1. When negotiating new contracts with the vendor, what should the IS auditor recommend to management about the hot site in the above situation? 2. When negotiating new contracts with the vendor, what should the IS auditor recommend to the management about branch office recovery?
Anna Marie Corporation is developing a revised business continuity plan and disaster recovery plan for its headquarters facility and network of 16 branch offices. The said plans have not been updated in more than eight (8) years, during which time the organization has grown by over 300%. At the headquarters facility, there are approximately 750 employees. These individuals connect over a local area network (LAN) to an array of more than 60 applications, databases, and file print servers in the corporate data center and over a frame relay network to the branch offices. Traveling users access corporate systems remotely by connecting over the internet using a virtual private network (VPN). Users at both the headquarters and branch offices access the internet through a firewall and proxy server located in the data center. Critical applications have a recovery time objective (RTO) of between three (3) and five (5) days.
Branch offices are located between 30 and 50 miles from one another, with none closer than 25 miles to the headquarters facility. Each branch office has between 20 and 35 employees plus a mail server and a
file/print server. Backup media for the data center are stored at a third-party facility that is 35 miles away. Backups for servers located at the branch offices are stored at nearby branch offices using reciprocal agreements between offices. Current contracts with a third-party hot site provider include 25 servers, work area space equipped with desktop computers to accommodate 100 individuals, and a separate agreement to ship up to two servers and 10 desktop computers to any branch office declaring an emergency. The contract term is for three years, with equipment upgrades occurring at renewal time. The hot-site provider has multiple facilities throughout the country in case the primary facility is in use by another customer or rendered unavailable by the disaster. Senior management desires that any enhancements be as cost-effective as possible.
Questions:
1. When negotiating new contracts with the vendor, what should the IS auditor recommend to management about the hot site in the above situation?
2. When negotiating new contracts with the vendor, what should the IS auditor recommend to the management about branch office recovery?
Trending now
This is a popular solution!
Step by step
Solved in 2 steps
