Have you tested your plan B?
You can download the series to date as a PDF from https://tinyurl.com/itbpseries2018.
Agreement: Businesses should manage, retain and process information to extract the best value from it. They also need to minimise the risk of losing or corrupting it. Reliable service providers and agreed parameters based on best practice help to reduce this risk.
Service provider relationships require professionalism and trust. The people who implement and configure your IT equipment invariably have access to all your data, no matter how confidential. Due to this high level of responsibility, it’s prudent to have a mechanism to hold service providers to account. This is commonly known as a Service Level Agreement or SLA and would form part of an overall best practice strategy. An SLA details both the service provider’s and client’s obligations. By defining and signing a reasonable SLA with your service provider or even just an internal IT team, you’ll save yourself time, money and frustration if something goes wrong.
A recent shift to cloud-based services has seen many businesses move data outside of their immediate control, to remote data centres all over the globe. “Cloud” is merely marketing jargon for a service hosted on the internet rather than on your premises. It is an increasingly popular alternative to installing and maintaining costly in-house servers. Microsoft’s Office 365 is a common example of a cloud-based service. A common misunderstanding is that cloud service providers “handle all that stuff” and there’s no need to worry about things like backups, outages, viruses or similar disruptions. That’s not always the case - you should study your contracts carefully to fully understand what the cloud service includes, and what testing is carried out to ensure the backups and disaster recovery options are working correctly. The remoteness of cloud services means you now need to ensure that not only is your data secure where it’s stored, but the connections and firewalls at each end of the service are secure and fail-safe too.
Policies: An Information Security policy aims to preserve confidentiality by ensuring that certain information is accessible only to appropriate users. The integrity of the information - its accuracy and completeness - must also be addressed. Change Management and Version Control policies,when properly implemented and adhered to, can ensure your business has reliable access to its information assets as needed, confident that the data has not been tampered with. When the buck stops with you, you’ll sleep easier knowing that if something goes wrong, you’ve got a plan B - and it’s a good one!