Tips and techniques a typical audit programme

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Tips and techniques a typical audit programme"

Transcription

1 Auditing Business Continuity Planning Tips and techniques a typical audit programme Karen Wills, Senior Internal Auditor St James s Place Wealth Management February 2014

2 Contents Background Roles and Responsibilities Training and Awareness Scope and Strategy Risk Assessment Business Continuity Plans Testing and Exercising Outsourced Activities / External Suppliers ITDR Incidents Glossary of Terms

3 Roles and Responsibilities Accountable Executive / Sponsor Business Continuity Team BC Manager / Deputies Time in role Full time or other responsibilities Reporting lines Objectives of BC team Crisis Management Team (Gold - Strategic / Silver - Tactical Teams) Members of Crisis Management Team / Incident Response Team Description of roles Individual Business Unit or Departmental Teams (Bronze Operational Teams) BC Plan owners / deputies Time in role Specific BC objectives included in personal objectives BC Manager / Deputy job descriptions Organisation chart Annual objectives List of Crisis Management team members List of BC plan / process owners

4 Training and Awareness Level of general BC awareness within the organisation Training materials available for the BC teams (inc Central, Crisis Mgt and Individual Teams) Mandatory training on annual basis Professional membership / qualifications (BCI / IRM / CIIA) Communications to the business Training guides inc online resources DVDs Presentations / hand-outs from any awareness sessions Programme of training activity

5 Scope and Strategy Business units / buildings / departments in scope (inc any specifically out of scope and why) Activities in (and out of) scope Shared buildings Scenarios covered Relocation strategy BCP / DR strategy Recovery contracts Service agreements List of departments / critical activities Contracts with specialist BC/DR companies Budget / funding

6 Risk Assessment Risks Business Impact Assessments (BIA): Level of granularity Status of completion Frequency of review Sign off Content of BIAs List of activities, inc criticality List of IT systems used, inc criticality, RTO, RPO Critical times / peak volumes Interdependencies internal and external Critical suppliers Recovery requirements people, IT, hardware Vital records Documents to review Risk Assessment Sample of BIAs Review timetable

7 BC Plans Plan format Word/Excel/BC software Plan ownership Crisis Management Team Plan(s) Ownership and location of Master Status of completion Reasonableness of content Clearly defined tasks and responsibilities Frequency of review Sign off Departmental Plans: Typical content: Roles and responsibilities List of critical activities (should match to BIA) Separate sections for Loss of Building / Loss of IT / Loss of People scenarios Task lists in priority order at various timescales Details of manual workarounds Planning guide and template Crisis Management Team plan(s) Sample copies of critical departmental plans

8 Testing and Exercising Range of testing performed: Call cascades Desktop walkthroughs Scenario exercises Workarea recovery tests Building evacuations Status of testing Frequency Involvement in testing Test documentation Pre and Post-Test reports Test scripts Actions required Documents to review Annual Test Plan Example of Pre-test report Example of Post-test report Example of test scripts Issues and actions logs

9 Outsourced activities Outsourced activities: Identify critical outsourced activities Location shared buildings / external BIA and BC Plan Communication strategy Status of testing Joint testing Reporting Outsourcers BIA and BCP Test reports List of critical suppliers Critical Suppliers Identify critical suppliers Status of BC preparedness Link back to individual BC Plans

10 ITDR Strategy for system recovery Relationship between BC Manager and ITDR team Location of live systems Location of DR site Outsourced IT services Status of recoverability - xref to BIAs Out of date / unsupported hardware or software Status of DR testing Provision of specialist equipment (e.g. scanning, printing, mailing, call voice recording) Call centre recovery DR contracts List of critical systems RTO / RPO Example of service agreement DR Test Plans DR Test Reports

11 Incidents Past experience of incidents Command and control structure Escalation protocols Incident logs Incident Logs PIR Reports Actions logs Post-incident Reviews (PIRs) Report and actions logs Root cause analysis

