< Return to Video

How to Audit Business Continuity Management. Audit BCM in 10 steps

  • 0:01 - 0:03
    the ability to respond to a natural or a
  • 0:03 - 0:06
    man-made threat ensure continuity of
  • 0:06 - 0:07
    business operations
  • 0:07 - 0:10
    protect human resource and assets
  • 0:10 - 0:12
    in an event of a disaster or a business
  • 0:12 - 0:14
    disruption is the primary objective of
  • 0:14 - 0:16
    any business continuity management
  • 0:16 - 0:17
    program
  • 0:17 - 0:19
    hello and welcome to information
  • 0:19 - 0:22
    security governance risk and compliance
  • 0:22 - 0:24
    my name is salvador and today we will
  • 0:24 - 0:26
    learn how to audit a business continuity
  • 0:26 - 0:28
    management program
  • 0:28 - 0:29
    in 10 steps
  • 0:29 - 0:32
    let's get started
  • 0:33 - 0:35
    point 1 check and verify that a business
  • 0:35 - 0:38
    continuity management policy is created
  • 0:38 - 0:41
    and reviewed on a regular basis
  • 0:41 - 0:43
    ensure the policy contains the roles and
  • 0:43 - 0:45
    responsibilities
  • 0:45 - 0:47
    workforce training framework for setting
  • 0:47 - 0:50
    business continuity objectives
  • 0:50 - 0:52
    and organizational risk appetite and
  • 0:52 - 0:54
    tolerance to plan
  • 0:54 - 0:56
    deliver and support capabilities in the
  • 0:56 - 1:00
    event of a business disruption
  • 1:00 - 1:03
    point number two make sure business
  • 1:03 - 1:06
    impact analysis is performed
  • 1:06 - 1:09
    the business impact analysis contains
  • 1:09 - 1:11
    identification of critical products and
  • 1:11 - 1:14
    services with their inherent risks
  • 1:14 - 1:17
    the likelihood and impact of each risk
  • 1:17 - 1:20
    counter measures to prevent detect and
  • 1:20 - 1:23
    react to the identified risk
  • 1:23 - 1:25
    recovery time objective and recovery
  • 1:25 - 1:28
    point objectives
  • 1:28 - 1:30
    point number three ensure a business
  • 1:30 - 1:33
    continuity strategy is developed to
  • 1:33 - 1:35
    reduce the impact of a disaster
  • 1:35 - 1:38
    ensure business continuity and recover
  • 1:38 - 1:40
    from business deceptions within the
  • 1:40 - 1:43
    enterprise risk appetite
  • 1:43 - 1:45
    make sure that the strategy includes
  • 1:45 - 1:46
    unavailability of all relevant
  • 1:46 - 1:48
    components
  • 1:48 - 1:50
    and all activities and processes within
  • 1:50 - 1:55
    the scope whether on premise or on cloud
  • 1:55 - 1:57
    point number four check and verify that
  • 1:57 - 2:00
    a business continuity plan is created
  • 2:00 - 2:02
    and reviewed on a regular basis
  • 2:02 - 2:04
    ensure that the plan consists of the
  • 2:04 - 2:06
    following components
  • 2:06 - 2:08
    scope of activity roles and
  • 2:08 - 2:10
    responsibilities clear lines of
  • 2:10 - 2:11
    communication
  • 2:11 - 2:14
    recovery procedures and the basis for
  • 2:14 - 2:16
    bcm invocation
  • 2:16 - 2:18
    with respect to cyber attack ensure
  • 2:18 - 2:20
    there is a skilled incident management
  • 2:20 - 2:24
    technical team to manage the incidents
  • 2:24 - 2:26
    in case of pandemic event that the world
  • 2:26 - 2:28
    is going through now the users need to
  • 2:28 - 2:30
    perform the functions
  • 2:30 - 2:32
    working from whom
  • 2:32 - 2:34
    ensure endpoint security and network
  • 2:34 - 2:36
    communication is effective to ensure
  • 2:36 - 2:40
    smooth business operations
  • 2:40 - 2:42
    point number five check and verify that
  • 2:42 - 2:44
    all the relevant documents such as
  • 2:44 - 2:47
    backup and restoration guidelines
  • 2:47 - 2:49
    network and architecture diagram
  • 2:49 - 2:52
    alternate workarounds to performing
