Checklist For Business Recovery



Similar documents
Overview of how to test a. Business Continuity Plan

Disaster Recovery Plan Review Checklist. A High-Level Internal Planning Tool to Assist State Agencies with Their Disaster Recovery Plans

Standard CIP Cyber Security Security Management Controls

SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT IT Backup, Recovery and Disaster Recovery Planning

Version: Page 1 of 5

Information Resource Management Directive USAP Contingency & Disaster Recovery Program

How to Prepare for an Emergency: A Disaster and Business Recovery Plan

PAPER-6 PART-4 OF 5 CA A.RAFEQ, FCA

Disaster Recovery Planning Process

ITSM Tools Operation Continuity Plan Example

Massachusetts Institute of Technology. Functional Area Recovery Management Team Plan Development Template

CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS

SECTION 15 INFORMATION TECHNOLOGY

Completed. Document Name. NERC CIP Requirements CIP-002 Critical Cyber Asset Identification R1 Critical Asset Identifaction Method

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP).

Internal Control Systems

Overview. Disasters are happening more frequently and Recovery is taking on a different perspective.

INFORMATION TECHNOLOGY CONTROLS

R345, Information Technology Resource Security 1

Disaster Recovery Checklist Disaster Recovery Plan for <System One>

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

15 Organisation/ICT/02/01/15 Back- up

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

INTERNAL AUDIT 2008/09 INFORMATION TECHNOLOGY (BUSINESS CONTINUITY)

Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member

Domain 3 Business Continuity and Disaster Recovery Planning

San Francisco Chapter. Information Systems Operations

Business Continuity Glossary

Hong Kong Baptist University

Business Continuity Plan

Tips and techniques a typical audit programme

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Security Incident Management Process. Prepared by Carl Blackett

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

This policy is not designed to use systems backup for the following purposes:

Business Continuity Planning in IT

DRAFT Disaster Recovery Policy Template

FORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS. Date(s) Completed. Workpaper Reference

BUSINESS CONTINUITY PLAN

Continuity Planning and Disaster Recovery

Gatekeeper PKI Framework. February Registration Authority Operations Manual Review Criteria

Attachment #2. BUSINESS CONTINUITY PLAN Plan Development Guidelines

Planning for a Disaster Using Tivoli Storage Manager. Laura G. Buckley Storage Solutions Specialists, Inc.

IBX Business Network Platform Information Security Controls Document Classification [Public]

Oregon Employment Department: Computer Programs for Unemployment Tax Returns and Claims Need Attention

Summary of Information Technology General Control Environment Findings for the year ended 30 June 2015

SUSSEX COUNTY COMMUNITY COLLEGE MANAGEMENT LETTER JUNE 30, 2012 WISS ACCOU NTANTS CONSULTANTS

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

BNA FEDERAL CREDIT UNION DISASTER RECOVERY PLAN

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

MARQUIS DISASTER RECOVERY PLAN (DRP)

COMMERCIALISM INTEGRITY STEWARDSHIP. Back-up Policy & Guidance

[Insert Company Logo]

Planning for Disaster. Ramesh Ramani CISM CGEIT 02 June 2010

Business Continuity Planning and Disaster Recovery Planning

Keys to Narrowing Business Continuity Planning Gaps: Training, Testing & Audits

WHAT IS DISASTER RECOVERY

CIS 523/423 Disaster Recovery Business Continuity

IT Infrastructure, Strategy, and Charter Template: ISO Series Compliant - SOX, HIPAA and PCI-DSS Compliant

Internal Audit Report on. IT Security Access. January January - English - Information Technology - Security Access - FINAL.

IT Service Continuity Management PinkVERIFY

The Disaster Recovery Self-Assessment Guide and Validation Model. Jim Kates Cognizant Technology Solutions

Security from a customer s perspective. Halogen s approach to security

ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1

Call: Disaster Recovery/Business Continuity (DR/BC) Services From VirtuousIT

THE LOGICAL CHOICE FOR ONLINE DATA PROTECTION. Brought to you by

Contingency Planning and Disaster Recovery for BOMA

Security Manual Template Policy and Procedure Manual Compliance Management Made Easy ISO / HIPAA / SOX / CobiT / FIPS 199 Compliant

Planning for Disaster Disaster

MHA Consulting. Business Continuity Management 101

NHS 24 - Business Continuity Strategy

Internal Control Evaluation Progress Report for Frisco Independent School District. March 7, 2011

Decision on adequate information system management. (Official Gazette 37/2010)

UMHLABUYALINGANA MUNICIPALITY

Information Security Policies. Version 6.1

Disaster Recovery Plan Documentation for Agencies Instructions

business continuity plan for:

Business/ Organisation Name

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

Technology Recovery Plan Instructions

Backup Policy (ITP004) Information Technology Services Department

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION

How to Plan for Disaster Recovery and Business Continuity

Virginia Commonwealth University School of Medicine Information Security Standard

Overview of Business Continuity Planning Sally Meglathery Payoff


Transcription:

