KnowledgeLeader provides best practice articles, tools, guides, and links to resources on business continuity and disaster recovery. This page contains some examples of the many resources and tools on business continuity and disaster recovery that are available on KnowledgeLeader. Select one of the areas below to view summaries of these resources.
Business Continuity Management Audit Work Program
This extensive business continuity management work program covers the following areas: general BCP, preliminary steps, examination scope and objectives, appropriateness of enterprise-wide BCP, oversight and support, business impact analysis, risk management, testing, IT documentation, hardware backup and recovery, software backup and recovery, preparation for data center recovery, inclusion of security procedures, critical outsourced activities, conclusions, and final steps.
Business Continuity Management Methodology
Business continuity management (BCM) is best addressed by using a proven methodology. The methodology should be based upon the risks related to an organization’s key business processes which, if they were to be interrupted, might otherwise bring about a seriously damaging or potentially fatal loss to the enterprise. This seven-phased BCM methodology adheres to industry best practices and can be tailored to companies of all sizes.
Business Continuity Management Policy
This sample outlines a set of policies and procedures for formalizing a Business Continuity program, and provides guidelines for developing, maintaining and exercising Business Continuity Plans (BCPs). Such plans will ensure independence of crisis location, crisis duration and availability of any specific person or group of people.
Business Continuity Management Report Template - Sample
Developing a business continuity management (BCM) plan is a best practice that all companies should achieve. This template outlines sections to consider when developing a BCM plan. It includes areas to document the business impact analysis, key company contacts, and location of BCM documents.
Business Continuity Management Standards - A Side-by-Side Comparison
An increasing number of regulations and standards apply to Business Continuity Management. After studying and comparing the various BCM guidelines, Protiviti has identified common themes and best practices that will help in the implementation of a successful BCM process. This guide is our list of BCM standards and the associated agencies that advocate each best practice.
Business Continuity Program Charter
This charter establishes the Business Continuity Steering Committee and the Business Continuity Plan Project Team. The Steering Committee is responsible for providing the direction and strategy for the organization's business continuity program.
Business Impact Analysis: Disaster Recovery Plan Checklist
This checklist allows a Disaster Recovery Plan to be rated. Being able to recover critical systems is important to every organization, but to be successful, an enterprise must establish a method to rank applications and systems and to recover them in a timely manner.
COSO/COBIT Disaster Recovery and Business Continuity Control Objective Risk Matrix
This sample matrix aligns high-level control objectives DS4 (ensure continuous service) and DS11 (manage data) of the COBIT Delivery and Support domain and with their associated risks.
Data Center General Controls Questionnaire: Continuity of Operations
This is the final section of a thirteen part mainframe data center general controls questionnaire. The questionnaire covers data center continuity of operations.
Data Management: Data Backup and Storage Policy
The purpose of this policy is to specify the procedures to backup and allow for recovery of important data in the event of accidental or intentional corruption, loss, or destruction of the data. For data critical to the ongoing operation of the business, offsite storage will facilitate keeping the business operational in the event of a physical disaster at the original site.
Disaster Recovery Plan Assessment Checklist for IT
This checklist serves as a guide for reviewing a disaster recovery plan. The focus of this review is on information technology continuity, recovery, and restoration.
Disaster Recovery Plan Review
This work program provides a review of a Disaster Recovery Plan, including the creation of the plan, evaluation of the risks covered, their impact on the business, and whether or not the plan provides for appropriate methods to recover from the threats covered by the plan.
Disaster Recovery Risk Assessment Audit Work Program
This disaster recovery risk assessment work program provides an outline for standard business models. It is not intended to be an all-inclusive list, but a starting point in the risk assessment process. Key areas and related risks considered include environmental, man-made, business, and IT threats.
Emergency Executive Committee Charter
The purpose of the Emergency Executive Committee (EEC) is to oversee the conduct of the corporation in the process of planning and responding to emergency, crisis or catastrophic events, with a direct or potential impact to the corporation’s financial objectives and major corporate plans, strategies and actions. The EEC exercises leadership, integrity, and judgment in directing the corporation to develop the necessary business continuity management (BCM) capabilities.
