| 2. 7 Business Continuity |
 |
|
R.CONTINUITY.1 |
XYZ Co. shall implement a set of business continuity processes and procedures, that have been derived from XYZ’s Business Continuity Policy, for the following tasks: a) Contingency Operations: Procedures that allow facility access in support of restoration of lost data under the disaster recovery plan and emergency mode operations plan in the event of an emergency. b) Contingency Plan: Procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain sensitive data; c) Data Backup Plan: Procedures to create and maintain retrievable exact copies of electronic data; d) Disaster Recovery Plan: Procedures to restore any loss of data; e) Emergency Mode Operation Plan: Procedures to enable continuation of critical business processes for protection of the security of sensitive information while operating in emergency mode; and f) Testing and Revision Procedures: Procedures for periodic testing and revision of contingency plans.
|
E.HIPAA.22 E.HIPAA.23 E.HIPAA.24 E.HIPAA.25 E.HIPAA.26 E.HIPAA.32 E.HIPAA.45 T.ACCIDENT.1 T.DELIBERATE.1 |
|
Observations |
Recommendations |
Gap |
|
XYZ Co. has identified that their ability to maintain continuous business operations is not critically dependent on information technology. As a result, the scope of the tasks identified above are likely to be minimal. In support of their business continuity capability, XYZ Co. currently has a shared business partner agreement with another local assisted living facility to provide shared technology resources in the event of a continuity plan trigger. This plan has not been tested. |
XYZ Co. should determine whether the current amount of time required to replace and restore business information is acceptable to business operations. XYZ Co. should schedule and execute a test of their contingency agreement with their partner assisted living facility. |
2
|