IT Examiner School, Providence, RI

Conduct Risk Monitoring

Test the plans to ensure they are viable. Tests should:

• Be commensurate with system complexity and criticality. • Involve audit/independent review personnel. • Include appropriate institution personnel to ensure they are familiar with  the disaster recovery procedures.  • Be conducted at least annually or more often if significant changes occur. • Be reported to the Board and Senior Management. • Be sufficiently documented.  

Testing Strategies

Staffing – Demonstrate staff’s ability to  support business processes,  communication, and reconciliation of  transactions. Technology – Data, systems, applications,  network, and telecommunications  necessary for supporting business  activities.

Testing  Strategies

Facilities – Environmental controls,  workspace recovery, and physical  security.