Spring World 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 30, Issue 3

Full Contents Now Available!

In May of 1990 the New York Contingency Planners Exchange Group distributed a survey on data systems security and contingency planning to several organizations at their quarterly meeting. The following are the results of the 21 organizations who participated.

1. Organizations with documented procedures for identifying critical business functions and associated data systems applications: 52%

2. Organizations that have identified critical business functions and the associated data systems applications: 81%
Using documented procedures: 43%
Without documented procedures: 33%

3. Organizations with documented procedures for identifying sensitive data (i.e., personally identifiable and critical data or data supporting critical functions): 52%

4. Organizations that have identified sensitive information: 76%
Its critical data: 76%
In either case,

Using the documented procedures: 43%
Without documented procedures: 33%

5. Organizations with critical data stored off-site: 90%
With data sent off-site and retrieved via a regularly scheduled procedure: 71%
Organizations anticipating a need for on-line vaulting: 71%

6. Organizations with a documented Crisis Management Plan: 57%
With a Business Resumption Plan for office facilities: 43%
With a Disaster Recovery Plan for the critical data systems: 57%
With Contingency Planning for Voice Communications: 52%
With Contingency Planning for Data Communications: 67%

7. Organizations that have considered
Alternate sites within the organization: 67%
Subscription vendors: 52%
Dedicated hot-site internal location: 52%
Dedicated hot-site vendor location: 43%

8. Organizations with a proactive Data Security Awareness Program in place: 38%

The following results are an average of the respondents surveyed.

9. When the plan was last tested: Within the year

Frequency of testing: 1.3 times annually

10. Estimate of how long the organization can operate without its computer systems before

Revenue is impacted: 20 hours
Business is lost: 29 hours

11. Most important components of Data Security Awareness Program:

  • Education and Awareness
  • Audits and Reviews

This survey provided by AT&T.

This article adapted from Vol. 3 No. 4, p. 22.