Effective Business Continuity Planning, Ask This:

Effective Business Continuity Planning, Ask This:

Gerard Blokdyk Gerard Blokdyk

Gerard Blokdyk

???? 34K+ | Bestselling Author | Innovator | Speaker | Mentor | Founder and CEO at The Art of Service | Bestselling Author - With 1000+ Academic Citations my work is in the top 1% of most cited work worldwide

发布日期: 2022年1月14日
+ 关注

  1. Does your organization have a plan or framework for Business Continuity Management or disaster recovery management?
  2. Do you have a disaster recovery plan (DRP) and Business Continuity Plan (BCP) for all systems and business processes supporting customer data?
  3. Do you have an established Business Continuity Management framework in place, including a defined Business Continuity Plan, business impact analysis, business recovery plan and disaster recovery plan?
  4. In the event of COVID 19 related disruption, does the supplier have documented plans for business unit continuity and/or information technology disaster recovery (IT DR)?
  5. Has your organization customized its business continuity and disaster recovery plans or is a generic plan in place?
  6. Does your organization have a documented information technology business continuity and disaster recovery program for your business?
  7. Do you have a Disaster Recovery Plan / Business Continuity Plan in place to address the current or similar distress situations?
  8. Do you have a disaster recovery or (DR) or Business Continuity Plan (BCP) that includes a process for reliable back up and recovery of all data?
  9. Are you consistently getting data off site, and do you have both business continuity and disaster recovery plans in the event they should be required?
  10. Does your organization ensure that business impact assessment, business continuity and disaster recovery plans are produced for all mission critical information, applications, systems and networks?
  11. Do you need your business continuity and disaster recovery plan to be relevant for your hybrid IT environment, while meeting business needs in a timely and cost effective manner?
  12. Does your organization have a Disaster Recovery and Business Continuity Plan, which is both current and which has been tested?
  13. Do you have a mission assurance plan that addresses business continuity and operational and disaster recovery and is this plan regularly tested and found effective?
  14. Has your organization communicated a plan to address business continuity or disaster recovery in the cloud?
  15. Are your recovery procedures as they should be and does this form part of your Business Continuity Plan and/or Disaster Recovery Plan?
  16. How did you build your Business Continuity Plan across several business units with different goals, and IT has to support them all?
  17. Are there service level agreements, Business Continuity Plans or disaster recovery plans that contractors need to follow?
  18. Does your business have your Business Continuity Plan in place to support the continued operation of your business in adverse conditions as: cyclone, fire, loss of telecommunications?
  19. Does your organizations Business Continuity Management Plan include the contact details of a restoration organization with proven skill in electronic equipment protection and data recovery?
  20. How do you ensure that auditing Business Continuity Plans is worthwhile, and whether they address the real continuity and disaster recovery risks that your organization faces?
  21. Have service level agreements (SLAs) been established for critical service providers that your organization does business with to ensure they also have a tested Business Continuity Plan?
  22. Does your organization have a written Business Continuity Plan and COOP to guide restoration of facilities and services following an emergency event?
  23. Does your organization have an appropriate process in place to ensure that it receives all updates to any of your organizations Business Continuity Plans in a timely manner?
  24. What business continuity and data recovery plans are in place to ensure that service can be maintained in the case of a disaster or an emergency?
  25. Does your organization have the technology, resources, and a plan in place to meet today's business continuity requirements?
  26. Does your business continuity and IT disaster recovery plan include steps required to resume operations driven by the botbased digital workforce?
  27. Is a crisis management policy defined and implemented?
  28. To what extent do your business continuity and disaster recovery plans account for Internet availability, and have you tested them?
  29. Do you have a written Incident Recovery or Business Continuity Plan in force for network security incidents and network outages?
  30. Does your BCP include the business continuity of the application infrastructure to protect the applications and the associated risks?
  31. Has the IT disaster recovery plan been integrated with other applicable plans (e.g., business continuity or resumption plan, occupant evaluation plan, etc.)?
  32. Does your organizations Business Continuity Plan require each department or function to maintain written business continuity and/or disaster recovery plans?
