Supremus Group
BIA, RA, BCP, DRP template BIA, BCP, DRP plan Disaster Recovery Plan (DRP) template Business Continuity Program (BCP) template Data Center Recovery template Risk Assessment Template Business Impact Analysis (BIA) template
 
facebook
twitter
linked-in

Package 9: Information Technology (IT) Risk Management, Risk Assessment and Data Center (technology) Disaster Recovery Template Suite

 

 

This is entire template suite required by any Information Technology (IT) department to conduct the risk assessment, plan for risk management and to take necessary steps for disaster recovery of IT dept.  Any organization, small or large, can use this template and adapt to their environment.

Our templates are customized based on best practices and standards for application & data criticality analysis. This package has templates, forms, and examples. Our templates will assist you to comply with following regulations and standards like SOX, HIPAA, ISO 27002, FDA, FFIEC, FISMA, Basel II and COOP & COG.

These templates can be used by Healthcare organizations, security consulting companies, manufacturing company, IT departments of different companies, servicing companies, educational organizations, financial institutions, law firms, pharmaceuticals & biotechnology companies, telecommunication companies and others.

Feel free to request a sample before buying.

List of documents in this Risk Assessment form and templates package:

Cost: $480

Conducting a Risk Assessment Guide

Objectives

The purpose of this Risk Assessment Guide document is to assist the business conduct a Risk Assessment, which discovers the present risks and threats to the business and implement procedures to eradicate or decrease those potential risks.  This document endow with guidance on how to conduct the Risk Assessment, evaluate the information that is assembled, and put into practice strategies that will permit the business to manage the risk.  The following documents are available to help the business complete the assessment:

  • Risk Assessment Template
  • Risk Assessment Worksheet
  • Facility RA Findings Report
  • Executive RA Findings Report
  • Examples of Preventative Measures

The Risk Assessment is merely part one of an overall Business Assessment.  A Business Assessment is alienated into two constituents, Risk Assessment and Business Impact Analysis (BIA).  The Risk Assessment is intended to evaluate current vulnerabilities to the business's environment, while the Business Impact Analysis evaluates probable loss that could result during a disaster.  To maximize the Risk Assessment, a Business Impact Analysis should also be completed.

Table of Contents of Conducting a Risk Assessment

INTRODUCTION   

Compliance  
Scope  

RISK ASSESSMENT

Objectives of the Risk Assessment
Risk Assessment Process
What Should Be Included? 
Steps to Follow 

ASSESSING YOUR RISK

Identifying Risks / Threats  
Probability of Occurrence   
Vulnerability to Risk  
Potential Impact
Preventative Measures in Place  
Insurance Coverage   
Past Experiences

   
ANALYZING THE RESULTS   

Review Interview Notes  
Follow-Up Meetings   
Report the Results
   

FINAL REPORT & PRESENTATION   

Creation of Executive Report  
Presenting the Results  
Next Steps   
Conclusion   

KEYS FOR SUCCESS

Senior Management Support  
Effective Data Gathering Tools
Key Resources 
Critical Data 
Executive Report   

APPENDIX ITEMS

Appendix A:  Risk Assessment Survey   
Appendix B:  Risk Assessment Worksheet 
Appendix C:  Facility Risk Assessment Report
Appendix D:  Executive Risk Assessment Report
Appendix E:  Examples of Preventative Measures

Risk Assessment Template

OBJECTIVE

Due to many regulatory compliance rule regulations, your organization must implement Business Resumption Plan, Business Continuity Plan and Business Analysis Plan to ensure the protection of data.  In order to carry out this undertaking, there are numerous steps that your organization will be carrying out to detect critical business functions, processes and applications that process vital data and to understand the potential impact to the business if a disruptive event occurred. 

One of the first steps of implementing the Business Resumption Plan for your organization is to conduct a Risk Assessment (RA).  This questionnaire will assist you to detect the present risks and threats to the business and put into practice measures to eradicate or lessen those potential risks.   Once the survey is completed, the RA Project team will examine the data and create prioritized risk reduction (mitigation) strategies to present to senior management.

