Download presentation
Presentation is loading. Please wait.
Published bySolomon Gaines Modified over 6 years ago
1
Prepare for a DRP Audit Assess your current DRP maturity, identify required improvements, and complete an audit-ready DRP summary document. Info-Tech's products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns.© Info-Tech Research Group
2
Follow Info-Tech’s DRP audit workflow to optimize your audit preparation
Phase 1 Phase 2 Phase 3 1. Determine current DRP maturity 2.1 Close Define phase gaps 2.2 Close Implement phase gaps 2.3 Close Maintain phase gaps 3.1 Create the DRP summary document 3.2 Manage the DRP audit A. Determine the adequacy of your current DRP A. Review asset management strategy A. Create effective recovery procedures A. Establish DR testing best practices A. Document current DR capabilities A. Incorporate audit findings B. Evaluate industry-specific DRP requirements B. Optimize the business impact analysis B. Establish a right-sized DR solution B. Define DR documentation management B. Document the desired DR capabilities B. Manage the auditor & auditee relationship C. Define relevant gaps C. Establish a risk management process C. Optimize DR awareness and training C. Integrate DR into change management C. Create the DRP summary report C. Establish a DR review process DRP Maturity Scorecard DRP Status and Recommendation DRP Summary Template Phase Deliverables
3
Our understanding of the problem
IT infrastructure managers and other senior IT managers who are responsible for managing a DRP audit. Organizations that are about to be audited, or are in the process of being audited. Create a core set of documents that will greatly improve your ability to pass an audit. Conduct a thorough DRP maturity assessment to determine your current DRP maturity. Improve overall DR capabilities by directing you to relevant DRP research. Organizations seeking to improve overall DR capabilities. Internal audit committees looking to improve effectiveness of internal DRP audits. Implement a process to transform audit insights into DR capability improvements. Scope the requirements necessary to develop an internal DRP audit.
4
Executive Summary If you haven’t been audited, it’s only a matter of time as more attention is focused on DR capability. Customers are demanding evidence of DR capability, so even unregulated industries are required to ensure they have a functional DRP. Despite the increased emphasis on DR, most organizations struggle with DR planning. Leverage a DRP audit to raise the profile of DR among senior management and get buy-in to invest in closing DR gaps. Make the DRP audit a help rather than a hindrance. Get the most out of your audit preparation by focusing on evaluating and closing DR gaps, not just on creating documentation. Avoid audit chaos by conducting a self- audit as a preliminary step before a formal request from regulators or customers. Audit requirements can vary greatly based on the auditor’s interpretation – it is difficult to know what you should be preparing for the audit. An audit gets the attention of senior management and puts more pressure on IT to resolve DR gaps. Lack of time and resources to focus on DRP becomes accentuated when an audit is coming. Even if you are not facing an external audit, conduct a self-audit to help you quantify your current DRP gaps for senior management and drive buy-in to invest in closing DR gaps. Define your current DRP maturity at the start of the project. This will help you identify where to focus your efforts. Create concise usable documentation that meets the needs of your IT team as well as your auditor. Don’t waste your effort by creating documentation that satisfies the auditor but is not usable during a crisis.
5
Benefits of a DRP audit or review
The goal is not just to pass an audit, but to improve your DR capability and meet customer demands for resiliency Satisfy Customers: It’s no longer just about regulators. Customers are demanding evidence of DR capability and resiliency. Improve DR Capability: Even if you are not being audited, use this blueprint to identify and resolve DR gaps. Benefits of a DRP audit or review IT and Business Alignment: Conduct a self-audit to facilitate DR discussions with the business and come to an agreement regarding required DR capabilities and investments.
6
Leverage Info-Tech’s additional DRP blueprints to help you complete your DRP audit workflow
The DRP audit workflow encompasses insights and processes from a variety of additional DRP blueprints. Leverage these additional resources to supplement your documentation creation process and close relevant DRP gaps. 1 Create a Right-Sized Disaster Recovery Plan Evaluate Cloud, Co-lo, and In-House DR Deployment Models 2 3 Reduce Costly Downtime Through DR Testing Current Blueprint: Prepare for a DRP Audit 4
7
Info-Tech offers various levels of support to best suit your needs
Consulting Onsite Workshop Guided Implementation “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.” DIY Toolkit Info-Tech Involvement “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” Degree of Customization Diagnostics and consistent methodologies throughout all four options
8
Best-Practice Toolkit Guided Implementations
Prepare for a DRP audit – project overview 1. Determine current DRP maturity 2. Review critical elements of the DRP 3. Prepare DRP audit documentation Best-Practice Toolkit 1.1 Determine the adequacy of your current DRP. 1.2 Review your specific audit requirements. 1.3 Identify relevant DRP gaps. 2.1 Close gaps in the Define phase. 2.2 Close gaps in the Implement phase. 2.3 Close gaps in the Maintain phase. 3.1 Create the DRP Summary document. 3.2 Establish a DRP audit review process. Guided Implementations Call 1: Conduct a DRP maturity assessment. Call 2: Review your additional audit requirements. Call 3: Determine which DRP gaps should be prioritized. Call 1: Close gaps in asset management, BIA, and risk management. Call 2: Close gaps in DR procedures, DR solutions, and DR awareness. Call 3: Close gaps in DR testing, documentation management, and DR integration with change management. Call 1: Review and complete the DRP summary document. Call 2: Create a DRP audit review process that transforms audit insights into improved DR capabilities. Onsite Workshop Module 1: Determine your DRP maturity. Module 2: Review and close DRP gaps. Module 3: Prepare DRP audit documentation. Phase 1 Outcome: Complete a DRP Maturity Scorecard to quantify your current DRP status and identify gaps that need to be addressed. Phase 2 Outcome: Close the gaps identified in the DRP Maturity Scorecard. Phase 3 Outcome: Create a DRP summary document that outlines your DR capabilities and status in a concise format for your audit.
