DRP & PEN Tests

Part of you Business Continuity plan is the Disaster Recovery Plan, how to act in case of disaster.  

Exercise for defining your crisis/disaster 

DRP: Define what you (for you business) consider: 

  1. an event 
  2. an incident
  3. a disaster / crisis

In your Documentation Toolkit you can find procedures to address the events and incidents: 

  • For an event we have the Log and Monitor Procedure in place. 
  • For the incident we have addressed in the Improvement Procedure.  
  • The procedure during disaster / crisis, you will need to compile your self – as this is a very customized procedure. How do you recover your (eg source code and database) during a disaster? Define Recovery Time Objective (RTO): The maximum acceptable time that your application can be offline. Define Recovery Point Objective (RPO): The maximum targeted period in which data might be lost from an IT service due to a major incident; ie, the amount of time that an application or data store can tolerate data loss.

An event and incident will occur probably more often then a disaster / crisis – so you will need to define a contingency plan (disaster recovery plan) – who does what in case of disaster. If you have defined you will need to test this plan (at least once a year) – make sure you have a control in place for this. Review all the steps of our DRP and also think of a second of third plan – in this case you can improve your DRP every year. 

During defining this procedure, you might come up with topics that you want to improve immediately. Make sure that you add this improvement in Compleye Online. 

Also findings from PEN Test will deliver valuable information for defining your Disaster Recovery Plan (DRP). In this section you can provide evidence and document the findings of PEN tests.

 

Field Name 

Description 

Example 

Details 

  

  

Disaster Recovery Plan info 

free text for the title or description 

DRP Jan 2022 

Templates: 

N/A: templates not available yet  

  

Documents: 

+ upload the document  

[upload the DRP Jan 2022 document] 

Assessment finding 

  

  

+ Add first / new assessment 

Assessment date: select date 
Finding: free text  

1st of February, 2022.  Finding: data base restore test run sufficiently 

Approvals of assessment & findings 

  

  

+ Add first / new review 

approval date: select + click approve  

  

  

 

Was this article helpful?
0 out of 5 stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.