A Report On Pre Incident Changes - 1578 Words

BCP Revision 1.0 PRE-INCIDENT CHANGES The following will be implemented to be help ensure the well-being of the company in the event of incident: 1. Backups of all data, images, production systems, configurations, customer data, sales data, finance data, HR data, legal data, management data, IT and InfoSec data will be maintained via standard procedure, and stored not only at the main office but in another data center within another region of the US, such as a hot site, to be available for use at any time. 2. A BCP Committee will be formed to audit and review the current BCP plan for any changes that may need to be made, with input from the security team, IT, sales, operations, upper management, finance, HR and legal teams. BCP†¦show more content†¦Any data on customer environments retrieved from vulnerability scanning and PCI scanning is deemed sensitive. Documents of logs and other troubleshooting data received to support is deemed sensitive, as well as routinely stored logs within log manager. Development Data Data belonging to development departments such as proposed projects, trade secrets, projects in route to be deployed, historic operations information, QA data and implementation data are deemed sensitive. Sales and Marketing Data Data with regard to prospective customers, contracts, marketing strategies, marketing metrics and transactions are deemed sensitive. Employee Data Data in regard to an employee’s tax records, personal data, employment contracts and training data, transactions, entry/exit records and browsing/working records are deemed sensitive data. DATA PROTECTION DURING NORMAL BUSINESS 1. Encryption of all hard drives on all devices, including employee machines, servers, and all devices where possible, is required. 2. All network traffic throughout the company will be encrypted where possible. 3. All external contact into the local LAN must be done through VPN connection. 4. Strict adherence to the Access Request procedure must be exercised when IT gives any type of access to systems or data, including direct manager approval, business justification, standard role, justification for extra system or data access beyond standard role, and