12 Glossary of Terms Glossary of Terms BC Manager Crisis Management Team BC Process/Plan Owners Business Continuity Plan Crisis Management Plan Business Impact Assessment/Analysis (BIA) Recovery Time Objective (RTO) Recovery Point Objective (RPO) Workarea Recovery Site (workarea) Hot Site Warm Site Call Tree List Call Cascade Desktop Walkthrough Scenario Exercise Workarea recovery test ITDR (Information Technology Disaster Recovery) Business Continuity Manager typically responsible for implementing and supporting Business Continuity Planning at organisational level. A group of senior individuals responsible for developing and implementing a comprehensive plan for responding to a disruptive incident. The team consists of a core group of decision-makers trained in incident management and prepared to respond to any situation. Individual departmental managers having a business continuity plan for their specific activities. Plan for a given business area describing the detailed steps to return the business to normal. Flexible, but often based on specific scenarios and plans. Dependent upon the size or complexity of the operation these could be at business unit, building or individual department level. For small business units this could be combined with the crisis management plan. Plan to manage the incident at strategic level. Will include triggers for decisions to be made whether to invoke the full BC plans and management of communications within the Group. A process aimed at developing an understanding of the organisation so that the BCM program will properly support business requirements. Includes: Analysis of continuity risks Identification and prioritisation of critical business processes Tolerable downtimes and recovery timelines (RTO / RPO see below) Definition of resources required (minimum numbers of people, infrastructure, technology PCs, IT systems, telephony) An agreed timescale by when the process would be expected to be restarted, usually expressed in hours or days, and will be dependent upon the criticality of the process. The maximum amount of data that could be lost if an application has to be recovered, usually expressed in hours or days, and will be dependent upon the criticality of the process supported by the application. An alternative building (unoccupied) to which the impacted building staff would relocate to in the event their own building is unavailable. Sometimes also referred to as hot sites or warm sites. An alternative building (unoccupied) that is already equipped with desks, live PCs, phones, live applications that is ready to use immediately if a building is unavailable. Typically only used for very critical activities as it is very expensive. An alternative building (unoccupied) that has basic office provision. PCs, phones and applications would be set up at the time of incident, thus delaying recovery. A list of staff/contacts including their telephone number that can be used in an incident to contact everyone required A process whereby calls are placed to team members using the call tree to check the accuracy of the call tree. Usually done out of business hours. A review of a business continuity plan that consists of a read through of the plan, checking the logic of the steps recorded and the accuracy and completeness of supporting information. A more detailed review of the plan that involves responding to a set scenario of an incident, and could include role play to practice how the response is given. A test to physically relocate some staff from their normal location to the workarea to test whether the PCs, phones and applications work. It should include the processing of real work and taking of live calls (providing that would not disadvantage the customer). The process by which systems that fail are recovered at an alternative data processing centre. Also includes telephony recovery.

13 Any Questions?

BUSINESS CONTINUITY FRAMEWORK

BUSINESS CONTINUITY FRAMEWORK BUSINESS CONTINUITY FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Manager Organisational

More information

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3

More information

External Supplier Control Requirements BCM

External Supplier Control Requirements BCM External Supplier Control Requirements BCM BCM Requirement Description BCM Tiers Recovery Time Objective Why this is important 1. Business Continuity Policy Supplier will have a documented Business Continuity

More information

Principles for BCM requirements for the Dutch financial sector and its providers.

Principles for BCM requirements for the Dutch financial sector and its providers. Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011

More information

Business Continuity Plan

Business Continuity Plan Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions

More information

1.0 Policy Statement / Intentions (FOIA - Open)

1.0 Policy Statement / Intentions (FOIA - Open) Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies

More information

Proposal for Business Continuity Plan and Management Review 6 August 2008

Proposal for Business Continuity Plan and Management Review 6 August 2008 Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.

More information

TABLE OF CONTENTS...II EXECUTIVE SUMMARY... 3 DISCLAIMER... 4 REPORT STRUCTURE... 5 WORKSHOP DETAILS... 6 INTRODUCTION... 8 LEGISLATION...

TABLE OF CONTENTS...II EXECUTIVE SUMMARY... 3 DISCLAIMER... 4 REPORT STRUCTURE... 5 WORKSHOP DETAILS... 6 INTRODUCTION... 8 LEGISLATION... AUCKLAND ENGINEERING LIFELINES GROUP AELG PROJECT AELG /10 BUSINESS CONTINUITY PLANNING SUPPORT BUSINESS CONTINUITY MANAGEMENT WORKSHOP REPORT March 2005 TABLE OF CONTENTS TABLE OF CONTENTS...II EXECUTIVE