  33. Has your organization addressed cyber terrorism in your Business Continuity Management Program and related Business Continuity Plans, Disaster Recovery Plans, and/or Crisis Management Plans?
  34. Does business continuity and disaster recovery readiness have support of top management in your organization?
  35. Is the system contingency plan coordinated with related plans, as the disaster recovery plan, the Business Continuity Plan, and the incident response plan?
  36. Do you thoroughly review a copy of the vendors business continuity and disaster recovery plan that covers the availability and restoration of both your data and the vendors services that you use?
  37. The goal of Business Continuity Planning is to ensure resiliency, and what if your recovery comes to a grinding halt because a critical vendor does not have a tested recovery plan?
  38. Are tests or exercises conducted with organization groups responsible for associated plans (for example, contingency plans, disaster recovery plans, and Business Continuity Plans)?
  39. Do you have a mission assurance plan in place that addresses business continuity and operational and disaster recovery?
  40. Do your cloud service providers have proper compliance certifications, data protections, and Business Continuity Plans required for how you are using it?
  41. Does your organization have a comprehensive Business Continuity Plan to protect its staff, data, and property?
  42. What changes if anything regarding business continuity / disaster recovery processes or plans if the system is unavailable or data has been lost/corrupted?
  43. Does your organizations Business Continuity Plan (BCP)/Disaster Recovery Plan (DRP) include plans to recover from a major malware incident?
  44. Do you know if your material or equipment suppliers have their own emergency plan to ensure the business continuity if affected by an emergency?
  45. Does your organization exercise the business continuity and disaster recovery plans at least once per year?
  46. How does the critical service providers business continuity and disaster recovery plans address cyber attacks?
  47. Does your organization periodically review its disaster management and Business Continuity Plans and implement improvement measures if necessary?
  48. Are IT recovery and continuity plans aligned and consistent with Business Continuity Plans, have they been tested and are they consistent with business security, impact and risk?
  49. Does your country have a law or policy in place that requires industries to have business risk management and continuity planning in place?
  50. Has your organization developed emergency management plans to be able to ensure employee safety and business continuity in the event of a crisis or economic downturn?
  51. Do you have a process where you could work together with vendors on Business Continuity Planning and disaster recovery, including testing to provide assurance?
  52. Have external contractors/suppliers robust Business Continuity Management Plans in place to ensure the continuity of service?
  53. Has specific responsibility been assigned for the execution of business continuity and disaster recovery plans (either within or outside of the information security function)?
  54. How does your organization formally test the effectiveness of its Business Continuity Plan on a periodic basis at least once a year and maintain evidence of that review?
  55. Does your organizations Business Continuity Plan (BCP) have a pandemic preparedness and response plan component?
  56. Who is responsible for the backup and recovery plan?
  57. Does the business continuity and/or disaster recovery plan address customer notification when incidents occur?
  58. Does your organization have resilience, emergency, business continuity and escalation plans which have been formulated and tested with the appropriately trained staff?
  59. How can a disaster recovery system ensure business continuity to the maximum and make zero service interruption and zero data loss available?
  60. Does the outsourcer have Business Continuity Plans in place in the event of a natural or man made disaster or public health emergency?
  61. In which stage of the Business Continuity Planning lifecycle does your organization identify critical business processes and assign recovery priorities?
  62. Do you have defined leadership, management and governance over your Business Continuity Plan (BCP)/dr/crisis management program?
  63. Are business continuity (BC) and disaster recovery (DR) plans in place to address remote working at scale and allow for potential infrastructure failures?
  64. What proportion of departments have a documented Business Continuity Plan that has been reviewed within the last 18 months?
  65. What is the amount that is budgeted for the comprehensive Business Continuity and Disaster Recovery plan services?
  66. Response plans (incident response and business continuity) and recovery plans (incident recovery and disaster recovery) are in execution of the service continuity plan?
  67. The final approval of the disaster recovery plan (DRP) and Business Continuity Plan (BCP) rests with which group?