Table of Contents of Risk Assessment Template

OBJECTIVE 

GENERAL INFORMATION

Respondent Information 
Company Information 

PREVIOUS DISRUPTIONS   

Facility Related 
Technology Related   
Weather Related   

NATURAL & MAN-MADE RISKS & THREATS

Natural Risks / Threats  
Man-Made Risks / Threats 

ENVIRONMENT & FACILITY RISKS  

Environment Risks / Threats  
Facility Risks / Threat    

PREVENTATIVE MEASURES

Hazardous Materials 
Fire Containment  
Emergency Notification, Evacuations, Alarms & Exits  
Facility Features, Security,  & Access
HVAC  
Utilities
Data Center (Technologies)

Preventative Measures

The following list contains examples of preventative measures that can be put into practice by the company to alleviate the potential risks that at present exist.   Some of these activities may be achievable easily, as to where some may take more time and more resources.

Natural Risks

The natural risks are typically linked with weather related events:  flooding, high winds, severe storms, tornado, hurricane, fire, high winds, snow storms, and ice storms. 

Risk / Threat

Preventative Measures

Earthquakes

  • Move large and heavy objects to the fall to prevent injury (from falling on people.)
  • Equipment tie-downs are used on all critical computer equipment.
  • Emergency power is available on-site.
  • Earthquake construction guidelines have been adhered to so that damage can be minimized.
  • Critical data and vital records should be backed up and sent offsite for storage.
  • Staff should be trained in Earthquake evacuations and safety.

Man-Made Risks

The man made risks are typically linked with man-made type of events:  Bomb threats, vandalism, terrorism, civil disorder, sabotage, hazardous waste, work stoppage (internal/external), and computer crime. 

Risk / Threat

Preventative Measures

Staff Productivity Risks

  • Alternate sources of trained employees have been identified
  • Proper training and necessary cross-training is conducted
  • Files are backed up and procedures are documented
  • The work areas are comfortable and safe

Environmental Risks

The environmental risks are typically linked with exposures from surrounding facilities, businesses, government agencies, etc. 

Risk / Threat

Preventative Measures

Hazardous Materials Plant

 

  • There is a nightly backup of data processing electronic record and that backup is stored off-site
  • The off-site backup facility is a sufficient distance away from this facility
  • An alternate site has been identified for use in the event that this facility is unusable

Final Facility Risk Assessment Report Template w/ charts

<Enter Facility Name>

Address of Location:

Participant:

Date of Report:

The interview was conducted by <Enter the Name of Person(s) conducting interviews> on <Enter Month, Day, and Year>. 

Overview of Facility Business Operations

The <Name of Facility> is responsible for <enter overview of all business operations that are conducted at this site.  (Identify if the facility provides patient care.)

Previous Disruption Experiences

  • <Enter any previous disruption experiences and details of incident>
  • <Enter any previous disruption experiences and details of incident>
  • <Enter any previous disruption experiences and details of incident>

Risks & Vulnerabilities

Natural Risks

The Natural risks are typically linked with weather related events:  flooding, high winds, severe storms, tornado, hurricane, fire, high winds, snow storms, and ice storms.  In each RA Survey, the facilities manager was asked to identify potential natural risks and rate the severity of each. 

<Enter Chart using the template on the Natural Risks tab in the Executive Report Charts located in the appendix.>

Summary of Natural Risks

For the location of this facility and historical weather patterns, it has been stated that <Enter top 3 - 5 Natural Risks> pose the biggest threat.  <Add additional comments if necessary.> 

How the risk ranking was determined:  Overall Risk = Probability * Severity (Magnitude - Mitigation)

Threat

Probability

Magnitude

Mitigation

Overall Risk

Drought

 

Earthquake

 

Fire

 

Flood / Flash Flooding

 

Hurricane / Tropical Storm

 

Ice Storms

 

Landslides

 

Severe Thunderstorms

 

Tornado

 

Wildfire

 

Risk Assessment Policy

Objective

The Risk Assessment (RA) Policy document establishes the activities that require to be carried out by each Business Unit, Technology Unit, and Corporate Units (departments) within the organization. 

