Disaster Recovery Plan Audit for Berry College

Slide Note
Embed
Share

Berry College's Information Technology Disaster Recovery Plan is a vital strategy to ensure the continuity of IT operations in the event of a disaster. This audit plan presentation outlines the objectives, scope, and responsibilities involved in auditing and maintaining the effectiveness of the disaster recovery plan for Berry College.

ezum297
ezum297 Follow

Uploaded on Sep 28, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Audit Planning Presentation - Disaster Recovery Plan Rouying Tang Karabo Ntokwane Jason Mays Linlan Chen Chenhui Lai

  2. Agenda Background & Objectives Scope Risk Assessment Roles and responsibilities Resource Allocation Timeline

  3. Background Written disaster recovery plan: refers to a coordinated strategy involving plans, procedures, and technical measures that enable the recovery of information systems, operations, and data after a disruption. Written disaster recovery plan Auditing: A key step provides instructions, recommendations, and considerations to make sure organization can recover data and continue operations. Should be audited periodically

  4. Background Berry College: An independent, coeducational college founded in 1902 provides comprehensive and balanced education and firsthand educational experience for approximately 2100 students. The current Information technology disaster recovery plan has been reviewed and appareled on December 7th, 2012.

  5. Objectives As the guide for Berry College Office for Information Technology management and staff in the recovery and restoration of the information technology systems operated by OIT in the event that a disaster destroys all or part of those systems 1. To minimize the effects of a disaster and allow the college to either maintain or quickly resume mission-critical functions 2. To protect Berry s computing resources and employees, 3. To safeguard the vital records of which the Office for Information 4. To guarantee the continued availability of essential IT services. 5. To document the procedures for responding to a disaster that involves the data center and OIT services.

  6. Objectives To validate that a disaster recovery plan has been developed, examine its adequacy and effectiveness and ensure that tests have been scheduled to prepare for potential declared disaster.

  7. Scope Disaster declaration RPO and RTO Application recovery priorities Communication plan Responsibilities of members of DR management team Training. Review test plans and reports

  8. Out of Scope Backup procedures Alternative site operation/data center rebuild

  9. Risk assessment Risk will be assessed in 3 security objective areas of Confidentiality | Integrity | Accessibility Risk will be assessed on 3 levels of potential impact Low | Medium | High Personal Identifiable Information (PII) will be given additional consideration using PII confidentiality impact level factors Identifiability | Quantity | Data Field Sensitivity | Context of Use Obligation to Protect | Access to and Location Defined by FIPS Publication 199 & 199 NIST Special Publication 800-34 Rev. 1

  10. Key Risk Areas and Risk Rating High Recovery Time Objectives (RTO) and Recovery Point Objective (RPO) do not meet the Maximum Tolerable Downtime (MTD) noted in the BIA for network service and data protection Distribution of the Disaster Recovery Plan Ability to communicate effectively during disaster Application recovery priorities

  11. Key Risk Areas and Risk Rating Moderate IT Disaster Recovery Management Team understanding of responsibilities Effective training of team participants who are required to execute plan segments in the event of a disaster. Communication between DR Coordinator, Command Center, Team leaders and team members.

  12. Key Risk Areas and Risk Rating Low Review of test plans and reports Disaster declaration process

  13. Prior Findings | Major Changes | Significant Projects Prior Findings | Major Changes There are no prior findings or significant changes to the disaster recovery process or document expected to affect the audit. Significant Projects There is a current project to implement a new offsite backup facility. Completion may occur during the audit. While the site is out of scope it may cause an update in responsibilities and processes within scope.

  14. IT Audit team members roles and responsibilities in this audit Name Roles Responsibilities Chenhui Lai Team Leader 1. 2. Review test plans and reports. Responsible for the overall coordination of the disaster recovery process. Jason Mays Senior Auditor 1. 2. 3. Planning. Data analysis. Verifying vendor contact rosters. Karabo Ntokwane Senior Auditor 1. 2. Reporting. Schedule team leaders for recovery plan communications test. Record results of recovery plan communications test. 3.

  15. IT Audit team members roles and responsibilities in this audit Name Roles Responsibilities Linlan Chen IT Auditor 1. 2. Be the liaison to upper management Planing Rouying Tang IT Auditor 1. 2. 3. Be the liaison to upper management Back up Testing

  16. Audit hours for planning, testing, reporting phases The table below is time allocation for the internal auditing process. Time allocated to each step of auditing Name Total hours Planning Testing Reporting Chenhui Lai 108 hours 72 hours 30 hours 6 hours Jason Mays 74 hours 72 hours 1 hour 1 hour Karabo Ntokwane 114 hours 96 hours 6 hour 12 hour 83 hours 72 hours 10 hour 1 hour Rouying Tang 24 hours 1 hour 1 hour 26 hours Linlan Chen

  17. Key dates and deliverable

  18. Questions?

  19. Thank You

  20. Citation Abram, Bill (14 June 2012). "5 Tips to Build an Effective Disaster Recovery Plan". Small Business Computing. Retrieved 9 August 2012. https://www.ibm.com/support/knowledgecenter/en/ssw_ibm_i_73/rzarm/rzarmdisastr.htm http://www.all.net/books/audit/kits/bkrecpgm.html National Institute of Standards and Technology (NIST) Contingency Planning Guide for Federal Information Systems Special Publication 800-34 Rev.1.

