Is there a disaster recovery plan? If a plan exists, when was it last updated?
What are your procedures for updating the plan?
Who is responsible for administration or coordination of the plan?
Is the plan administrator/coordinator responsible for keeping the plan up-to-date?
Is there a disaster recovery implementation team (i.e., the first response team members who will react to the emergency with immediate action steps)?
Where is the disaster recovery plan stored?
Where are the implementation team contacts list stored?
Where is the backup facility site? Are there alternate sites?
What is your schedule for testing and training on the plan?
When was the last drill performed?
Did the drill include use of the backup facilities? If not, when were the backup facilities last used? If over 1 year, how has the organization determined that its programs can still run on the backup equipment?
What was the outcome of the drill? How did it improve preparedness?
What critical systems are covered by the plan?
What systems are not covered by the plan? Why not?
Does the plan operate under any assumptions?
What are the procedures for activation of the plan?
Are inventories as they relate to your critical systems kept (including LAN servers and communication devices)?
If inventories are kept, where are they stored?
Are there formal procedures that specify backup procedures and responsibilities?
What functions/systems/components are covered under such procedures?
What training has been given to personnel in using backup equipment and established procedures?
Where is the off-site storage site?