SlideShare ist ein Scribd-Unternehmen logo
1 von 16
Self-Assessment: Business Continuity Plan Monitoring
Read
Introduction
Self-Assess
RACI Matrix
View Scores
Introduction, about the Business Continuity Plan Monitoring Self-Assessment
Defining, designing, creating, and implementing a process to solve a business challenge or meet a business
objective is the most valuable role… In EVERY company, organization and department.
Unless you are talking a one-time, single-use project within a business, there should be a process. Whether that
process is managed and implemented by humans, AI, or a combination of the two, it needs to be designed by someone
with a complex enough perspective to ask the right questions. Someone capable of asking the right questions and step
back and say, 'What are we really trying to accomplish here? And is there a different way to look at it?'
For more than twenty years, The Art of Service's Self-Assessments empower people who can do just that - whether
their title is marketer, entrepreneur, manager, salesperson, consultant, business process manager, executive assistant,
IT Manager, CxO etc... - they are the people who rule the future. They are people who watch the process as it happens,
and ask the right questions to make the process work better.
This Self-Assessment is for managers, advisors, consultants, specialists, professionals and anyone interested in
knowing the right questions to ask.
Featuring new and updated case-based questions, organized into seven core areas of process design, this
Self-Assessment will help you identify areas in which improvements can be made.
In using the questions you will be better able to:
❑ diagnose projects, initiatives, organizations, businesses and processes using accepted diagnostic standards and
practices
❑ implement evidence-based best practice strategies aligned with overall goals
❑ integrate recent advances in the topic and process design strategies into practice according to best practice
guidelines
Using a Self-Assessment tool known as the Self-Assessment Radar Chart, you will develop a clear picture of the areas
where improvements can be made.
This spreadsheet has been designed for 1-10 participants and is easy to expand; multiple spreadsheets can be used to
assess with a large group or modify formula's etc.
You can use this spreadsheet as the starting point for deeper analysis. One suggestion is to use Pivot Tables, for even
more powerful analysis, or import the data in analysis and reporting tools like Tableau, SAP, ZOHO or the Business
Intelligence tool of your choice.
You are free to use the Self-Assessment contents in your presentations and materials for customers without asking us -
we are here to help. The Art of Service has helped hundreds of clients to improve execution and meet the needs of
customers better by applying process redesign.
How can we help you? For all questions regarding this Self-Assessment or to discuss how our team can help your
business achieve true results, please visit
https://store.theartofservice.com/contact-us/
Start
Self-Assessment
This document is a partial preview. Full document download can be found on Flevy:
https://flevy.com/browse/document/business-continuity-plan-monitoring--implementation-toolkit-5336
Below are the only valid entries for the assessment. This Self-Assessment is set up to process 1-10 participant's views.
When using for less than 10 participants, the entry fields need to stay clear/empty so it does not skew the results.
Each participants answer is to be recorded using the drop down box next to the question and select an answer of 1-5, or
leave at Non applicable for each question for each process area.
In my belief, the answer to the following question is clearly defined: (click 'Not applicable' under Participant name
to change value, leave at 'Not applicable' if the question is not matched to your goals/needs)
1 Strongly Disagree
2 Disagree
3 Neutral
4 Agree
5 Strongly Agree
Step 1 - Enter the names of the participants here:
Participant 1
Participant 2
Participant 3
Participant 4
Participant 5
Participant 6
Participant 7
Participant 8
Participant 9
Participant 10
Step 2 - Now have each participant answer each question for each Process area, under their name. Click 'Not
applicable' under Participant name to change value, leave at 'Not applicable' if the question is not matched to your
goals/needs.
1 Recognize Participant 1 Participant 2 Participant 3 Participant 4 Participant 5 Participant 6 Participant 7 Participant 8 Participant 9 Participant 10 Total Count Avg
"In my belief, the answer to the following question is clearly defined:" 0 0 0
1 What problems are you facing and how do you consider Business Continuity Plan Monitoring will circumvent those obstacles? 5 5 5 5 5 5 5 5 5 5 50 10 5
2 How much money does your organization stand to lose in the event of one hour of downtime? 5 5 5 5 2 5 5 5 5 4 46 10 4.6
3 What problems could derail your organization continuity strategy? 5 5 5 5 5 5 5 3 5 5 48 10 4.8
4
Are there any specific expectations or concerns about the Business Continuity Plan Monitoring team, Business Continuity Plan Monitoring itself?
