Tuesday, April 6, 2010

Disaster Recovery Plan - TEST STEPS

*       Review disaster recovery plan.
*       Verify that the plan contains a date qualifier to ensure currency.
*       Verify that the plan has been updated within the past 12 months.
*       Verify that their is effective monitoring of the plan's state of readiness.
*       Verify storage location of the plan.
*       If different from above, verify the storage location of the implementation team contact list.
*       Verify that the implementation team list contains names of team members, job titles, location, office & home telephone numbers.
*       Validate that the implementation team list contains active associates, their present title and location, including current home and office telephone numbers.
*       Verify that team members are aware of their roles and responsibilities.
*       Verify that a testing and training schedule exists and is adequate (at least annually)..
*       Verify date of last drill.
*       Verify that the weaknesses identified in the last drill have been addressed and corrected.
*       Verify plans documented correspond to the Business Continuation plan.
*       Verify that the plan reflects the current system environment.
*       Verify that all mission critical programs, data files, computer resources (and operating systems) are covered.
*       Verify that the non-covered systems are noted.
*       Verify that the plan incorporates prioritization of critical applications and systems.
*       Verify that the plan covers procedures for disaster declaration, general shutdown and migration of operations to the backup facility site.
*       Verify that the plan includes time requirements for recovery/availability of each critical system, and that they are reasonable.
*       Review any agreements for use of backup facilities and related documents. Verify that the site is adequate.
*       Verify that the site has appropriate hardware and telecommunications devices to restore operations.
*       Verify the procedures for periodic evaluation of the backup facilities and equipment to ensure their adequacy including when the facilities last used.
*       Verify that the site is adequately secured from unauthorized access.
*       Verify that the proper security is in effect on the backup equipment and software.
*       Verify that the arrangements with the backup site are of a nature and at an organization level where there appears to be a substantial probability that they would and could be honored for substantial periods (e.g., 50 hours per week for two consecutive weeks).
*       Verify that the plan includes contingencies in case of prolonged adverse circumstances.
*       Verify that inventories noted in the plan reflect the current operating environment.
*       Verify that the plans contain written operating instructions and procedures including procedures to regenerate the system..
*       Verify storage location of the inventories.
*       Verify that the plan includes controlled procedures for restoration of the original site for normal operations.
*       Review the effectiveness of the backup procedures in general.
*       Verify that the critical program, data files and computer resources defined for backup are in fact created and sent offsite.
*       Verify that the same is true for procedure and job libraries (verify that the current media library maintained by the user area corresponds to the library at the offsite facility).
*       Verify that the same is true for operating instructions and other key documentation.
*       Verify that the same is true for papers relating to systems and programs under development.
*       Verify that the backup copies for onsite, offsite, and legal retention are appropriate.
*       For applications with on-line updating of databases, verify that procedures are in place to aid in database recovery to include a) tape/disk logging of input transactions; b) logging of before and after images of updated database records; c) ability to backup or nullify a transaction; d) use of checkpoint/restart software.
*       Review the arrangements for offsite storage of key data files and documents.
*       Verify that the offsite storage facilities are so located that a disaster could not destroy the records in both the D&B facility and the storage facility.
*       Verify the procedures to obtain offsite copies to the backup site is adequate, efficient and timely.

No comments:

Post a Comment