Business continuity plan, disaster recovery plan, and law 543



  • After many arguments, we have concluded that BCP Business continuity is out of the scope of Sarbanes Oxley Act.
    SOX permits to consider data backup as the ultimate solution for Disaster Recovery, Business Continuity and Contingency Planning.
    It is interesting to see what other similar laws have in scope:

    1. Graham-Leach-Bliley Act (GLBA) is similar to SOX. Section 501(b) is about requirements for maintaining the integrity and availability of private customer data. This means establishing and testing data backup processes. GLBA does not directly address business continuity and disaster recovery.
    2. Health Insurance Portability and Accountability Act (HIPAA). Introduced contingency planning for health plans, health care clearinghouses and health care providers that transmit electronic
      patient information. Business impact analysis, crisis management, IT disaster recovery, recurring plan review and testing, employee training and awareness, plan audit
      The New York Stock Exchange (NYSE) and the National Association of Securities Dealers have filed with the U.S. Securities and Exchange Commission proposed Rule 446 (Business Continuity and Contingency Plans). Requires all members and member organizations to develop, maintain, review and update business continuity and contingency plans.

Log in to reply