5 5 5 2 5 5 5 5 5 5
47 10 4.7
5 Are losses recognized in a timely manner? 5 2 5 5 5 5 5 5 2 5 44 10 4.4
6 Is access limited by a hazardous event? 5 5 5 5 5 5 5 3 5 5 48 10 4.8
7 Do you see any unique problems for BAC in achieving continuity of their operations? 5 5 5 5 5 5 5 5 1 5 46 10 4.6
8 Are there recognized Business Continuity Plan Monitoring problems? 5 2 5 2 2 2 1 5 5 5 34 10 3.4
9 Will a response program recognize when a crisis occurs and provide some level of response? 5 5 5 5 5 5 5 5 5 4 49 10 4.9
10 Are there employees and customers with special needs that need to be accommodated? 3 5 5 2 5 5 5 5 5 5 45 10 4.5
11 What are the problems/issues arising from that piece of information? 5 5 5 3 5 5 5 1 5 5 44 10 4.4
12 What are the minority interests and what amount of minority interests can be recognized? 5 5 5 5 5 5 5 5 5 5 50 10 5
13 Are controls defined to recognize and contain problems? 5 5 5 5 5 5 5 5 5 5 50 10 5
14 To what extent would your organization benefit from being recognized as a award recipient? 2 5 3 5 5 5 5 5 5 5 45 10 4.5
15 Have all business associates been identified? 5 5 5 5 5 5 5 5 5 5 50 10 5
16 Does Business Continuity Plan Monitoring create potential expectations in other areas that need to be recognized and considered? 5 5 1 5 5 5 5 5 5 5 46 10 4.6
17 How is business critical applications identified? 5 5 5 5 5 5 5 4 5 5 49 10 4.9
18 What are the expected benefits of Business Continuity Plan Monitoring to the stakeholder? 2 5 5 5 5 4 5 5 5 3 44 10 4.4
19
How much are sponsors, customers, partners, stakeholders involved in Business Continuity Plan Monitoring? In other words, what are the risks,
if Business Continuity Plan Monitoring does not deliver successfully? 5 5 5 4 5 5 5 5 3 5
47 10 4.7
20 Are Business Continuity Plan Monitoring changes recognized early enough to be approved through the regular process? 5 5 5 5 5 1 5 5 5 5 46 10 4.6
21 Have you identified the staffing requirements to ensure the continuity of services? 5 5 2 5 5 5 5 5 1 5 43 10 4.3
22 Which parts of your organization need to participate? 3 5 5 5 5 5 5 3 5 5 46 10 4.6
23 Are there policies in place that prevent workforce members from sharing passwords with others? 5 5 4 5 5 5 5 5 3 5 47 10 4.7
24 Are there any significant quality assurance issues that need follow up by management? 5 5 5 5 5 5 5 5 1 5 46 10 4.6
25 Do all organizations need a real time recovery strategy in place? 5 5 5 5 5 5 5 5 5 5 50 10 5
26 How are the Business Continuity Plan Monitoring's objectives aligned to the group’s overall stakeholder strategy? 4 5 5 5 2 5 3 5 5 5 44 10 4.4
27 Are employees recognized or rewarded for performance that demonstrates the highest levels of integrity? 5 5 5 5 5 5 5 5 5 5 50 10 5
28 To what extent does management recognize Business Continuity Plan Monitoring as a tool to increase the results? 4 5 5 5 5 5 2 5 5 1 42 10 4.2
29 What are the options in the event of a key supplier failure? 3 5 5 5 5 5 5 5 5 5 48 10 4.8
30 Is the need for organizational change recognized? 5 5 5 5 5 5 5 5 5 5 50 10 5
31 What is the recognized need? 5 2 5 5 5 5 5 4 5 5 46 10 4.6
32
What measures has your organization taken to inform and protect its employees as well as to ensure that key expertise remains available in the
event of a disaster? 5 5 2 5 2 5 5 5 4 5
43 10 4.3
33 What does Business Continuity Plan Monitoring success mean to the stakeholders? 5 5 5 3 5 5 5 5 5 5 48 10 4.8
34 Has your organizationwide BCM manager been identified? 5 5 1 5 5 4 5 5 5 5 45 10 4.5
35 How do the problems affect your organization? 5 5 5 5 5 5 5 5 5 5 50 10 5
36 What has been done to prevent incidents from happening in the future? 5 5 5 5 5 2 5 5 1 5 43 10 4.3
37 Are employees recognized for desired behaviors? 5 5 1 5 5 3 5 5 1 5 40 10 4
38 Who else hopes to benefit from it? 5 5 5 5 5 5 5 5 4 5 49 10 4.9
39 Do the exercise objectives address the needs of your organization? 3 5 5 5 3 5 5 5 5 5 46 10 4.6
40 Which problems do you experience as the most extensive? 5 1 5 3 5 3 1 5 5 3 36 10 3.6
41 Do you need to inform your clients and customers of any changes to your services? 5 5 3 5 5 5 5 5 3 1 42 10 4.2
42 Will staff need to be relocated? 5 5 2 5 5 5 5 5 5 5 47 10 4.7
43 How are you going to measure success? 5 5 5 5 5 5 5 5 5 4 49 10 4.9
44 How are new requirements or changes to requirements identified? 3 1 1 5 5 5 5 4 5 5 39 10 3.9
45 What tasks need to be done in the event of an incident and in what order? 5 5 4 1 5 5 1 5 5 5 41 10 4.1
46 Do you recognize Business Continuity Plan Monitoring achievements? 5 5 5 2 5 5 5 5 5 5 47 10 4.7
47 Is there a person/organization identified as being responsible for the updating? 2 5 5 5 5 5 5 5 5 5 47 10 4.7
48 Is there any need to change it security arrangements? 5 5 1 5 5 5 5 4 5 5 45 10 4.5
49 When an event occurs, who should be notified? 5 2 5 5 5 5 5 5 5 5 47 10 4.7
50 Do the security incident policies and procedures identify to whom security incidents must be reported? 5 1 5 5 1 4 5 5 2 5 38 10 3.8
51 What level of recovery is needed? 4 5 5 5 5 5 5 5 5 4 48 10 4.8
52 How are business critical applications identified? 5 5 5 5 5 5 5 5 3 3 46 10 4.6
53 Has your organizations leadership team identified a BCM executive? 2 5 5 2 5 5 5 5 5 5 44 10 4.4
54 Is it clear who has the authority and responsibility for addressing the issues? 5 5 5 5 5 5 5 5 5 5 50 10 5
55 How will you recognize and celebrate results? 5 1 5 5 5 5 5 5 5 5 46 10 4.6
56 As a sponsor, customer or management, how important is it to meet goals, objectives? 1 5 5 5 3 5 5 2 5 5 41 10 4.1
57 What actions would need to be taken, by whom and within what timeframes? 5 2 5 5 5 5 5 5 3 5 45 10 4.5
58 How prepared are your critical suppliers for the event of a disaster? 5 1 3 5 1 5 5 5 5 5 40 10 4
59 Has your organizationwide BCM coordinator been identified? 5 5 4 5 4 5 5 5 5 4 47 10 4.7
60 What are the stakeholder objectives to be achieved with Business Continuity Plan Monitoring? 5 5 5 5 5 5 5 5 2 5 47 10 4.7
61 How do you recognize an Business Continuity Plan Monitoring objection? 3 5 5 5 1 5 5 5 5 5 44 10 4.4
62 Does your office have peak times or other time critical issues? 5 5 4 5 5 5 5 5 5 5 49 10 4.9
63 Should you invest in industry-recognized qualifications? 5 5 5 5 5 5 2 5 2 5 44 10 4.4
64 How do you stay flexible and focused to recognize larger Business Continuity Plan Monitoring results? 5 5 3 4 5 5 5 5 5 3 45 10 4.5
65 What situation(s) led to this Business Continuity Plan Monitoring Self Assessment? 5 5 5 5 5 3 5 3 5 5 46 10 4.6
66 How do you recognize an objection? 5 5 5 5 5 5 4 5 2 5 46 10 4.6
67 How do employees solve problems? 5 5 5 5 5 5 5 5 5 5 50 10 5
68 How fast does each business function need to be up and running? 5 5 5 5 3 5 5 5 4 5 47 10 4.7
69 Do you see any unique problems for BAC in implementing business continuity? 5 5 5 5 5 5 5 4 5 5 49 10 4.9
70
To what extent does each concerned units management team recognize Business Continuity Plan Monitoring as an effective investment?