  68. How do you ensure to link Business Continuity Planning with existing risk management in your organization?
  69. Are policy, process and procedures defining business continuity and disaster recovery in place to minimize the impact of a realized risk event and properly communicated to tenants?
  70. Does the service provider formally test its business continuity and disaster recovery plans on a regular basis?
  71. Do you or your organization ask key suppliers whether they have business continuity arrangements in place?
  72. In the event of political fallout, do you have Business Continuity Plans in place across IT that could trigger the transfer of data, IT services and staff resources back to your or another country?
  73. When developing your business continuity plan (BCP), which tools are used to gain an understanding of your organizations business processes?
  74. Does your organization know the disaster management and business continuity status of suppliers that supply its essential materials and parts?
  75. Can existing data backup and disaster recovery systems meet the needs of your organizations Business Continuity Plan?
  76. How are the business continuity and disaster recovery plans of the critical service provider regularly assessed with your organizations expectations?
  77. Do any departmental Business Continuity Plans (BCP) and/or Disaster Recovery (DR) plans exist, and when were they last updated?
  78. Have the business continuity / disaster recovery plans and procedures been tested to validate effectiveness?
  79. Who has responsibility for activating the Business Continuity Plan for your organization and who is that persons back up?
  80. As fast as your organization is moving, how are business continuity and crisis management plans keeping pace?
  81. Does internal audit or an independent third party provide regular assurance on the effectiveness of your organizations Business Continuity Plan and incident management process?
  82. Is your organization a member of any professional body, as the Business Continuity Institute, Disaster Recovery Institute International or Emergency Planning Society?
  83. To what extent has the head of your organization nominated key personnel and identified them in documented Business Continuity Plans / Major Incident Plans (BCP / MIP) or similar?
  84. Do those responsible for BCPs have the right knowledge, skills and access to assess and plan continuity from a holistic and strategic business perspective?
  85. How satisfied are you with how your crisis management and Business Continuity Plans have dealt with the pandemic?
  86. Have business continuity / disaster recovery plans and/or procedures been initialized and disseminated to relevant stakeholders?
  87. Does your organization implement and maintain processes for updating, reviewing and testing incident response and Business Continuity Plans that address cyber threats involving extortion?
  88. How does your Business Continuity Management plan interact with other management plans and where lies division of responsibility?
  89. What training do you provide in support of your cybersecurity Incident Response Plan, Business Continuity Plan, Emergency Operations Plan Cyber Incident Plan, or other related plans?
  90. As your business operations become more streamlined with automation and intelligence, how do you leverage to plan for, manage through and come out of your business continuity event?
  91. How do you decide if an incident can be dealt with as a day to day management issue or does the Business Continuity Plan need to be invoked?
  92. How well do your organizations leaders oversee development of the Business Continuity Plan and ensure it is tested in accordance with your organizations risk profile and appetite?
  93. How do you keep Business Continuity and Disaster Recovery plans current and updated?
  94. What percentage of the service staff are contractors?
  95. What is the process to review and monitor the Business Continuity Plan and recovery resources of your subcontractor(s)?
  96. How does your organization review key vendor planning for business continuity compliance with industry best practices?
  97. Do your suppliers Business Unit Continuity Plan or IT DR Plan identify critical business processes and the recovery priority?
  98. Does your organizations Business Continuity Plan include long term remote working and remote management of essential operations?
  99. Does your organization use sufficient exercise and test methods to evaluate the effectiveness of the BCP and to validate the continuity and resilience of business functions?
  100. Have measurable business continuity (BC) objectives been established, documented and communicated throughout your organization with a plan to achieve them?

Auditing? Ask this: Auditing? Ask this:

Auditing? Ask this:

4,929 位关注者

订阅
Porendra Pratap

Bachelor of Commerce - BCom from Nizam College at Hyderabad Public School

3 年

??
回复
Abdallah K.

PMP?| ITIL? Expert | TOGAF?| Scrum Master| PMWeb | PMIS | PMC

3 年

Wow that’s a lot Thank you for sharing ??
回复
1 次回应
查看更多评论

要查看或添加评论,请登录

Gerard Blokdyk的更多文章

社区洞察

其他会员也浏览了