OR-16 IT Operations & Resilience
DR Testing
The recovery plan actually works.
- Domain
- IT Operations & Resilience
- Control type
- Detective
- Automated / manual
- Manual
- Frequency
- Annual
- Framework reference
- MAS TRM – Resilience
What good looks like
DRP is tested periodically; results documented; gaps remediated.
Risk if it fails
Recovery fails when invoked.
How Tess tests it
3 tests — each concludes only on cited evidence.
DR-test schedule defined
Design- Procedure
- Inspect the schedule.
- Expected
- Periodic testing defined.
- Sample
- 1 (design inspection)
- Evidence
- DR-test report, remediation actions.
DR test performed in period
Operating- Procedure
- Inspect the report.
- Expected
- Executed in period.
- Sample
- 1
- Evidence
- DR-test report, remediation actions.
Gaps from the test remediated
Operating- Procedure
- Inspect remediation.
- Expected
- Actions closed.
- Sample
- 1
- Evidence
- DR-test report, remediation actions.
Evidence Tess looks for
DR-test report, remediation actions.
More in IT Operations & Resilience
Want Tess to test OR-16 against your evidence?
Book a demo