Review disaster recovery plan.
Verify that the plan contains a date qualifier to ensure currency.
Verify that the plan has been updated within the past 12 months.
Verify that their is effective monitoring of the plan's state of readiness.
Verify storage location of the plan.
If different from above, verify the storage location of the implementation team contact list.
Verify that the implementation team list contains names of team members, job titles, location, office & home telephone numbers.
Validate that the implementation team list contains active associates, their present title and location, including current home and office telephone numbers.
Verify that team members are aware of their roles and responsibilities.
Verify that a testing and training schedule exists and is adequate (at least annually)..
Verify date of last drill.
Verify that the weaknesses identified in the last drill have been addressed and corrected.
Verify plans documented correspond to the Business Continuation plan.
Verify that the plan reflects the current system environment.
Verify that all mission critical programs, data files, computer resources (and operating systems) are covered.
Verify that the non-covered systems are noted.
Verify that the plan incorporates prioritization of critical applications and systems.
Verify that the plan covers procedures for disaster declaration, general shutdown and migration of operations to the backup facility site.
Verify that the plan includes time requirements for recovery/availability of each critical system, and that they are reasonable.
Review any agreements for use of backup facilities and related documents. Verify that the site is adequate.
Verify that the site has appropriate hardware and telecommunications devices to restore operations.
Verify the procedures for periodic evaluation of the backup facilities and equipment to ensure their adequacy including when the facilities last used.
Verify that the site is adequately secured from unauthorized access.
Verify that the proper security is in effect on the backup equipment and software.
Verify that the arrangements with the backup site are of a nature and at an organization level where there appears to be a substantial probability that they would and could be honored for substantial periods (e.g., 50 hours per week for two consecutive weeks).
Verify that the plan includes contingencies in case of prolonged adverse circumstances.
Verify that inventories noted in the plan reflect the current operating environment.
Verify that the plans contain written operating instructions and procedures including procedures to regenerate the system..
Verify storage location of the inventories.
Verify that the plan includes controlled procedures for restoration of the original site for normal operations.
Review the effectiveness of the backup procedures in general.
Verify that the critical program, data files and computer resources defined for backup are in fact created and sent offsite.
Verify that the same is true for procedure and job libraries (verify that the current media library maintained by the user area corresponds to the library at the offsite facility).
Verify that the same is true for operating instructions and other key documentation.
Verify that the same is true for papers relating to systems and programs under development.
Verify that the backup copies for onsite, offsite, and legal retention are appropriate.
For applications with on-line updating of databases, verify that procedures are in place to aid in database recovery to include a) tape/disk logging of input transactions; b) logging of before and after images of updated database records; c) ability to backup or nullify a transaction; d) use of checkpoint/restart software.
Review the arrangements for offsite storage of key data files and documents.
Verify that the offsite storage facilities are so located that a disaster could not destroy the records in both the D&B facility and the storage facility.
Verify the procedures to obtain offsite copies to the backup site is adequate, efficient and timely.