WEBVTT

00:00:00.640 --> 00:00:03.040
the ability to respond to a natural or a

00:00:03.040 --> 00:00:05.520
man-made threat ensure continuity of

00:00:05.520 --> 00:00:07.200
business operations

00:00:07.200 --> 00:00:09.840
protect human resource and assets

00:00:09.840 --> 00:00:11.920
in an event of a disaster or a business

00:00:11.920 --> 00:00:14.240
disruption is the primary objective of

00:00:14.240 --> 00:00:15.920
any business continuity management

00:00:15.920 --> 00:00:17.279
program

00:00:17.279 --> 00:00:18.960
hello and welcome to information

00:00:18.960 --> 00:00:22.160
security governance risk and compliance

00:00:22.160 --> 00:00:24.080
my name is salvador and today we will

00:00:24.080 --> 00:00:26.480
learn how to audit a business continuity

00:00:26.480 --> 00:00:27.840
management program

00:00:27.840 --> 00:00:29.439
in 10 steps

00:00:29.439 --> 00:00:32.320
let's get started

00:00:32.558 --> 00:00:35.200
point 1 check and verify that a business

00:00:35.200 --> 00:00:38.000
continuity management policy is created

00:00:38.000 --> 00:00:40.960
and reviewed on a regular basis

00:00:40.960 --> 00:00:43.280
ensure the policy contains the roles and

00:00:43.280 --> 00:00:44.719
responsibilities

00:00:44.719 --> 00:00:47.440
workforce training framework for setting

00:00:47.440 --> 00:00:49.680
business continuity objectives

00:00:49.680 --> 00:00:51.840
and organizational risk appetite and

00:00:51.840 --> 00:00:53.760
tolerance to plan

00:00:53.760 --> 00:00:56.320
deliver and support capabilities in the

00:00:56.320 --> 00:01:00.239
event of a business disruption

00:01:00.320 --> 00:01:02.800
point number two make sure business

00:01:02.800 --> 00:01:05.680
impact analysis is performed

00:01:05.680 --> 00:01:08.720
the business impact analysis contains

00:01:08.720 --> 00:01:11.360
identification of critical products and

00:01:11.360 --> 00:01:14.240
services with their inherent risks

00:01:14.240 --> 00:01:17.200
the likelihood and impact of each risk

00:01:17.200 --> 00:01:20.320
counter measures to prevent detect and

00:01:20.320 --> 00:01:22.640
react to the identified risk

00:01:22.640 --> 00:01:25.040
recovery time objective and recovery

00:01:25.040 --> 00:01:28.000
point objectives

00:01:28.240 --> 00:01:30.400
point number three ensure a business

00:01:30.400 --> 00:01:32.880
continuity strategy is developed to

00:01:32.880 --> 00:01:35.439
reduce the impact of a disaster

00:01:35.439 --> 00:01:38.079
ensure business continuity and recover

00:01:38.079 --> 00:01:40.240
from business deceptions within the

00:01:40.240 --> 00:01:42.720
enterprise risk appetite

00:01:42.720 --> 00:01:44.560
make sure that the strategy includes

00:01:44.560 --> 00:01:46.479
unavailability of all relevant

00:01:46.479 --> 00:01:47.680
components

00:01:47.680 --> 00:01:50.399
and all activities and processes within

00:01:50.399 --> 00:01:54.640
the scope whether on premise or on cloud

00:01:54.640 --> 00:01:56.640
point number four check and verify that

00:01:56.640 --> 00:01:59.520
a business continuity plan is created

00:01:59.520 --> 00:02:02.399
and reviewed on a regular basis

00:02:02.399 --> 00:02:04.159
ensure that the plan consists of the

00:02:04.159 --> 00:02:05.759
following components

00:02:05.759 --> 00:02:07.759
scope of activity roles and

00:02:07.759 --> 00:02:10.000
responsibilities clear lines of

00:02:10.000 --> 00:02:11.280
communication

00:02:11.280 --> 00:02:14.080
recovery procedures and the basis for

00:02:14.080 --> 00:02:16.400
bcm invocation

00:02:16.400 --> 00:02:18.319
with respect to cyber attack ensure

00:02:18.319 --> 00:02:20.400
there is a skilled incident management

00:02:20.400 --> 00:02:23.680
technical team to manage the incidents

00:02:23.680 --> 00:02:26.000
in case of pandemic event that the world

00:02:26.000 --> 00:02:28.160
is going through now the users need to

00:02:28.160 --> 00:02:29.760
perform the functions

00:02:29.760 --> 00:02:31.680
working from whom

00:02:31.680 --> 00:02:34.000
ensure endpoint security and network

00:02:34.000 --> 00:02:36.160
communication is effective to ensure

00:02:36.160 --> 00:02:39.680
smooth business operations

00:02:39.840 --> 00:02:42.160
point number five check and verify that

00:02:42.160 --> 00:02:44.319
all the relevant documents such as

00:02:44.319 --> 00:02:46.959
backup and restoration guidelines

00:02:46.959 --> 00:02:49.200
