Disaster Recovery, and Business Continuity, for all Critical Processing Systems

 Risks, Vulnerabilities and Threats

  • Programs, tables, data, system software, documentation, and hardware may not be recovered completely and timely as a result of a processing interruption, accident, or natural disaster
  • Scenarios to consider: loss of power for extended period of time, loss of one server, loss of server room(s), network failure.

 

Control Objectives and Operational Goals

  • Business continuation plan in place and tested
    • Business can be continued with minimal or no computing support for a period of time
  • Disaster recovery plan in place and tested
    • Backup procedures for data and systems
    • Secure off-site retention of data and system files
    • Complete and thorough system documentation
    • Secure use of an alternate processing site(s)
    • Ability to replace necessary hardware in a timely manner