Overview
DFS did not update its business continuity plan in 2021.
Without an updated business continuity plan, DFS cannot ensure that it has procedures for protecting information assets or a plan to recover critical operations when an interruption or disaster occurs. Losing the capability to process, retrieve, and protect electronically maintained information can significantly affect DFS’s ability to accomplish its mission. Additionally, an updated business continuity plan would help DFS respond adequately to unplanned business disruptions like the COVID-19 pandemic.
Authoritative Guidance
Section 6.1.1.4.3 of EOTSS’s Business Continuity and Disaster Recovery Standard IS.005 states that business continuity plans “shall be updated whenever a major organizational change occurs or at least annually, whichever comes first.”
Reasons for Issue
DFS management stated that it did not update its business continuity plan in 2021 because of disruptions from the COVID-19 pandemic.
Recommendation
DFS should update its business continuity plan annually and whenever a major organizational change occurs.
Auditee’s Response
The DFS Continuity of Operations Plan (COOP) was implemented and successfully utilized throughout the COVID-19 pandemic. DFS is in the process of updating the COOP plan and will ensure that it is updated annually and whenever a major organizational change occurs.
Auditor’s Reply
Based on its response, DFS is taking measures to address our concerns on this matter.
Date published: | March 20, 2024 |
---|