• Does our current IT Disaster Recovery Plan provide for appropriate command and control should we need to use it?
• How prepared are we to recover from a major adverse event within our IT Infrastructure?
• What gaps must be filled immediately to meet the expectations of our various stakeholders for continuity of the business?

A Cornerstone IT Disaster Recovery Assessment provides financial institutions with an objective review of how prepared they are to handle adverse events within their IT infrastructure. In today’s business setting, your computing environment can change significantly over time. Keeping the IT Disaster Recovery Plan up to date and tested effectively can be a task that does not always get the focus it deserves. Often, change to the IT infrastructure is caused by significant changes in the business such as a new core system, merger and acquisition, or other significant event. Cornerstone stands ready to assist in assessing and revising existing disaster recovery plans in response to such changes.

We analyze your organization's IT disaster recovery environment and your existing Disaster Recovery Plan from the top down. We utilize Disaster Recovery Institute International (DRII) standards to review the plan and its underlying computing environment. We also review every technology initiative under way in the organization and ensure that the plan is revised to accommodate the future direction of technology at your institution.

The IT Disaster Recovery Assessment reviews the following:

• The IT Disaster Recovery Plan and supporting documents (vendor list, contact list, etc.)
• Escalation procedures
• Composition of the Emergency Response Team
• Network topology as it supports business continuity
• Backup and restore capabilities for the core system
• Backup and restore capabilities for ancillary systems
• Backup and restore capabilities for infrastructure support systems (files servers, etc.)
• All contracts the institution has with providers of disaster recovery services
• Test plans and effectiveness of previous tests
• The update process for keeping the plan current
• Equipment dispositions (pre staged vs. rapid ship)
• Future direction of the IT infrastructure as it could affect disaster recovery preparedness

As a follow on to the review, Cornerstone performs a gap analysis between the IT Disaster Recovery Plan currently in place and industry best practices (and Federal Financial Institution Examination Council regulations). We provide recommendations for filling the gaps along with an investment roadmap that will allow your institution to immediately focus on its most current business continuity needs and plan for gradual improvements to the IT Disaster Recovery Plan over time. Cornerstone then presents our recommendations specifically addressing these questions:

• Does the current plan provide for appropriate command and control should we need to use it?
• How prepared are we to recover from a major adverse event within our IT Infrastructure?
• What gaps must be filled immediately to meet the expectations of our various stakeholders for continuity of the business?

Our findings and recommendations are presented in a 1/2-day meeting with management. The first goal of the day is to have open, constructive conversation about the current levels of preparedness within the computing environment. The second goal of the day is to get management buy-in for the general direction for upgrading the IT Disaster Recovery Plan and the remediation of any gaps that are currently putting the organization at risk.

Return to Risk Management Services