Security and Data Recovery
a. Cross site backups are performed using SAN snapshots and Microsoft Data Protection Manager.
b. A complete back-up of all data is captured every 24 hours, with incremental taken of critical systems every 15 minutes. Media is stored off-site via automatic replication to a secondary data center. Tapes are used to archive the data monthly.
c. Online recovery servers are maintained for email, data and client access.
2. Disaster recovery
a. Based on the worst-case scenario of a fire and total systems destruction, disaster recovery is as follows: Off-site data is recalled and we relocate to a pre-established, equipped, disaster recovery suite along with key personnel – based on prioritised workflow categorization. We re-establish system security, data and external communications from the disaster recovery suite.
b. Targets following relocation to a replacement office space are: 1st week – full project output, 14 days – ‘as was’ communication, 4th week – total systems operation.
1. Security – data
a. Electronic files are stored in secure, restricted access folders, protected by passwords, known only to the team working on the project. Physical documents are allocated secure, limited access storage areas. Remote and internet/extranet access security is applied using NTFS and IIS security. All login information is protected with Secure Socket Layer (SSL) External access security is provided by CISCO Firewalls. All data is virus-defended from server to desktop level by anti-virus software (Kaspersky). All incoming email is scanned by MessageLabs Email Security System.
b. Do you limit access to IP addresses or some form of certificate hand shake? The only way to access the system is via an authenticated IP address, authentication is achieved through validating the IP address via an automated email sent to the user. All accounts have IP validation as standard. This means that if a user logs in via a new IP address that hasn’t been authenticated then they would be sent an email to verify themselves before gaining access to the system.