1
00:00:00,640 --> 00:00:03,040
the ability to respond to a natural or a

2
00:00:03,040 --> 00:00:05,520
man-made threat ensure continuity of

3
00:00:05,520 --> 00:00:07,200
business operations

4
00:00:07,200 --> 00:00:09,840
protect human resource and assets

5
00:00:09,840 --> 00:00:11,920
in an event of a disaster or a business

6
00:00:11,920 --> 00:00:14,240
disruption is the primary objective of

7
00:00:14,240 --> 00:00:15,920
any business continuity management

8
00:00:15,920 --> 00:00:17,279
program

9
00:00:17,279 --> 00:00:18,960
hello and welcome to information

10
00:00:18,960 --> 00:00:22,160
security governance risk and compliance

11
00:00:22,160 --> 00:00:24,080
my name is salvador and today we will

12
00:00:24,080 --> 00:00:26,480
learn how to audit a business continuity

13
00:00:26,480 --> 00:00:27,840
management program

14
00:00:27,840 --> 00:00:29,439
in 10 steps

15
00:00:29,439 --> 00:00:32,320
let's get started

16
00:00:32,558 --> 00:00:35,200
point 1 check and verify that a business

17
00:00:35,200 --> 00:00:38,000
continuity management policy is created

18
00:00:38,000 --> 00:00:40,960
and reviewed on a regular basis

19
00:00:40,960 --> 00:00:43,280
ensure the policy contains the roles and

20
00:00:43,280 --> 00:00:44,719
responsibilities

21
00:00:44,719 --> 00:00:47,440
workforce training framework for setting

22
00:00:47,440 --> 00:00:49,680
business continuity objectives

23
00:00:49,680 --> 00:00:51,840
and organizational risk appetite and

24
00:00:51,840 --> 00:00:53,760
tolerance to plan

25
00:00:53,760 --> 00:00:56,320
deliver and support capabilities in the

26
00:00:56,320 --> 00:01:00,239
event of a business disruption

27
00:01:00,320 --> 00:01:02,800
point number two make sure business

28
00:01:02,800 --> 00:01:05,680
impact analysis is performed

29
00:01:05,680 --> 00:01:08,720
the business impact analysis contains

30
00:01:08,720 --> 00:01:11,360
identification of critical products and

31
00:01:11,360 --> 00:01:14,240
services with their inherent risks

32
00:01:14,240 --> 00:01:17,200
the likelihood and impact of each risk

33
00:01:17,200 --> 00:01:20,320
counter measures to prevent detect and

34
00:01:20,320 --> 00:01:22,640
react to the identified risk

35
00:01:22,640 --> 00:01:25,040
recovery time objective and recovery

36
00:01:25,040 --> 00:01:28,000
point objectives

37
00:01:28,240 --> 00:01:30,400
point number three ensure a business

38
00:01:30,400 --> 00:01:32,880
continuity strategy is developed to

39
00:01:32,880 --> 00:01:35,439
reduce the impact of a disaster

40
00:01:35,439 --> 00:01:38,079
ensure business continuity and recover

41
00:01:38,079 --> 00:01:40,240
from business deceptions within the

42
00:01:40,240 --> 00:01:42,720
enterprise risk appetite

43
00:01:42,720 --> 00:01:44,560
make sure that the strategy includes

44
00:01:44,560 --> 00:01:46,479
unavailability of all relevant

45
00:01:46,479 --> 00:01:47,680
components

46
00:01:47,680 --> 00:01:50,399
and all activities and processes within

47
00:01:50,399 --> 00:01:54,640
the scope whether on premise or on cloud

48
00:01:54,640 --> 00:01:56,640
point number four check and verify that

49
00:01:56,640 --> 00:01:59,520
a business continuity plan is created

50
00:01:59,520 --> 00:02:02,399
and reviewed on a regular basis

51
00:02:02,399 --> 00:02:04,159
ensure that the plan consists of the

52
00:02:04,159 --> 00:02:05,759
following components

53
00:02:05,759 --> 00:02:07,759
scope of activity roles and

54
00:02:07,759 --> 00:02:10,000
responsibilities clear lines of

55
00:02:10,000 --> 00:02:11,280
communication

56
00:02:11,280 --> 00:02:14,080
recovery procedures and the basis for

57
00:02:14,080 --> 00:02:16,400
bcm invocation

58
00:02:16,400 --> 00:02:18,319
with respect to cyber attack ensure

59
00:02:18,319 --> 00:02:20,400
there is a skilled incident management

60
00:02:20,400 --> 00:02:23,680
technical team to manage the incidents

61
00:02:23,680 --> 00:02:26,000
in case of pandemic event that the world

62
00:02:26,000 --> 00:02:28,160
is going through now the users need to

63
00:02:28,160 --> 00:02:29,760
perform the functions

64
00:02:29,760 --> 00:02:31,680
working from whom

65
00:02:31,680 --> 00:02:34,000
ensure endpoint security and network

66
00:02:34,000 --> 00:02:36,160
communication is effective to ensure

67
00:02:36,160 --> 00:02:39,680
smooth business operations

68
00:02:39,840 --> 00:02:42,160
point number five check and verify that

69
00:02:42,160 --> 00:02:44,319
all the relevant documents such as

70
00:02:44,319 --> 00:02:46,959
backup and restoration guidelines

71
00:02:46,959 --> 00:02:49,200
network and architecture diagram

72
