BP 11122023 129pm - Flipbook - Page 95
Consider the use of a cloud backup service, such as like Carbonite and iDrive, for all essential
business data. These automated services will create offsite, encrypted backups of your data and
can be setup for auto backups that work around your employee’s schedules. Again, contact your
3rd-party IT support services for their recommended options but should you want to research
them yourselves, these links will provide you some great options …….
https://www.pcmag.com/picks/the-best-online-backup-services
https://www.tomsguide.com/best-picks/best-cloud-backup
https://www.nytimes.com/wirecutter/reviews/best-online-backup-service/
4.2 Test the validity of backups from time to time through a scheduled restore routine.
4.3 Secure vendor contact lists: Information documented should include: vendor’s contact
information, contact information on those employees at the company that have
credentials/permissions to parish/mission/school/campus center’s systems/data; credentials
(login, passwords, serial numbers; secret questions, etc…) needed to access any of the
parish/mission/school/campus center’s systems and online accounts in the event the 3 rd party
group maintaining this info for them were to disappear or go belly-up. Updates to the
information should always be documented. This information should be kept in a vault like
LastPass or 1Password that is accessible from somewhere other than the parish offices. There
should always be more than one individual that has access to the online vault. Using an online
vault would provide more flexibility to recovering this data than having it stored in a physical
safe, especially if employees were not allowed to gain access to the building for some reason
such as a flood or fire.
4.4 Have a loss of continuity plan, and determine WHO will specifically lead the resumption of
service.
4.5 Create a written disaster recovery protocol plan that provides for detailed steps to restore the
network in the event of cyberattack or natural disaster.
4.6 Include money in the annual budget for disaster recovery updates and testing.
QUESTIONS?
The IT Questionnaire, Standards, & Resource document was developed in collaboration by the
Archdiocese Department of Internal Audit and the Office of Information Technology. If you
have questions concerning the questionnaire, please let your auditor know. If you would like
advice on topics addressed in this document, contact the Archdiocese Office of Information
Technology. Although they will not act as your managed service provider for IT support, the
Office of Information Technology offers consulting services, onsite walkthrough audits and
central purchasing services. They will often share their policies, best practices, and lessons
95
