The operational risk manager should ask the following control questions for assessing
the functional protection the firm has against technology risk:
Ω Is the back-up strategy sufficient?
Ω Is it centrally managed (including distribution systems)?
Ω Is any critical data held on C drives?
Ω Are backups taken off-site?
In my experience few firms can positively answer the questions above. With negative
responses the operational risk manager needs to assess the impact and likelihood of
an unexpected loss.
Hiç yorum yok:
Yorum Gönder