Chapter 7 DXp InformatIon SeCurIty Backup Jobs and Synch Jobs The system administrators should define backup and synchronization jobs to regularly back up critical data. The files and code should also be regularly backed up. Disaster Recovery and Business Continuity Plan In order to fully protect the data, the organization should set up a disaster recovery (DR) environment where data is backed up on a regular basis. During unexpected disasters, the organization can use the DR environment to resume the business within a short span of time. Implementing Information Security Policies Defining and implementing robust information security policies are essential to providing robust information security for a DXP. This section discusses various aspects related to information security policies. Information Access Policies We need to define security policies and processes to protect information, so that information is appropriately used, distributed, modified, recorded, and destroyed. • Define policies for sharing sensitive information on social media platforms. • Conduct security audits regularly to ensure compliance of defined security policies (such as International Organization for Standardization [ISO] and the International Electrotechnical Commission [IEC] 27002). Wherever needed, the organization should also engage an external auditor or certification body to assess security compliance. • Log, monitor, and track all access change events and admin activities in a secure audit log. The access logs should be retained and archived as per the regulations. The process of creating an information security policy is detailed in Figure 7-1. 203