All departments must use this methodology to detect present risks and threats to the business and put into practice measures to eradicate or decrease those potential risks.    

Table of Contents for Risk Assessment Policy

TERMINOLOGY
ACCOUNTABILITY
COMPLIANCE
REVISION HISTORY
ENDORSEMENT

I.  POLICY OVERVIEW

A. Purpose
B.  Scope
C.  Ownership Roles & Responsibilities
D. Review Process
E. Reporting Process
F. Update Frequency and Annual Review
G. Approval

II. RA REQUIREMENTS

A. RA Completion
B.  Risks and Threats Identification
C.  Probability of Occurrence
D.  Vulnerability to Risk
E.  Potential Impact of Risk
F.  Preventative Measures
G.  Insurance Coverage
H.  Previous Disruptions

III. RA RESULTS

A.  Overall Facility Risk
B.  Communication
C.  Retention of RA Survey

APPENDIX

Appendix A - Risk Assessment Standards

Applications and Data Criticality Analysis Template

Objective

The intention of the Application & Data Criticality Analysis is to determine the criticality to covered entity of all application based components and the potential losses which may be incurred if these components were not available for a period of time.  This questionnaire is designed to collect the information necessary to support the development of alternative processing strategies, solutions and IS Recovery plans.

The Business Impact Analysis (BIA) should be fulfilled prior to this engagement.  The outcome of the BIA should be used to assess technology requirements based on the business needs. 

This questionnaire also serves as a compliancy method for meeting many regulatory compliance rule requirements for Application & Data Criticality Analysis.

Table of Contents of Applications and Data Criticality Analysis Template

OBJECTIVE   

RESPONDENT INFORMATION  

APPLICATION INFORMATION 

Application Information
Application Specifications
Application Users  
Application Service Providers  
Application Vulnerability  
Application Recovery Complexity
Application Recovery Plan   
Application Recovery History  
Application Standard Operating Procedures 
Application Source Code and Backup Information   
Application Dependencies
Application Data Reconstruction  

DATABASE INFORMATION 

Database Information   
Database Service Providers
Database Vulnerability 
Database Recovery Complexity   
Database Recovery Information   
Database Recovery History 
Database Standard Operating Procedures
Database Backup Information  
Database Backup Tape Information 

HARDWARE (SYSTEM) INFORMATION 

Hardware Information  
Hardware Environment Information  
Hardware Service Providers
Hardware Vulnerability
Hardware Recovery Complexity  
Hardware Recovery Plan 
Hardware Recovery History
Hardware Backup Information 
Hardware Backup Tape Information

NETWORK INFORMATION

Network Equipment Requirements   
Network Service Providers  
Network Vulnerability  
Network Recovery Complexity
Network Recovery Plan  
Network Recovery History  
Network Standard Operating Procedures

Application Recovery Plan Template

 

Purpose

This Application Recovery Plan documents the strategies, personnel, procedures and resources necessary to recover the <Enter Application Name> Application following any type of short or long term disruption.  The following objectives have been established for this plan:

  • Maximize the value of business resumption, business impact analysis and disaster recovery planning by establishing recovery plans that consists of the following phases:
    1. Notification / Activation:  To activate the plan and notify vendors, customers, employees, etc of the recovery activities
    2. Recovery Phase:  To recovery and resume temporary IT operations on alternate hardware (equipment) and possibly at an alternate location
    3. Restoration Phase:  To restore IT systems processing capabilities to normal operations at the primary location or the new location
  • Define the activities, procedures, and essential resources required to perform <Enter Application Name> processing requirements during prolonged periods of disruption to normal operations.
  • Allocate responsibilities to designated personnel and provide guidance for recovering <Enter Application Name> during prolong periods of interruption to normal operations. 
  • Make certain coordination with other <Enter Company Name> staff is conducted. 
  • Ensure coordination with external contacts, like vendors, suppliers, etc. who will participate in the recovery process. 

