Business Continuity & IT Disaster Recovery Management Review

Business continuity is the ability of an organization to maintain essential functions during, as well as after, a disaster has occurred. A review of this area will provide assurance that that adequate controls are implemented in the organization to ensure ability to respond to a disaster and recover its critical processes following the disaster.

Methodology

  • Conduct meetings with relevant staff to get an understanding of Business Continuity and IT Disaster Recovery arrangements. Review of documentation including any relevant policies, standards, guidelines, and procedures
  • Perform current state and gap assessments against industry leading practices such as ISO 22301 (risk based or compliance based) and test the design and operating effectiveness of these controls
  • Report on the findings

Tools

  • Risk and Control Knowledgebase (RACK) –ISO 22301 and/or SAMA Business Continuity Framework

Deliverable

  • Business Continuity and Disaster Recovery Audit Report (Executive Summary, Detailed Findings, Risks , Recommendation and Management Response).

High Level Scope

Business Continuity Program Management

  • Review the Business Continuity (BC) Plans, procedures and policies Evidence of Leadership involvement and Governance
  • Review the process and approval of Business Impact Assessment and Threat Risk Assessment.
  • Review to assess BC recovery strategies approval.
  • Review the process around maintenance and testing of the Business Continuity Plan
  • Review Incident response plan(s), Crisis Management Plan and Emergency Evacuation Plan for existence and approval.
  • Test the controls around alignment of BC plans to regulatory requirements.
  • Review the process of BC awareness programs

IT Disaster Recovery:

  • Review to ensure existence and approval of IT Disaster Recovery procedures and plans
  • Review the process around enterprise data and systems backup and restoration testing procedures.
  • Test the process of maintaining system and data backup recovery KPIs and SLA to Business Impact Analysis
  • Review the process around alignment of changes in production to IT DR systems.

Business Continuity & IT Disaster Recovery Management Implementation

Business continuity is concerned with the capability of an organization to plan for, and respond to, incidents and business disruptions in order to continue business operations at an acceptable predefined level. These incidents can be a situation that might be, or could lead to, a business disruption, loss, emergency or crisis.

Methodology

  • Conduct meetings with relevant staff to get an understanding of business and business processes
  • Establish a BCM Governance to assist the organization establish policies and standards for the management of its BCM program
  • Identify the impacts of business disruptions and threats to the processes of organization’s departments by conducting Business Impact Analysis and Risk Assessment
  • Identify and evaluate the most cost effective and appropriate strategies to mitigate the findings identified in the previous phase.
  • Develop appropriate plans to specify the activities, resources and personnel required to respond to a disruptive event
  • Conduct training sessions to educate organization’s stakeholders on their BCM roles and responsibilities.
  • Prepare Management to execute incident and crisis management plans, and departments to execute their BCPs.
  • Alignment with ISO 22301 standard and/or Regulatory requirements such as SAMA Minimum BCM Requirements.
  • Customize the best practices IS policies and procedures towards organization processes and finalize the draft for process owner

Tools

  • IS policies and procedures library – aligned with ISO 27000 and/or SAMA Cyber Security Framework.

Deliverable

  • BCM Policy
  • BCM Governance Manual
  • BCM Awareness Slides
  • Business Impact Assessment Report
  • Threat Risk Assessment Report
  • BCP Strategies Report
  • Business Continuity Plans
  • IT Disaster Recovery Plan
  • Crisis Management Plan
  • Incident Management Framework
  • Emergency Response Plan
  • BCM Exercising and Testing Program
  • BCM Tabletop exercise
  • BCM Maintenance

Journey to Resilience

Business Continuity & IT Disaster Recovery Management Implementation

We deliver well thought, innovative and effective solutions

We deliver results by combining a people centric approach with analytics and leading practices to enact solutions based on deep understanding of organizations, its processes and culture.