Emergency Policies and Procedures Manual
This is a sample of emergency policies and procedures for a business office. It includes procedures for safety teams, fire prevention/drills, disabled assistance, earthquakes, power outages, workplace violence and bomb threats.
General IT Controls Questionnaire
This questionnaire assists with the collection of information regarding the control environment of all aspects of an IT department.
General IT Controls Review: Disaster Recovery Questionnaire
This questionnaire helps you assess disaster recovery preparation by comparing your plans to best practices.
Global Technology Audit Guide (GTAG) 7: Information Technology Outsourcing
This edition of the Global Technology Audit Guide from The IIA provides the chief audit executive (CAE), internal auditors, and management with information on the types of IT outsourcing activities, the IT outsourcing lifecycle, and how outsourcing activities should be managed by implementing well-defined plans that are supported by a companywide risk, control, compliance, and governance framework.
Global Technology Audit Guide (GTAG) 10: Business Continuity Management
The objective of this GTAG is to provide insight into what BCM means to an organization, how to build a business case, and identify common risks and requirements. It can assist CAEs and other internal auditors in understanding, analyzing, and monitoring their organization's BCM processes. This guide will also help the CAE communicate business continuity risk awareness and support management in its development and maintenance of a BCM program.
IT Due Diligence Checklist
This checklist focuses on what risks or controls a small company must assess in order to address their IT due diligence practices. Topics covered in this document include: IT management, personnel, and contractors as well as many more.
Risk, Controls, and Responsibilities for Disaster Recovery and Business Continuity - Sample
This guide outlines the risks, control objectives, manual controls, IT controls, and responsibilities related to creating, maintaining and executing disaster recovery and business continuity plans within an organization.
System Backup Review Audit Work Program
The purpose of this work program is to review an organization’s system backup procedures. This includes identifying all applications key to the organization, identifying the responsible person for the backup procedure, analyzing actual procedures performed, and determining the appropriateness of handling related media.
Auditing Business Continuity Efforts, Part II
This article – the sequel to Dan Swanson’s previous column on auditing a business continuity plan – provides further guidance regarding audit planning efforts, audit fieldwork activities, and reporting of results and improvement efforts.
Business Continuity and Disaster Recovery Plans: How and When to Test Them
This article provides guidance for testing BC/DR plans including types of tests you can undertake, planning considerations for developing a test plan and the elements of a test plan. It includes an example simulation test of a response plan for a company finance department.
Business Continuity Planning: Don't Be Caught Off Guard
According to a recent business continuity planning survey 28 percent of the organizations surveyed do not have a business continuity plan in place to help them recover from natural disasters, systems failures, or terrorism. The same percent of the businesses surveyed admitted they have already experienced a complete shutdown of key business operations as a result of a disaster in the past.
Email Continuity: Maintaining Communications in Times of Disaster
Given the importance of email for almost every business - both in terms of serving as a critical communication tool and as a de facto information repository - an email continuity plan should be at the top of every IT disaster recovery planning list. But is this truly the case? And is the plan comprehensive enough to maintain continuous email communications?
From Expense to Asset: A Reexamination of BCM Plans and Their Value
Each year, organizations spend considerable amounts of money developing business continuity management (BCM) plans, on the assumption that they need to prepare for a wide range of disasters. In this article, Protiviti’s Aaron Miller poses the following questions: Should organizations perceive their BCM plan as an asset rather than an expense? Does an effective BCM plan provide long-term value to the organization? If and when the plan is used, does having a well-prepared plan help the organization generate income and save money?
Guide to Business Continuity Management
Some of the most significant operational challenges in the history of BCM occurred in late 2004 and 2005 - hurricanes, tsunami, terrorism, and pandemic influenza (bird flu). This revised Second Edition FAQ Guide from Protiviti addresses some of the key lessons learned from these events for business continuity programs, and also includes industry-specific questions for BCM programs for manufacturing, retail, healthcare and telecommunications.
