Auditing Business Continuity Plans According to ISO 22301
Successful business continuity planningInvolves the entire organization Requires clear and consistent communication Encompasses how employees will communicate, where they will go, and how they will keep doing their jobsPrepares the organization for disruptive eventsWhy is BCP Important? 61% of companies surveyed had to invoke their BCP 43% had to invoke it more than onceKey Causes: Natural Disaster, Power Outage, IT Failure, Flood, Fire, Telecom Failure, Utility Outage, Pandemic What were the top 3 lessons learned from invocation?There had not been enough training and awareness efforts across the company: 48% Plans didn’t adequately address emergency communications: 37% Key staff had not been included in testing; as a result, they did not know their roles and responsibilities in the plans: 25% CyberattacksAreas CoveredWhat should be included in a business continuity audit?Setting controlsWhich regulations and standards apply to business continuity auditsExamining evidence about the performance of activitiesVerifying measures to ensure continuityEvaluating quality vs. a general templateCourse Level - IntermediateWho Should AttendAuditorsBusiness Continuity PlannersWhy Should You AttendISO 22301 is a great standard to plan against and to audit against even if an organization does not plan on becoming ISO Certified. Auditing a Business Continuity Plan; will cover the lifecycle of a BCP program, with specific emphasis on the following areas: Risk Assessment and Business Impact Analysis Designing a living BCPTesting & MaintenanceUnderstand what’s involved in a full BCP Program (for those that are unfamiliar) Provide insights based upon field experience that can be applied to Internal Audit work and BCP program work Provide you with tools that you can bring back to your company to improve upon BCP programs Improve ability to audit BCP programs and provide targeted recommendations
Single
Successful business continuity planning
- Involves the entire organization
- Requires clear and consistent communication
- Encompasses how employees will communicate, where they will go, and how they will keep doing their jobs
- Prepares the organization for disruptive events
Why is BCP Important? - 61% of companies surveyed had to invoke their BCP
- 43% had to invoke it more than once
- Key Causes: Natural Disaster, Power Outage, IT Failure, Flood, Fire, Telecom Failure, Utility Outage, Pandemic
- What were the top 3 lessons learned from invocation?
- There had not been enough training and awareness efforts across the company: 48%
- Plans didn’t adequately address emergency communications: 37%
- Key staff had not been included in testing; as a result, they did not know their roles and responsibilities in the plans: 25%
- Cyberattacks
Areas Covered
- What should be included in a business continuity audit?
- Setting controls
- Which regulations and standards apply to business continuity audits
- Examining evidence about the performance of activities
- Verifying measures to ensure continuity
- Evaluating quality vs. a general template
Course Level - Intermediate
Who Should Attend
- Auditors
- Business Continuity Planners
Why Should You Attend
ISO 22301 is a great standard to plan against and to audit against even if an organization does not plan on becoming ISO Certified.
Auditing a Business Continuity Plan; will cover the lifecycle of a BCP program, with specific emphasis on the following areas:
- Risk Assessment and Business Impact Analysis
- Designing a living BCP
- Testing & Maintenance
- Understand what’s involved in a full BCP Program (for those that are unfamiliar)
- Provide insights based upon field experience that can be applied to Internal Audit work and BCP program work
- Provide you with tools that you can bring back to your company to improve upon BCP programs
- Improve ability to audit BCP programs and provide targeted recommendations
