Presentation is loading. Please wait.

Presentation is loading. Please wait.

Audit Planning Presentation - Disaster Recovery Plan

Published byGregor Sauer Modified over 6 years ago

Similar presentations

Presentation on theme: "Audit Planning Presentation - Disaster Recovery Plan"— Presentation transcript:

1 Audit Planning Presentation - Disaster Recovery Plan
Rouying Tang Karabo Ntokwane Jason Mays Linlan Chen Chenhui Lai

2 Agenda Background & Objectives Scope Risk Assessment
Roles and responsibilities Resource Allocation Timeline

3 Background Written disaster recovery plan:
refers to a coordinated strategy involving plans, procedures, and technical measures that enable the recovery of information systems, operations, and data after a disruption. Written disaster recovery plan Auditing: A key step provides instructions, recommendations, and considerations to make sure organization can recover data and continue operations. Should be audited periodically

4 Background Berry College:
An independent, coeducational college founded in 1902 provides comprehensive and balanced education and firsthand educational experience for approximately 2100 students. The current Information technology disaster recovery plan has been reviewed and appareled on December 7th, 2012.

5 Objectives As the guide for Berry College Office for Information Technology management and staff in the recovery and restoration of the information technology systems operated by OIT in the event that a disaster destroys all or part of those systems To minimize the effects of a disaster and allow the college to either maintain or quickly resume mission-critical functions To protect Berry’s computing resources and employees, To safeguard the vital records of which the Office for Information To guarantee the continued availability of essential IT services. To document the procedures for responding to a disaster that involves the data center and OIT services.

6 Objectives To validate that a disaster recovery plan has been developed, examine its adequacy and effectiveness and ensure that tests have been scheduled to prepare for potential declared disaster.

7 Scope Disaster declaration RPO and RTO Application recovery priorities
Communication plan Responsibilities of members of DR management team Training. Review test plans and reports

8 Out of Scope Backup procedures
Alternative site operation/data center rebuild

9 Risk assessment Risk will be assessed in 3 security objective areas of
Confidentiality | Integrity | Accessibility Risk will be assessed on 3 levels of potential impact Low | Medium | High Personal Identifiable Information (PII) will be given additional consideration using PII confidentiality impact level factors Identifiability | Quantity | Data Field Sensitivity | Context of Use Obligation to Protect | Access to and Location Risk will be assessed in 3 security objective areas on 3 levels of potential impact as defined by FIPS Publication 199. The security objective areas are: Confidentiality | Integrity | Accessibility The levels of potential impact are: Low | Medium | High Defined by FIPS Publication 199 & 199 NIST Special Publication Rev. 1

10 Key Risk Areas and Risk Rating
High Recovery Time Objectives (RTO) and Recovery Point Objective (RPO) do not meet the Maximum Tolerable Downtime (MTD) noted in the BIA for network service and data protection Distribution of the Disaster Recovery Plan Ability to communicate effectively during disaster Application recovery priorities

11 Key Risk Areas and Risk Rating
Moderate IT Disaster Recovery Management Team understanding of responsibilities Effective training of team participants who are required to execute plan segments in the event of a disaster. Communication between DR Coordinator, Command Center, Team leaders and team members.

12 Key Risk Areas and Risk Rating
Low Review of test plans and reports Disaster declaration process

13 Prior Findings | Major Changes | Significant Projects
There are no prior findings or significant changes to the disaster recovery process or document expected to affect the audit. Significant Projects There is a current project to implement a new offsite backup facility. Completion may occur during the audit. While the site is out of scope it may cause an update in responsibilities and processes within scope.

14 IT Audit team members’ roles and responsibilities in this audit
Name Roles Responsibilities Chenhui Lai Team Leader Review test plans and reports. Responsible for the overall coordination of the disaster recovery process. Jason Mays Senior Auditor Planning. Data analysis. Verifying vendor contact rosters. Karabo Ntokwane Reporting. Schedule team leaders for recovery plan communications test. Record results of recovery plan communications test.