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

" # $% "%&$& Lesley Fayers Exercising the BCP workbook.doc Page 1 of 12

 # $% %&$& Lesley Fayers Exercising the BCP workbook.doc Page 1 of 12 ! " # $% "%&$& Lesley Fayers Exercising the BCP workbook.doc Page 1 of 12 Objectives...3 1. Why run an exercise?...3 2. What sort of exercises are there?...3 Call Tree:...4 Walk Through:...4 Table Top:...4

More information

Prudential Practice Guide

Prudential Practice Guide Prudential Practice Guide LPG 232 Business Continuity Management March 2007 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal

More information

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1 FRAMEWORK STATEMENT Business

More information

Business Continuity Planning advice for Businesses with 50-250 employees

Business Continuity Planning advice for Businesses with 50-250 employees Business Continuity Planning advice for Businesses with 50-250 employees Where to begin? A business continuity plan should consist of a business and contingencies analysis. It needs to be developed by

More information

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745 ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan

More information

NHS 24 - Business Continuity Strategy

NHS 24 - Business Continuity Strategy NHS 24 - Strategy Version: 0.3 Issue Date: 20/09/2005 Status: Issued for Board Approval Status: draft Page 1 of 13 Table of Contents 1 INTRODUCTION...3 2 PURPOSE...3 3 SCOPE...3 4 ASSUMPTIONS...4 5 BUSINESS

More information

Business continuity strategy

Business continuity strategy Business continuity strategy 2009 2012 Table of contents 1 Why this strategy is needed 3 2 Aim of the strategy 4 3 Our approach to business continuity 4 PROCESS 4 STRUCTURE 5 DOCUMENTATION 6 DISRUPTION

More information

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager 17.09.12

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager 17.09.12 POLICY BUSINESS CONTINUITY Policy owners Policy holder Author Head of Services Specialist Operations Contingency Planning Business Continuity Manager Policy No. 132 Approved by Legal Services 17.09.12

More information

University of Glasgow. Policy for. Business Continuity Management

University of Glasgow. Policy for. Business Continuity Management University of Glasgow Policy for Business Continuity Management 1 Policy Statement The University of Glasgow is committed to delivering the highest possible quality of service to our students, and the

More information

Overview of how to test a. Business Continuity Plan

Overview of how to test a. Business Continuity Plan Overview of how to test a Business Continuity Plan Prepared by: Thomas Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com BRP/DRP Test Plan Creation and Exercise Page: 1 Table of Contents BCP/DRP Test

More information

Business Continuity Planning: Bridging the Gap Between IT and Business

Business Continuity Planning: Bridging the Gap Between IT and Business Business Continuity Planning: Bridging the Gap Between IT and Business Steve Burns, President EverGreen Data Continuity, Inc. sburns@evergreen-data.com 1 The Hard Facts One-third of businesses don t include

More information

www.td.com.au Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012

www.td.com.au Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012 Business Continuity - IT Disaster Recovery Discussion Paper - - Version V2.0R Wednesday, 5 September 2012 Commercial in Confidence Melbourne Sydney 79-81 Coppin St Level 2 Richmond VIC 3121 414 Kent St

More information

A BCP Tale: From Theory to Practice

A BCP Tale: From Theory to Practice A BCP Tale: From Theory to Practice Presenter: Gord Novoselnik Problem & Configuration Manager, Enterprise Solutions Division, MTS Allstream Gord.Novoselnik@mtsallstream.com 1 10 Commandments of BCM I.

More information

Risk Management Guidelines

Risk Management Guidelines Business Continuity Management Understanding Risk We live in an unpredictable world. No matter how effectively a business protects itself through insurance, there are some risks that cannot be anticipated,

More information

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

Guideline - Business Continuity Plan

Guideline - Business Continuity Plan Guideline - Business Continuity Plan 1. Introduction: The Business Continuity Plan is a component of the Risk and Business Management suite. This suite includes: Risk Management including risk registers

More information

business continuity plan for:

business continuity plan for: business continuity plan for: Insert your company name here Our statement of Business Continuity is: > To ensure all employees are competent to do their tasks, and to provide adequate training > To review

More information

The Business of Continuity

The Business of Continuity The Business of Continuity The loss of, or serious disruption to, any critical process, function or system can have a significant impact on an organisation; in some cases threatening its very survival.

