Headline Subhead Vertical Spacing V 4 Prepare for
Headline / Subhead Vertical Spacing V 4 Prepare for a DRP Audit Assess your current DRP maturity, identify required improvements, and complete an audit-ready DRP summary document. Info-Tech Research Group, Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns. © 1997 -2015 Info-Tech Research Group Inc. Info-Tech Research Group 1
Follow Info-Tech’s DRP audit workflow to optimize your audit preparation Phase 3 Phase 2 Phase 1 1. Determine current DRP maturity 2. 1 Close Define phase gaps 2. 2 Close Implement phase gaps 2. 3 Close Maintain phase gaps 3. 1 Create the DRP summary document 3. 2 Manage the DRP audit A. Determine the adequacy of your current DRP A. Review asset management strategy A. Create effective recovery procedures A. Establish DR testing best practices A. Document current DR capabilities A. Incorporate audit findings B. Evaluate industry-specific DRP requirements B. Optimize the business impact analysis B. Establish a right -sized DR solution B. Define DR documentation management B. Document the desired DR capabilities B. Manage the auditor & auditee relationship C. Define relevant gaps C. Establish a risk management process C. Optimize DR awareness and training C. Integrate DR into change management C. Create the DRP summary report C. Establish a DR review process DRP Maturity Scorecard DRP Status and Recommendation DRP Summary Template Phase Deliverables Info-Tech Research Group 2
Our understanding of the problem This Research is Is Designed For: This Research Will Help You: üIT infrastructure managers and other senior IT üCreate a core set of documents that will greatly managers who are responsible for managing a DRP audit. üOrganizations that are about to be audited, or are in the process of being audited. improve your ability to pass an audit. üConduct a thorough DRP maturity assessment to determine your current DRP maturity. üImprove overall DR capabilities by directing you to relevant DRP research. This Research Will Also Assist: This Research Will Help You: Them: üOrganizations seeking to improve overall DR üImplement a process to transform audit capabilities. üInternal audit committees looking to improve effectiveness of internal DRP audits. insights into DR capability improvements. üScope the requirements necessary to develop an internal DRP audit. Info-Tech Research Group 3
Executive Summary Situation • If you haven’t been audited, it’s only a matter of time as more attention is focused on DR capability. • Customers are demanding evidence of DR capability, so even unregulated industries are required to ensure they have a functional DRP. • Despite the increased emphasis on DR, most organizations struggle with DR planning. Complication • Audit requirements can vary greatly based on the auditor’s interpretation – it is difficult to know what you should be preparing for the audit. • An audit gets the attention of senior management and puts more pressure on IT to resolve DR gaps. Info-Tech Insight 1. Leverage a DRP audit to raise the profile of DR among senior management and get buy-in to invest in closing DR gaps. Make the DRP audit a help rather than a hindrance. 2. Get the most out of your audit preparation by focusing on evaluating and closing DR gaps, not just on creating documentation. 3. Avoid audit chaos by conducting a selfaudit as a preliminary step before a formal request from regulators or customers. • Lack of time and resources to focus on DRP becomes accentuated when an audit is coming. Resolution • Even if you are not facing an external audit, conduct a self-audit to help you quantify your current DRP gaps for senior management and drive buy-in to invest in closing DR gaps. • Define your current DRP maturity at the start of the project. This will help you identify where to focus your efforts. • Create concise usable documentation that meets the needs of your IT team as well as your auditor. Don’t waste your effort by creating documentation that satisfies the auditor but is not usable during a crisis. Info-Tech Research Group 4
The goal is not just to pass an audit, but to improve your DR capability and meet customer demands for resiliency Improve DR Capability: Even if you are not being audited, use this blueprint to identify and resolve DR gaps. Satisfy Customers: It’s no longer just about regulators. Customers are demanding evidence of DR capability and resiliency. Benefits of a DRP audit or review IT and Business Alignment: Conduct a self-audit to facilitate DR discussions with the business and come to an agreement regarding required DR capabilities and investments. Info-Tech Research Group 5
