AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP.

Slides:

Advertisements

Similar presentations

The Why, What and How of Disaster Recovery Plan Testing Presented By: Ed Deveau.

Advertisements

Museum Presentation Intermuseum Conservation Association.

FMS. 2 Fires Terrorism Internal Sabotage Natural Disasters System Failures Power Outages Pandemic Influenza COOP/ Disaster Recovery/ Emergency Preparedness.

Business Continuity Training & Awareness by Sulia Toutai (ANZ)

Business Continuity and Disaster Recovery Planning.

Disaster Preparedness I Lessons Learned Don Hall Thomson Prometric 2006 Annual ConferenceAlexandria, Virginia Council on Licensure, Enforcement and Regulation.

Introduction to Business Continuity Planning An Introduction to the Business Continuity Planning Process Including Developing your Process and the Plans.

1 Continuity Planning for transportation agencies.

Business Continuity Planning and Disaster Recovery Planning

Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

Disaster Recovery and Business Continuity Gretchen Grey.

Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.

Business Continuity & Disaster Recovery Planning at The Chicago Board of Trade Presented By: Bryan Durkin Sr. Vice President The Chicago Board of Trade.

Business Preparedness: Best Practices 7 Steps to Protect Your Organization Against 21 st Century Threats.

Gulf Coast Energy International Business Continuity / Disaster Recovery Planning and Design Proposal Prepared by Andrew Rolf, Felipe Torres, Pranay Jaiswal.

Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.

Business Crisis and Continuity Management (BCCM) Class Session

1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.

EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)

Continuity of Operations Planning COOP Overview for Leadership (Date)

Discovery Planning steps (1)

AmeriCorps in Times of Disaster AmeriCorps Conference July 23,

RBTC: Business Continuity 101 July 18, What is Business Continuity? Scenario Part 1 Why is BC important? What types of plans are needed? How do.

Module 3 Develop the Plan Planning for Emergencies – For Small Business –

Disaster Recovery Strategies & criteria for evaluation of information management strategies.

Continuity of Operations. COOP Defined  Efforts to ensure continuance of essential functions across a wide range of potential emergencies – building.

Unit 8:COOP Plan and Procedures  Explain purpose of a COOP plan  Propose an outline for a COOP plan  Identify procedures that can effectively support.

ISA 562 Internet Security Theory & Practice

Insurance Institute for Business & Home Safety Even if the worst happens, be prepared to stay.

Disaster planning and management Small public offices information briefing December 2004.

Rich Archer Partner, Risk Advisory Services KPMG LLP Auditing Business Continuity Plans.

Business Continuity & Disaster Recovery

Florida Division of Emergency Management – March 2002Unit III- State of Florida Requirements and the Essential Elements of a Viable COOP Program UNIT III.

Business Continuity and Disaster Recovery Planning.

Principles of Incident Response and Disaster Recovery

Business Continuity Program Orientation (insert presentation date) (This presentation is a template that requires adjustments to meet your needs)

Business Continuity & Disaster Recovery Larry Corrigan-Tractor Supply Co Sarah Gunterman-Gunterman Consulting.

National Archives and Records Administration, Preparing for the Unexpected ESSENTIAL ELEMENTS: ANALYSIS.

Unit 3: Identifying and Safeguarding Vital Records Unit Introduction and Overview Unit objective:  Describe the elements of an effective vital records.

NFPA 1600 Disaster/Emergency Management and Business Continuity Programs.

Business Continuity. Business continuity... “Drive thy business or it will drive thee.” —Benjamin Franklin ( ), American entrepreneur, statesman,

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Confidential 1 Supply Chain Risk Management – Chengdu EQ Lessons Learned John O’Connor Erica Agiewich.

© 2010 AT&T Intellectual Property. All rights reserved. AT&T, AT&T logo and all other marks contained herein are trademarks of AT&T Intellectual Property.

Chapter 3: Business Continuity Planning. Planning for Business Continuity Assess risks to business processes Minimize impact from disruptions Maintain.