Table of Contents for Applications Recovery Plan Template

PLAN MAINTENANCE

PLAN EXERCISE  

PLAN LOCATION 

PLAN DISTRIBUTION

PLAN INTRODUCTION

Purpose 
Applicability  
Scope   
Assumptions  
Use Of This Plan   

APPLICATION PROFILE

Application Specifications
Server Requirements
Database Requirements   
Network Requirements
Input (Feeders) Dependencies on Applications / Systems 
Output (Receivers) Dependencies on Applications / Systems
Business Processes

PLAN ACTIVATION PROCEDURES   
    Plan Activation Team   

TEAM MEMBERS & RESPONSIBILITIES 

Activate Team Members  
Travel to Alternate Location 

RECOVERY PROCEDURES 

Restore Application Services   
File Verification Tasks 
Application Validation and Synchronization Tasks
Restoration Procedures
Original or New Site Restoration  
Concurrent Processing 
Plan Deactivation   

APPENDIX

Appendix A:  Employee Contact List   
Appendix B:  Vendor Contact List

Database Recovery Plan Template

Purpose

This Database Disaster Recovery Plan documents the strategies, personnel, procedures and resources necessary to recover the Database following any type of short or long term disruption.  The following objectives have been established for this plan:

  • Maximize the value of business resumption, business impact analysis and disaster recovery planning by establishing recovery plans that consists of the following phases:
    1. Notification / Activation:  To activate the plan and notify vendors, customers, employees, etc of the recovery activities
    2. Recovery Phase:  To recovery and resume temporary IT operations on alternate hardware (equipment) and possibly at an alternate location
    3. Restoration Phase:  To restore IT systems processing capabilities to normal operations at the primary location or the new location
  • Define the activities, procedures, and essential resources required to perform <Enter Database Name> processing requirements during prolonged periods of disruption to normal operations.
  • Allocate responsibilities to designated personnel and provide guidance for recovering <Enter Database Name> during prolong periods of interruption to normal operations. 
  • Make certain coordination with other <Enter Company Name> staff is conducted. 
  • Ensure coordination with external contacts, like vendors, suppliers, etc. who will participate in the recovery process. 

Table of Contents for Database Recovery Plan Template

CONFIDENTIALITY STATEMENT

PLAN MAINTENANCE   

PLAN EXERCISE  

PLAN LOCATION

PLAN DISTRIBUTION 

PLAN INTRODUCTION

Purpose   
Applicability
Scope 
Assumptions
Use of This Plan  

DATABASE PROFILE  

Database Specifications   
Server Requirements

PLAN ACTIVATION PROCEDURES   

Plan Activation Team   

TEAM MEMBERS & RESPONSIBILITIES

Activate Team Members  
Travel to Alternate Location 

RECOVERY PROCEDURES

Restore Database Services  

RESTORATION PROCEDURES 

Original or New Site Restoration  
Concurrent Processing 
Plan Deactivation 

APPENDIX

Appendix A:  Employee Contact List   
Appendix B:  Vendor Contact List

Network Recovery Plan Template

Purpose

This Network Recovery Plan documents the strategies, personnel, procedures and resources necessary to recover the <Enter Company Name> network following any type of short or long term disruption.  The following objectives have been established for this plan:

  • Maximize the value of business resumption, business impact analysis and disaster recovery planning by establishing network recovery plans that consists of the following phases:
    1. Notification / Activation:  To activate the plan and notify vendors, customers, employees, etc of the recovery activities
    2. Recovery Phase:  To recovery and resume temporary IT operations on alternate hardware (equipment) and possibly at an alternate location
    3. Restoration Phase:  To restore IT systems processing capabilities to normal operations at the primary location or the new location
  • Define the activities, procedures, and essential resources required to perform network recovery during prolonged periods of disruption to normal operations.
  • Allocate responsibilities to designated personnel and provide guidance for recovering the network during prolong periods of interruption to normal operations. 
  • Make certain coordination with other <Enter Company Name> staff is conducted. 

