0:00:00.640,0:00:03.040
the ability to respond to a natural or a

0:00:03.040,0:00:05.520
man-made threat ensure continuity of

0:00:05.520,0:00:07.200
business operations

0:00:07.200,0:00:09.840
protect human resource and assets

0:00:09.840,0:00:11.920
in an event of a disaster or a business

0:00:11.920,0:00:14.240
disruption is the primary objective of

0:00:14.240,0:00:15.920
any business continuity management

0:00:15.920,0:00:17.279
program

0:00:17.279,0:00:18.960
hello and welcome to information

0:00:18.960,0:00:22.160
security governance risk and compliance

0:00:22.160,0:00:24.080
my name is salvador and today we will

0:00:24.080,0:00:26.480
learn how to audit a business continuity

0:00:26.480,0:00:27.840
management program

0:00:27.840,0:00:29.439
in 10 steps

0:00:29.439,0:00:32.320
let's get started

0:00:32.558,0:00:35.200
point 1 check and verify that a business

0:00:35.200,0:00:38.000
continuity management policy is created

0:00:38.000,0:00:40.960
and reviewed on a regular basis

0:00:40.960,0:00:43.280
ensure the policy contains the roles and

0:00:43.280,0:00:44.719
responsibilities

0:00:44.719,0:00:47.440
workforce training framework for setting

0:00:47.440,0:00:49.680
business continuity objectives

0:00:49.680,0:00:51.840
and organizational risk appetite and

0:00:51.840,0:00:53.760
tolerance to plan

0:00:53.760,0:00:56.320
deliver and support capabilities in the

0:00:56.320,0:01:00.239
event of a business disruption

0:01:00.320,0:01:02.800
point number two make sure business

0:01:02.800,0:01:05.680
impact analysis is performed

0:01:05.680,0:01:08.720
the business impact analysis contains

0:01:08.720,0:01:11.360
identification of critical products and

0:01:11.360,0:01:14.240
services with their inherent risks

0:01:14.240,0:01:17.200
the likelihood and impact of each risk

0:01:17.200,0:01:20.320
counter measures to prevent detect and

0:01:20.320,0:01:22.640
react to the identified risk

0:01:22.640,0:01:25.040
recovery time objective and recovery

0:01:25.040,0:01:28.000
point objectives

0:01:28.240,0:01:30.400
point number three ensure a business

0:01:30.400,0:01:32.880
continuity strategy is developed to

0:01:32.880,0:01:35.439
reduce the impact of a disaster

0:01:35.439,0:01:38.079
ensure business continuity and recover

0:01:38.079,0:01:40.240
from business deceptions within the

0:01:40.240,0:01:42.720
enterprise risk appetite

0:01:42.720,0:01:44.560
make sure that the strategy includes

0:01:44.560,0:01:46.479
unavailability of all relevant

0:01:46.479,0:01:47.680
components

0:01:47.680,0:01:50.399
and all activities and processes within

0:01:50.399,0:01:54.640
the scope whether on premise or on cloud

0:01:54.640,0:01:56.640
point number four check and verify that

0:01:56.640,0:01:59.520
a business continuity plan is created

0:01:59.520,0:02:02.399
and reviewed on a regular basis

0:02:02.399,0:02:04.159
ensure that the plan consists of the

0:02:04.159,0:02:05.759
following components

0:02:05.759,0:02:07.759
scope of activity roles and

0:02:07.759,0:02:10.000
responsibilities clear lines of

0:02:10.000,0:02:11.280
communication

0:02:11.280,0:02:14.080
recovery procedures and the basis for

0:02:14.080,0:02:16.400
bcm invocation

0:02:16.400,0:02:18.319
with respect to cyber attack ensure

0:02:18.319,0:02:20.400
there is a skilled incident management

0:02:20.400,0:02:23.680
technical team to manage the incidents

0:02:23.680,0:02:26.000
in case of pandemic event that the world

0:02:26.000,0:02:28.160
is going through now the users need to

0:02:28.160,0:02:29.760
perform the functions

0:02:29.760,0:02:31.680
working from whom

0:02:31.680,0:02:34.000
ensure endpoint security and network

0:02:34.000,0:02:36.160
communication is effective to ensure

0:02:36.160,0:02:39.680
smooth business operations

0:02:39.840,0:02:42.160
point number five check and verify that

0:02:42.160,0:02:44.319
all the relevant documents such as

0:02:44.319,0:02:46.959
backup and restoration guidelines

0:02:46.959,0:02:49.200