Related


Understanding Recovery Support Services and Building Recovery Capital

Understanding Recovery Support Services and Building Recovery Capital

lucian
Auditing Lowballing: Impact on Audit Quality and Recovery

Auditing Lowballing: Impact on Audit Quality and Recovery

cox_le
Health Impact Assessments for Natural Disaster Recovery

Health Impact Assessments for Natural Disaster Recovery

victori
Disaster Recovery Operations and Maintenance Overview

Disaster Recovery Operations and Maintenance Overview

wall_d
Internal Audit Planning and Practices for Effective Risk Management

Internal Audit Planning and Practices for Effective Risk Management

keir
Disaster Resilience Strategy in Developing Countries Vulnerable to Natural Disasters

Disaster Resilience Strategy in Developing Countries Vulnerable to Natural Disasters

othello
Global Initiatives for Disaster Risk Reduction in Gandhinagar

Global Initiatives for Disaster Risk Reduction in Gandhinagar

teo_nex
Understanding Internal Audit and Controls Process

Understanding Internal Audit and Controls Process

auden
Reforming Audit Requirements for Federal Awards

Reforming Audit Requirements for Federal Awards

mair_s
Understanding Disaster Management Cycle and Phases

Understanding Disaster Management Cycle and Phases

raya
International experience in the field of Disaster-related Statistics

International experience in the field of Disaster-related Statistics

zimri
Disaster Management and Local Development Through Devolution

Disaster Management and Local Development Through Devolution

rosanna
Government's Immediate Response to Recent Flood Disaster: Overview and Assessment

Government's Immediate Response to Recent Flood Disaster: Overview and Assessment

keegan
Comprehensive Guide to Data Security, Business Continuity, Risk Management, and Disaster Recovery

Comprehensive Guide to Data Security, Business Continuity, Risk Management, and Disaster Recovery

soleil
Lake Brenton Disaster Mitigation Plan Overview

Lake Brenton Disaster Mitigation Plan Overview

sigrid
Financial Recovery After Disaster Project: Comprehensive Framework for Community Resilience

Financial Recovery After Disaster Project: Comprehensive Framework for Community Resilience

acre
Compliance with Audit Documentation

Compliance with Audit Documentation

reine
Internal Audit Process & Audit Committees Overview

Internal Audit Process & Audit Committees Overview

mairead
Comparison of Financial Audit and Management Audit

Comparison of Financial Audit and Management Audit

april
Clinical Audit Results of Moderate to Acute Severe Asthma in EDs 2016/17

Clinical Audit Results of Moderate to Acute Severe Asthma in EDs 2016/17

aster
Conducting an Effective School Energy Audit

Conducting an Effective School Energy Audit

russ_e
Essential Tips for a Successful Audit Process

Essential Tips for a Successful Audit Process

hum_ru
Empowering Recovery Allies: A Comprehensive Training Overview

Empowering Recovery Allies: A Comprehensive Training Overview

cinnamon
Guam Joint Recovery Office Overview

Guam Joint Recovery Office Overview

aurelie

More Related Content

Asset Recovery Practices in England and Wales: Criminal vs. Civil Proceedings
Asset Recovery Practices in England and Wales: Criminal vs. Civil Proceedings
Empowerment Through Education: Mayo Recovery College Workshop
Empowerment Through Education: Mayo Recovery College Workshop
Organisational Structure of Vietnam Red Cross Society in Disaster Preparedness and Response
Organisational Structure of Vietnam Red Cross Society in Disaster Preparedness and Response
Understanding Post-Disaster Damage and Needs Assessment
Understanding Post-Disaster Damage and Needs Assessment
Partners and Resources for Disaster Risk Management (DRM)
Partners and Resources for Disaster Risk Management (DRM)
Understanding the Role of Psychiatrists in Disaster Mental Health
Understanding the Role of Psychiatrists in Disaster Mental Health
School Retirement Plan Audit Presentation by Nebraska Public Employees Retirement Systems Internal Audit
School Retirement Plan Audit Presentation by Nebraska Public Employees Retirement Systems Internal Audit
Understanding the Single Audit Process for Federal Grants
Understanding the Single Audit Process for Federal Grants
Audit of Ward-based IT Infrastructure at University Hospital of Limerick
Audit of Ward-based IT Infrastructure at University Hospital of Limerick
New Risk Management and Internal Audit Framework for Local Councils in NSW
New Risk Management and Internal Audit Framework for Local Councils in NSW
National Audit Results for Severe Sepsis and Septic Shock 2016/17
National Audit Results for Severe Sepsis and Septic Shock 2016/17
Impact of Data Analytics and Consulting Activities on Internal Audit Quality
Impact of Data Analytics and Consulting Activities on Internal Audit Quality
National Clinical Audit 2016/17: Consultant Sign-Off Summary
National Clinical Audit 2016/17: Consultant Sign-Off Summary
Understanding Quality Assurance in Public Audit Systems
Understanding Quality Assurance in Public Audit Systems
Weatherization Energy Auditor Single Family - Energy Audit Software
Weatherization Energy Auditor Single Family - Energy Audit Software
Audit Practices for SDGs Implementation Evaluation in Turkey
Audit Practices for SDGs Implementation Evaluation in Turkey
Understanding Departmental Audits in GST
Understanding Departmental Audits in GST
Internal Audit Department Overview
Internal Audit Department Overview
Federal Audit Executive Council - Contract Closeout Guide Highlights
Federal Audit Executive Council - Contract Closeout Guide Highlights
Analysis of Atopic Eczema in Children: A National Clinical Audit Program
Analysis of Atopic Eczema in Children: A National Clinical Audit Program
Key Considerations for a Successful Audit Process in Nairobi
Key Considerations for a Successful Audit Process in Nairobi
Understanding Audit Risk Assessment Process
Understanding Audit Risk Assessment Process
Database Backup and Recovery Models Explained
Database Backup and Recovery Models Explained
Understanding Estate Recovery in Wisconsin: A Comprehensive Guide
Understanding Estate Recovery in Wisconsin: A Comprehensive Guide