Ensure coordination with external contacts, like vendors, suppliers, etc. who will participate in the recovery process. 

Table of Contents of Network Recovery Plan Template

PLAN MAINTENANCE 

PLAN EXERCISE  

PLAN LOCATION 

PLAN DISTRIBUTION

PLAN INTRODUCTION

Purpose 
Applicability  
Scope   
Assumptions  
Use of this Plan  

NETWORK PROFILE  

Network Specifications
Network Requirements

PLAN ACTIVATION PROCEDURES   
    Plan Activation Team   

TEAM MEMBERS & RESPONSIBILITIES   

Activate Team Members  
Travel to Alternate Location 

RECOVERY PROCEDURES

Restore Network Services   
Restoration Procedures
Original or New Site Restoration  
Concurrent Processing 
Plan Deactivation   

APPENDIX 

Appendix A:  Employee Contact List   
Appendix B:  Vendor Contact List   
Appendix C:  Network Diagrams

Disaster Recovery Plan Template

This key document contains the non-technical activities that require to be done in support of Disaster Recovery operations.  The subsequent sections contain contact numbers, contact personnel, activation and notification procedures, overview of recovery teams, vendor contact information and recovery locations. 

The complete technical recovery procedures for all components are located in the appendix given that these disaster recovery plans are modified on a regular basis owing to periodic configuration changes of the company's Technology Environment.  Moreover, with continual changes to the hardware, network, and operating systems (OS), technical documents such as the detailed individual DR Plans for this environment will be updated on a regular basis to make sure modification in hardware and operating systems are reflected in the technical DR Procedures. 

Table of Contents for Disaster Recovery Plan

CONFIDENTIALITY STATEMENT

PLAN MAINTENANCE 

PLAN EXERCISE

PLAN LOCATION  

PLAN DISTRIBUTION   

MEDIA POLICY

EXECUTIVE SUMMARY  

Definition of A Disaster
Disaster Declaration Criteria

QUICK REFERENCE GUIDE   

SCOPE & OBJECTIVES 

Scope of This Plan   
Objectives of This Plan

RECOVERY STRATEGY  

Recovery Strategy   
Application & System Recovery  
Network Recovery  
Telecommunications Recovery 
Contractual Agreement for Recovery Services  

PLAN ASSUMPTIONS & EXPOSURES 

Planning Assumptions  
Known Exposures   

DISASTER DECLARATION PROCEDURE   

Declaration Authority   

NOTIFICATION PROCEDURES

Notification & Activation Team

RECOVERY TEAMS   

Management Team  
Administrative Team
Alternate Site Team 
Offsite Storage Team   

CONTACT LISTS

Employee Contact Information 
Department Notifications 
Vendor Notification 
Other Emergency Contact Numbers

ALTERNATE LOCATIONS 

Assembly Site  
Command Center
Recovery Site Information

OFFSITE STORAGE LOCATION 

Offsite Storage Information  

PLAN CERTIFICATION

Plan Certification 

APPENDIX ITEMS 

I.  Application Technical Recovery   
II. Systems Technical Recovery   
III. Network Technical Recovery 
IV. Telecommunications Technical Recovery
V. Database Technical Recovery 
Appendix A - Employee Notification Procedures 
Appendix B - Notification Log
Appendix C - Event / Disaster Information   
Appendix D - Record Log  
Appendix E - Alternate Site Authorization Form  
Appendix F - Recovery Status Report 
Appendix G - Disaster Recovery Report 
Appendix H - Travel Accommodations Request Form 
Appendix I - Employee Tracking Form
Appendix J - Assessing Potential Business Impact

Server Recovery Plan Template

Purpose

This Server Recovery Plan documents the strategies, personnel, procedures and resources necessary to recover the <Enter Server Name> Server following any type of short or long term disruption.  The following objectives have been established for this plan:

