Specifications include, but are not limited to: A) Perform an application and security audit of the following processes and enterprise application systems: • Business Continuity Planning and Disaster Recovery Planning o Review the backup, recovery, and restoration process of all critical applications, systems, and cloud computing Review backup recovery, and restoration procedures Review appropriateness of administration (including segregation of duties) Assess procedures for monitoring backup and recovery procedures Assess use of off-site storage and / or virtual back up processes Assess frequency and adequacy of data backup processes Review and assess LMG's IT Disaster Recovery Plan to ensure it meets best practice guidance, and is adequately designed to recover critical applications in a timely manner Ensure disaster recovery plan is appropriately updated and reflective of Louisville Metro Government's current operating environment Assess the results of the latest disaster recovery test to ensure recommended action items have been completed, or a plan has been developed to complete action items Assess the appropriateness of the disaster recovery plan's sponsors Assess whether the disaster recovery plan is appropriately aligned with Louisville Metro Government’s Business Continuity Plan • Incident Response Management o Assessment of effectiveness of incident management processes, policies, procedures, and governance o Review of standards, guidelines, and procedures o Review of implementation and governance of activities
