2023 IT Examiner School

Internal Use Only

Risk Management Strategies to Minimize Service Disruptions Identify an alternative or back-up site and/or subscribe to a disaster recovery service

Detail backup and off-site storage procedures

List applications to be brought up in given timeframes

Ensure that sufficient resources are available to meet the timeframes

Create procedures for how the Licensee will exchange information with service providers and third parties from the backup location

Internal Use Only

Vendor Agreements

Review the vendor’s plan to ensure that critical services can be restored within acceptable timeframes

Establish provisions that address the vendor’s responsibility for maintaining and testing plans

Ensure that the institution has identified how to adjust internal procedures if the vendor invokes its plan