KnowledgeLeader provides best practice articles, tools, guides, and links to resources on business continuity and disaster recovery. This page contains some examples of the many resources and tools on business continuity and disaster recovery that are available on KnowledgeLeader. Select one of the areas below to view summaries of these resources.
Business Continuity Management Audit Work Program
This extensive business continuity management work program covers the following areas: general BCP, preliminary steps, examination scope and objectives, appropriateness of enterprise-wide BCP, oversight and support, business impact analysis, risk management, testing, IT documentation, hardware backup and recovery, software backup and recovery, preparation for data center recovery, inclusion of security procedures, critical outsourced activities, conclusions, and final steps.
Business Continuity Management Methodology
Business continuity management (BCM) is best addressed by using a proven methodology. The methodology should be based upon the risks related to an organization’s key business processes which, if they were to be interrupted, might otherwise bring about a seriously damaging or potentially fatal loss to the enterprise. This seven-phased BCM methodology adheres to industry best practices and can be tailored to companies of all sizes.
Business Continuity Management Policy
This sample outlines a set of policies and procedures for formalizing a Business Continuity program, and provides guidelines for developing, maintaining and exercising Business Continuity Plans (BCPs). Such plans will ensure independence of crisis location, crisis duration and availability of any specific person or group of people.
Business Continuity Management Report Template - Sample
Developing a business continuity management (BCM) plan is a best practice that all companies should achieve. This template outlines sections to consider when developing a BCM plan. It includes areas to document the business impact analysis, key company contacts, and location of BCM documents.
Business Continuity Management Standards - A Side-by-Side Comparison
An increasing number of regulations and standards apply to Business Continuity Management. After studying and comparing the various BCM guidelines, Protiviti has identified common themes and best practices that will help in the implementation of a successful BCM process. This guide is our list of BCM standards and the associated agencies that advocate each best practice.
Business Continuity Program Charter
This charter establishes the Business Continuity Steering Committee and the Business Continuity Plan Project Team. The Steering Committee is responsible for providing the direction and strategy for the organization's business continuity program.
Business Impact Analysis: Disaster Recovery Plan Checklist
This checklist allows a Disaster Recovery Plan to be rated. Being able to recover critical systems is important to every organization, but to be successful, an enterprise must establish a method to rank applications and systems and to recover them in a timely manner.
COSO/COBIT Disaster Recovery and Business Continuity Control Objective Risk Matrix
This sample matrix aligns high-level control objectives DS4 (ensure continuous service) and DS11 (manage data) of the COBIT Delivery and Support domain and with their associated risks.
The Crisis Management Plan
The Crisis Management Plan is a documented plan detailing the actions executives want to take place when a crisis strikes the organization. It is designed to replace confusion with order. Remember that the key to successfully managing a crisis is to "Be Prepared," and sadly, a number of organizations are not prepared.
Data Center General Controls Questionnaire: Continuity of Operations
This is the final section of a thirteen part mainframe data center general controls questionnaire. The questionnaire covers data center continuity of operations.
Data Management: Data Backup and Storage Policy
The purpose of this policy is to specify the procedures to backup and allow for recovery of important data in the event of accidental or intentional corruption, loss, or destruction of the data. For data critical to the ongoing operation of the business, offsite storage will facilitate keeping the business operational in the event of a physical disaster at the original site.
Disaster Recovery Plan Assessment Checklist for IT
This checklist serves as a guide for reviewing a disaster recovery plan. The focus of this review is on information technology continuity, recovery, and restoration.
Disaster Recovery Plan Review
This work program provides a review of a Disaster Recovery Plan, including the creation of the plan, evaluation of the risks covered, their impact on the business, and whether or not the plan provides for appropriate methods to recover from the threats covered by the plan.
Disaster Recovery Risk Assessment Audit Work Program
This disaster recovery risk assessment work program provides an outline for standard business models. It is not intended to be an all-inclusive list, but a starting point in the risk assessment process. Key areas and related risks considered include environmental, man-made, business, and IT threats.
Emergency Executive Committee Charter
The purpose of the Emergency Executive Committee (EEC) is to oversee the conduct of the corporation in the process of planning and responding to emergency, crisis or catastrophic events, with a direct or potential impact to the corporation’s financial objectives and major corporate plans, strategies and actions. The EEC exercises leadership, integrity, and judgment in directing the corporation to develop the necessary business continuity management (BCM) capabilities.
General IT Controls Review: Disaster Recovery Questionnaire
This questionnaire helps you assess disaster recovery preparation by comparing your plans to best practices.
Global Technology Audit Guide (GTAG) 10: Business Continuity Management
The objective of this GTAG is to provide insight into what BCM means to an organization, how to build a business case, and identify common risks and requirements. It can assist CAEs and other internal auditors in understanding, analyzing, and monitoring their organization's BCM processes. This guide will also help the CAE communicate business continuity risk awareness and support management in its development and maintenance of a BCM program.
IT Due Diligence Checklist
This checklist focuses on what risks or controls a small company must assess in order to address their IT due diligence practices. Topics covered in this document include: IT management, personnel, and contractors as well as many more.
Risk, Controls, and Responsibilities for Disaster Recovery and Business Continuity - Sample
This guide outlines the risks, control objectives, manual controls, IT controls, and responsibilities related to creating, maintaining and executing disaster recovery and business continuity plans within an organization.
Business Continuity and Disaster Recovery Plans: How and When to Test Them
This article provides guidance for testing BC/DR plans including types of tests you can undertake, planning considerations for developing a test plan and the elements of a test plan. It includes an example simulation test of a response plan for a company finance department.
