Professional Documents
Culture Documents
Context
Do you understand the internal and external actors that can influence your
organization’s business continuity requirements?
Leadership
Does top management communicate the value of your BCMS internally and
externally?
Do the BCMS policy and objectives align with the mission and strategy of
the organization?
Planning
Have you determined the risks to and opportunities for your organization?
Have you told your whole organization about these objectives and discussed
how the whole organization might help to achieve them?
Support
Have you identified the people, tools, equipment, finances, and other
resources you need to stand up, run, maintain, and continually improve your
BCMS?
Operation
Based on the BIA, have you prioritized which activities should resume first
after a disruptive event? (This metric is also known as the recovery time
objectives.)
Have you listed the following key organization resources in your plan?
Personnel
Infrastructure
Facilities
Information
Data
IT
Supplies
Transportation
Other
Have you considered approaches to help prevent (or reduce the length and
impact of) the disruptions that can be caused by the risks you’ve identified?
Procedures
Does your organization prepare after-action reports to detail what went well
and what didn’t go well in business continuity system exercises?
Evaluation
Do you know what in your continuity system you must measure and
monitor? Who will monitor the system and how often? What are the
measurement methods?
Are internal audits scheduled to ensure conformity to ISO 22301 and your
organization’s BCMS plan?
Do you document and retain audit results and report them to management?
Improvement