Disaster Recovery Audit New

Have you identified and prioritized your critical business processes?

Have all IT services been ranked by criticality?

Do you have a comprehensive information security strategy?

Is your information security solely due to an IT professional? In other words, not documented?

Do you have mechanisms in place that appropriately address known issues and identified threats?

Do you have systems in place which alert you to system problems or failures?

Can your organization respond to intrusions within minutes?

Does your business continuity plan cover essential procedures such as business impact analysis, vendor assessment, change management, testing, and maintenance?

Do you know how soon normal business functions can resume should a disruption or disaster occur?

Do you have a comprehensive crisis management plan? Do employees and other stakeholders understand the plan?

Do you have mobile strategies in place, including risk and vulnerability identification, configuration settings, intrusion detection and response, and management of stolen or lost devices?

Do you have existing policies for cloud usage? Do they coincide with other organizational policies, such as procurement, legal, and industry regulations?

Do user authentication and access protocols exist?

Do your company and its employees understand social media risks?

Do you have a process for social media usage within the organization? Do your employees know the guidelines?

Do you periodically have an impartial 3rd party audit your environment?

Have you identified your process dependencies?

Have developed actions and procedures to mitigate negative impacts?

Have you developed a process for recovery?

Have you established your data backup and business continuity desires and objections (i.e. RTO vs RPO)?

Have you communicated the critical process risks and business impacts with management?

Have you gotten management’s buy-in on your DR/BC plan relative to RTO & RPO?

Do you regularly backup your company data ensuring that you have three copies of the data (one in use, one backed up on-site and one backed up offsite)?

Do you regularly monitor the function of your data backup system and its configuration?

Do you regularly perform test restores of your data files and folders to ensure its restore-ability?

Do you periodically perform disaster failover or business continuity tests to validate and ensure desired functionality?

Do you periodically meet with management to discuss all of the above vs. desires and objections and discuss next steps or plan adjustments?