network and architecture diagram

00:02:49.200 --> 00:02:51.599
alternate workarounds to performing

00:02:51.599 --> 00:02:54.480
business functions and insulin playbooks

00:02:54.480 --> 00:02:57.040
are available instantly to support

00:02:57.040 --> 00:02:59.120
business continuity and operational

00:02:59.120 --> 00:03:00.480
resilience

00:03:00.480 --> 00:03:02.400
make sure that all the documents are

00:03:02.400 --> 00:03:05.280
reviewed for any changes that happened

00:03:05.280 --> 00:03:07.920
previously

00:03:08.159 --> 00:03:10.239
point number six make sure all the

00:03:10.239 --> 00:03:12.400
business continuity and operational

00:03:12.400 --> 00:03:14.879
resilience plans are tested at least

00:03:14.879 --> 00:03:16.480
annually

00:03:16.480 --> 00:03:18.640
check and verify the tabletop exercise

00:03:18.640 --> 00:03:21.280
was performed and the report generated

00:03:21.280 --> 00:03:22.959
and identified if there were any

00:03:22.959 --> 00:03:25.840
shortcomings during the call

00:03:25.840 --> 00:03:27.920
make sure that quality exercise was

00:03:27.920 --> 00:03:29.120
performed

00:03:29.120 --> 00:03:31.360
to ensure the communications to all the

00:03:31.360 --> 00:03:33.200
users

00:03:33.200 --> 00:03:35.519
sure user's contacts are stored and

00:03:35.519 --> 00:03:38.239
acknowledged of all calls and messages

00:03:38.239 --> 00:03:41.680
that were recorded and verified

00:03:41.680 --> 00:03:43.680
check and verify the stress reports to

00:03:43.680 --> 00:03:45.760
identify that the tests were conducted

00:03:45.760 --> 00:03:49.040
as per the resilience plan

00:03:49.599 --> 00:03:51.040
point number seven

00:03:51.040 --> 00:03:53.360
in times of crisis communication among

00:03:53.360 --> 00:03:55.760
stakeholders and the relevant entities

00:03:55.760 --> 00:03:58.480
is key to successfully managing business

00:03:58.480 --> 00:04:00.080
disruption

00:04:00.080 --> 00:04:01.680
make sure that the communication lines

00:04:01.680 --> 00:04:03.840
are identified and how the communication

00:04:03.840 --> 00:04:05.920
is sent to the relevant parties

00:04:05.920 --> 00:04:08.319
be the press municipality or business

00:04:08.319 --> 00:04:09.599
users

00:04:09.599 --> 00:04:11.760
make sure that response structure is

00:04:11.760 --> 00:04:14.159
developed to communicate early warnings

00:04:14.159 --> 00:04:18.239
and communications to the stakeholders

00:04:18.560 --> 00:04:20.079
point number eight

00:04:20.079 --> 00:04:22.079
business data is a key component to

00:04:22.079 --> 00:04:24.160
recover from a disaster or a crisis

00:04:24.160 --> 00:04:25.680
situation

00:04:25.680 --> 00:04:27.520
make sure that a secure backup data

00:04:27.520 --> 00:04:28.400
process

00:04:28.400 --> 00:04:31.440
is followed for restoring data in times

00:04:31.440 --> 00:04:32.720
of crisis

00:04:32.720 --> 00:04:34.880
check sample backup and restoration

00:04:34.880 --> 00:04:37.440
evidences

00:04:38.880 --> 00:04:40.880
point number nine to recover from a

00:04:40.880 --> 00:04:43.040
natural disaster like flooding or

00:04:43.040 --> 00:04:45.360
earthquakes and other man-made disasters

00:04:45.360 --> 00:04:46.639
like fire

00:04:46.639 --> 00:04:48.800
ensure that systems and network devices

00:04:48.800 --> 00:04:51.199
are housed in environmentally safe data

00:04:51.199 --> 00:04:54.400
centers as well as redundancy is always

00:04:54.400 --> 00:04:55.520
maintained

00:04:55.520 --> 00:04:58.160
ensure alternate sites like hot warm or

00:04:58.160 --> 00:05:00.240
cold sides are designed as per the

00:05:00.240 --> 00:05:02.560
business requirements and tested to

00:05:02.560 --> 00:05:05.199
effectiveness

00:05:05.199 --> 00:05:07.280
and finally point number 10 check and

00:05:07.280 --> 00:05:09.919
verify that a dr or disaster recovery

00:05:09.919 --> 00:05:11.919
activity is tested

00:05:11.919 --> 00:05:12.960
ensure

00:05:12.960 --> 00:05:14.720
network switcher happens automatically

00:05:14.720 --> 00:05:17.600
to secondary sites

00:05:17.600 --> 00:05:19.919
and servers and applications run without

00:05:19.919 --> 00:05:22.479
any issues

00:05:22.880 --> 00:05:24.400
thank you for watching the video

00:05:24.400 --> 00:05:26.639
do provide your feedback and subscribe

00:05:26.639 --> 00:05:28.000
the channel for

00:05:28.000 --> 00:05:29.440
upcoming videos

00:05:29.440 --> 00:05:32.680
thank you