3 5 5 2 1 5 5 5 5 2
38 10 3.8
71 What would happen if Business Continuity Plan Monitoring weren’t done? 5 5 1 5 5 5 5 5 5 5 46 10 4.6
72 What practices helps your organization to develop its capacity to recognize patterns? 5 5 5 5 4 5 5 2 5 5 46 10 4.6
73 Do you know what to do in the event of a security incident? 5 5 3 5 4 5 5 5 1 5 43 10 4.3
74 When a Business Continuity Plan Monitoring manager recognizes a problem, what options are available? 5 5 5 5 3 5 5 5 1 5 44 10 4.4
75 Do the training objectives correspond to and support your organizational needs? 2 5 5 5 5 5 5 5 5 5 47 10 4.7
76 How much advanced notice of the hazard event will you have? 5 5 3 5 5 5 5 5 5 5 48 10 4.8
77 Do you have arrangements in place to prevent or reduce the likelihood? 5 5 5 5 5 5 5 5 5 5 50 10 5
78 Are badges used to identify employees and authorized personnel? 5 5 5 5 5 2 2 5 5 5 44 10 4.4
79 How does your organization manage communication in the event of technological breakdown? 5 5 5 4 5 5 5 5 5 5 49 10 4.9
80 How could the incident have been prevented or avoided? 1 5 2 5 5 3 5 4 5 5 40 10 4
81 How valid are BCM strategies for an event of consequence? 1 5 5 4 5 5 5 5 5 3 43 10 4.3
82 Would you recognize a threat from the inside? 5 5 5 5 3 5 5 5 5 4 47 10 4.7
83 What are the options in the event of a key internal supplier failure? 5 5 5 5 5 5 5 5 5 5 50 10 5
84 Are organizational units identified consistent with the most recent reorganization? 5 5 5 5 5 5 5 5 5 5 50 10 5
85 Is there a procedure/tool to log problems/issues during the test? 5 5 5 5 5 4 5 5 2 5 46 10 4.6
86 How many individual private offices will you need? 5 5 1 5 5 5 5 5 2 5 43 10 4.3
87 Does your organization have third party APIs which need to be enabled during a disaster? 5 5 4 5 5 5 5 3 2 5 44 10 4.4
88 Can management personnel recognize the monetary benefit of Business Continuity Plan Monitoring? 5 5 5 3 5 2 5 5 5 5 45 10 4.5
89 What are the key issues/competitive challenges facing your firm? 5 5 5 5 5 1 5 5 5 5 46 10 4.6
90 Is the required security available when and where it is needed? 5 5 5 5 5 5 5 5 5 5 50 10 5
91 How often does the team need to meet and require updates? 5 5 5 5 5 2 5 5 5 1 43 10 4.3
92 Is the event likely to require an emergency response? 5 5 5 5 5 5 5 5 5 5 50 10 5
0 0 0
SCORE 416 425 403 426 419 425 436 434 395 429 4208 920 4.6
2 Define Participant 1 Participant 2 Participant 3 Participant 4 Participant 5 Participant 6 Participant 7 Participant 8 Participant 9 Participant 10 Total Count Avg
"In my belief, the answer to the following question is clearly defined:" 0 0 0
1 What measures will be put in place where essential services are required? 4 4 5 5 4 5 5 4 2 1 39 10 3.9
2 Is the team adequately staffed with the desired cross-functionality? If not, what additional resources are available to the team? 4 5 4 5 4 4 4 4 5 5 44 10 4.4
3 Do the problem and goal statements meet the SMART criteria (specific, measurable, attainable, relevant, and time-bound)? 4 4 5 2 4 4 5 5 4 5 42 10 4.2
4 Is your organization unable to meet its legal or regulatory requirements? 4 1 5 5 5 5 5 5 4 5 44 10 4.4
5 How does the Business Continuity Plan Monitoring manager ensure against scope creep? 4 5 4 5 5 4 4 3 4 5 43 10 4.3
6 Does the contract contain any continuity requirement? 4 5 5 4 5 3 2 4 4 4 40 10 4
7 Are customers identified and high impact areas defined? 1 2 5 4 5 4 5 5 5 5 41 10 4.1
8 Have the client and the project manager agreed on the number and scope of deliverables? 4 5 5 5 2 5 5 2 4 4 41 10 4.1
9 Is the current ‘as is’ process being followed? If not, what are the discrepancies? 4 4 4 4 4 4 5 2 5 5 41 10 4.1
10 How was the ‘as is’ process map developed, reviewed, verified and validated? 5 4 5 5 3 5 4 4 4 4 43 10 4.3
11 What specifically is the problem? Where does it occur? When does it occur? What is its extent? 5 5 5 5 3 5 4 5 5 5 47 10 4.7
Business Continuity Plan Monitoring Self-Assessment Questions
SustainControlImproveAnalyzeMeasureDefineRecognize
Show RACI Matrix Results
This document is a partial preview. Full document download can be found on Flevy:
https://flevy.com/browse/document/business-continuity-plan-monitoring--implementation-toolkit-5336
12 What key stakeholder process output measure(s) does Business Continuity Plan Monitoring leverage and how? 4 4 3 4 4 5 4 4 4 5 41 10 4.1
13 Are the roles and responsibilities of the various recovery teams clearly defined? 5 4 4 5 4 4 4 5 3 5 43 10 4.3
14 Is there a completed SIPOC representation, describing the Suppliers, Inputs, Process, Outputs, and Customers? 5 4 5 5 5 4 5 5 1 2 41 10 4.1
15