  • Maximize the value of business resumption, business impact analysis and disaster recovery planning by establishing server recovery plans that consists of the following phases:
    1. Notification / Activation:  To activate the plan and notify vendors, customers, employees, etc of the recovery activities
    2. Recovery Phase:  To recovery and resume temporary IT operations on alternate hardware (equipment) and possibly at an alternate location
    3. Restoration Phase:  To restore IT systems processing capabilities to normal operations at the primary location or the new location
  • Define the activities, procedures, and essential resources required to perform <Enter Server Name> processing requirements during prolonged periods of disruption to normal operations.
  • Allocate responsibilities to designated personnel and provide guidance for recovering <Enter Server Name> during prolong periods of interruption to normal operations. 
  • Make certain coordination with other <Enter Company Name> staff is conducted. 
  • Ensure coordination with external contacts, like vendors, suppliers, etc. who will participate in the recovery process. 

Table of Contents for Server Recovery Plan

CONFIDENTIALITY STATEMENT

PLAN MAINTENANCE 

PLAN EXERCISE

PLAN LOCATION  

PLAN DISTRIBUTION   

PLAN INTRODUCTION

Purpose 
Applicability  
Scope   
Assumptions  
Use of this Plan  

SERVER PROFILE 

Server Specifications   
Network Requirements
Applications  

PLAN ACTIVATION PROCEDURES   
    Plan Activation Team   

TEAM MEMBERS & RESPONSIBILITIES   

Activate Team Members  
Travel to Alternate Location 

RECOVERY PROCEDURES 

    Restore Server Services

RESTORATION PROCEDURES

Original or New Site Restoration  
Concurrent Processing 
Plan Deactivation   

APPENDIX  

Appendix A:  Employee Contact List   
Appendix B:  Vendor Contact List

Telecom Recovery Plan Template

Overview:

Telecommunications Recovery Plan documents the strategies, personnel, procedures and resources necessary to recover company's Telecommunications following any type of short or long term disruption.  The following objectives have been established for this plan:

  • Maximize the value of business resumption, business impact analysis and disaster recovery planning by establishing telecommunications recovery plans that consists of the following phases:
    1. Notification / Activation:  To activate the plan and notify vendors, customers, employees, etc of the recovery activities
    2. Recovery Phase:  To recovery and resume temporary IT operations on alternate hardware (equipment) and possibly at an alternate location
    3. Restoration Phase:  To restore IT systems processing capabilities to normal operations at the primary location or the new location
  • Define the activities, procedures, and essential resources required to perform network recovery during prolonged periods of disruption to normal operations.
  • Allocate responsibilities to designated personnel and provide guidance for recovering the network during prolong periods of interruption to normal operations. 
  • Make certain coordination with other staff is conducted. 
  • Ensure coordination with external contacts, like vendors, suppliers, etc. who will participate in the recovery process. 

Table of Contents for Telecommunications Recovery Plan Template

CONFIDENTIALITY STATEMENT

PLAN MAINTENANCE   

PLAN EXERCISE  

PLAN LOCATION

PLAN DISTRIBUTION
   
PLAN INTRODUCTION

Purpose   
Applicability
Scope 
Assumptions
Use of this Plan

TELECOMMUNICATION PROFILE

Telecommunication Specifications
Telecommunication Requirements 

PLAN ACTIVATION PROCEDURES

Plan Activation Team   

TEAM MEMBERS & RESPONSIBILITIES 

Activate Team Members  
Travel to Alternate Location 

RECOVERY PROCEDURES

Restore Telecommunication Services

RESTORATION PROCEDURES

Original or New Site Restoration  
Concurrent Processing 
Plan Deactivation 

APPENDIX 

Appendix A:  Employee Contact List   
Appendix B:  Vendor Contact List

To view specific section of this document, please contact us at sales@supremusgroup.com or call us at (515) 865-4591.

 
Supremus Group LLC , 855 SE Bell Ct, Suite 300, Waukee, IA 50263
Tel: (515) 865-4591 | Fax: (515) 221-2363
Email: Bob@supremusgroup.com/
Copyright © 2006-2014 www.SupremusGroup.com A SUPREMUS GROUP venture

Valid XHTML 1.0 TransitionalValid CSS!