IT Examiner School

Results of On-Site Discussion with Management, Part 4

You had a brief discussion with CEO Bose about this part of this exam. He was not able to recall any testing they have conducted.

Examiner: Are you the one responsible for putting together the Disaster Recovery and Business Resumption Plans? NA Fossil: Yes. They are approved by the Board annually.

Examiner: So does EVP Jones or any of the other members of senior management provide input? NA Fossil: No. That responsibility is mine.

Examiner: I reviewed your Disaster Recovery and Business Resumption Plans. I have a few recommendations that would help complete the plan:

NOTE: You already learned about these improvements in the DR/BCP in the classroom training.

• You should reconsider your assumptions because they do not appear realistic. For example, if disaster, struck, you cannot realistically count on Internet access and minimal impact. • The plans should have phone numbers of emergency response units, utility companies, primary and state regulators, etc. • Provide more specific information as to the Cloud storage and back-up.

Other recommended improvements to the Business Resumption Plan could include:

NOTE: You already learned about these improvements in the classroom training.

• Adding the assembly points to the Plan. • Defining “Vital Documents” • Including digital media in the Shutdown procedures.

Examiner: Do you use a BIA based on the latest risk assessment? NA Fossil: No. Like I mentioned earlier, I am new at this and have not had time to complete one yet.

Examiner: As you know, the BIA will ensure that your disaster recovery and business continuity efforts are appropriate for your bank. NA Fossil: Yes, I understand. I would just like to add that one of staff additions we expect to hire at the bank listed DR/BCP experience would be required.