- We find this to be a weak spot in many BC plans. This is the backbone of the entire project, and takes time and detail to complete. Once completed, the stage is set for the development of the plan, followed by testing.
- Risk Evaluation:
- A hard look is taken at all IT assets, configuration, placement, budgetary concerns, usage, traffic, assets and other factors to draw a current “snapshot in time” of risk status in the client network environment.
- Preparation of Business Impact Analysis and Risk Analysis:
- This involves a customized process of ranking risk vs. current IT assets in the environment. The final plan must contain this vital data, and client involvement and input is essential to this stage of plan development. Also involved in this stage could be a full Vulnerability Assessments, external and internal, to test actual risk to the physical side of the network.
- Emergency Response and Operations Status Evaluation, recommendations and needed upgrades:
- In this step all areas of incident response/emergency response currently in use in the client network environment is analyzed and reviewed for proper testing standards, content and effectiveness. This includes presence and necessity of separate hot/cold recovery sites, storage and maintenance of vital records and recovery-related areas, such as third party vendors and staff organization issues.
- Internal Awareness Evaluation and Recommendations:
- Social engineering plays a part in this phase of the planning process. Since human beings run the organization, how they are trained to respond and management emphasis on proper emergency preparedness and business continuity processes and reviewed and upgraded as needed. Finalized recovery strategies will be one of the outcomes of this stage of the process.
- Standards development for testing and maintaining the BCP:
- Testing of the final plan will take place once all discovery and planning steps are completed. This plan will come with clear recommendations, based on the organization involved, regarding timing of future tests and instruction on keeping the new plan current and vital. Developing a regular and thorough testing process is the key to readiness.
Testing of final plan and submission of the final reports wrap-up this critical process.
We urge you to contact us to set up an appointment for more information on this important step of your Network Security Plan!