IT Examiner School, Palm Springs, CA

First page Table of contents Previous page 41 Next page Last page

Conduct Risk Monitoring

Test the plans to ensure they are viable. Tests should:

• Be commensurate with system complexity and criticality. • Involve audit/independent review personnel. • Include appropriate institution personnel to ensure they are familiar with the disaster recovery procedures. • Be conducted at least annually or more often if significant changes occur. • Be reported to the Board and Senior Management. • Be sufficiently documented.

Testing Strategies

Staffing – Demonstrate staff’s ability to support business processes, communication, and reconciliation of transactions. Technology – Data, systems, applications, network, and telecommunications necessary for supporting business activities.

Testing Strategies

Facilities – Environmental controls, workspace recovery, and physical security.

Made with FlippingBook - professional solution for displaying marketing and sales documents online