Académique Documents
Professionnel Documents
Culture Documents
Approval Process BIA Alternate IT A Tertiary Recovery BC Plan Document Risk Controls
Recovery Site Site
Offsite Data Tertiary Recovery Offsite Data Storage BIA
Storage Site
Alternate Work Area Offsite Data Critical Record IT Systems
Storage Storage Recovery Strategy
Crisis Management Critical Record Alternate Work Area BC Plan Testing
Center (CMC) Storage
Personnel Alternate Work Crisis Management Recovery Vendor's
Area Center (CMC) BC Plan Reviews
1
PI: Program Initiation
Questions R Response and Further Actions Recommendation
ati conclusions
ng
2
Questions R Response and Further Actions Recommendation
ati conclusions
ng
Clear Go/No Go decision 8 Yes. CIO made the Go/No Go Board needs to
made and at what level of decision and presented have an active
the management this decision to senior involvement in the
management. But the overall high level
board was not involved in evaluation process.
this process.
PI.3: Program 2
Commitment .86
Full-time qualified program 2 No. We have a part- Find out if the coordinator Assign full-time BC
manager assigned time (70%) business has business continuity or responsibility to BC
continuity coordinator DRP experience (No.) coordinator
assigned to this task.
He is from the
corporate planning
department and has
been involved with
Emergency Response
Planning in the past.
Steering committee 6 A committee structure This is a definitely a
established has been proposed and strength.
awaiting approval.
(company has the
history of establishing
SC for high profile
critical projects)
Steering committee 3 No. Define clear roles
members have clear roles and responsibilities
and responsibilities defined for Steering
Committee.
BC Program is part of 1 No. Include BC
Strategic objectives and Program as part of
plan Corporate Strategic
Objectives
BC Program policy exists 2 We have a security Create a BC policy
policy which covers BC statement
from the perspective of
availability of critical
systems.
BC Program policy fully 1 No. Utilize corporate
communicated communications to
communicate BC
policy
BC culture is well 5 No. But, IT and Develop a plan to
established Business units have a improve corporate
better BC/DR culture wide BC culture.
compare to the rest of
the company.
3
PP: Program Planning
PP.1: Interim 5
Temporary BC
Plan
Interim BC Plan exists if a 5 Yes. But, it has evolved Review all earlier
long term plan doesn't exist since it was initially written. versions.
Interim Recovery Strategy 5 Mutual Agreement with our Review
Developed strategic partner. agreements (Not
enough carefull
planning and
design.
Agreements show
weaknesses in
disaster lasts for
longer than 2 or 3
days)
Interim Agreements in place 5 Mutual Agreement.
for recovery of key
resources, sources, and
services
Interim Recovery Teams 5 Yes. The team has evolved
created since it was initially
established.
Program assumptions are 0 Defined in BC plan No written program State all key
stated explicitly document assumptions assumptions in
program document
Program deliverables are 8 Defined in the project plan
identified
Program risks are analyzed 0 Defined in BC plan Investigate further Assess program
and mitigation actions document (No evidence of risks and mitigation
identified program risks BC steps
Plan document)
5
Questions Ratin Response and Further Actions Recommendation
g Conclusion s
Are there any BC team 1 Yes. BC coordinator is Find out what those
members working on a part- part-time. There are two part-time staff are
time capacity. assistants to BC responsible for and
coordinator working part- how critical those
time on BC project. responsibilities are.
Business unit This is a high risk
representatives also work factor.
on a part-time and as-
needed basis.
6
FR: Functional Requirements
Questions Rating Response and Further Actions Recommendations
Conclusion
FR.1: General
Assessment
Functional requirements Partially. Complete: FR.2
have been assessed
Functional requirements Not in a formal way.
have been documented
Functional requirements We will be presenting
have been reviewed by general requirements
senior management to Steering Committee
in the near future.
Functional requirements Not yet.
have been approved
7
Questions Rating Response and Further Actions Recommendations
Conclusion
8
Questions Rating Response and Further Actions Recommendations
Conclusion
9
Questions Rating Response and Further Actions Recommendations
Conclusion
Requirements for alternate 8 Our canadian site may They have work area
work area are analyzed be sufficient as a work requirements in terms
and documented (space, area until we get the of number of
personnel, equipment, more permanent work workstations needed.
facilities, etc.) site with SunGard
Requirements are aligned 8 Work station
with BIA findings in terms requirements are
of critical business units aligned with critical
and applications applications.
