Backup and Recovery controls are key to an organization’s ability to recover from disaster and also the ability to continue their operations in the event of a disruption.  As a result, an organization with effective backup and recovery controls is expected to perform regular (at least daily) backups of their data and to also test the reliability of that backup process regularly.  Backups should be stored in a secure location that is a safe distance from the location of the operational data, and management should test their ability to successfully restore the backed up data at least once per year to ensure that the correct data is being backed up and that the organization knows how to restore it.  In regard to a Business Continuity / Disaster Recovery Plan, organizations are first expected to identify and rank their critical applications that are required for the organization to continue operations, as well as have a backup location ready for all essential components of computer operations.  An appropriate Business Continuity Plan also has a dedicated team with assigned roles and responsibilities; these individuals are responsible for regularly testing the Business Continuity / Disaster Recovery Plan so that the plan is continuously improved to be more efficient and effective.