Checklist For Business Recovery Completed By: Name: Company: Room: Street: City, State, Zip: Phone #: Business Recovery Plan for: Business Recovery Plan (BRP)--LEVEL 1 (Executive Awareness/Authority) 1. Has a Business Response Plan (BRP) been: a. Developed? b. Updated within the last 6 months? Business Recovery Plan (BRP)--LEVEL 2 (Plan Development and Documentation) 2. Has a classification (critical, important, marginal) been assigned to the Business Process/Function/Component that this Facility/Function supports? 3. Has a BRP been: a. Documented? b. Maintained? Business Recovery Plan (BRP)--LEVEL 2 (continued) 4. Does the BRP include the following sections: a. Identification? b. Incident Management? i. Responsible company officer?

ii. Personnel responsible for updates? c. Response? d. Recovery? e. Restoration? f. Plan Exercise? g. Plan Maintenance? h. Business Recovery Teams and Contact Information? 5. Does the BRP identify hardware and software critical to recover the Business and/or Functions? 6. Does the BRP identify necessary support equipment (forms, spare parts, office equipment, etc.) to recover the Business and/or Functions? 7. Does the BRP require an alternate site for recovery? a. Does the BRP provide for mail service to be forwarded to the alternate facility? b. Does the BRP provide for other vital support functions? 8. Are all critical or important data required to support the business being backed up? a. Are they being stored in a protected location (offsite)? 9. Do you conduct a walk-through exercise of your Plan at least annually? (This should include a full walk-through as well as "elements" of your plan (i.e. accounts payable, receivable, shipping and receiving, etc.) Business Recovery Plan (BRP)--LEVEL 2 (continued) 10. Does the walk-through element exercises have a prepared plan a. Description b. Scope c. Objective 11. Is a current copy of the BRP maintained off-site? 12. Do all users of the BRP have ready access to a current copy at all times? 13. Is there an audit trail of the changes made to the BRP? 14. Do all employees responsible for the execution of the BDRP receive ongoing training in Disaster Recovery and Emergency Management?

Business Recovery Plan (BRP) LEVEL 3 15. Has the business officer and management team approved the BRP? 16. Does the business owner maintain: a. The master copy of the BRP? b. An audit trail of the changes made to a BRP? 17. Do all aspects of physical and logical security at the alternate site conform with your current security procedures? 18. Are the physical and logical security at the alternate site at least as stringent as the security at the disaster location? 19. Have all employees and their alternates responsible for executing a manual work-around for a mechanized process been identified in the BRP and properly trained? 20. Has an independent observer documented the simulation exercise(s) noting all results, discrepancies, exposures, action items, and individual responsible, etc.? 21. Was a debriefing held within a reasonable period of time (typically two weeks) after the simulation exercise(s) to ensure all activities have been accurately recorded? Business Recovery Plan (BRP) LEVEL 3 (continued) 22. Did the exercise coordinator publish a simulation exercise(s) report within a reasonable period of time (typically three weeks) after the completion of the simulation exercise(s)? 23. Did the exercise report include: a. What worked properly as well as any deficiencies and recommendations for improvement? b. Responsibility and due date for the development of the Corrective Action Plan? 24. Was a Corrective Action Plan developed by the Exercise Team to address any deficiencies identified by the exercise? 25. Is there a retention plan for the Exercise Plans and Corrective Action Plans (minimum retention 3 years)?

26. Has a walk-through element exercise been performed at least quarterly? 27. Did each walk-through element exercise have a prepared plan a) Description b) Scope c) Objective 28. When there is a change in hardware, software, or a process that might impact the Business Recovery Plan, is the BRP reviewed and updated within 30 days of the changes: Sign-Off By Officer: by whom? Name: When? Date: 29. Based on the Joint Assessment has the Team determined that the BRP is effective? Business Recovery Plan (BRP)--LEVEL 4 30. Has the business officer and management team approved the BRP? 31. Does the business owner maintain: c. The master copy of the BRP? d. An audit trail of the changes made to a BRP? 32. Do all aspects of physical and logical security at the alternate site conform with your current security procedures? Business Recovery Plan (BRP)--LEVEL 4 (continued) 33. Are the physical and logical security at the alternate site at least as stringent as the security at the disaster location? 34. Have all employees and their alternates responsible for executing a manual work-around for a mechanized process been identified in the BRP and properly trained? 35. Has an independent observer documented the simulation exercise(s) noting all results, discrepancies, exposures, action items, and individual responsible, etc.?

36. Was a debriefing held within a reasonable period of time (typically two weeks) after the simulation exercise(s) to ensure all activities have been accurately recorded? 37. Did the exercise coordinator publish a simulation exercise(s) report within a reasonable period of time (typically three weeks) after the completion of the simulation exercise(s)? 38. Did the exercise report include: a. What worked properly as well as any deficiencies and recommendations for improvement? b. Responsibility and due date for the development of the Corrective Action Plan? 39. Was a Corrective Action Plan developed by the Exercise Team to address any deficiencies identified by the exercise? 40. Is there a retention plan for the Exercise Plans and Corrective Action Plans (minimum retention 3 years)? 41. Has a walk-through element exercise been performed at least quarterly? 42. Did each walk-through element exercise have a prepared plan a) Description b) Scope c) Objective Business Recovery Plan (BRP)--LEVEL 4 (continued) 43. When there is a change in hardware, software, or a process that might impact the Business Recovery Plan, is the BRP reviewed and updated within 30 days of the changes: Sign-Off By Officer: by whom? Name: When? Date: 44. Based on the Joint Assessment has the Team determined that the BRP is effective?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information