Roles and Responsibilities
The board and senior management are responsible for establishing and reviewing an enterprise-wide testing program. Once the program is established, they direct the following groups to develop, implement, and evaluate the institution's business continuity testing program.A detailed discussion of roles and responsibilities can be found in Appendix H: "Testing Program - Governance and Attributes."
- Business line management, who has ownership and accountability for the testing of business operations;
- IT management, who has ownership and accountability for testing recovery of the institution's information technology systems, infrastructure, and telecommunications;
- Crisis management, who has ownership and accountability for testing the institution's event management processes;
- Facilities management, who has ownership and accountability for testing the operational readiness of the institution's physical plant and equipment, environmental controls, and physical security; and
- The internal auditor (or other qualified independent party), who has the responsibility for evaluating the overall quality of the testing program and the test results.
Principles of the Business Continuity Testing Program