Business Continuity/Disaster Recovery (BC/DR) Is there a BC/DR plan in place for the organisation/office location? Is it approved / current? Is it appropriate? All areas covered? Escalation list with current individuals? Any emergency numbers not listed (e.g. utilities)? Has it been tested? Can staff perform their jobs and the office function without an office building? If not, why not, list any affected functional areas? Yes No N/A Comments Information Technology (IT) Server Room/ Activities Does the office have an IT server room? Which server does the office run off (i.e. UK, India, USA)? How is access to the room controlled? Is there a signing in/out book? Is entry accompanied by IT staff? Are there any pest control activities? Are pest control activities possibly needed (e.g. basement location) AUDIT CHECKLIST
Yes No N/A Comments
Business Continuity/Disaster Recovery (BC/DR) How is temperature monitored? Manual or automated? Is there a back up? How often are temperature probes calibrated, and is this documented? Is the temperature monitoring alarmed? Upon alarming where does the signal relay to? Is the calibration vendor approved? Is there a false floor? Are the servers off the floor? Is there a controlled / graceful shutdown? Are there any water pipes within the ceiling of the room? If the room is in the basement are there any moisture detectors? Does the office have a source for Uninterrupted Power Supply (UPS)? If so, describe-battery / generator How much time do they allow before shut down? What part of the system is supported before shut down? Is there a controlled / graceful shutdown? AUDIT CHECKLIST
Yes No N/A Comments
Business Continuity/Disaster Recovery (BC/DR) Does the office have a back up generator? If so what is the capacity? Is there a contract with a diesel provider? How often is the generator tested? Is the testing documented? Is there an equipment log for the generator? How quickly does the generator kick in when power supply is interrupted? What equipment is linked to the generator? Are there back up servers? If so, Are they in a different location? Configuration (mirrored, clustered, VM ware, etc)? How is the back up accomplished? Is there a service agreement in place? Where are back up media / tapes kept? Overnight, long term Is the movement of the media / tapes documented? If vendor used for storage of back up media / tapes are they approved? What is the media / tapes rotation policy? Are backups periodically restored to verify data is still readable, and is this documented? AUDIT CHECKLIST
Yes No N/A Comments
Business Continuity/Disaster Recovery (BC/DR) Is there an IT disaster recovery plan in place? Is it approved / current? Has it ever been tested? Was testing documented? Were any FU actions implemented? Is there a current hardware/software inventory log? How often is it updated? Is there IT help in the office? If not, how is IT support contacted? Hours of support? How are old IT systems decommissioned? Is there, An SOP in place? Are Vendors used? Are the Vendors approved? Review documentation of decommissioned system Is training on use of computerised systems provided to new employees? By whom? Is this documented? Do IT staff give/revoke staff access to systems? How is this controlled/documented? Review an example Are firewalls/virus protections in place? If so, How often are they updated? How are they updated?