Tom Lenart & John Field CT DEMHS Region 2.  Department of Emergency Services and Public Protection (DESPP)  Commission on Fire Prevention and Control.

Business Continuity Disaster Planning

CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.

A Lightweight Business Continuity & Disaster Recovery Plan Motahareh Moravej Issuers’ Affairs Director at CSDI PHD. Student of Computer Engineering, UT.

Two separate tracks: Crisis Management Business Continuity.

Business Continuity Planning 101

Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-IX)

Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XI)

COLORADO HOSPITAL MASS EVACUATION SUMMIT Developing a plan for evacuating your facility.

MANAGEMENT of INFORMATION SECURITY, Fifth Edition

Making Incident Management Work for Your Organization

Business Continuity Plan Training

Berry College Disaster Recovery Soft Exit

Audit Planning Presentation - Disaster Recovery Plan

Boeing Business Continuity

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

Business Impact Analysis

Continuity of Operations Planning

BUSINESS CONTINUITY PLAN

Developing and testing the Plan

INPUT OUTPUT ASSURANCE

The Survival Plan.

BUSINESS CONTINUITY PROGRAM

BUSINESS CONTINUITY PLAN

Presentation transcript:

AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP

March Auditing BC and DR Programs  Generally dictated by legal mandates and good business practices. o What are the mandates? Federal? State? Corporate? o Is there Executive Management sponsorship for the Program? o Has a corporate policy been developed? o Who manages the program? Risk Manager? IT? Other? o Who audits the program? Internal Auditors? External Auditors? Insurance Company? Local Authorities?

March  Has internal audit criteria been developed? o Criteria: When was the last BIA conducted? Is an employee awareness program in place? Have IT DR and Business Continuity linkage been established? Have corporate strategies, priorities, and RTOs been identified? Has a change manage program been established? Has technology mapping been accomplished? Is there a budget for all DR and BC activities?  Vendors?  Training?  Plan Exercises?  Plan Maintenance / update? Have audit grading scales and checklists been established? Are all audit findings and recommendations reported? Does management act on audit findings and recommendations? Auditing BC and DR Programs

March Auditing BC and DR Plans  Have BC and DR Plans been developed?  Do all plans generally follow a common format (same look and feel)  Are the plans well documented and sufficiently comprehensive?  Have vital records been identified?  Do all plans contain the following: o Name of the organization (Department, Business Unit, IT) o What business processes / functions are being recovered? o Plan scope, objectives, and general assumptions. o Recovery Organization Structure o Recovery Organization Mission o Recovery Team(s) composition o Team role and responsibilities o Team member roles and responsibilities o Service organization support o Recovery Strategy and Solution(s)

March o Plan Activity Sets (recovery tasks) Pending crisis activities Incident detection activities Emergency response activities Incident reporting activities Incident notification activities (teams, customers, vendors) Situation assessment activities Damage assessment activities Salvage activities Site clean-up and restoration activities Emergency Operations Center activities Team assembly and organization activities Incident Action Plan development activities Plan invocation activities Team deployment activities Alternate facility activities Auditing BC and DR Plans

March Auditing BC and DR Plans o Plan Activity Sets (continued) Establishing work area activities Recovery operations initiation activities Functional restoration activities Return home planning and coordination activities Relocation activities Post-incident review activities

March Auditing BC and DR Plans  Plan Attachments - General (Examples) o Team Notification Guidelines o Personal Contact Record Form o Emergency Operations Center (Command Center) information o Critical File and Work in Process Assessment Form o Disaster Declaration Criteria o Incident Action Plan and Forms o Personnel Location Control Form o Recovery Status Report Form o Incident Official Public Statement  IT Specific (Examples) o Offsite Storage and Retrieval Procedures o Critical Server and Applications Inventory o Critical Applications Matrix o Data Communications Connectivity (Diagram)

March o Recovery scripts o Detailed restoration procedures o Damage Assessment Forms o Site Restoration Checklist o Maps o Directions o Etc. Auditing BC and DR Plans

March Any Questions?????