9
Workshop overview Contact your account representative or for more information. Workshop Module 1 (Pre-Workshop) Workshop Module 2 (Onsite – Day 1) Workshop Module 3 (Onsite – Day 2 and 3) Workshop Module 4 (Onsite – Day 4) Activities Task – Determine if this Workshop is the Best Fit 1.1 Assess your current DRP maturity. 1.2 Determine the appropriateness of this workshop. If key elements such as a BIA and at least a high-level incident response plan are not in place, the "Create a Right-Sized DRP" GI or workshop is a better starting point. 1.3 Review your specific audit requirements. Task – Determine DRP Maturity and Gaps 2.1 Re-assess DRP maturity with the workshop participants to gain a common understanding of current status and gaps. 2.2 Review and validate your DRP incident response plan (IRP) with a tabletop planning exercise. 2.3 Prioritize documentation deliverables to complete during this workshop. Task – Finalize DR Procedures for Key Systems 3.1 Update the high-level IRP for key systems. 3.2 Create supporting documentation for key steps in the IRP. 3.3 Ensure roles and responsibilities for the steps in the IRP are defined. Task – Create the DRP Summary Document 4.1 Document your BIA results, including RTO/RPO tiers. 4.2 Create an audit-ready summary of your DR procedures and overall strategy. 4.3 Identify and prioritize remaining audit deliverables to complete through our Guided Implementation. Deliverables DRP Maturity Scorecard preliminary results. DRP Maturity Scorecard updated results. DRP gaps identified and prioritized. Updated DRP Incident Response Plan (IRP). DR procedures for key systems. DRP summary document draft. Prioritized list of remaining deliverables to prepare for the audit.
10
Step 1.1: Maturity Assessment Step 1.2: Industry Requirements
Phase 1 outline Call or for more information. Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships. Guided Implementation 1: Conduct a thorough DRP Maturity Assessment Proposed Time to Completion (in weeks): 2-3 weeks Step 1.1: Maturity Assessment Step 1.2: Industry Requirements Step 1.3: Gap Analysis Start with an analyst kick off call: Discuss the current need for a DRP audit and the expected score of the DRP audit. Review findings with analyst: Review maturity score. Discuss industry-specific requirements and how they impact the audit. Finalize phase deliverable: Based on the stats and recommendations tab, determine what the best ways to close relevant DRP gaps are. Then complete these activities… Review and complete the DRP maturity scorecard for all core requirements. Contact the compliance team and determine industry-specific DR requirements. Document the industry-specific DR requirements. Determine whether your organization is capable of satisfying the industry-specific requirements. Review the DRP maturity dashboard. Analyze your strengths and weaknesses. Determine which area of the framework to focus on. With these tools & templates: DRP Maturity Scorecard Phase 1 Results & Insights: Define the maturity of your DRP through the Define, Implement, and Maintain framework. The maturity score is an indication of the reliability of your DR process. A higher maturity means that you will be able to execute DR procedures more consistently.
11
Leverage Info-Tech’s DRP Maturity Scorecard to identify gaps and assess whether your existing DRP is Adequate or Effective DRP Maturity Scorecard – Duration: 2 hours Adequate: An adequate DRP means that you have the basic requirements in place to pass a DRP audit and to execute recovery. For example, you have a DR site, documented recovery procedures, and assigned roles & responsibilities. Effective: In addition to basic requirements, you also have good DRP management practices in place that ensure consistent and reliable DR procedures that stay aligned with business needs. This includes an annual review of your BIA, updating recovery procedures as your environment changes, and executing more comprehensive DR testing. DRP maturity For most organizations, simply becoming adequate is a challenge and needs to be the first priority. If you fall into this category, focus on the criteria for adequacy first, and target effectiveness as a longer-term goal. Time and budget limitations means DR improvements don’t happen overnight. Use Info-Tech’s DRP Maturity Scorecard.
12
Info-Tech Research Group Helps IT Professionals To:
Quickly get up to speed with new technologies Make the right technology purchasing decisions – fast Deliver critical IT projects, on time and within budget Manage business expectations Justify IT spending and prove the value of IT Train IT staff and effectively manage an IT department Sign up for free trial membership to get practical solutions for your IT challenges “Info-Tech helps me to be proactive instead of reactive – a cardinal rule in a stable and leading edge IT environment. - ARCS Commercial Mortgage Co., LP Toll Free:
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.