More information

Business continuity management policy

Business continuity management policy Business continuity management policy health.wa.gov.au Effective: XXX Title: Business continuity management policy 1. Purpose All public sector bodies are required to establish, maintain and review business

More information

IDA FAS Sub-Committee Guidelines for Testing 1 As of October 16, 2006

IDA FAS Sub-Committee Guidelines for Testing 1 As of October 16, 2006 Guidelines for Testing 1 The Contingency Planning Sub-Committee of the IDA compiled the following BCP testing guidelines for the benefit of IDA Members. These guidelines are not mandatory and should be

More information

Business Continuity Management AIRM Presentation

Business Continuity Management AIRM Presentation 16 January, 2008 Business Continuity Management AIRM Presentation David Hamilton, Senior Consultant http://www.marsh.ie Presentation Overview Terms used for BCP Where BCM fits in a business plan Business

More information

Business Continuity Management Policy

Business Continuity Management Policy Business Continuity Management Policy Policy Holder: Authoriser: Caroline Gover, Head of Business Continuity Caroline Thomson, Chief Operating Officer Reviewed on: Feb 08 Reviewed on: Feb 08 Next Review

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not

More information

Professional Practice Eight - Business Continuity Plan Exercise, Audit, and Maintenance

Professional Practice Eight - Business Continuity Plan Exercise, Audit, and Maintenance Professional Practice Eight - Business Continuity Plan Exercise, Audit, and Maintenance The goal of this professional practice is to establish an exercise, testing, maintenance and audit program. To continue

More information

Glossary of General Business Continuity Management Terms

Glossary of General Business Continuity Management Terms Glossary of General Business Continuity Management Terms Access Denial Activation See: Denial of Access. The implementation of business continuity procedures, activities and plans in response to a Business

More information

ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1

ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1 ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1 June 2007 The ESCB has developed a glossary of major business continuity terms for market

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Version 1 approved by SMG December 2013 Business Continuity Policy Version 1 1 of 9 Business Continuity Management Summary description: This document provides the rationale

More information

CISM Certified Information Security Manager

CISM Certified Information Security Manager CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective

More information

Checklist of ISO 22301 Mandatory Documentation

Checklist of ISO 22301 Mandatory Documentation Checklist of ISO 22301 Mandatory Documentation 1) Which documents and records are required? The list below shows the minimum set of documents and records required by ISO 22301:2012 (the standard refers

More information

Protecting Your Business

Protecting Your Business Protecting Your Business Business Continuity/Disaster Recovery Planning Robert Haberman Senior Product Manager BCP/DRP TELUS BUSINESS SOLUTIONS Business Continuity/Disaster Recovery Planning 1 Agenda:

More information

Business Continuity Management (BCM) Policy

Business Continuity Management (BCM) Policy Business Continuity Management (BCM) Policy Reference number: Corporate 042 Title: Business Continuity Management (BCM) Policy Version number: Version 2 Policy Approved by: LLR PCT Cluster Board Date of

More information

BC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value

BC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value BC / DR Implementation Tying Disaster Investment to Measurable Business Value Continuity Insights Conference May 16-18, 2005 Agenda Purpose Discuss best practice process and tools that might be leveraged

More information

University of Glasgow. Business Continuity Management. Guidance Notes

University of Glasgow. Business Continuity Management. Guidance Notes University of Glasgow Business Continuity Management Guidance Notes 1 Contents Page 1 Introduction to Business Continuity Management 3 2 Roles and Responsibilities 4 3 Business Impact Analysis 5 4 Developing

More information

DEPARTMENT FOR TRANSPORT BUSINESS CONTINUITY MANAGEMENT POLICY

DEPARTMENT FOR TRANSPORT BUSINESS CONTINUITY MANAGEMENT POLICY DEPARTMENT FOR TRANSPORT BUSINESS CONTINUITY MANAGEMENT POLICY Introduction 1. This policy is a key part of the Department for Transport s internal control framework and specifically covers the Department

More information

Business Continuity (Policy & Procedure)

Business Continuity (Policy & Procedure) Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity

More information

Business Continuity Management. Policy Statement and Strategy

Business Continuity Management. Policy Statement and Strategy Business Continuity Management Policy Statement and Strategy November 2011 Title Business Continuity Management Policy & Strategy Date of Publication: Cabinet Council Published by Borough Council of King

More information

Departmental Business Continuity Framework. Part 2 Working Guides

Departmental Business Continuity Framework. Part 2 Working Guides Department for Work and Pensions Departmental Business Continuity Framework Part 2 Working Guides Page 1 of 60 CONTENTS Guide to business impact analysis...3 Guide to business continuity planning...7 Guide

