TECHNICAL SYSTEMS TESTING - Infrastructure & Security Testing (Contingency Planning)


	Evaluation & Compliance Testing
	+	Information Systems Security Audit
	+	Information Systems Controls
	+	Technical Controls
	+	Physical and Environmental Securiy
	Other
	+	Penetration Testing & Network Surveying
	+	Load Testing & Stress Testing
	+	Scalability Assessment
	+	Internal Controls and Operating Procedures (ICOPs) Development
	>	Contingency Planning & Incident Response Preparation
	+	Technical Standards Document (TSD) Development
	+	Project Management
	+	Interactive Testing
	+	Transfers of Approval




	Contingency Planning Although a complete assessment of the Contingency Planning & Incident Response is a component of an Information Systems Controls Assessment, which is in turn a component of a full Information Systems Security Audit, some of TST's clients have specifically requested that TST evaluate this element of their operations alone. The changing face of technology and heavy reliance on the subject matter of same serves as a clear indication of how important it is for an Operator to have disaster recovery and contingency plans in place. TST's back-end infrastructure / security specialists and information systems consultants have expert knowledge in this field. Whether the threat of possible interruptions of services is seldom or consistently imminent, TST's personnel are able to share their expertise and experience in numerous areas in this regard. Areas of concern relate to issues or questions such as: Why Is There A Need For Contingency Plans? Protect mission critical processes from the effects of disasters and security failures. From a business perspective this translates to ensuring no harm is done to the name / reputation of the business, operations and / or the Company and its parent or subsidiaries. It is important to limit, and where possible avoid the impact of such incident. Plans are specific to each business' individual needs and regulatory requirements of the jurisdiction. What Needs To Be Part Of The Contingency Planning? Risk assessment. The identification and prioritization of mission critical business services and centers that includes assessing the likelihood of a disaster occurrence. Assessment of the potential impact the outage will have on the all stakeholders within given timeframes (e.g.: issues such as potential financial loss, integrity loss etc...). It is important for these issues to be clearly identified and areas of responsibility agreed upon. In addition, issues surrounding when contingencies will take effect and who will authorize their utilization. How Often Is It Needed To Review These Contingency Plans? TST is cognizant of the rate at which technology is changing. That said, the need for ongoing maintenance and refinement of the plans to cope with ever changing business needs, regulatory requirements, and emerging of more cost effect technologies is continuous. However, with the proper control mechanisms in place, needs should be identified through ongoing monitoring and assessment of the operational environment. Who Is Affected Within The Company By These Contingency Plans? All staff have an underlying responsibility and commitment to acquiring and when necessary exercising the appropriate skill sets to handle an emergency regardless of its severity. Issues of importance pertain to the availability of staff in the event of such an event, staff training for the actions required during an emergency and back-up policies and procedures for instances where immediate personnel of choice are not available. An Incident Response Plan should be implemented in order to bring needed resources together in an organized manner, and to deal with an adverse event related to the safety and security of and organizations network. This adverse event may be malicious code attack, unauthorized access to the Internal Local Area Network (LAN) and / or the Test LAN systems, unauthorized utilization of information processing services, denial of service attacks, general misuse of systems, or hoaxes. TST will conduct regular and or periodic testing based on our client's needs and requirements to ensure that contingency and incident response processes function as planned. This includes (where applicable and or specifically requested), testing of external suppliers.