15 IT Audit team members’ roles and responsibilities in this audit
Name Roles Responsibilities Linlan Chen IT Auditor Be the liaison to upper management Planing Rouying Tang Back up Testing

16 Audit hours for planning, testing, reporting phases
The table below is time allocation for the internal auditing process. Name Chenhui Lai Jason Mays Karabo Ntokwane Rouying Tang Linlan Chen Time allocated to each step of auditing Total hours 108 hours 74 hours 114 hours 83 hours 26 hours Planning Testing Reporting 72 hours 30 hours 6 hours 1 hour 96 hours 6 hour 12 hour 10 hour 24 hours 1 hour DISASTER RECOVERY PLAN TESTING FORMS P.41 Chenhui Lai Audit Team Leader Jason Mays Senior Auditor Schedule team leaders for recovery plan communications test (3 days) Record results of recovery plan communications test ( 1 hour)

17 Key dates and deliverable
‘p

18 Questions?

19 Thank You

20 Citation Abram, Bill (14 June 2012). "5 Tips to Build an Effective Disaster Recovery Plan". Small Business Computing. Retrieved 9 August 2012. National Institute of Standards and Technology (NIST) Contingency Planning Guide for Federal Information Systems Special Publication Rev.1.

Download ppt "Audit Planning Presentation - Disaster Recovery Plan"

Similar presentations

Business Continuity Training & Awareness by Sulia Toutai (ANZ)

Business Continuity Training & Awareness by Sulia Toutai (ANZ)
Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.

Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.
CIOassist Technologies Your CIO on Demand… Business Continuity Planning Our Offering CIOassist Technologies (www.cioassist.in)www.cioassist.in

CIOassist Technologies Your CIO on Demand… Business Continuity Planning Our Offering CIOassist Technologies (
1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.

1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.
Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.

Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.
Business Continuity & Disaster Recovery Planning at The Chicago Board of Trade Presented By: Bryan Durkin Sr. Vice President The Chicago Board of Trade.

Business Continuity & Disaster Recovery Planning at The Chicago Board of Trade Presented By: Bryan Durkin Sr. Vice President The Chicago Board of Trade.
Gulf Coast Energy International Business Continuity / Disaster Recovery Planning and Design Proposal Prepared by Andrew Rolf, Felipe Torres, Pranay Jaiswal.

Gulf Coast Energy International Business Continuity / Disaster Recovery Planning and Design Proposal Prepared by Andrew Rolf, Felipe Torres, Pranay Jaiswal.
Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.

Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.
Services Tailored Around You® Business Contingency Planning Overview July 2013.

Services Tailored Around You® Business Contingency Planning Overview July 2013.
EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)

EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)
Continuity of Operations Planning COOP Overview for Leadership (Date)

Continuity of Operations Planning COOP Overview for Leadership (Date)
RBTC: Business Continuity 101 July 18, 2013. What is Business Continuity? Scenario Part 1 Why is BC important? What types of plans are needed? How do.

RBTC: Business Continuity 101 July 18, What is Business Continuity? Scenario Part 1 Why is BC important? What types of plans are needed? How do.
Module 3 Develop the Plan Planning for Emergencies – For Small Business –

Module 3 Develop the Plan Planning for Emergencies – For Small Business –
Unit 8:COOP Plan and Procedures  Explain purpose of a COOP plan  Propose an outline for a COOP plan  Identify procedures that can effectively support.

Unit 8:COOP Plan and Procedures  Explain purpose of a COOP plan  Propose an outline for a COOP plan  Identify procedures that can effectively support.
ISA 562 Internet Security Theory & Practice

ISA 562 Internet Security Theory & Practice
David N. Wozei Systems Administrator, IT Auditor.

David N. Wozei Systems Administrator, IT Auditor.
Rich Archer Partner, Risk Advisory Services KPMG LLP Auditing Business Continuity Plans.

Rich Archer Partner, Risk Advisory Services KPMG LLP Auditing Business Continuity Plans.
1. 2 Cost to Recover Time to Recover Last Backup Work Backlog Created Lost Data Recovery Operations Time Cost Disaster Recovery Time Frame Reconstruct.

1. 2 Cost to Recover Time to Recover Last Backup Work Backlog Created Lost Data Recovery Operations Time Cost Disaster Recovery Time Frame Reconstruct.

Similar presentations

Ads by Google