Contingency Planning Audit Summary




  1. The University's DRP was prepared on September 22, 19XX -- signed off by President, Vice President for Business and Administration (VPBA), and Information Systems Director -- and has not been updated or tested.

  2. The VPBA is not currently performing responsibilities assigned to him in DRP (i.e., required to be performed annually), namely:

  3. Daily backup tapes of all University records are no longer being stored in a fire-proof vault in the [off-site computer facility].

  4. Backup tapes are not being tested weekly to determine the physical condition of the tape and integrity of data on the tapes.

  5. "Computer Operator's Manual" is currently nonexistent and thus steps for restoring data are outlined in a documentation that is nonexistent.

  6. Information processing disaster recovery teams are not being assigned annually based on the recommendations of the Information Systems Director to the VPBA.

  7. Information Processing Operations and Logistics Coordinator, [name], is no longer with the University; [name] is no longer the "Computer Operator" in DP; and, Communications Coordinator, [name] is no longer with the University.

  8. Affected personnel were not being trained and prepared for possible disasters or emergencies.

  9. Automated Information and Telecommunications Commission has changed its name, and is now known as the Department of Information Resources (DIR).


The University's DRP should be updated and tested at least annually based on guidelines set forth in Texas Administrative Code [1 TAC 201.13(b)] and DIR's "Guidelines for Contingency Planning for Information Resources Services Resumption". Responsibilities specified in the DRP should be carried out accordingly. Information Systems Director should have the responsibility and authority to direct the development, coordination, maintenance, testing, training, and other activities related to a Contingency Plan for Information Resources. Other specific audit recommendations related to contingency planning are outlined in the interim audit report prepared for the management.