- Conduct meetings with relevant staff to get an understanding of Business Continuity and IT Disaster Recovery arrangements. Review of documentation including any relevant policies, standards, guidelines, and procedures
- Perform current state and gap assessments against industry leading practices such as ISO 22301 (risk based or compliance based) and test the design and operating effectiveness of these controls
- Report on the findings
- Risk and Control Knowledgebase (RACK) –ISO 22301 and/or SAMA Business Continuity Framework
- Business Continuity and Disaster Recovery Audit Report (Executive Summary, Detailed Findings, Risks , Recommendation and Management Response).