Scribd Logo
Upload

Welcome to Scribd!

  • Iso 22301 Checklist: Context

    Uploaded by

    saroj
    11 views4 pages

    Original Title

    Bms

    Copyright

    © © All Rights Reserved

    Available Formats

    XLSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views4 pages

    Iso 22301 Checklist: Context

    Uploaded by

    saroj

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    ISO 22301 CHECKLIST

    REQUIREMENT IN COMPLIANCE? REMARKS

    Context

    Do you understand the internal and external actors that can influence your
    organization’s business continuity requirements?

    Do you understand the risks and opportunities associated with your


    organization’s context?

    Do you understand and regularly monitor the expectations of interested


    parties, such as customers, suppliers, employees, or regulatory bodies, in
    your business continuity plan?

    Do you understand the regulatory or legal requirements that influence


    business continuity?

    Leadership

    Is top management committed to championing your organization’s business


    continuity management system (BCMS)?

    Does top management communicate the value of your BCMS internally and
    externally?

    Have you set and documented measurable business continuity plan


    objectives?

    Do the BCMS policy and objectives align with the mission and strategy of
    the organization?

    Do the individuals and roles responsible for leading continuity management


    have adequate skills and experience?

    Planning

    Have you determined the risks to and opportunities for your organization?

    Do you have a plan to tackle these risks and opportunities?

    Do your business systems incorporate any pertinent elements of the


    continuity plan?

    Have you told your whole organization about these objectives and discussed
    how the whole organization might help to achieve them?

    Support

    Have you identified the people, tools, equipment, finances, and other
    resources you need to stand up, run, maintain, and continually improve your
    BCMS?

    Does everyone involved in the BCMS have experience or training to


    perform well in their roles, or do they need training?

    Do you have a documentation system for both internal and external


    documents and do you have a change control process?
    Can employees and external stakeholders easily find the documentation
    they need when they need it?

    Operation

    Do you have a process to determine if the BCMS needs changes as well as a


    process to implement those changes?

    Are contractors and outsourced labor informed of business continuity


    requirements and solutions?

    Is a business impact analysis (BIA) scheduled regularly?

    Based on the BIA, have you prioritized which activities should resume first
    after a disruptive event? (This metric is also known as the recovery time
    objectives.)

    Have you determined the minimum levels for prioritized activities?

    Have you created a BCMS strategy (including dependencies and required


    resources) that focuses on supporting priority activities?

    Have you analyzed the business continuity capabilities of your suppliers?

    Have you listed the following key organization resources in your plan?

    Personnel

    Infrastructure

    Facilities

    Information

    Data

    IT

    Supplies

    Transportation

    Other

    Have you considered approaches to help prevent (or reduce the length and
    impact of) the disruptions that can be caused by the risks you’ve identified?

    Have you documented and implemented your business continuity


    procedures?
    Did you create internal and external protocols to communicate about
    business continuity issues?

    Have you created an incident response structure to identify management and


    personnel who will respond to disruptive events?

    Procedures

    Do you have a procedure for detecting disruptive incidents?

    Do you have a procedure for making detailed reports on disruptive


    incidents, including articulating the steps and decisions that would lead up
    to an event?

    Do you have a procedure for recording actions and decisions in response to


    an incident?

    Do you have a procedure to receive and respond to warnings about possible


    events?

    Have you documented plans for restoring operations after an event? Do


    these plans contain all the information and procedures needed by the
    personnel who will use them?

    Do you have a procedure to secure people and infrastructure immediately


    after an event?

    Do you have a procedure to communicate internally and externally after an


    event?

    Do you have a procedure to switch from a temporary response to regular


    business operations?

    Do you regularly test your business continuity procedures using well-


    developed scenarios?

    Does your organization prepare after-action reports to detail what went well
    and what didn’t go well in business continuity system exercises?

    Evaluation

    Do you know what in your continuity system you must measure and
    monitor? Who will monitor the system and how often? What are the
    measurement methods?

    Do you document the results of periodic monitoring?

    Are internal audits scheduled to ensure conformity to ISO 22301 and your
    organization’s BCMS plan?

    Have you created an internal audit process?

    Do you document and retain audit results and report them to management?

    Improvement

    Have you created robust processes to manage nonconformities and to


    implement corrective action? ✘

    Does top management regularly review and suggest improvements to the


    BCMS?

    You might also like