SUBJECT AREA 8 BUSINESS CONTINUITY PLAN EXERCISE, AUDIT, and MAINTENANCE

Similar documents
Business Continuity. Building a Program Fit for Purpose

Process Deployment and Monitoring Natural SPI

Melanie Quinlan, Business Continuity & Compliance Manager, Resources & Quality Assurance

Global Crises: What We Really Need to Do to Be Prepared. Day One / Session C5

University of Houston Business Continuity Planning Office of Emergency Management

Introducing ISO 22301

Session 308 Monday, October 21, 3:00 PM - 4:00 PM Track: Industry Insights

ITIL Foundation v V1. Module 4: Service Transition. Reader s Note QAI India Ltd. I

ITIL: Operational Support & Analysis (OSA) (Revision 1.6)

DISASTER PREPAREDNESS Guide & Template

Business Continuity & IT Disaster Recovery

NATURAL DISASTERS AND THE WORKPLACE

Evaluating Your Business Continuity Plan: Beyond Checklists and Walkthroughs. Troy Harris, Director McGladrey LLP. All Rights Reserved.

CMMI-DEV V1.3 CMMI for Development Version 1.3 Quick Reference Guide

CMMI-SVC V1.3 CMMI for Services Version 1.3 Quick Reference Guide

LB35: Verifying IT and Business Continuity. Lucas G. Aimes & Terry DiVittorio, Project Performance Corporation (PPC)

Let s Connect Successfully working together

Project Communications Management

An introduction to business continuity planning

Pipelines Safety Regulations 1996

Contract Management. Larry Johnson IT Service Management. January 2018

Article from: CompAct. April 2013 Issue No. 47

FAA PMIWDC LUNCHEON SERIES STRATEGIC PLANNING; WHAT, WHY, AND HOW

Resilience: Internal Audit s role in Strengthening Business Continuity Capabilities

For the PMP Exam using PMBOK Guide 5 th Edition. PMI, PMP, PMBOK Guide are registered trade marks of Project Management Institute, Inc.

Business Resilience: Equipping the FM for Success

Coastal Equities, Inc.

Operating Level Agreement (OLA) Template

Release & Deployment Management PinkVERIFY

Scope of Work for Developing the City of New Orleans Neighborhood Participation Plan

The Seven Areas of Responsibility of Health Educators Area of Responsibility I: ASSESS NEEDS, ASSETS AND CAPACITY FOR HEALTH EDUCATION COMPETENCY

Project Origination: Item Description (Origination) Comments (or reasons for NOT completing)

ISO 28002: RESILIENCE IN THE SUPPLY CHAIN: REQUIREMENTS WITH GUIDANCE FOR USE

Executive Board of the United Nations Development Programme and of the United Nations Population Fund

Business Continuity/ Disaster Recovery. Sean Gunasekera

CLICNET TELECOMMUNICATIONS INC. Business Continuity Plan

INTERNATIONAL STANDARD

R&D Manager Hillingdon Hospital. Revision History Effective Date Reason For Change. recommendations Version no:

SureService Program. Benefits. Introduction. Service Data Sheet November Best-in-class system reliability. Preventive maintenance package

This role is based within IT support. You will be required to work as part of a team to provide customer-focussed day-to-day IT support.

BUSINESS CONTINUITY PLANNING WORKPROGRAM

CHAPTER 2: IMPLEMENTATION PHASES AND OFFERINGS

Incident Mitigation Management Workshop Recap and To do List Next Steps after Today

Unit 11: Stakeholder Management (PMBOK Guide, Chapter 13)

Incident Management. What is it? Why use it? Who wants it? Cheryl Nickel ITSM Process Specialist MTS Allstream September 22, 2011

Service Level Agreement (SLA)

TOWNSHIP OF ADELAIDE METCALFE

Preparing for Disaster

AN EXECUTIVE S GUIDE TO BUDGETING FOR SECURITY INFORMATION & EVENT MANAGEMENT

The Basics of ITIL Help Desk for SMB s

CIP Cyber Security Security Management Controls

Transmission Function Employees - Job Titles and Descriptions 18 C.F.R 358.7(f)(1)

Disaster Recovery Planning

IT Change Management. Approved: July 25 th, 2016 Implemented: July 25 th, P a g e 1 11

