HHS Information Security Program Still ‘Not Effective’
Audit Again Cites Contingency Planning Weaknesses
… Tom Walsh, founder of consulting firm tw-Security, says “resiliency equals survival.” He adds: “There is a long history of businesses that no longer exist because of inadequate contingency planning – or worse, those who mistakenly thought, ‘it won’t happen to me,’ and did not even take basic precautions to protect themselves.”
Two common contingency planning issues beleaguer most organizations, according to Walsh.
“IT staff have a reputation for being poor at documentation,” he notes. And accuracy is a problem as well. “Things are always changing, especially in larger organizations. Even a well-written contingency plan can become quickly outdated,” he says.
And if an organization does not practice carrying out its contingency plan, it’s not fully prepared, Walsh notes. “Practicing prepares the entire team for a more coordinated, well-communicated approach to recovery. The IT department cannot do this alone.”