More information

Business Continuity Plan. Components and sequencing description

Business Continuity Plan. Components and sequencing description Business Continuity Plan Components and sequencing description This document is designed to help explain the contents of an example Business Continuity Plans, so that team members will have a better understanding

More information

Company Management System. Business Continuity in SIA

Company Management System. Business Continuity in SIA Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT

More information

Essex Clinical Commissioning Groups. Business Continuity Management System. Business Impact Analysis Process

Essex Clinical Commissioning Groups. Business Continuity Management System. Business Impact Analysis Process Essex Clinical Commissioning Groups Essex Clinical Commissioning Groups Business Continuity Management System Business Impact Analysis Process Policy Author: Daniel Hale - Head of Emergency Planning Version:

More information

State of South Carolina Policy Guidance and Training

State of South Carolina Policy Guidance and Training State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Business Continuity Management Policy June 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy

More information

Business Continuity Management For Small to Medium-Sized Businesses

Business Continuity Management For Small to Medium-Sized Businesses Business Continuity Management For Small to Medium-Sized Businesses Produced by NORMIT and Norfolk County Council Resilience Team For an electronic copy of this document visit www.normit.org Telephone

More information

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY This document outlines a set of policies and procedures for formalising a Business Continuity programme, and provides guidelines for developing, maintaining

More information

BCP and DR. P K Patel AGM, MoF

BCP and DR. P K Patel AGM, MoF BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management

More information

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd BS 25999 Business Continuity Management By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd 1 Contents slide BSI British Standards 2006 BS 25999(Business Continuity) 2002 BS 15000

More information

NAVIGATING THROUGH A CATASTROPHIC DISASTER:

NAVIGATING THROUGH A CATASTROPHIC DISASTER: NAVIGATING THROUGH A CATASTROPHIC DISASTER: The five most common mistakes in business continuity planning As we continue to send our thoughts and prayers to the Japanese people, many of us are also reflecting

More information

Information Commissioner's Office

Information Commissioner's Office Information Commissioner's Office Ian Falconer Partner T: 0161 953 6480 E: ian.falconer@uk.gt.com Internal Audit 2011-12: Business Continuity Review Last updated 6 February 2012 Will Simpson Senior Manager

More information

BUSINESS IMPACT ANALYSIS

BUSINESS IMPACT ANALYSIS BUSINESS IMPACT ANALYSIS [example template] [Name of Service/Organisation] [Date of Report] Disclaimer This template is provided as general information about carrying out a Business Impact Analysis. It

More information

Business Continuity Planning

Business Continuity Planning Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why

More information

Financial Services Authority. Business Continuity Management Practice Guide

Financial Services Authority. Business Continuity Management Practice Guide Financial Services Authority Business Continuity Management Practice Guide November 2006 Contents Business Continuity Management Practice Guide Introduction 1 How to use the Guide 2 How the FSA will use

More information

Business Continuity Planning advice for Businesses with over 250 employees

Business Continuity Planning advice for Businesses with over 250 employees Business Continuity Planning advice for Businesses with over 250 employees Where to begin? You can compose an effectual business continuity plan in a relatively short period and for little expenditure.

More information

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Information Security Management: Business Continuity Planning Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Overview BCP: Definition BCP: Need for (Why?) BCP: When BCP: Who

More information

Business Continuity Management Framework 2014 2017

Business Continuity Management Framework 2014 2017 Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity

More information

Business Continuity Planning Instructions

Business Continuity Planning Instructions Business Continuity Planning Instructions Business continuity planning is a proactive planning process that ensures critical services or products are delivered during a disruption. In creating the plan,

More information

The ABC s of BCP. Jeremy Sucharski Governance Risk and Compliance G31

The ABC s of BCP. Jeremy Sucharski Governance Risk and Compliance G31 The ABC s of BCP Jeremy Sucharski Governance Risk and Compliance G31 Jeremy Sucharski, CISA, CRISC Over 12 years of experience CISA and CRISC Certifications Governance, Risk and Compliance Practice Leader

More information

Statement of Guidance

Statement of Guidance Statement of Guidance Business Continuity Management All Licensees 1. Statement of Objectives 1.1. To enhance the resilience of the financial sector and to minimise the potential impact of a major operational

