Sample Business Associate Agreement Policy And Procedure

Every business stakeholder (owners, senior management) understands that their business needs to be prepared for any event that will have a significant affect the ability to conduct normal business, popularly known as disasters. To be prepared for any disaster means to possess a plan. Otherwise, reported by users, you want to fail.

Policies must be defined by probably the most senior management/ownership of any company before procedures are put available to recover from the disaster. However, management often abdicates this responsibility, leaving it down to the IT Department. Abdicate here while using the secondary meaning of “the failure to meet up with or to experience a responsibility or duty.”

The policies how the stakeholders of any business should write are only stating objectives that others will execute. So why do stakeholders ignore writing these policies? There are two major reasons, one intentional then one not, money and ignorance.

1) Money: Stakeholders know the result of noting concrete Business Continuity and Disaster Recovery objectives will surely cost money. Not the process means that no funds will probably be expended. Is this logical or prudent?

2) Ignorance: I placed the term “should” in italics inside second paragraph for the reason. Maybe the stakeholders don’t are aware that they need to employ a plan for coping with harmful or potentially terminal (for the business) disasters. If not someone has to tell them, possibly a peer, staff member, consultant or vendor.

When no recovery policy is determined IT personnel often write procedures and hang up systems in position with no idea whenever they meet the company’s survival objectives. But I digress. Let’s talk about the particular Policies that have to be put available.

Written Policies for IT Disaster Recovery

After conducting a Business Impact Analysis, which identifies potential risks to your business, it is time to set written policies for preventing or recuperating from disasters. These policies will assign time frames to two the real key IT Disaster Recovery metrics, Recovery Point and Recovery Time Objectives.