Are there any constraints known that bear on the ability to perform Business Continuity Plan Monitoring work? How is the team addressing them? 5 4 4 2 4 5 4 3 4 3
38 10 3.8
16 Who are the Business Continuity Plan Monitoring improvement team members, including Management Leads and Coaches? 5 5 5 4 5 4 4 5 5 4 46 10 4.6
17 How often are the team meetings? 5 4 4 4 2 5 4 5 5 4 42 10 4.2
18 Has everyone on the team, including the team leaders, been properly trained? 5 5 4 4 4 5 5 5 5 5 47 10 4.7
19
Has anyone else (internal or external to the group) attempted to solve this problem or a similar one before? If so, what knowledge can be
leveraged from these previous efforts? 4 5 5 5 5 4 5 5 4 4
46 10 4.6
20 Is there conformance to the contracted scope of work? 4 1 4 5 4 5 1 2 5 4 35 10 3.5
21
Is the improvement team aware of the different versions of a process: what they think it is vs. what it actually is vs. what it should be vs. what it
could be? 5 5 5 5 5 1 5 5 4 3
43 10 4.3
22 What would be the goal or target for a Business Continuity Plan Monitoring's improvement team? 4 3 5 5 5 4 4 4 4 4 42 10 4.2
23 What it systems, applications and services are required? 4 2 4 1 5 4 2 4 5 4 35 10 3.5
24 Will team members regularly document their Business Continuity Plan Monitoring work? 4 2 3 5 4 4 4 4 4 4 38 10 3.8
25 What systems and means of communication are required to carry out key functions? 5 5 5 5 4 4 4 4 3 5 44 10 4.4
26 Is there a critical path to deliver Business Continuity Plan Monitoring results? 5 4 1 5 4 4 4 4 4 4 39 10 3.9
27 What skills / level of expertise are required to undertake key functions? 5 4 5 4 4 3 5 4 5 5 44 10 4.4
28 Do the response programs include physical and logical security requirements? 5 4 5 5 5 4 4 5 1 1 39 10 3.9
29 What equipment / resources are required to carry out key functions? 4 5 5 4 4 1 5 5 5 4 42 10 4.2
30 Is there a completed, verified, and validated high-level ‘as is’ (not ‘should be’ or ‘could be’) stakeholder process map? 4 4 5 5 4 4 5 4 5 4 44 10 4.4
31 What is the minimum number of staff required to successfully complete the activity? 5 5 5 4 5 5 5 5 4 5 48 10 4.8
32 Are improvement team members fully trained on Business Continuity Plan Monitoring? 4 5 5 5 5 4 5 4 4 5 46 10 4.6
33
How will variation in the actual durations of each activity be dealt with to ensure that the expected Business Continuity Plan Monitoring results are
met? 5 5 2 5 5 3 5 4 4 4
42 10 4.2
34 Are stakeholder processes mapped? 4 5 4 2 5 4 2 5 4 5 40 10 4
35 Are the required resources and staff in place to implement and maintain the BCP? 4 5 5 5 4 5 3 2 5 1 39 10 3.9
36 Has a team charter been developed and communicated? 5 1 5 4 5 2 5 3 4 4 38 10 3.8
37 Has the improvement team collected the ‘voice of the customer’ (obtained feedback – qualitative and quantitative)? 5 3 2 4 5 5 4 4 4 4 40 10 4
38 How appropriate is the scope and level of detail of the testing program? 5 5 5 5 1 4 4 5 5 4 43 10 4.3
39 Is the team sponsored by a champion or stakeholder leader? 5 4 4 5 5 5 5 4 4 5 46 10 4.6
40 Is full participation by members in regularly held team meetings guaranteed? 4 4 4 4 3 4 5 4 4 2 38 10 3.8
41 Is data collected and displayed to better understand customer(s) critical needs and requirements. 5 5 1 5 5 5 1 2 5 4 38 10 3.8
42 Who should you call in case of disaster? 5 2 5 5 5 5 5 5 3 1 41 10 4.1
43 What are the potential timelines, is urgent action required? 3 2 4 5 5 4 3 3 4 4 37 10 3.7
44 What level of business is your vendor willing to provide in case of a pandemic? 5 5 4 5 5 5 4 4 4 5 46 10 4.6
45 What are the dynamics of the communication plan? 4 5 4 4 3 4 4 4 5 2 39 10 3.9
46 Are the BCM purpose, scope and leader well known throughout your organization? 5 4 5 4 4 4 4 5 5 5 45 10 4.5
47 Has the direction changed at all during the course of Business Continuity Plan Monitoring? If so, when did it change and why? 5 4 5 4 5 4 4 5 5 5 46 10 4.6
48
How will the Business Continuity Plan Monitoring team and the group measure complete success of Business Continuity Plan Monitoring? 4 4 5 3 5 4 5 4 4 4
42 10 4.2
49 Does the team have regular meetings? 4 4 5 5 4 2 5 5 5 5 44 10 4.4
50 What constraints exist that might impact the team? 5 5 4 5 4 4 4 5 4 4 44 10 4.4
51 Do the test scripts require proof of test success/failure? 1 4 2 3 4 5 5 5 4 5 38 10 3.8
52 Is Business Continuity Plan Monitoring currently on schedule according to the plan? 4 1 5 5 4 5 5 5 5 4 43 10 4.3
53 Did scope of work, budget, and schedule comply with contractual obligations? 5 4 3 5 4 5 5 5 4 5 45 10 4.5
54 Has a high-level ‘as is’ process map been completed, verified and validated? 4 4 5 4 4 5 4 4 5 5 44 10 4.4
55
