IT Examiner School, Seaside, CA

Conduct Risk Monitoring

Test the plans to ensure they are viable. Tests should:

• Be commensurate with system complexity and criticality

• Involve audit/independent review personnel

• Include appropriate institution personnel to ensure they are familiar with the disaster recovery procedures

• Be conducted at least annually or more often if significant changes occur

• Be reported to the Board and Senior Management

• Be sufficiently documented

Testing Strategies

• Staffing – Demonstrate staff’s ability to support business processes, communication, and reconciliation of transactions.

• Technology – Data, systems, applications, network, and telecommunications necessary for supporting business activities.

• Facilities – Environmental controls, workspace recovery, and physical security.