Internal Audit's Role Grows with Business Continuity
As organizations become more complex, global in reach and under the eye of regulators, shareholders and lawmakers, internal auditors need to make sure they play a big role in business continuity management (BCM). Because of the focus on controls and enterprise risk management that internal auditors have, they are well positioned to assess risk, identify the impacts of downtime and comment on key attributes of a business continuity approach.
Internal Audit’s Role in Business Continuity
Without well-thought-out plans for recovering from a disaster and restoring vital business functions, an organization exposes itself to the risk that it may not be able to survive a major disaster. Aftershocks of the September 11, 2001 terrorist attacks on the World Trade Center and Hurricane Katrina, for example, have led to heightened awareness of the vulnerability of business operations. This article features the panelists from a March 6, 2007 IIA web cast who share their experiences with involving internal audit in the business continuity process.
Ten Tips for Successful IT Disaster Recovery Planning
According to one research group, almost 60% of North American businesses do not have a disaster recovery plan in place to resume IT services in case of crisis - a recipe for possible business failure. Here are 10 tips for Disaster Recovery Planning.
BS 25999
BS25999.COM is a resource for information, links, news, events, resources and discussion for those seeking information and guidance on BS 25999 specifically, also business continuity and emergency management in general.
BS 25999-1:2006 Business continuity management Part 1: Code of practice
BS 25999-1:2006 is a code of practice that takes the form of guidance and recommendations. It establishes the process, principles and terminology of business continuity management (BCM), providing a basis for understanding, developing and implementing business continuity within an organization and to provide confidence in business-to-business and business-to-customer dealings. BS 25999-1:2006 replaces PAS 56:2003, which has now been withdrawn. BS 25999-2:2007 will specify the process for achieving certification that business continuity capability is appropriate to the size and complexity of an organization.
Business Continuity Institute
This web site contains a wealth of information and resources for the both the business continuity novice and expert as well as allowing members the opportunity to communicate and network with each other.
Computer Emergency Response Team (CERT)
The CERT Coordination Center was formed by the Defense Advanced Research Projects Agency (DARPA) in November 1988 in response to the needs identified during an Internet security incident.
Contingency Planning and Management (CPM)
The mission of Contingency Planning and Management is to be the central resource for technology, products, services, information, and management strategies that support business continuity to safeguard the physical, informational, and communication assets of a business; ensure the safety of employees and the public; and protect the financial well-being of the company.
Continuity Central
Continuity Central provides a constantly updated one-stop resource of business continuity information. Continuity Central provides structured listings of news, articles, white papers and links to enable you to quickly and easily find the information that you are looking for.
Disaster Recovery Institute International
The Disaster Recovery Institute administers a global certification program for qualified business continuity and disaster recovery planners. See also the
Disaster Recovery Institute Canada.
Disaster Recovery Journal (DRJ) Sample Disaster Recovery Plans and Outlines
The DRJ was the first publication dedicated to the field of disaster recovery and business continuity. DRJ provides links to a few sample plans, outlines, and other plan writing resources to help get the DR Planning process rolling.
Disaster Resource Guide
The Disaster Recovery Guide's mission is to consolidate and communicate thousands of resources into an annual reference that can be useful on a daily basis.
Federal Emergency Management Agency
The Federal Emergency Management Agency is an independent agency reporting to the President and tasked with responding to, planning for, recovering from and mitigating against disaster.
Forum of Incident Response and Security Teams (FIRST)
FIRST is an international consortium of computer incident response and security teams who work together to handle computer security incidents and to promote preventative activities.
READY Business
READY Business outlines commonsense measures to help business owners and managers prepare for an emergency. The website is published by the U.S. Department of Homeland Security and provides practical steps and easy-to-use templates, along with links to resources providing more detailed business continuity and disaster preparedness information. It is a good starting point for small- to mid-sized businesses.
>> Sign up now for a
30-day free trial or an
annual subscription.
Find out more about our
subscription prices and group discounts.
If you have any questions please
contact us.