Is there a Business Continuity Plan Monitoring management charter, including stakeholder case, problem and goal statements, scope,
milestones, roles and responsibilities, communication plan? 4 4 4 5 2 5 5 1 4 5
39 10 3.9
56 Will team members perform Business Continuity Plan Monitoring work when assigned and in a timely fashion? 4 4 4 2 2 1 3 1 4 4 29 10 2.9
57 Is the team formed and are team leaders (Coaches and Management Leads) assigned? 4 4 1 5 3 4 4 4 4 5 38 10 3.8
58 Are there any alternate space requirements? 4 4 4 4 5 5 5 4 4 5 44 10 4.4
59 How is the team tracking and documenting its work? 4 2 5 4 4 5 5 5 5 4 43 10 4.3
60 How do you maintain requirements between production and recovery? 3 3 5 5 2 3 4 5 5 4 39 10 3.9
61 Are customer(s) identified and segmented according to their different needs and requirements? 5 1 4 4 5 4 2 4 5 4 38 10 3.8
62 What staff required carrying out key functions? 5 5 5 4 5 4 4 5 4 5 46 10 4.6
63 When are meeting minutes sent out? Who is on the distribution list? 4 2 4 5 4 4 5 5 5 4 42 10 4.2
64 What are the boundaries of the scope? What is in bounds and what is not? What is the start point? What is the stop point? 5 3 4 5 5 5 2 5 4 5 43 10 4.3
65 When is the estimated completion date? 5 2 4 5 4 5 4 2 4 5 40 10 4
66 Has/have the customer(s) been identified? 4 5 4 4 5 5 3 4 5 4 43 10 4.3
67
Is there regularly 100% attendance at the team meetings? If not, have appointed substitutes attended to preserve cross-functionality and full
representation? 4 2 4 4 5 4 5 4 4 4
40 10 4
68 Have the it requirements been assessed? 4 5 4 4 1 1 2 4 5 5 35 10 3.5
69 How would you define supply chain management? 5 1 5 4 5 5 5 5 5 2 42 10 4.2
70 Is Business Continuity Plan Monitoring linked to key stakeholder goals and objectives? 5 2 1 1 2 4 5 5 5 3 33 10 3.3
71 What are the business continuity requirements of the client? 4 3 5 2 2 5 5 4 1 4 35 10 3.5
72 Are the objectives of the project clearly defined? 5 4 4 4 4 4 4 5 4 5 43 10 4.3
73
Has the Business Continuity Plan Monitoring work been fairly and/or equitably divided and delegated among team members who are qualified
and capable to perform the work? Has everyone contributed? 5 4 5 2 2 5 5 4 5 5
42 10 4.2
74 Are visitors required to sign in with security? 3 4 4 5 4 4 5 4 5 4 42 10 4.2
75 How do you keep key subject matter experts in the loop? 4 4 5 1 5 4 4 5 4 4 40 10 4
76 Does your organization require dedicated links between your organizations site and cloud? 5 4 4 4 4 2 4 5 5 4 41 10 4.1
77
If substitutes have been appointed, have they been briefed on the Business Continuity Plan Monitoring goals and received regular
communications as to the progress to date? 5 4 2 5 4 4 5 3 5 3
40 10 4
78 What are the rough order estimates on cost savings/opportunities that Business Continuity Plan Monitoring brings? 5 4 4 5 4 5 4 4 4 5 44 10 4.4
79 Are access rules specific to applications and business requirements? 5 2 5 5 4 5 5 5 4 4 44 10 4.4
80
How did the Business Continuity Plan Monitoring manager receive input to the development of a Business Continuity Plan Monitoring
improvement plan and the estimated completion dates/times of each activity? 4 4 5 5 4 4 5 5 1 5
42 10 4.2
81 What are the compelling stakeholder reasons for embarking on Business Continuity Plan Monitoring? 5 5 4 3 4 4 4 5 5 5 44 10 4.4
82 What critical content must be communicated – who, what, when, where, and how? 1 4 4 4 4 5 4 5 5 5 41 10 4.1
83 What are your organizations journaling retention requirements? 4 4 4 5 4 5 5 5 4 1 41 10 4.1
84 When is/was the Business Continuity Plan Monitoring start date? 4 4 5 4 5 5 1 1 5 5 39 10 3.9
85 What is the geographic scope of the incident? 5 5 2 5 4 4 4 5 5 4 43 10 4.3
86 How would you define business continuity management? 2 5 5 4 4 4 2 4 5 5 40 10 4
87 Are there any non IT specialist equipment required? 5 3 4 5 5 5 5 5 5 1 43 10 4.3
88 Does your organization require self managed load balancer blueprint? 4 4 3 2 5 5 5 1 5 5 39 10 3.9
89 Are requirements management tracking tools and procedures in place? 2 5 4 5 4 4 1 4 4 4 37 10 3.7
90 Are all test assumptions adequately defined and aligned with the test objectives? 5 5 5 4 4 5 4 5 5 4 46 10 4.6
91 Should non essential staff now be required to work from home? 4 5 5 4 4 4 5 4 5 5 45 10 4.5
92 Is a fully trained team formed, supported, and committed to work on the Business Continuity Plan Monitoring improvements? 4 4 3 5 5 5 2 5 5 5 43 10 4.3
93 What are the requirements for a comprehensive business continuity management system? 5 5 4 5 4 5 4 2 5 2 41 10 4.1
94 Is the team equipped with available and reliable resources? 4 2 4 5 4 5 4 5 2 5 40 10 4
