audit requirements. Disaster recovery and business continuity testing should be conducted at least once information security incident management, business continuity management, and compliance. IT Risk Assessment information security incident management, business continuity management, and compliance. IT Risk Assessment audit requirements. Disaster recovery and business continuity testing should be conducted at least once