IT Examiner School eBook May 2025

 Business continuity testing involves collaboration with critical third parties  Systems, applications, and data recovery are tested at least annually

Control Test Review BCP testing documentation to determine adequacy. Enter Control Test notes here, if performed

Procedure 9 Evaluate the adequacy of the business continuity training program for all stakeholders. Consider the following:  Alignment of training with strategies  Training objectives  Training format  The extent to which various stakeholders (e.g., the board, business continuity program staff,

incident response team, general personnel) are trained  Process for reviewing/updating the training program Click here to enter comments

Decision Factor 3 Strong ☐ Satisfactory ☐ Less than satisfactory ☐ Deficient ☐ Critically deficient ☐ The adequacy of network architectures and the security of connections with public networks.

Click here to enter comments

Procedure 10 Review the network architecture and configurations with management. Consider the following:  Critical systems and components (e.g., servers, firewall, routers, switches, IDS/IPS)  Connection points  Network segmentation (e.g., demilitarized zone [DMZ], virtual local area network [VLAN], wireless)  Documentation of network topology Click here to enter comments Control Test Review network topology and other documentation. Determine whether the documentation is accurate and current. Enter Control Test notes here, if performed Procedure 11 Assess remote access practices used to authenticate, monitor, and control vendor/employee remote