the ability to respond to a natural or a
man-made threat ensure continuity of
business operations
protect human resource and assets
in an event of a disaster or a business
disruption is the primary objective of
any business continuity management
program
hello and welcome to information
security governance risk and compliance
my name is salvador and today we will
learn how to audit a business continuity
management program
in 10 steps
let's get started
point 1 check and verify that a business
continuity management policy is created
and reviewed on a regular basis
ensure the policy contains the roles and
responsibilities
workforce training framework for setting
business continuity objectives
and organizational risk appetite and
tolerance to plan
deliver and support capabilities in the
event of a business disruption
point number two make sure business
impact analysis is performed
the business impact analysis contains
identification of critical products and
services with their inherent risks
the likelihood and impact of each risk
counter measures to prevent detect and
react to the identified risk
recovery time objective and recovery
point objectives
point number three ensure a business
continuity strategy is developed to
reduce the impact of a disaster
ensure business continuity and recover
from business deceptions within the
enterprise risk appetite
make sure that the strategy includes
unavailability of all relevant
components
and all activities and processes within
the scope whether on premise or on cloud
point number four check and verify that
a business continuity plan is created
and reviewed on a regular basis
ensure that the plan consists of the
following components
scope of activity roles and
responsibilities clear lines of
communication
recovery procedures and the basis for
bcm invocation
with respect to cyber attack ensure
there is a skilled incident management
technical team to manage the incidents
in case of pandemic event that the world
is going through now the users need to
perform the functions
working from whom
ensure endpoint security and network
communication is effective to ensure
smooth business operations
point number five check and verify that
all the relevant documents such as
backup and restoration guidelines
network and architecture diagram
alternate workarounds to performing
business functions and insulin playbooks
are available instantly to support
business continuity and operational
resilience
make sure that all the documents are
reviewed for any changes that happened
previously
point number six make sure all the
business continuity and operational
resilience plans are tested at least
annually
check and verify the tabletop exercise
was performed and the report generated
and identified if there were any
shortcomings during the call
make sure that quality exercise was
performed
to ensure the communications to all the
users
sure user's contacts are stored and
acknowledged of all calls and messages
that were recorded and verified
check and verify the stress reports to
identify that the tests were conducted
as per the resilience plan
point number seven
in times of crisis communication among
stakeholders and the relevant entities
is key to successfully managing business
disruption
make sure that the communication lines
are identified and how the communication
is sent to the relevant parties
be the press municipality or business
users
make sure that response structure is
developed to communicate early warnings
and communications to the stakeholders
point number eight
business data is a key component to
recover from a disaster or a crisis
situation
make sure that a secure backup data
process
is followed for restoring data in times
of crisis
check sample backup and restoration
evidences
point number nine to recover from a
natural disaster like flooding or
earthquakes and other man-made disasters
like fire
ensure that systems and network devices
are housed in environmentally safe data
centers as well as redundancy is always
maintained
ensure alternate sites like hot warm or
cold sides are designed as per the
business requirements and tested to
effectiveness
and finally point number 10 check and
verify that a dr or disaster recovery
activity is tested
ensure
network switcher happens automatically
to secondary sites
and servers and applications run without
any issues
thank you for watching the video
do provide your feedback and subscribe
the channel for
upcoming videos
thank you