Meter Data Management Systems. Position. Vice President, Product Management. November 29 December 1, 2010 Santo Domingo Dominican Republic

Supplier Relationship Management Unipart Expert Practices. March 2013

Fordham University BCP / DRP Lunch. Lunch

Working Draft Version 0.7 July 30, 2014 Developed by

US Business Continuity Safeguarding Your Business from a Disaster

SharePoint Implementation & Adoption Challenges

An Overview of the AWS Cloud Adoption Framework

Solvency II and Risk Management: Generali Group approach. Stefano Ferri Group Chief Risk Officer Generali Group

IT Administration including SIMS Support

Change Management Process

Government of Saskatchewan. Vendor Debriefing

Understanding the relationship between Asset Management and the CMDB

Reduces the risk of downtime caused by infrastructure failure.

2013 Honeywell Users Group Europe, Middle East and Africa. Martin Ross Drive Operator Excellence through Simulator Training

ESRI (UK) LTD SUPPORT POLICY

12.0 Business Continuity Management

TIPS PREPARING AN EVALUATION STATEMENT OF WORK ABOUT TIPS

Make the complex manageable

Internal Audit Report. IT Change Management Review March 2016

Business Continuity Management for Singapore s Logistics Sector. By Singapore Business Federation and Singapore Logistics Association

Engaging the Business to Ensure Project Success. Cindy Stonesifer, MBA, PMP

The Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector

SHOULD YOUR BARCODE LABELING SOLUTION BE FULLY INTEGRATED WITH YOUR BUSINESS SYSTEM?

ISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices

Emergency Management, Business Continuity, & Crisis Management Self-Assessment Checklist

Supplier Overview of Johnson & Johnson MD&D Supplier Quality Standard Operating Procedures (SOPs) MDD-013 Supplier Business Reviews

SESSION 405 Tuesday, November 3, 10:00am - 11:00am Track: Industry Insights

Federal Financial Supervisory Authority (BaFin)

National Contingency Chapter Section 4 - Canadian Coast Guard Response Management Structure

Implementing ITIL Best Practices

Yale University Business Continuity Planning Quick Start Guide

Top 10 Signs You're Ready (or Not)

Business Continuity Planning. Diane Engstrom Christian Brothers Risk Management Services

Business Resilience: Proactive measures for forward-looking enterprises

ITSM Process/Change Management

BPO Service Level Agreement

IT Service Catalog College of Arts & Sciences

SCRIBE SUPPORT POLICY

2016 Business Continuity / Disaster Recovery Internal Audit Report

Building and Maintaining a Business Continuity Program

SIMATIC PCS 7 Lifecycle Services

IT Due Diligence in an Era of Mergers and Acquisitions

ADR International ADR s Online Supply Chain Academy (OSCA) elearning Courses

POLICIES. 1.3 Certification Criteria In order for a company to be eligible for FIRST Company Certification, the following criteria must be met:

Statement of Work IBM Enterprise Availability Management Service. 1. Subject. 2. Definitions. IBM Deutschland GmbH. Version: January 2016

PBMs: From RFP To Implementation. Christopher Cannon, NASTAD U.S. Virgin Islands ADAP and Georgia ADAP April 3, 2014

Transcription:

SUBJECT AREA 8 BUSINESS CONTINUITY PLAN EXERCISE, AUDIT, and MAINTENANCE Establish an exercise/testing program which documents plan exercise requirements including the planning, scheduling, facilitation, communications, auditing and post review documentation. Establish maintenance program to keep plans current and relevant. Establish an audit process which will validate compliance with standards, review solutions, verify appropriate levels of maintenance and exercise activities and validate the plans are current, accurate and complete. A. THE PROFESSIONAL S ROLE IS TO: A.1 Establish an Exercise/Testing Program A.2 Establish Plan Maintenance Program A.3 Establish a Business Continuity Audit Process A.4 Communicate Exercise/Test Results and Recommendations B. THE PROFESSIONAL SHOULD DEMONSTRATE A WORKING KNOWLEDGE IN THE FOLLOWING AREAS: B.1 Establish an Exercise/Testing Program B.1.a Develop an exercise program which meets organizational continuity objectives. Obtain executive sponsorship for exercise/testing program development Align with the organizations business strategy and tactical requirements. Provide a high level of confidence for the continuity of operations. Develop a realistic, progressive and cost effective program. B.1.b Document exercise/testing standards and guidelines. Document Exercise Requirements a. Identify test types which may include, business, facility and technical testing - Walk through / tabletop reviews DRI International Page 37 of 46