network and architecture diagram

0:02:49.200,0:02:51.599
alternate workarounds to performing

0:02:51.599,0:02:54.480
business functions and insulin playbooks

0:02:54.480,0:02:57.040
are available instantly to support

0:02:57.040,0:02:59.120
business continuity and operational

0:02:59.120,0:03:00.480
resilience

0:03:00.480,0:03:02.400
make sure that all the documents are

0:03:02.400,0:03:05.280
reviewed for any changes that happened

0:03:05.280,0:03:07.920
previously

0:03:08.159,0:03:10.239
point number six make sure all the

0:03:10.239,0:03:12.400
business continuity and operational

0:03:12.400,0:03:14.879
resilience plans are tested at least

0:03:14.879,0:03:16.480
annually

0:03:16.480,0:03:18.640
check and verify the tabletop exercise

0:03:18.640,0:03:21.280
was performed and the report generated

0:03:21.280,0:03:22.959
and identified if there were any

0:03:22.959,0:03:25.840
shortcomings during the call

0:03:25.840,0:03:27.920
make sure that quality exercise was

0:03:27.920,0:03:29.120
performed

0:03:29.120,0:03:31.360
to ensure the communications to all the

0:03:31.360,0:03:33.200
users

0:03:33.200,0:03:35.519
sure user's contacts are stored and

0:03:35.519,0:03:38.239
acknowledged of all calls and messages

0:03:38.239,0:03:41.680
that were recorded and verified

0:03:41.680,0:03:43.680
check and verify the stress reports to

0:03:43.680,0:03:45.760
identify that the tests were conducted

0:03:45.760,0:03:49.040
as per the resilience plan

0:03:49.599,0:03:51.040
point number seven

0:03:51.040,0:03:53.360
in times of crisis communication among

0:03:53.360,0:03:55.760
stakeholders and the relevant entities

0:03:55.760,0:03:58.480
is key to successfully managing business

0:03:58.480,0:04:00.080
disruption

0:04:00.080,0:04:01.680
make sure that the communication lines

0:04:01.680,0:04:03.840
are identified and how the communication

0:04:03.840,0:04:05.920
is sent to the relevant parties

0:04:05.920,0:04:08.319
be the press municipality or business

0:04:08.319,0:04:09.599
users

0:04:09.599,0:04:11.760
make sure that response structure is

0:04:11.760,0:04:14.159
developed to communicate early warnings

0:04:14.159,0:04:18.239
and communications to the stakeholders

0:04:18.560,0:04:20.079
point number eight

0:04:20.079,0:04:22.079
business data is a key component to

0:04:22.079,0:04:24.160
recover from a disaster or a crisis

0:04:24.160,0:04:25.680
situation

0:04:25.680,0:04:27.520
make sure that a secure backup data

0:04:27.520,0:04:28.400
process

0:04:28.400,0:04:31.440
is followed for restoring data in times

0:04:31.440,0:04:32.720
of crisis

0:04:32.720,0:04:34.880
check sample backup and restoration

0:04:34.880,0:04:37.440
evidences

0:04:38.880,0:04:40.880
point number nine to recover from a

0:04:40.880,0:04:43.040
natural disaster like flooding or

0:04:43.040,0:04:45.360
earthquakes and other man-made disasters

0:04:45.360,0:04:46.639
like fire

0:04:46.639,0:04:48.800
ensure that systems and network devices

0:04:48.800,0:04:51.199
are housed in environmentally safe data

0:04:51.199,0:04:54.400
centers as well as redundancy is always

0:04:54.400,0:04:55.520
maintained

0:04:55.520,0:04:58.160
ensure alternate sites like hot warm or

0:04:58.160,0:05:00.240
cold sides are designed as per the

0:05:00.240,0:05:02.560
business requirements and tested to

0:05:02.560,0:05:05.199
effectiveness

0:05:05.199,0:05:07.280
and finally point number 10 check and

0:05:07.280,0:05:09.919
verify that a dr or disaster recovery

0:05:09.919,0:05:11.919
activity is tested

0:05:11.919,0:05:12.960
ensure

0:05:12.960,0:05:14.720
network switcher happens automatically

0:05:14.720,0:05:17.600
to secondary sites

0:05:17.600,0:05:19.919
and servers and applications run without

0:05:19.919,0:05:22.479
any issues

0:05:22.880,0:05:24.400
thank you for watching the video

0:05:24.400,0:05:26.639
do provide your feedback and subscribe

0:05:26.639,0:05:28.000
the channel for

0:05:28.000,0:05:29.440
upcoming videos

0:05:29.440,0:05:32.680
thank you