95 What customer feedback methods were used to solicit their input? 5 5 4 5 4 2 1 4 5 5 40 10 4
96 Are different versions of process maps needed to account for the different types of inputs? 2 5 4 4 5 5 5 4 5 4 43 10 4.3
97 Have the customer needs been translated into specific, measurable requirements? How? 1 2 4 3 4 4 4 4 5 1 32 10 3.2
98 Are there different segments of customers? 4 3 4 4 5 4 5 4 4 5 42 10 4.2
99 Are visitors required to be escorted in sensitive facility locations? 4 5 4 5 5 1 4 4 4 5 41 10 4.1
100 What percentage of the workload is required to be mirrored? 4 3 5 4 4 5 5 5 4 3 42 10 4.2
101 Has a project plan, Gantt chart, or similar been developed/completed? 5 5 5 5 5 4 5 5 4 4 47 10 4.7
102 Is the Business Continuity Plan Monitoring scope manageable? 5 4 4 4 5 3 5 2 4 4 40 10 4
103 What are your technology recovery requirements? 4 5 5 4 5 4 2 2 5 4 40 10 4
104 Are critical applications replicated offsite in case of disaster? 4 4 3 1 2 4 5 5 4 5 37 10 3.7
105 Are team charters developed? 2 4 4 4 5 5 4 4 5 4 41 10 4.1
106 What are the Roles and Responsibilities for each team member and its leadership? Where is this documented? 2 5 4 4 4 5 5 4 4 5 42 10 4.2
0 0 0
SCORE 445 409 442 446 438 441 436 436 454 435 4382 1060 4.1
3 Measure Participant 1 Participant 2 Participant 3 Participant 4 Participant 5 Participant 6 Participant 7 Participant 8 Participant 9 Participant 10 Total Count Avg
"In my belief, the answer to the following question is clearly defined:" 0 0 0
1 Does your organization have an effective process to prioritize business functions? 5 5 3 5 3 3 3 3 4 3 37 10 3.7
2 Is data collected on key measures that were identified? 5 4 1 5 4 3 5 4 4 3 38 10 3.8
3 What types of businesses will be impacted? 5 4 3 4 3 3 5 3 4 4 38 10 3.8
4 What access control measures are in place? 4 5 4 4 4 5 4 5 4 1 40 10 4
5 What physical and logical security measures are in place? 5 3 5 5 4 3 3 4 5 4 41 10 4.1
6 Have you conducted your organizations impact analysis covering a pandemic situation? 5 4 1 3 3 5 5 5 4 5 40 10 4
7 Which areas are, or may become impacted? 4 3 3 3 3 5 5 5 5 5 41 10 4.1
8 How many staff are impacted and to what extent? 3 3 5 3 4 3 4 5 4 5 39 10 3.9
9 How long can the activity / process go unattended before intolerable impacts are realized? 5 4 3 2 5 4 4 4 4 5 40 10 4
10 How would it impact your research? 5 3 5 5 3 3 3 3 3 2 35 10 3.5
11 What charts has the team used to display the components of variation in the process? 1 5 4 2 5 4 3 3 5 3 35 10 3.5
12 How will supplies impact on when your organization can re open? 5 3 3 5 5 5 3 1 4 3 37 10 3.7
13 Is the business impact analysis accurate? 3 5 4 5 5 4 5 2 4 4 41 10 4.1
14 How are the essential functions of your organization impacted? 4 3 3 4 5 4 5 4 5 5 42 10 4.2
15 How large is the gap between current performance and the customer-specified (goal) performance? 4 4 4 5 4 3 1 5 3 5 38 10 3.8
16 Is data collection planned and executed? 4 5 4 5 4 1 5 3 1 2 34 10 3.4
17 Are process variation components displayed/communicated using suitable charts, graphs, plots? 3 3 4 4 3 5 5 3 2 4 36 10 3.6
18 What would be the impact if the essential functions performance is disrupted? 2 4 3 5 4 2 5 3 3 3 34 10 3.4
19 What was the impact of the disaster on business? 2 4 3 4 3 1 5 5 4 5 36 10 3.6
20 Who participated in the data collection for measurements? 4 4 5 4 4 4 5 4 5 5 44 10 4.4
21 Has the risk cause occurred before? 3 2 2 2 5 5 3 3 3 2 30 10 3
22 Does emergency cause the closure of primary facility? 1 4 5 3 5 4 5 1 4 4 36 10 3.6
23 What are the key input variables? What are the key process variables? What are the key output variables? 4 3 4 5 5 4 3 4 5 3 40 10 4
24 What was the impact of the incident? 4 3 2 4 3 3 4 3 3 4 33 10 3.3
25 What data was collected (past, present, future/ongoing)? 4 3 5 5 3 3 4 3 5 3 38 10 3.8
26 Do you see your supply chain and quantify/qualify impacts? 4 5 3 4 4 3 5 3 3 5 39 10 3.9
27 How will your business be notified in case of vendor impact? 5 5 3 3 3 3 3 3 5 3 36 10 3.6
28 Was a data collection plan established? 2 5 3 4 4 5 1 5 3 4 36 10 3.6
29 Is key measure data collection planned and executed, process variation displayed and communicated and performance baselined? 4 4 4 3 4 3 3 5 4 3 37 10 3.7
30 How were the risks identified and prioritized? 3 3 4 5 4 5 3 4 4 4 39 10 3.9
31 What changes within the business would warrant another business impact assessment? 2 5 3 5 4 4 4 3 3 4 37 10 3.7
32 What is the analysis of internal and external risk areas? 1 4 3 5 5 3 2 5 5 5 38 10 3.8
33 How current is your list of critical business priorities? 4 4 4 1 3 3 4 5 4 3 35 10 3.5
