DAISI’s Business Continuity and Disaster Recovery Plan must ensure that the DAISI’s critical operations system, contacts and database are not affected by such things as power outage, hardware or system failure, data corruption, cyber attacks or even accidental or malicious data deletion by employees. It must also protect against theft, and both man made and natural disasters (eg fire and flooding).
- DAISI shall at all times keep a back up copy of all DAISI’s database both in the cloud and on an external hard-drive, should there be disruption to one of these sources.
- All DAISI computers should be current in their antivirus and firewall protection.
- Printed form of DAISI policies, codes of conduct, procedure reports members and contact details should be kept at a separate location to the primary DAISI office.
- Contact details of all employees, members, partners, contractors, and associates including mobile and landline phone numbers, & email addresses should be kept on separate back up database both onsite and offsite.
Preventing virus & spyware (eg Malware) attacks
- Induction training will occur for all DAISI staff on the early recognition of spyware or malware threats and attacks including common scenarios leading to malware attacks (eg fake emails asking for links to be clicked, documents to be opened, or asking for personal details or online payment)
- Where in doubt a screen shot and second opinion from another DAISI staff or IT support Person should be obtained.
- Regular checks and scanning off all computers for virus and ensuring up to date antivirus and firewall should occur.
Power Surge & Power Outage
- The computer server & database should have power surge circuit breaker and an emergency battery supply for power outage.
- If DAISI’s head office or country offices are in flood prone areas, then protections of critical documents, computers and database against water damage due to flooding should occur.
- Water proofing of the office should occur and where possible, storage of critical data and equipment should be kept higher than ground level.
- Back up data is to be kept in the cloud or in an external hard drive kept offsite.
- Back up supply of critical data should be kept in the cloud or offsite, or in fire-proof safe
- The office containing critical data and equipment should be protected by locked doors after hours. Ideally alarm systems, CCTV are to be installed to detect and deter theft.
Malicious attacks by employees
- DAISI prides itself on the supportive culture it generates for all staff and members. Nonetheless, it is a fact of reality that from time to time in any organisation a member of staff or volunteer member may become disgruntled. DAISI must realise in the worst case scenario that a staff member or volunteer may seek retaliation through malicious damage to DAISI’s database and critical operations equipment and therefore recommend the following precautions:
- All passcodes login passwords are to periodically changed and specifically changed in the case of a suspected disgruntled staff member or volunteer with access to the central database and critical operations equipment.
- Keys and passcodes for access to critical database and operational equipment must be returned by employees on completion of employment contract, resigning or termination of employment.