IT Disaster Recovery 14
-
What does Sarbanes-Oxley require for disaster recovery compliance? What is the Sarbanes-Oxley criteria and/or definition of a ‘successful’ test?
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
In a way, disaster recovery is related to SOX but don’t spend too much time on it. The more imprtant issues are
SOD and Process.
-
Just make sure you have enough backup’s stored…:
one or two every day…and one every week…(store them in a save place outside your company-building .)
-
DR is considered to be one of the general IT Controls.
An example: If data is backed up at mid-night and sent off site and a disaster occurs at noon, data entered between midnight and noon may not be reflected within the records of the company. A solid control environment would be able to identify the gaps and provide remediation to restore the data to its proper state. We should be using a
scenario like this for testing.
For test results it is both the recovery of key systems and the actual on-going operations of the entity in the recovery site. Since most entities only conduct Disaster Recovery tests once a year the test results, like year end processes can be done to coincide with the yearly test.
-
I believe that section 404 deals more specifically with the need to establish redundant IT controls over your financial reporting systems…and the last post was correct in stating that there needs to be some systems inplace that accomplishes a complete capture of all financial records in ‘real-time’ in the event of a disaster.
In the past, Disaster recovery was classified into 3 categoies, cold, warm, and hot. With regards to Sarb-Ox, you will need to have a ‘hot’ site that will immediately continue to capture, process, and report on all financial transactions at a moment’s notice.