e) IT continuity plan should be dev

e)
IT continuity plan should be developed based on a defined framework and must be designed to reduce the impact of a major disruption on key business functions and processes.
This plan should be based on risk understanding of potential business impacts and address requirements for resilience, alternative processing and recovery capability of all critical IT services. It should also cover usage guidelines, roles and responsibilities, procedures, communication processes, and the testing approach.
f)
All computerized applications and resources of IT must be assessed to determine the critical/risk level to the Group in the event of non-availability of that particular application.
g)
The IT continuity plan must be kept up to date and continually reflect business requirements. Proper change control procedures should be applied to this plan.
h)
A distribution strategy must be defined, to ensure that plans are properly and securely distributed and available to appropriately authorized interested parties when and where needed. This should also include procedures for computer and business recovery. A copy of IT continuity plan on critical systems must be kept at backup / alternate site
I)
The list of critical applications and documentation in the plan must be reviewed as and when a new application system is implemented. The plan should cater for the highly critical applications, and if possible, extend the plan to cover all or some of the other applications residing in mainframe, midrange and Open Systems.
j)
The IT continuity plan must be tested and its result must be documented. The IT continuity plan should be tested at least twice a year for critical systems of which one of the tests must be one live test. The testing should consider the following scenarios:-