Space requirements are 1 No Work out the
known detailed work area
space requirements
Support personnel are Yes. We know the key
known staff from the business
areas needed in the
recovery.
Workstation requirements 9 Yes
are known
Network connectivity 9 Yes
requirements are known
Non-IT resource 1 No. We will rely on Work out the Non-IT
requirements are known whatever is available work area
(faxes, copiers, etc.) at the Canadian site requirements for
long term recovery
strategy.
11
Questions Rating Response and Further Actions Recommendations
Conclusion
Critical records recovery is 4 It is the responsibility It seems like the IT Critical record should
part of BC program of business units recovery has been the not be responsibility
biggest focus so far. of business units
Check to see if critical alone; Assign some
record is part of BC one with central
Project Plan (It is not responsibility for
covered). But, coordinating critical
business unit recovery record continuity.
assessment shows
that some units do
have a critical record
recovery program.
Critical records inventory 4 Business units Are there electronic Assess electronic
exists maintain their own records that are critical record recovery
records inventory. (yes, but they are not requirements.
Critical paper records backed-up).
are stored with laptops
to Iron Mountain.
Records are categorized 7 Yes.
(vital, important, useful,
etc.)
Inventory includes title of 7 Yes.
record, ownership, content
type, users, etc.
Record retention period 5 No. It is mostly paper
determined based
Inventory includes 6 It is all done weekly.
information on backup
frequency
Inventory includes media 5 Yes.
storage type and capacity
Requirements for 0 No. We don't have any
document scanning document
assessed management system.
Requirements for 0 No. We don't have any Suggest
Document Management document investigating
System analyzed management system document
other than Iron management system
Mountain Connect. tool.
Requirement for local 0 No.
storage assessed
Requirement for remote 6 Yes.
storage assessed
Security requirements are 7 Yes.
documented
Safe handling procedures 7 Yes.
are documented
12
Questions Rating Response and Further Actions Recommendations
Conclusion
13
Questions Rating Response and Further Actions Recommendations
Conclusion
Coordination requirements 1 We only have one ERP does not include Recommend
documented for Landlords building in the area landlord coordination. establishing disaster
and building management leased, but we have coordination with
not coordinated with landlords and
the landlord. building
management.
Coordination requirements 3 Insurance documents Review insurance Recommend
documented for Insurance are attached to our documents communication and
company Interim BC plan. coordination with
insurance agents
and adjustors.
Recovery vendors 8 Mutual agreement
includes coordination
information and but we
also have coordination
information with
SunGard.
Data backup vendors 5 So far there has been Recommend better
any major problem coordination with
with coordination with data backup vendor.
the backup vendor.
We have a yearly
contract in place. We
deal with issues as
they arise.
FR.14: BC Tools 5
BC tools and software 5 Yes. We need a tool Assess
requirements are known that is web based and document/record
allows business unit management system
plans and integration tool requirements.
of IT and ERP. Easy to
maintain and learn.
Security is also
important.
High level descriptions of 6 Yes.
tool's features and
capabilities are identified
Tools have been 8 We have evaluated
researched and compared four different tools.
Support staff resource 1 No. Assess requirements
requirements have been for tool
analyzed admin/support staff
15
Questions Rating Response and Further Actions Recommendations
Conclusion
16
DD: Design and Development
Questions Rating Response and Further Actions Recommendations
Conclusion
DD.1: General
Assessment
Designs & Development
completed
Designs have been
documented
Designs have been
reviewed by senior
management
Designs have been
approved
Budget is reviewed and
approved
17
Questions Rating Response and Further Actions Recommendations
Conclusion
18
Questions Rating Response and Further Actions Recommendations
Conclusion
19
Questions Rating Response and Further Actions Recommendations
Conclusion
20
Questions Rating Response and Further Actions Recommendations
Conclusion
21
Questions Rating Response and Further Actions Recommendations
Conclusion
22
Questions Rating Response and Further Actions Recommendations
Conclusion
23
Questions Rating Response and Further Actions Recommendations
Conclusion
24
Questions Rating Response and Further Actions Recommendations
Conclusion
DD.13: Work around 3.86111 See business process Ensure work around
Procedures audit file. procedures for all critical
areas are complete and
documented with
consistent format.
