Documentation
To maximize their effectiveness, disaster recovery plans are documented in written form and in a manner that is easily understood by those who will need to use it. In addition, the plan must also be readily available as well, since digging for a hard-to-find or misplaced disaster recovery plan at a time of a disaster can complicate the effect of the disaster. Furthermore, because of the constant changes that occur in the modern business environment, disaster plans are most effective when updated frequently. This was, the plans will also cover new and existing threats as such threats develop. Adequate records need to be retained by the organization. The auditor examines records, billings, and contracts to verify that records are being kept. One such record is a current list of the organization's hardware and software vendors. Such list is made and periodically updated to refelcet changing business practice. Copies of it are stored on and off site and are made available or accessible to those who require them. An auditor tests the procedures used to meet this objective and determine their effectiveness.
Read more about this topic: Disaster Recovery And Business Continuity Auditing