32 pages

Slovak

Final IT BCP Audit E cover

Onsa - Marcandre.Campeau

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

32 pages

Slovak

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

A propos
Informations
Extrait

Description

Information Technology Business Continuity Planning Audit January 2007 Paper ISBN: SG5-14/2007E Cat. No.: 978-0-662-46438-9 PDF ISBN: SG5-14/2007E-PDF Cat. No.: 978-0-662-46439-6 Information Technology Business Continuity Planning Audit January 2007 Project Number: 6720 Audit Team: A/Chief Audit Executive: Barbara McNab A/Director General: Stuart Saint IT Audit Director: Paul LePage IT Audit Manager: Mike Winterburn IT Auditors: Francois-Michel Brière Sandra O’Connor Denis L. Tisseur (Spearhead, Inc.) Table of Contents EXECUTIVE SUMMARY ............................................................................................... i 1.0 INTRODUCTION................................................................................................. 1 1.1 BACKGROUND.............................................................................................. 1 2.0 FINDINGS............................................................................................................. 2 2.1 PLANNING & ORGANIZATION....................................................................... 3 2.1.1 PROTECTED ................................................................................3 2.1.2 Assessment of risk is ...

Informations

Publié par	Onsa
Nombre de lectures	96
Langue	Slovak

Extrait

Information Technology Business Continuity Planning Audit January 2007

Paper ISBN: Cat. No.: PDF ISBN: Cat. No.:

SG5-14/2007E 978-0-662-46438-9

SG5-14/2007E-PDF 978-0-662-46439-6

Information Technology Business Continuity Planning Audit

Project Number:6720 Audit Team: A/Chief Audit Executive: A/Director General: IT Audit Director: IT Audit Manager: IT Auditors:

January 2007

Barbara McNab Stuart Saint Paul LePage Mike Winterburn Francois-Michel Brière Sandra O’Connor Denis L. Tisseur (Spearhead, Inc.)

Table of Contents

EXECUTIVE SUMMARY ............................................................................................... i 1.0 INTRODUCTION................................................................................................. 1 1.1 BACKGROUND.............................................................................................. 1 2.0 2..........................................................................................................FINDINGS... 2.1 PLANNING& ORGANIZATION....................................................................... 3 2.1.1 PROTECTED ................................................................................3 2.1.2 Assessment of risk is being performed .................................................................5 2.2 DELIVERY ANDSUPPORT............................................................................. 8 2.2.1 PROTECTED .....................................................................8 2.2.2 Operations are being managed ...........................................................................12 2.2.3 PROTECTED............................................................1.3........................ 2.2.4 Compliance with external requirements is achieved...........................................13 Appendix A Terms of Reference ................................................................................ 15 Appendix B Management Action Plan....................................................................... 17

Information Technology Business Continuity Planning Audit

PROTECTED

EXECUTIVE SUMMARY According to Public Safety and Emergency Preparedness Canada (PSEPC), “a Business Continuity Plan (BCP) enables critical services or products to be continually delivered to clients. Instead of focusing on resuming a business after critical operations have ceased, or recovering after a disaster, a business continuity plan endeavours to ensure that critical operations continue to be available. The audit’s objectives were to review the appropriateness of the department’s IT BCPs by assessing the IT BCPs with emphasis on planning and organization, and delivery and support. Audit Conclusion: The audit concluded that most of the departments’ IT environments have appropriate BCPs, however, some risks were noted that should be addressed to ensure continuity of IT services. Historically, the department’s ITCs have developed, implemented and strengthened controls within the mainframe environment. Please note that the following recommendations are numbered (e.g. #1, #2) in the chronological order that they appear in this report and have not yet been prioritized by management.

PROTECTED

Service Canada, Internal Audit Branch

Information Technology Business Continuity Planning Audit

Servcie aCanad,I netran lAuidt Branhc

PROTECTED

Information Technology Business Continuity Planning Audit

PROTECTED

Servcie aCanad,I nterna lAuidt Branhc

Information Technology Business Continuity Planning Audit

Servcie aCanda,I netran luAidt Branch

Information Technology Business Continuity Planning Audit

1.0 INTRODUCTION 1.1 Background In accordance with Treasury Board Secretariat’s Internal Audit Policy, SDC’s Audits and Evaluation Directorate (AED) created an audit plan which was approved by SDC’s Audit and Evaluation Committee. One of the assurance audits within this plan is the Information Technology (IT) Business Continuity Planning (BCP) Audit. According to Public Safety and Emergency Preparedness Canada (PSEPC), “a Business Continuity Plan enables critical services or products to be continually delivered to clients. Instead of focusing on resuming a business after critical operations have ceased, or recovering after a disaster, a business continuity plan endeavours to ensure that critical operations continue to be available. As stated within the industry standard, Information Systems Audit and Control Association’s (ISACA) periodical “Information Systems Control Journal, Volume 4, 2005, business continuity management is an ongoing process of risk assessment and management with the purpose of ensuring that the business can continue if risks materialize. These risks could be from external environments such as power failure or from within, such as deliberate or accidental damage to systems. Business continuity is not just concerned with disaster recovery; it addresses anything that could affect the continuity of service (business, administrative and IT functions). BCP provides a balance between acceptable potential losses and acceptable costs. The audit’s objectives were to provide assurance that the IT BCPs meet an appropriate level of quality by assessing the department’s IT BCPs with emphasis on planning and organization and delivery and support.

PROTECTED

Service Canada, Internal Audit Branch

Univers
Ebooks
Livres audio
Presse
Podcasts
BD
Documents

Final IT BCP Audit E cover

YouScribe

Le catalogue

Le service

Les conditions