25
Questions Rating Response and Further Actions Recommendations
Conclusion
26
Questions Rating Response and Further Actions Recommendations
Conclusion
27
PP: Program Implementation
Questions Rating Response and Further Recommendations
Conclusion Actions
28
Questions Rating Response and Further Recommendations
Conclusion Actions
29
Questions Rating Response and Further Recommendations
Conclusion Actions
PI.10: Data 8
Communication
Services
Data Communication and Yes
Networking services are
complete
Connectivity between Yes
Primary site and alternate
IT recovery site is
complete
Connectivity between Yes
primary site and data
backup site is complete
Connectivity between Yes
alternate IT site and work
area is complete
Connectivity between Yes
CMC and alternate IT site
is complete
Connectivity between Yes
CMC and alternate work
area is complete
Percentage Complete 8 80
PI.11: Voice 8
Communication
VC infrastructure and Yes.
services are complete
Percentage completed 8 80
PI.13: BC Tools 2
BC tool is purchased 2 No. we are still Expedite tool
evaluating tools evaluation to
begin tool
usage and
deployment
Tool training is complete
30
Questions Rating Response and Further Recommendations
Conclusion Actions
PI.15: Personnel 4
Are all required personnel 5 Most have been
hired hired but we are
still waiting to hire
two more staff
reporting to the
Coordinator.
Responsibilities assigned 5 Mostly assigned
to personnel.
BC team insurance 0 No.
purchased
Percentage Complete 4 60
PI.17: BC Plan
Document
Plan document is
complete
Executive Summary
Plan components
Objective
31
Questions Rating Response and Further Recommendations
Conclusion Actions
Scope
Assumptions
Constraints and limitations
Risk Assessment
BIA
Recovery Strategies
Plan Execution phases
BC Team Structure
Contact List
Call Tree
Alternate contacts
Contact Procedures
Disaster Definition
Disaster Declaration
Procedures
Service Level Agreements
Insurance policy
Critical resource inventory
Critical Staff
Crisis Communication
Plan
Emergency Response
Plan
Business unit plans
Disaster Recovery Plan
Recovery site Information
Data backup procedures
Data backup site
information
Critical record backup
procedures
Critical record backup site
information
Critical record recovery
procedures
Plan execution logistic
procedures
Security requirements and
procedures
Recovery logistics
Team responsibilities
Salvage and Restoration
procedures
IT recovery procedures
Data network recovey
procedures
Voice communication
recovery procedures
Work area site information
Work area recovery
procedures
Critical service recovery
procedures
Assembly location
procedure
32
Questions Rating Response and Further Recommendations
Conclusion Actions
Assembly location
information
Crisis management center
or EOC information
Plan execution timeline
and schedule
Disaster scenarios and
recovery procedures
BC Plan change controls
BC plan distribution list
BC plan appendices
33
PT: Plan Testing
Questions Rating Response and Further Recommendation
Conclusion Actions s
34
Questions Rating Response and Further Recommendation
Conclusion Actions s
distribution list
35
Questions Rating Response and Further Recommendation
Conclusion Actions s
36
PM: Program Management
37
Questions Rating Response and Further Recommendations
Conclusion Actions
PM.3: Contract 7
Management
BC related contracts 7 BC coordinator
management process and procurement
established representative
conduct a
frequent
review/update of
contracts.
Contracts are reviewed 7 Yes.
on a regular basis
Contracts include 7 Yes.
maintenance and
upgrades
Procurement and legal 7 Yes.
departments are involved
in the contract
management
38
Questions Rating Response and Further Recommendations
Conclusion Actions
39
Questions Rating Response and Further Recommendations
Conclusion Actions
PM.10: Management 5
Process
Steering committee is 4 Steering
actively involved in the Committee will be
maintenance phase establish in few
months.
Program sponsor is 8 Yes.
actively involved in the
maintenace phase
BC Management 8 Weekly with the
meetings are held on sponsor and
weekly, monthly, and monthly with
quarterly periods business unit
managers
Reports from the steering 4 Steering
committee are presented Committee will be
to Board and senior establish in few
management months.
Rules and regulations are 1 No.
monitored and reviewed
40
Questions Rating Response and Further Recommendations
Conclusion Actions
41
Program Budget
Questions Rating Response and Further Actions Recommendations
Conclusion
42
43