Leverage Info-Tech’s additional DRP blueprints to help you complete your DRP audit workflow The DRP audit workflow encompasses insights and processes from a variety of additional DRP blueprints. Leverage these additional resources to supplement your documentation creation process and close relevant DRP gaps. 1 Create a Right. Sized Disaster Recovery Plan 2 3 Evaluate Cloud, Co-lo, and In-House DR Deployment Models Reduce Costly Downtime Through DR Testing Current Blueprint: Prepare for a DRP Audit 4 Info-Tech Research Group 6
Use these icons to help you navigate this research Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities. This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project. This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization. Info-Tech Research Group 7
Info-Tech Involvement Info-Tech offers various levels of support to best suit your needs Guided Implementation DIY Toolkit “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful. ” “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track. ” Onsite Workshop “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place. ” Consulting “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project. ” Degree of Customization Diagnostics and consistent methodologies throughout all four options Info-Tech Research Group 8
Prepare for a DRP audit – project overview 1. Determine current DRP maturity 1. 1 Determine the adequacy of your current DRP. 1. 2 Review your specific audit requirements. 2. Review critical elements of the DRP 2. 1 Close gaps in the Define phase. 2. 2 Close gaps in the Implement phase. 2. 3 Close gaps in the Maintain phase. 3. Prepare DRP audit documentation 3. 1 Create the DRP Summary document. 3. 2 Establish a DRP audit review process. 1. 3 Identify relevant DRP gaps. Best-Practice Toolkit Call 1: Conduct a DRP maturity assessment. Call 2: Review your additional audit requirements. Call 3: Determine which DRP gaps should be prioritized. Guided Implementations Call 1: Close gaps in asset management, BIA, and risk management. Call 2: Close gaps in DR procedures, DR solutions, and DR awareness. Call 1: Review and complete the DRP summary document. Call 2: Create a DRP audit review process that transforms audit insights into improved DR capabilities. Call 3: Close gaps in DR testing, documentation management, and DR integration with change management. Module 1: Determine your DRP maturity. Module 2: Review and close DRP gaps. Module 3: Prepare DRP audit documentation. Phase 1 Outcome: • Complete a DRP Maturity Scorecard to quantify your current DRP status and identify gaps that need to be addressed. Phase 2 Outcome: • Close the gaps identified in the DRP Maturity Scorecard. Phase 3 Outcome: • Create a DRP summary document that outlines your DR capabilities and status in a concise format for your audit. Onsite Workshop Info-Tech Research Group 9
Workshop overview Contact your account representative or email Workshops@Info. Tech. com for more information. Workshop Module 1 (Pre-Workshop) Workshop Module 2 (Onsite – Day 1) Workshop Module 3 (Onsite – Day 2 and 3) Workshop Module 4 (Onsite – Day 4) Task – Determine if this Workshop is the Best Fit Task – Determine DRP Maturity and Gaps Task – Finalize DR Procedures for Key Systems Task – Create the DRP Summary Document 2. 1 Re-assess DRP maturity with the workshop participants to gain a common understanding of current status and gaps. 3. 1 Update the high-level IRP for key systems. 4. 1 Document your BIA results, including RTO/RPO tiers. 3. 2 Create supporting documentation for key steps in the IRP. 2. 2 Review and validate your DRP incident response plan (IRP) with a tabletop planning exercise. 3. 3 Ensure roles and responsibilities for the steps in the IRP are defined. 4. 2 Create an audit-ready summary of your DR procedures and overall strategy. Activities 1. 1 Assess your current DRP maturity. 1. 2 Determine the appropriateness of this workshop. If key elements such as a BIA and at least a high-level incident response plan are not in place, the "Create a Right-Sized DRP" GI or workshop is a better starting point. 2. 3 Prioritize documentation deliverables to complete during this workshop. 4. 3 Identify and prioritize remaining audit deliverables to complete through our Guided Implementation. Deliverables 1. 3 Review your specific audit requirements. 1. DRP Maturity Scorecard preliminary results. 1. DRP Maturity Scorecard updated results. 1. Updated DRP Incident Response Plan (IRP). 2. DRP gaps identified and prioritized. 2. DR procedures for key systems. 1. DRP summary document draft. 2. Prioritized list of remaining deliverables to prepare for the audit. Info-Tech Research Group 10
- Slides: 10