More information

BUSINESS CONTINUITY MANAGEMENT POLICY. October 2012

BUSINESS CONTINUITY MANAGEMENT POLICY. October 2012 BUSINESS CONTINUITY MANAGEMENT POLICY October 2012 1 Policy Statement 1.1 PHSO s Business Continuity Management (BCM) arrangements aim to provide a mechanism for ensuring that any incidents affecting the

More information

Business Continuity Plan

Business Continuity Plan Sidney Sussex College Plan Business Continuity Plan Version 0.1 Date: Version: 27 th February 2015 DRAFT 0.1 Signed: Position: Table of Contents 1. Introduction... 3 How to use this plan... 3 Business

More information

Recommendation Current Position and Explanation for Slippage: Target Dates:

Recommendation Current Position and Explanation for Slippage: Target Dates: IT Disaster Recovery 2012/13 Recommendation R1: A Disaster Recovery Plan should be developed and approved. As a minimum, this should include; the identification and prioritisation of key IT systems the

More information

Business continuity plan

Business continuity plan Business continuity plan Business continuity plan for Author:. (Position..) Date: This plan is reviewed annually Please populate the blue areas in this document with the information you collected in the

More information

Prudential Practice Guide

Prudential Practice Guide Prudential Practice Guide SPG 232 Business Continuity Management July 2013 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal

More information

BUSINESS CONTINUITY STRATEGY 2014-2017

BUSINESS CONTINUITY STRATEGY 2014-2017 BUSINESS CONTINUITY STRATEGY 2014-2017 This strategy covers the period 01 April 2014 31 March 2017 and was approved by the Major Incident Working Group 19.03.2014 Caroline Rushmer Major Incident and Business

More information

BUSINESS CONTINUITY: BEST PRACTICE, 2ND EDITION

BUSINESS CONTINUITY: BEST PRACTICE, 2ND EDITION BUSINESS CONTINUITY: BEST PRACTICE, 2ND EDITION EXCERPT FROM THE FOREWORD TO THE 2ND EDITION The events of 9/11 have cast a long shadow over the world and led to a vital reappraisal of Enterprise Risk

More information

Business Continuity Management Standard and Guide

Business Continuity Management Standard and Guide Business Continuity Management Standard and Guide AE/HSC/NCEMA 7000: 2012 Version 1 His Highness Sheikh Khalifa Bin Zayed Al Nahyan President of the United Arab Emirates Chairman of the Supreme Council

More information

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015 Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity

More information

Disaster Recovery Planning

Disaster Recovery Planning Disaster Recovery Planning NOW or NEVER Disaster Recovery Team Aura Advanced Technologies Aura Advanced Technologies Inc 1301-1121 Sixth Avenue SW Calgary, Alberta T2P 5J4 Phone: 403-269-6123 Fax: 403-269-6169

More information

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management

More information

SLOUGH BOROUGH COUNCIL. CONTACT OFFICER: Roger Parkin, Director Customer & Transactional Services (For all enquiries) (01753)

SLOUGH BOROUGH COUNCIL. CONTACT OFFICER: Roger Parkin, Director Customer & Transactional Services (For all enquiries) (01753) SLOUGH BOROUGH COUNCIL REPORT TO: Audit Committee DATE: 10 th November 2011 CONTACT OFFICER: Roger Parkin, Director Customer & Transactional Services (For all enquiries) (01753) 875207 WARD(S): PORTFOLIO:

More information

Glasgow Life Risk Management & Business Continuity Planning. Final Report

Glasgow Life Risk Management & Business Continuity Planning. Final Report Glasgow Life Risk Management & Business Continuity Planning Final Report INTERNAL AUDIT October 2014 Glasgow City Council Internal Audit 1 Glasgow Life Risk Management & Business Continuity Planning Table

More information

Emergency Response and Business Continuity Management Policy

Emergency Response and Business Continuity Management Policy Emergency Response and Business Continuity Management Policy Owner: John Duffy, Registrar & Secretary Last updated: September 2012 Version: 04 Document control Date Version Author Changes To be populated

More information

Business Continuity Business Impact Analysis arrangements

Business Continuity Business Impact Analysis arrangements Aberdeen City Council Internal Audit Report 2012/2013 for Aberdeen City Council May 2013 Business Continuity Business Impact Analysis arrangements Final Report Contents Section Page 1. Executive Summary

More information

Implementing and Auditing a Successful Business Continuity Plan

Implementing and Auditing a Successful Business Continuity Plan IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI ing and Auditing a Successful Plan Agenda Introductions Training Overview and Objectives

