Business Continuity Plan

This tool is a high-level self-assessment checklist for use by an auditee prior to a review of the business continuity management (BCM) process. It gives the auditee an opportunity to inform internal audit about controls and processes they employ, and it also gives the auditee ideas about other controls and processes that may be appropriate. In addition, this questionnaire can be used as follows: * During the audit-planning phase to guide the creation of internal audit work programs * During reviews as a checklist that will help you to quickly assess the types of internal controls being employed within a particular process * As a training tool to educate new internal auditors about processes and their relevant controls 1. Have you developed a formal business continuity and/or disaster recovery plan? Is a continuity management process in place? Yes | No | NA | Comment:
2. Are procedures of the business continuity management developed to update its relevant processes? Are these tested on a regular basis? Yes | No | NA |
Comment:
3. Are the backup tapes stored in a secured location? Is there an offsite or hot-site agreement with a third party? Is the backup data periodically restored or tested to ensure that recovery is possible? Yes | No | NA | Comment: 4. Has an initial analysis to identify and assess business continuity risks and their likelihood of occurrence on an enterprise-wide basis been performed? Yes | No | NA | Comment: 5. Has a business impact analysis been performed (i.e., answered the question, "what happens to our business when our systems go down and which systems should we focus on bringing up first?")? Are there any procedures to keep the business impact analysis current? Yes | No | NA |
Comment:

6. Is there any process to perform threat/vulnerability analysis to identify the source and likelihood of