00:02:49,200 --> 00:02:51,599
alternate workarounds to performing

73
00:02:51,599 --> 00:02:54,480
business functions and insulin playbooks

74
00:02:54,480 --> 00:02:57,040
are available instantly to support

75
00:02:57,040 --> 00:02:59,120
business continuity and operational

76
00:02:59,120 --> 00:03:00,480
resilience

77
00:03:00,480 --> 00:03:02,400
make sure that all the documents are

78
00:03:02,400 --> 00:03:05,280
reviewed for any changes that happened

79
00:03:05,280 --> 00:03:07,920
previously

80
00:03:08,159 --> 00:03:10,239
point number six make sure all the

81
00:03:10,239 --> 00:03:12,400
business continuity and operational

82
00:03:12,400 --> 00:03:14,879
resilience plans are tested at least

83
00:03:14,879 --> 00:03:16,480
annually

84
00:03:16,480 --> 00:03:18,640
check and verify the tabletop exercise

85
00:03:18,640 --> 00:03:21,280
was performed and the report generated

86
00:03:21,280 --> 00:03:22,959
and identified if there were any

87
00:03:22,959 --> 00:03:25,840
shortcomings during the call

88
00:03:25,840 --> 00:03:27,920
make sure that quality exercise was

89
00:03:27,920 --> 00:03:29,120
performed

90
00:03:29,120 --> 00:03:31,360
to ensure the communications to all the

91
00:03:31,360 --> 00:03:33,200
users

92
00:03:33,200 --> 00:03:35,519
sure user's contacts are stored and

93
00:03:35,519 --> 00:03:38,239
acknowledged of all calls and messages

94
00:03:38,239 --> 00:03:41,680
that were recorded and verified

95
00:03:41,680 --> 00:03:43,680
check and verify the stress reports to

96
00:03:43,680 --> 00:03:45,760
identify that the tests were conducted

97
00:03:45,760 --> 00:03:49,040
as per the resilience plan

98
00:03:49,599 --> 00:03:51,040
point number seven

99
00:03:51,040 --> 00:03:53,360
in times of crisis communication among

100
00:03:53,360 --> 00:03:55,760
stakeholders and the relevant entities

101
00:03:55,760 --> 00:03:58,480
is key to successfully managing business

102
00:03:58,480 --> 00:04:00,080
disruption

103
00:04:00,080 --> 00:04:01,680
make sure that the communication lines

104
00:04:01,680 --> 00:04:03,840
are identified and how the communication

105
00:04:03,840 --> 00:04:05,920
is sent to the relevant parties

106
00:04:05,920 --> 00:04:08,319
be the press municipality or business

107
00:04:08,319 --> 00:04:09,599
users

108
00:04:09,599 --> 00:04:11,760
make sure that response structure is

109
00:04:11,760 --> 00:04:14,159
developed to communicate early warnings

110
00:04:14,159 --> 00:04:18,239
and communications to the stakeholders

111
00:04:18,560 --> 00:04:20,079
point number eight

112
00:04:20,079 --> 00:04:22,079
business data is a key component to

113
00:04:22,079 --> 00:04:24,160
recover from a disaster or a crisis

114
00:04:24,160 --> 00:04:25,680
situation

115
00:04:25,680 --> 00:04:27,520
make sure that a secure backup data

116
00:04:27,520 --> 00:04:28,400
process

117
00:04:28,400 --> 00:04:31,440
is followed for restoring data in times

118
00:04:31,440 --> 00:04:32,720
of crisis

119
00:04:32,720 --> 00:04:34,880
check sample backup and restoration

120
00:04:34,880 --> 00:04:37,440
evidences

121
00:04:38,880 --> 00:04:40,880
point number nine to recover from a

122
00:04:40,880 --> 00:04:43,040
natural disaster like flooding or

123
00:04:43,040 --> 00:04:45,360
earthquakes and other man-made disasters

124
00:04:45,360 --> 00:04:46,639
like fire

125
00:04:46,639 --> 00:04:48,800
ensure that systems and network devices

126
00:04:48,800 --> 00:04:51,199
are housed in environmentally safe data

127
00:04:51,199 --> 00:04:54,400
centers as well as redundancy is always

128
00:04:54,400 --> 00:04:55,520
maintained

129
00:04:55,520 --> 00:04:58,160
ensure alternate sites like hot warm or

130
00:04:58,160 --> 00:05:00,240
cold sides are designed as per the

131
00:05:00,240 --> 00:05:02,560
business requirements and tested to

132
00:05:02,560 --> 00:05:05,199
effectiveness

133
00:05:05,199 --> 00:05:07,280
and finally point number 10 check and

134
00:05:07,280 --> 00:05:09,919
verify that a dr or disaster recovery

135
00:05:09,919 --> 00:05:11,919
activity is tested

136
00:05:11,919 --> 00:05:12,960
ensure

137
00:05:12,960 --> 00:05:14,720
network switcher happens automatically

138
00:05:14,720 --> 00:05:17,600
to secondary sites

139
00:05:17,600 --> 00:05:19,919
and servers and applications run without

140
00:05:19,919 --> 00:05:22,479
any issues

141
00:05:22,880 --> 00:05:24,400
thank you for watching the video

142
00:05:24,400 --> 00:05:26,639
do provide your feedback and subscribe

143
00:05:26,639 --> 00:05:28,000
the channel for

144
00:05:28,000 --> 00:05:29,440
upcoming videos

145
00:05:29,440 --> 00:05:32,680
thank you