IT Examiner School eBook

Internal Use Only

Provide Employee Training

Conduct employee training at enterprise-wide level and business unit level

Teach all employees about responsibilities and procedures to follow during and after recovery

Include periodic simulation exercises for key employees

Ensure that training is regularly scheduled & updated to address operational changes

16

Internal Use Only

Conduct Risk Monitoring Test the plans to ensure they are viable. Tests should: • Be commensurate with system complexity and criticality. • Involve audit/independent review personnel. • Include appropriate Licensee personnel to ensure they are familiar with the disaster recovery procedures. • Be conducted at least annually or more often if significant changes occur. • Be reported to the Board & Senior Management. • Be sufficiently documented.

17