34 What particular quality tools did the team find helpful in establishing measurements? 4 4 3 5 5 3 3 4 1 4 36 10 3.6
35 What positive or negative impact do you assess there may be? 4 5 5 3 3 3 4 3 4 1 35 10 3.5
36 Do you quantify and qualify risk management investments? 5 4 4 3 4 3 5 3 5 3 39 10 3.9
37 Is Process Variation Displayed/Communicated? 4 4 2 5 3 3 3 3 4 5 36 10 3.6
38 How much will the implementation cost approximately, and under different scenarios? 4 4 3 4 4 3 3 4 4 5 38 10 3.8
39 Are key measures identified and agreed upon? 5 1 4 3 5 5 2 3 2 5 35 10 3.5
40 How will allocation of any remaining available office space be prioritized? 4 3 5 3 5 4 4 3 5 5 41 10 4.1
41 What does your organization do to limit the economic impact on business operations? 3 3 3 3 3 2 3 5 4 5 34 10 3.4
42 What other departments were impacted? 3 5 2 5 3 5 3 4 3 5 38 10 3.8
43 Do you understand what the impact might be on annual/ sick leave and whs? 4 4 5 3 3 3 4 3 5 3 37 10 3.7
44 What is your current yearly cost associated with business continuance? 5 5 3 5 4 4 3 5 5 3 42 10 4.2
45 What is your organization priority? 4 3 3 4 5 3 5 4 3 4 38 10 3.8
46 Is there a Performance Baseline? 3 4 2 3 5 4 5 5 5 4 40 10 4
This document is a partial preview. Full document download can be found on Flevy:
https://flevy.com/browse/document/business-continuity-plan-monitoring--implementation-toolkit-5336
47 Are the impact metrics associated with the BIA determined by senior management? 3 4 3 5 5 4 2 4 5 5 40 10 4
48 What is the impact of the hazard if realized? 5 3 3 5 5 5 5 4 5 5 45 10 4.5
49 Has your organization created a strategy to recover from potential impacts? 4 4 4 3 4 3 3 4 5 4 38 10 3.8
50 Is your organizations ability to provide adequate power for customers impacted? 3 4 2 5 4 5 1 3 5 3 35 10 3.5
51 What organizational information needs are resilience measures and analyses intended to satisfy? 3 3 4 4 3 3 4 5 3 4 36 10 3.6
52 Has your organization installed anti virus software, and/or taken measures to limit hacking? 5 2 3 5 2 4 1 3 5 4 34 10 3.4
53 Are the recovery actions directly related to the key risks and their impact? 3 1 2 3 3 4 5 3 3 5 32 10 3.2
54 Have you found any ‘ground fruit’ or ‘low-hanging fruit’ for immediate remedies to the gap in performance? 4 5 5 3 4 5 3 3 5 4 41 10 4.1
55 Are high impact defects defined and identified in the stakeholder process? 5 4 5 5 3 3 5 2 5 1 38 10 3.8
56 What will be the financial impact on your organization where sick leave is required? 5 4 3 4 4 4 3 3 4 1 35 10 3.5
57 Have departmental services been prioritized? 4 4 4 5 4 2 5 5 5 3 41 10 4.1
58 What measures could be taken to minimise impacts of staff shortfalls? 4 3 3 2 1 5 4 3 4 4 33 10 3.3
59 Is BCM a high priority for senior management? 5 5 3 5 5 5 3 4 3 3 41 10 4.1
60 Which priority one functions can share accommodation on a temporary basis? 1 3 3 4 3 3 3 4 5 4 33 10 3.3
61 What is your capacity to manage the impacts? 4 4 4 4 3 3 5 5 4 3 39 10 3.9
62 What key measures identified indicate the performance of the stakeholder process? 4 5 5 5 5 5 5 4 5 4 47 10 4.7
63 Has your organization ever been hacked, or has a virus had an adverse impact on your network? 3 3 2 3 5 3 3 3 3 3 31 10 3.1
64 What is the cost of an outage of your critical business operations? 4 1 5 3 5 3 4 4 5 4 38 10 3.8
65 What will be the financial impact on your organization? 2 4 4 5 3 5 3 4 5 5 40 10 4
66 How does your organization measure the performance of your BCM program? 5 4 3 3 4 3 5 4 1 5 37 10 3.7
67 Has your organization impact analysis been completed? 3 3 1 3 5 2 4 3 3 5 32 10 3.2
68 Which workload should be analyzed first? 4 1 5 3 5 1 4 3 5 4 35 10 3.5
69 What is business impact analysis? 3 3 3 5 5 4 5 4 5 4 41 10 4.1
70 Did the bia include recovery priorities for business units and systems? 4 3 5 4 3 3 5 4 3 5 39 10 3.9
71
What are the agreed upon definitions of the high impact areas, defect(s), unit(s), and opportunities that will figure into the process capability
metrics? 4 5 4 3 2 4 4 4 5 3
38 10 3.8
72 What other teams / processes would be impacted by changes to the current process, and how? 3 4 3 4 5 5 3 3 4 1 35 10 3.5
73 What has the team done to assure the stability and accuracy of the measurement process? 4 5 1 3 3 5 4 5 3 4 37 10 3.7
74 Has your organization assessed the impact of a potential disruption? 3 5 5 4 5 4 5 3 3 5 42 10 4.2
75 Is long term and short term variability accounted for? 3 5 5 5 3 3 1 4 5 3 37 10 3.7
76 Has bias in analysis results been documented? 3 3 3 1 4 4 1 5 1 2 27 10 2.7
77 Do you have backup arrangements that could be activated to reduce the impact? 4 2 5 5 5 5 5 1 5 4 41 10 4.1