More information

Business Continuity Overview

Business Continuity Overview Business Continuity Overview Beverley A. Retjos Senior Manager WW SWG Security & Controls 03/12/07 Business Continuity Management (BCM) Process of ensuring that a business is prepared to survive any disruption

More information

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain 1. What is the most common planned performance duration for a continuity of operations plan (COOP)? A. 30 days B. 60 days C. 90 days D. It depends on the severity of a disaster. 2. What is the business

More information

Business Continuity Planning (BCP) 101

Business Continuity Planning (BCP) 101 2011/EPWG/WKSP/004 Intro 1 Business Continuity Planning (BCP) 101 Submitted by: Business Continuity Management Institute Workshop on Private Sector Emergency Preparedness Sendai, Japan 1-3 August 2011

More information

Business Continuity Management Policy and Framework

Business Continuity Management Policy and Framework Management Policy and Framework Version: Produced by: Date Produced: Approved by: Updated: 7 University Manager with the assistance of the Operational Group 11 th March 2010 Steering Group (14 December

More information

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT INFORMATION SECURITY: UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT FACTSHEET This factsheet will introduce you to Business Continuity Management (BCM), which is a process developed to counteract systems

More information

Business Continuity Glossary

Business Continuity Glossary Developed In Conjuction with Business Continuity Glossary ACTIVATION: The implementation of business continuity capabilities, procedures, activities, and plans in response to an emergency or disaster declaration;

More information

ICT Contingency Plan Top Level Plan

ICT Contingency Plan Top Level Plan ICT Contingency Plan Top Level Plan - 1 - Document Control Information Title: ICT Contingency Plan: Top Level Plan Date: June 2013 Version: 3.0 Authors: John Redeyoff (NCC) Contents by Neil Dudleston /

More information

Best Practices in Disaster Recovery Planning and Testing

Best Practices in Disaster Recovery Planning and Testing Best Practices in Disaster Recovery Planning and Testing axcient.com 2015. Axcient, Inc. All Rights Reserved. 1 Best Practices in Disaster Recovery Planning and Testing Disaster Recovery plans are widely

More information

Guidance Note XGN XXX.1

Guidance Note XGN XXX.1 Guidance Note XGN XXX.1 Risk Assessment and Business Continuity Planning 1. This Guidance Note provides further detail on matters institutions should consider in assessing disruption scenarios and certain

More information

Domain 3 Business Continuity and Disaster Recovery Planning

Domain 3 Business Continuity and Disaster Recovery Planning Domain 3 Business Continuity and Disaster Recovery Planning Steps (ISC) 2 steps [Har10] Project initiation Business Impact Analysis (BIA) Recovery strategy Plan design and development Implementation Testing

More information

EPRR: BCP - Checklist

EPRR: BCP - Checklist NHS England Business Continuity Management Toolkit EPRR: BCP - Checklist Appendix 3.2 1 [Intentionally Blank] INTRODUCTION The purpose of this document is to assist those who are developing a business

More information

Temple university. Auditing a business continuity management BCM. November, 2015

Temple university. Auditing a business continuity management BCM. November, 2015 Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program

More information

William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University

William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University Competitive Leadership- Twelve Principles For Success Brian Billick Chapter 3 Be Be Prepared The time

More information

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?

More information

Flinders University IT Disaster Recovery Framework

Flinders University IT Disaster Recovery Framework Flinders University IT Disaster Recovery Framework Establishment: Flinders University, 1 August 2013 Last Amended: Manager, ITS Security Services, 4 October 2013 Nature of Amendment: Initial release Date

More information

NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0

NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0 NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy Version 1.0 Document Control Title: Status: Version: 1.0 Issue date: May 2014 Document owner: (Name,

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

BUSINESS CONTINUITY POLICY

BUSINESS CONTINUITY POLICY BUSINESS CONTINUITY POLICY Document Type Corporate Policy Unique Identifier CO-038 Document Purpose To provide a structure through which: i. A comprehensive business continuity management system (BCMS)

More information

IT Service Continuity Management PinkVERIFY

IT Service Continuity Management PinkVERIFY -11-G-001 General Criteria Does the tool use ITIL 2011 Edition process terms and align to ITIL 2011 Edition workflows and process integrations? -11-G-002 Does the tool have security controls in place to

More information