  • 2:52 - 2:54
    business functions and insulin playbooks
  • 2:54 - 2:57
    are available instantly to support
  • 2:57 - 2:59
    business continuity and operational
  • 2:59 - 3:00
    resilience
  • 3:00 - 3:02
    make sure that all the documents are
  • 3:02 - 3:05
    reviewed for any changes that happened
  • 3:05 - 3:08
    previously
  • 3:08 - 3:10
    point number six make sure all the
  • 3:10 - 3:12
    business continuity and operational
  • 3:12 - 3:15
    resilience plans are tested at least
  • 3:15 - 3:16
    annually
  • 3:16 - 3:19
    check and verify the tabletop exercise
  • 3:19 - 3:21
    was performed and the report generated
  • 3:21 - 3:23
    and identified if there were any
  • 3:23 - 3:26
    shortcomings during the call
  • 3:26 - 3:28
    make sure that quality exercise was
  • 3:28 - 3:29
    performed
  • 3:29 - 3:31
    to ensure the communications to all the
  • 3:31 - 3:33
    users
  • 3:33 - 3:36
    sure user's contacts are stored and
  • 3:36 - 3:38
    acknowledged of all calls and messages
  • 3:38 - 3:42
    that were recorded and verified
  • 3:42 - 3:44
    check and verify the stress reports to
  • 3:44 - 3:46
    identify that the tests were conducted
  • 3:46 - 3:49
    as per the resilience plan
  • 3:50 - 3:51
    point number seven
  • 3:51 - 3:53
    in times of crisis communication among
  • 3:53 - 3:56
    stakeholders and the relevant entities
  • 3:56 - 3:58
    is key to successfully managing business
  • 3:58 - 4:00
    disruption
  • 4:00 - 4:02
    make sure that the communication lines
  • 4:02 - 4:04
    are identified and how the communication
  • 4:04 - 4:06
    is sent to the relevant parties
  • 4:06 - 4:08
    be the press municipality or business
  • 4:08 - 4:10
    users
  • 4:10 - 4:12
    make sure that response structure is
  • 4:12 - 4:14
    developed to communicate early warnings
  • 4:14 - 4:18
    and communications to the stakeholders
  • 4:19 - 4:20
    point number eight
  • 4:20 - 4:22
    business data is a key component to
  • 4:22 - 4:24
    recover from a disaster or a crisis
  • 4:24 - 4:26
    situation
  • 4:26 - 4:28
    make sure that a secure backup data
  • 4:28 - 4:28
    process
  • 4:28 - 4:31
    is followed for restoring data in times
  • 4:31 - 4:33
    of crisis
  • 4:33 - 4:35
    check sample backup and restoration
  • 4:35 - 4:37
    evidences
  • 4:39 - 4:41
    point number nine to recover from a
  • 4:41 - 4:43
    natural disaster like flooding or
  • 4:43 - 4:45
    earthquakes and other man-made disasters
  • 4:45 - 4:47
    like fire
  • 4:47 - 4:49
    ensure that systems and network devices
  • 4:49 - 4:51
    are housed in environmentally safe data
  • 4:51 - 4:54
    centers as well as redundancy is always
  • 4:54 - 4:56
    maintained
  • 4:56 - 4:58
    ensure alternate sites like hot warm or
  • 4:58 - 5:00
    cold sides are designed as per the
  • 5:00 - 5:03
    business requirements and tested to
  • 5:03 - 5:05
    effectiveness
  • 5:05 - 5:07
    and finally point number 10 check and
  • 5:07 - 5:10
    verify that a dr or disaster recovery
  • 5:10 - 5:12
    activity is tested
  • 5:12 - 5:13
    ensure
  • 5:13 - 5:15
    network switcher happens automatically
  • 5:15 - 5:18
    to secondary sites
  • 5:18 - 5:20
    and servers and applications run without
  • 5:20 - 5:22
    any issues
  • 5:23 - 5:24
    thank you for watching the video
  • 5:24 - 5:27
    do provide your feedback and subscribe
  • 5:27 - 5:28
    the channel for
  • 5:28 - 5:29
    upcoming videos
  • 5:29 - 5:33
    thank you
Title:
How to Audit Business Continuity Management. Audit BCM in 10 steps
Description:
more » « less
Video Language:
English
Duration:
05:33

English subtitles

Revisions Compare revisions

Our website uses cookies for analysis purposes.