Enterprise Security and Business Continuity

Ensuring data and information is secure and ongoing corporate continuity

History

The goals and objectives of the project were to identify and address the internal and external security exposure of each CGIAR member’s information systems; develop and implement a CGIAR-wide security architecture; develop and implement a CGIAR-wide Business Continuity Plan; and equip selected CGIAR personnel with the appropriate skills to implement and manage the detailed strategies identified.

The project conducted detailed IT risk and security assessments at pilot Centers (IRRI and ILRI) in Asia and EMEA, while non-pilot Centers in the same regions received site visits to assist in identifying IT risks. Except for IWMI and WorldFish, all the other non-pilot Centers in both Asia and Africa were unable to complete the business impact analysis. Both IRRI and ILRI received a set of recommended security policies that covered the given domains to meet ISO requirements. Strategy development ranged from, where possible, removing the threat altogether to minimizing the likelihood of occurrence, and minimizing the effect of occurrence.

In 2007, based on the evaluation of project activities to date and using the remaining funds, the project developed new plans for the Americas region, with activities led by CIP for both enterprise security and business continuity for all Centers in that region. The project carried out security reviews by external consultants of the relevant Centers and provided a training program for IT specialists.

Lead Administrative Centers

IRRI until December 2006, then CIP from 2007 onwards

Project Coordinators

Paul O’Nolan (IRRI)
Anthony Collins (CIP)