- Integrated (transmission of data to/from multiple applications/systems) - Backup and connective validation to another application(s)/system(s) - Standalone - Call trees - Line of business (LOB) functional processes - Facilities, e.g. buildings and work areas b. Define testing program objectives and select appropriate scenarios c. Define assumptions and limitations d. Identify Participants and their Roles and - Responsibilities - Recovery Team(s) - Observers/reporters - Time keepers - Auditor/reviewers - Facilitator - Suppliers - Out-sourced Services and Providers Scheduling Exercises a. Develop a multi-year progressive schedule b. Develop specific testing schedule on an annual basis. B.1.c Determine Exercise Requirements Define and document exercise objectives a. Define and document in-scope/out-of-scope requirements b. Approximate the types of incidents the organization is likely to experience. Include suitable activities to exercise various facets of the BC Strategies, example(s): - Technical - does the equipment work? - Procedural - are the procedures correct? - Logistical - can people access the recovery facility and execute their recovery procedures? - Timelines - can the required RTOs be achieved? Define exercise notification process DRI International Page 38 of 46

- Announced/planned - Unannounced/surprised Define and document criteria aligned with exercise objectives and scope: - Quantitative - Qualitative B.1.d. Identify Pre Exercise activities Identify resources required to conduct the exercise. Identify participants (example(s): business unit contacts, IT representatives, umpires, adjudicators, etc). Ensure all understand the objectives and their roles. Provide an inventory of hardware, software and physical assets required for the exercise (examples: PC/laptop, Security access, telephone, applications, printers, etc). Document and communicate specifications for the exercise environment. - Production vs. Test - Business Day vs. Weekend Provide a timetable of events and circulate to all participants, facilitators and adjudicators B.1.e. Identify Exercise Activities Conduct Exercise. - Should an incident occur during an exercise you should have a predetermined mechanism for cancelling the exercise and invoking the actual business continuity process. Record Exercise process. - Document exercise results via the activation and maintenance of the issues log. Declare end of exercise. a. Shut down procedures. b. Perform clean-up activities. DRI International Page 39 of 46

B.1.f. Identify Post Exercise activities Conduct debriefing sessions to review exercise results and identify actions for improvements. Post-Exercise Reporting a. Provide a comprehensive summary with recommendations, b. Document Action Plan report - Identify Open Issues - Identify actionable items with responsibilities and timeframes for resolution. - Monitor (and escalate where necessary) progress to completion of agreed actions c. Communicate Exercise Results - Document Lessons Learned - Document expected versus actual results - Document unexpected results B.2 Establish Plan Maintenance Program B.2.a. Define Plan Maintenance Method and Schedule (v) (vi) Define ownership of plan data Prepare maintenance schedules and review procedures Select maintenance tools Monitor maintenance activities Establish plan update process Ensure that scheduled plan maintenance addresses all documented recommendations. B.2.b Define Change Control Process Analyse business changes with planning implications Develop change control procedures to monitor changes -Create proper version control; develop plan re-issue, distribution, and circulation procedures DRI International Page 40 of 46

-Identify plan distribution lists for circulation -Process to update plans based on response to Audit findings Set guidelines for feedback of changes to planning function Implement change control process B.3 Establish a Business Continuity Audit Process B.3.a. Define Audit Method and schedule. Select appropriate audit types. - Internal Audit - External Audit - Self Assessment B.3.b. Document Audit Standards and Guidelines - Select/Develop any needed audit tools B.3.c Establish Audit Schedule B.3.d. Conduct/Monitor Audit Activities Audit the Plan Structures, Contents, and Action Sections - Audit BC Program requirements, documents and standards - Audit BC templates and plan - Audit test requirements and results - Audit repository for plan and test results Audit the Plan Documentation Control Procedures - Audit version control process and documentation - Audit distribution lists and associated processes - Audit change control process B.3.e. Review Management response to Audit findings Confirm responses have been submitted and action plans documented. Verify completed actions have been captured in the plan. DRI International Page 41 of 46

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback