IT Examiner School, Providence, RI

Disaster Recovery and Business Continuity Planning

 Business Continuity Planning and Disaster Recovery Planning are used together so often that people often begin to forget that there is a difference between the two.  FIs often use the terms Disaster Recovery and Business Continuity interchangeably. The content of the plans is important rather than the names of the plans.  Disaster recovery and business continuity plans are interdependent. These plans are so interdependent that they are often solidified into one detailed plan that covers all unexpected possibilities that the business may encounter.  Both DR and BCP plans identify many of the same aspects, such as communication factors, temporary locations and security features.  Key contact information for management, employees, regulatory agencies, and key vendors should be included within the DR and BCP plans.  Information security must be considered as part of any disaster recovery event.

Testing of IT Controls: a best practice and GLBA requirement

“…Design and implement information safeguards to control the risks you identify through risk assessment, and regularly test or otherwise monitor the effectiveness of the safeguards’ key controls, systems, and procedures….”

Testing of Controls is generally achieved through:

 IT General Controls Audit  Vulnerability assessments  Penetration testing