6.8: Auditing Disaster Recovery Planning and Disaster Recovery Plans Flashcards
1
Q
Auditing Disaster Recovery Planning
A
- Determine the effectiveness of planning and recovery documentation by examining previous test results.
- Evaluate the method used to store critical information off-site Evaluate environmental and physical security controls in any off-site or alternative sites and determine their effectiveness. Determine if off-site or alternate site locations are within the same geographical region.
2
Q
Auditing Disaster Recovery Plans
A
- Obtain a copy of disaster recovery documentation
- Examine a copy of the distributed copies of DR documentation to see if they are up to date
- Determine if all documentations are clear and easy to understand
- Obtain contract information for off-site storage providers, hot-sites facilities and critical suppliers. Call some of them to see if they are still doing business with the organization.
- For organization using third-party recovery as cloud infrastructure providers, obtain contacts that define organization and cloud provider obligation.
- If cloud service provider is used to bring service as recovery site, examine the procedures used too bring cloud-based systems to operational readiness
- Determine whether backup off-site (or e-vaulting) storage procedures are being followed, if critical IT applications are being backed up and proper media are being stored off-site.
- Examine change control process