Business Continuity Planning: Don't Be Caught Off Guard
According to a recent business continuity planning survey 28 percent of the organizations surveyed do not have a business continuity plan in place to help them recover from natural disasters, systems failures, or terrorism. The same percent of the businesses surveyed admitted they have already experienced a complete shutdown of key business operations as a result of a disaster in the past.
Email Continuity: Maintaining Communications in Times of Disaster
Given the importance of email for almost every business - both in terms of serving as a critical communication tool and as a de facto information repository - an email continuity plan should be at the top of every IT disaster recovery planning list. But is this truly the case? And is the plan comprehensive enough to maintain continuous email communications?
Failure to manage post-disaster liability risk may cost you
As the first decade of the 21st century has demonstrated in stark terms, the need for robust recovery and business continuity plans in the face of increasingly costly disasters, whether natural or manmade, has never been greater. However, even the most carefully crafted continuity plans may be missing a vital component: the risk of disaster-related liability actions brought on by affected parties. This article discusses how failure to plan for these events imposes great risk to the organization, and how internal audit can help manage these risks.
From Expense to Asset: A Reexamination of BCM Plans and Their Value
Each year, organizations spend considerable amounts of money developing business continuity management (BCM) plans, on the assumption that they need to prepare for a wide range of disasters. In this article, Protiviti’s Aaron Miller poses the following questions: Should organizations perceive their BCM plan as an asset rather than an expense? Does an effective BCM plan provide long-term value to the organization? If and when the plan is used, does having a well-prepared plan help the organization generate income and save money?
Guide to Business Continuity Management
Some of the most significant operational challenges in the history of BCM occurred in late 2004 and 2005 - hurricanes, tsunami, terrorism, and pandemic influenza (bird flu). This revised Second Edition FAQ Guide from Protiviti addresses some of the key lessons learned from these events for business continuity programs, and also includes industry-specific questions for BCM programs for manufacturing, retail, healthcare and telecommunications.
Internal Audit's Role Grows with Business Continuity
As organizations become more complex, global in reach and under the eye of regulators, shareholders and lawmakers, internal auditors need to make sure they play a big role in business continuity management (BCM). Because of the focus on controls and enterprise risk management that internal auditors have, they are well positioned to assess risk, identify the impacts of downtime and comment on key attributes of a business continuity approach.
Internal Audit’s Role in Business Continuity
Without well-thought-out plans for recovering from a disaster and restoring vital business functions, an organization exposes itself to the risk that it may not be able to survive a major disaster. Aftershocks of the September 11, 2001 terrorist attacks on the World Trade Center and Hurricane Katrina, for example, have led to heightened awareness of the vulnerability of business operations. This article features the panelists from a March 6, 2007 IIA web cast who share their experiences with involving internal audit in the business continuity process.
Ten Tips for Successful IT Disaster Recovery Planning
According to one research group, almost 60% of North American businesses do not have a disaster recovery plan in place to resume IT services in case of crisis - a recipe for possible business failure. Here are 10 tips for Disaster Recovery Planning.
Why Tomorrow Is Too Late to Think about Business Continuity
Business owners and executives juggle a number of projects each day that draw on their time and resources. As a result, they tend to defer business continuity into the "solve tomorrow" column until right before (or right after) an incident. This is a critical, sometimes disastrous mistake. Read this article to learn why designing and implementing a functional continuity plan is a multi-month process, and that executives must dedicate the time to ensure business survivability.
BS 25999
BS25999.COM is a resource for information, links, news, events, resources and discussion for those seeking information and guidance on BS 25999 specifically, also business continuity and emergency management in general.
BS 25999-1:2006 Business continuity management Part 1: Code of practice
BS 25999-1:2006 is a code of practice that takes the form of guidance and recommendations. It establishes the process, principles and terminology of business continuity management (BCM), providing a basis for understanding, developing and implementing business continuity within an organization and to provide confidence in business-to-business and business-to-customer dealings. BS 25999-1:2006 replaces PAS 56:2003, which has now been withdrawn. BS 25999-2:2007 will specify the process for achieving certification that business continuity capability is appropriate to the size and complexity of an organization.
Business Continuity Institute
This web site contains a wealth of information and resources for the both the business continuity novice and expert as well as allowing members the opportunity to communicate and network with each other.
Contingency Planning and Management (CPM)
The mission of Contingency Planning and Management is to be the central resource for technology, products, services, information, and management strategies that support business continuity to safeguard the physical, informational, and communication assets of a business; ensure the safety of employees and the public; and protect the financial well-being of the company.
Continuity Central
Continuity Central provides a constantly updated one-stop resource of business continuity information. Continuity Central provides structured listings of news, articles, white papers and links to enable you to quickly and easily find the information that you are looking for.
Disaster Recovery Institute International
The Disaster Recovery Institute administers a global certification program for qualified business continuity and disaster recovery planners. See also the
Disaster Recovery Institute Canada.
Disaster Recovery Journal (DRJ) Sample Disaster Recovery Plans and Outlines
The DRJ was the first publication dedicated to the field of disaster recovery and business continuity. DRJ provides links to a few sample plans, outlines, and other plan writing resources to help get the DR Planning process rolling.
Disaster Resource Guide
The Disaster Recovery Guide's mission is to consolidate and communicate thousands of resources into an annual reference that can be useful on a daily basis.
READY Business
READY Business outlines commonsense measures to help business owners and managers prepare for an emergency. The website is published by the U.S. Department of Homeland Security and provides practical steps and easy-to-use templates, along with links to resources providing more detailed business continuity and disaster preparedness information. It is a good starting point for small- to mid-sized businesses.
>> Sign up now for a
30-day free trial or an
annual subscription.
Find out more about our
subscription prices and group discounts.
If you have any questions please
contact us.