ASES contracted a Cybersecurity expert to review the Disaster Recovery Plan draft, including the security policies and standards of information systems. The work plan includes the following:
1. Preparation of the Business Impact Analysis:
a) Separate meetings with all managers to identify departments' data retention, RTO, BAT and RPO needs.
b) This document will provide a better guide for the IT department of the needs of the departments and thus implement or acquire the necessary solutions for the protection, and DRP of the departments and the agency.
2. Perform an internal Risk Assessment which will help identify and remedy the vulnerabilities in the agency.
3. Establish responsibility to the directors of the agency's departments for their processes and the data they handle.4. Update the DRP based on departmental needs and the current capabilities of the agency's information systems.
The IT department is in advanced discussions with PRITS for the purchase of the licensing of Azure Site Recovery and Azure Backup to meet the needs of the agency and mitigate the possible loss of data and applications in case of an incident such as ransomware attacks and events such as hurricanes or events related to hardware failures (servers, computers, etc.). This is a high priority for the Executive Director.
In the coming months ASES will start the use of OneDrive tools for users to save their documents in this application and SharePoint for departmental files and documents. This implementation will help mitigate the risk that users lose their information due to security incidents or hardware failures. The Backup, Disaster Recovery and Security posture is expected to improve in the next 6 months if the above solutions are implemented.