Does Zayo have a Business Continuity Plan (BCP) and a Disaster Recovery (DR) plan?
Zayo’s Incident Management Plan and Business Continuity Management Program program includes: Identification of a cyber security incident, investigation of the situation (including triage), taking appropriate action (e.g. containing the incident and eradicating its source), reporting to relevant stakeholders, and recovering from a cyber security incident. Zayo treats all events with equal urgency and tests during all real-time events. Outside of real-time events, the Incident Management Plan is tested on an annual basis through tabletop exercises and after incident reports.
BC/DR plans enable recovery from the following events:
- Critical technology or software failure
- Critical technology supplier or utility failure
- Loss or corruption of any critical information
- Disclosure of critically sensitive information
Have Zayo Business Continuity (BCP) and Disaster Recovery (DR) plans been assessed, developed, and tested for large scale remote working?
The Organization’s Business Impact Analysis considers resource requirements during large scale remote working arrangements. BCP and DR strategies and runbooks are developed to address large scale remote working, and tabletop exercises and simulations include large scale remote working scenarios. Zayo tests its resiliency plans on an annual basis and as real world incidents occur.
What does the BC/DR exercise program include?
- Exercises are conducted and updated on a regular, planned basis
- Exercises cover all operations required to resume business
- Each exercise has a post-exercise report with recommendations for improvement
- All key personnel participate in BCP/DR plan exercises
- BCP/DR plan exercises include critical systems recovery
Does Zayo have a disaster response plan that includes contingency plans and response protocols for potential short-term acute events (e.g., hurricane, earthquake, flooding, and etc.) and long-term climate related risks impact (e.g.; changes in precipitation, increased average temperature, and sea level rise)?
Zayo’s Incident Management Plan and Business Continuity Management Program program treats all scenarios and events with equal urgency and tests during all real-time events. Outside of real-time events, the Incident Management Plan is tested on an annual basis through tabletop exercises and after incident reports.
Does Zayo’s Disaster Recovery plan include how to manage potential increases in frequency, severity, or duration of weather events?
Zayo’s Incident Management Plan and Business Continuity Management Program program treats all scenarios and events with equal urgency and tests during all real-time events. Outside of real-time events, the Incident Management Plan is tested on an annual basis through tabletop exercises and after incident reports.
Has Zayo conducted vulnerability assessments, risk assessment, or other calculations to identify what impact physical risks associated with climate related risks (e.g., increases in precipitation-driven flooding, extreme heat events, and inundation due to sea level rise and storm surge) might have on your assets, products, and/or services?
Yes.
Does the Organization have a Disaster Recovery plan that includes contingency plans and response protocols for potential short-term acute events (e.g., hurricane, earthquake, flooding, and etc.) and long-term climate related risks impact (e.g.; changes in precipitation, increased average temperature, and sea level rise)?
Zayo’s Incident Management Plan and Business Continuity Management Program program treats all scenarios and events with equal urgency and tests during all real-time events. Outside of real-time events, the Incident Management Plan is tested on an annual basis through tabletop exercises and after incident reports.
Does Zayo’s Disaster Recovery plan include how to manage potential increases in frequency, severity, or duration of weather events?
Zayo’s Incident Management Plan and Business Continuity Management Program program treats all scenarios and events with equal urgency and tests during all real-time events. Outside of real-time events, the Incident Management Plan is tested on an annual basis through tabletop exercises and after incident reports.
Does the Disaster Recovery plan describe which assets, products, services would most significantly disrupt operations if they experienced short term acute damage (immediate failure, either temporary or catastrophic)?
Yes.
Does the disaster response plan describe which assets, products, services, would most significantly disrupt operations if they experienced gradual long-term cumulative damage (slower degradation; greater wear and tear)?
Yes.
What do Zayo backup processes cover?
- Applications
- Databases
- Endpoints
- Network Drives (including those used by individuals)
- Collaboration tools
- System configurations
- OT-related systems (if applicable)
What do Zayo backup processes include?
- Backup frequency is defined by business criticality
- Backup restores are performed at a frequency defined by business criticality
- Backup data is periodically audited for completeness and accuracy
- Backups are encrypted
Which cloud provider services are utilized by Zayo as part of the backup strategy to accelerate the recovery of data loss?
Zayo utilizes cloud solutions that offer cloud-based data storage and email.
Does Zayo have sufficient redundancies in place to ensure the availability of information processing facilities?
Redundancy is built into Zayo systems for failover events. Backups for power, operations centers, IT systems, and data are also in place.
What kind of backup system is used for devices that connect remotely?
Backup of all data is enabled, performed locally and centrally at regularly scheduled intervals in alignment with data/security policies.