Standards Group:
YALE-MSS-3: Disaster Recovery (DR)
YALE-MSS-3.2: Test the Disaster Recovery Plan
Low Risk Endpoint
Not Required
Moderate Risk Endpoint
Not Required
High Risk Endpoint
Not Required
Low Risk Server
Not Required
Moderate Risk Server
Not Required
High Risk Server
Upcoming
Required for HIPAA
Low Risk Mobile Device
Not Required
Moderate Risk Mobile Device
Not Required
High Risk Mobile Device
Not Required
Low Risk Network Printer
Not Required
Moderate Risk Network Printer
Not Required
High Risk Network Printer
Not Required
Details
Testing your DR plan is critical to ensuring a complete, effective plan.
Testing prepares you to handle the stress of disasters and confirms you can restore your system within its specified availability requirement.
Regular testing should be leveraged to ensure that:
- The plan documentation is clear and accessible to the system's team
- All contact information is present
- All recovery steps are present and in the correct sequence
- The plan will likely be successful within the availability parameters for the system (see YALE-MSS-1.5.1) or a reasonable amount of time, given the circumstances
Controls
- YALE-MSS-3.2.1: Test the Disaster Recovery (DR) plan once a year
- YALE-MSS-3.2.2: Validate that the contact information is accurate
- YALE-MSS-3.2.3: Validate that all steps are identified and in the right order for the restoration of a component or as a result of a facility loss
- YALE-MSS-3.2.4: Confirm that all system inventory information is accurate.
- YALE-MSS-3.2.5: Validate that recovery steps and order are correct for any component loss or facility loss
- YALE-MSS-3.2.6: Validate that any member of the team can access the DR Plan and the supporting documentation required
- YALE-MSS-3.2.7: Validate that any member of the team can execute this DR Plan in its entirety without the assistance of the subject matter expert
- YALE-MSS-3.2.8: Validate that the IT System can be restored to health within the availability requirements you established
- YALE-MSS-3.2.9: Identify and record any gaps found during the testing of this DR Plan