OR-11 IT Operations & Resilience
Backup Policy & Execution
Data is backed up to meet recovery objectives.
- Domain
- IT Operations & Resilience
- Control type
- Preventive
- Automated / manual
- Automated
- Frequency
- Daily / defined
- Framework reference
- MAS TRM – Resilience; COBIT DSS04
What good looks like
Backups run per schedule (frequency/scope/retention) aligned to RPO.
Risk if it fails
Data loss; inability to recover.
How Tess tests it
3 tests — each concludes only on cited evidence.
Backup schedule aligned to RPO
Design- Procedure
- Inspect the policy.
- Expected
- Frequency meets RPO.
- Sample
- 1 (design inspection)
- Evidence
- Backup policy, backup job logs/dashboard.
Backups complete successfully
Operating- Procedure
- Sample the period.
- Expected
- Successful backups.
- Sample
- 25 (or full config inspection)
- Evidence
- Backup policy, backup job logs/dashboard.
Scope covers critical systems/data
Operating- Procedure
- Inspect backup scope.
- Expected
- Complete coverage.
- Sample
- 25 (or full config inspection)
- Evidence
- Backup policy, backup job logs/dashboard.
Evidence Tess looks for
Backup policy, backup job logs/dashboard.
More in IT Operations & Resilience
Want Tess to test OR-11 against your evidence?
Book a demo