the ability to respond to a natural or a man-made threat ensure continuity of business operations protect human resource and assets in an event of a disaster or a business disruption is the primary objective of any business continuity management program hello and welcome to information security governance risk and compliance my name is salvador and today we will learn how to audit a business continuity management program in 10 steps let's get started point 1 check and verify that a business continuity management policy is created and reviewed on a regular basis ensure the policy contains the roles and responsibilities workforce training framework for setting business continuity objectives and organizational risk appetite and tolerance to plan deliver and support capabilities in the event of a business disruption point number two make sure business impact analysis is performed the business impact analysis contains identification of critical products and services with their inherent risks the likelihood and impact of each risk counter measures to prevent detect and react to the identified risk recovery time objective and recovery point objectives point number three ensure a business continuity strategy is developed to reduce the impact of a disaster ensure business continuity and recover from business deceptions within the enterprise risk appetite make sure that the strategy includes unavailability of all relevant components and all activities and processes within the scope whether on premise or on cloud point number four check and verify that a business continuity plan is created and reviewed on a regular basis ensure that the plan consists of the following components scope of activity roles and responsibilities clear lines of communication recovery procedures and the basis for bcm invocation with respect to cyber attack ensure there is a skilled incident management technical team to manage the incidents in case of pandemic event that the world is going through now the users need to perform the functions working from whom ensure endpoint security and network communication is effective to ensure smooth business operations point number five check and verify that all the relevant documents such as backup and restoration guidelines network and architecture diagram alternate workarounds to performing business functions and insulin playbooks are available instantly to support business continuity and operational resilience make sure that all the documents are reviewed for any changes that happened previously point number six make sure all the business continuity and operational resilience plans are tested at least annually check and verify the tabletop exercise was performed and the report generated and identified if there were any shortcomings during the call make sure that quality exercise was performed to ensure the communications to all the users sure user's contacts are stored and acknowledged of all calls and messages that were recorded and verified check and verify the stress reports to identify that the tests were conducted as per the resilience plan point number seven in times of crisis communication among stakeholders and the relevant entities is key to successfully managing business disruption make sure that the communication lines are identified and how the communication is sent to the relevant parties be the press municipality or business users make sure that response structure is developed to communicate early warnings and communications to the stakeholders point number eight business data is a key component to recover from a disaster or a crisis situation make sure that a secure backup data process is followed for restoring data in times of crisis check sample backup and restoration evidences point number nine to recover from a natural disaster like flooding or earthquakes and other man-made disasters like fire ensure that systems and network devices are housed in environmentally safe data centers as well as redundancy is always maintained ensure alternate sites like hot warm or cold sides are designed as per the business requirements and tested to effectiveness and finally point number 10 check and verify that a dr or disaster recovery activity is tested ensure network switcher happens automatically to secondary sites and servers and applications run without any issues thank you for watching the video do provide your feedback and subscribe the channel for upcoming videos thank you