6.8: Auditing Disaster Recovery Planning and Disaster Recovery Plans Flashcards

1
Q

Auditing Disaster Recovery Planning

A
  • Determine the effectiveness of planning and recovery documentation by examining previous test results.
  • Evaluate the method used to store critical information off-site Evaluate environmental and physical security controls in any off-site or alternative sites and determine their effectiveness. Determine if off-site or alternate site locations are within the same geographical region.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Auditing Disaster Recovery Plans

A
  • Obtain a copy of disaster recovery documentation
  • Examine a copy of the distributed copies of DR documentation to see if they are up to date
  • Determine if all documentations are clear and easy to understand
  • Obtain contract information for off-site storage providers, hot-sites facilities and critical suppliers. Call some of them to see if they are still doing business with the organization.
  • For organization using third-party recovery as cloud infrastructure providers, obtain contacts that define organization and cloud provider obligation.
  • If cloud service provider is used to bring service as recovery site, examine the procedures used too bring cloud-based systems to operational readiness
  • Determine whether backup off-site (or e-vaulting) storage procedures are being followed, if critical IT applications are being backed up and proper media are being stored off-site.
  • Examine change control process
How well did you know this?
1
Not at all
2
3
4
5
Perfectly