78 Is a solid data collection plan established that includes measurement systems analysis? 3 4 5 2 3 4 5 3 3 4 36 10 3.6
0 0 0
SCORE 288 290 274 303 305 284 292 286 308 293 2923 780 3.7
4 Analyze Participant 1 Participant 2 Participant 3 Participant 4 Participant 5 Participant 6 Participant 7 Participant 8 Participant 9 Participant 10 Total Count Avg
"In my belief, the answer to the following question is clearly defined:" 0 0 0
1 What is your communication strategy to respond quickly to employees, customers and the media? 4 3 3 1 4 4 3 3 4 3 32 10 3.2
2 Do you backup all of your organizations critical data on a regular basis? 1 4 3 5 3 2 3 3 3 3 30 10 3
3 How do you test a process that is only performed under abnormal conditions? 3 3 4 3 4 4 3 3 4 4 35 10 3.5
4 What is the amount of data that needs to be recovered? 3 3 4 3 4 1 4 2 4 4 32 10 3.2
5 What were the financial benefits resulting from any ‘ground fruit or low-hanging fruit’ (quick fixes)? 1 3 4 4 4 4 3 3 3 3 32 10 3.2
6 What is the value to your organization of stabilizing operational resilience processes? 3 4 3 3 4 3 2 2 4 3 31 10 3.1
7 What is the overall current status of work in processes? 2 3 3 3 3 3 3 3 4 3 30 10 3
8 How much data is transported in what time frame? 4 3 3 4 5 3 4 3 4 1 34 10 3.4
9 Does process include specification of performance criteria for measuring quality? 2 3 4 3 4 3 3 3 3 3 31 10 3.1
10 Is there requirements traceability process in place? 5 3 3 2 3 3 4 1 4 1 29 10 2.9
11 What are the revised rough estimates of the financial savings/opportunity for Business Continuity Plan Monitoring improvements? 1 1 4 3 3 3 3 4 4 4 30 10 3
12 How will work change now that you are no longer processing as normal? 3 4 4 1 4 3 4 3 3 3 32 10 3.2
13 Is your organization recovery strategy selected for each business process? 4 2 4 5 4 5 4 2 3 4 37 10 3.7
14 When it is recovered, how much data do you afford to recreate? 4 4 3 3 3 4 3 3 3 3 33 10 3.3
15 How do you store operational data? 1 3 1 3 4 3 3 3 4 4 29 10 2.9
16 Is there non database data to be recovered? 3 3 1 3 4 5 3 3 3 4 32 10 3.2
17 Was a cause-and-effect diagram used to explore the different types of causes (or sources of variation)? 4 4 1 4 5 3 4 4 3 3 35 10 3.5
18 What did the team gain from developing a sub-process map? 4 3 4 4 4 3 4 4 3 1 34 10 3.4
19 Does your organization periodically backup its data? 5 3 4 3 1 3 4 4 4 3 34 10 3.4
20 What type of agreements are in place with data communications suppliers? 4 5 4 3 2 3 5 4 3 3 36 10 3.6
21 What are the vital records/data for the critical business functions? 4 3 3 3 4 4 3 3 4 2 33 10 3.3
22 Do you have backups of all important data? 4 4 3 5 3 3 3 3 3 3 34 10 3.4
23 Are facilities to handle data integrity included? 4 4 3 3 4 3 4 3 4 4 36 10 3.6
24 Is there transparency in how sense was made from the raw data? 4 3 4 4 3 5 1 3 4 4 35 10 3.5
25 What are your most critical business processes and applications? 4 4 3 4 4 3 3 4 1 3 33 10 3.3
26 Did any additional data need to be collected? 4 4 2 2 3 4 3 4 3 5 34 10 3.4
27 Is the gap/opportunity displayed and communicated in financial terms? 4 2 1 4 2 4 4 1 1 3 26 10 2.6
28 How are critical business processes maintained? 4 3 4 4 4 3 3 3 3 1 32 10 3.2
29 What is the daily data change rate? 3 4 3 4 4 3 4 3 4 3 35 10 3.5
30 Is the implementation for data migration or business continuity? 4 3 5 4 2 3 3 4 3 1 32 10 3.2
31 Does the process rely on supplies or services provided by a third party? 3 4 3 3 3 3 3 3 4 3 32 10 3.2
32 How is risk measured to evaluate potential losses in the BCP process? 4 4 3 2 4 4 3 4 4 4 36 10 3.6
33 Is there an asset management process in place? 2 4 4 1 3 4 1 4 4 3 30 10 3
34 Is the disaster declaration process clearly defined? 3 4 4 3 3 4 5 3 4 4 37 10 3.7
35 Can the risk occur as a result of changes in other processes? 4 4 2 4 3 3 4 3 3 1 31 10 3.1
36 What is/are the business processes and applications that need to be recovered? 3 4 3 4 3 3 3 3 3 2 31 10 3.1
37 How much data do you afford to lose? 4 3 4 3 3 4 4 4 3 3 35 10 3.5
38 Have the problem and goal statements been updated to reflect the additional knowledge gained from the analyze phase? 4 4 4 3 3 4 3 3 3 3 34 10 3.4
39 Do you involve users in rehearsal process? 2 4 3 3 4 4 3 3 2 3 31 10 3.1
40 Did any value-added analysis or ‘lean thinking’ take place to identify some of the gaps shown on the ‘as is’ process map? 4 4 3 4 4 4 4 4 4 3 38 10 3.8
41 How quickly will services be able to return to normal? 3 3 4 3 4 1 3 3 4 4 32 10 3.2
42 What is the process for decision making during times of crisis? 5 4 3 2 4 4 4 3 3 4 36 10 3.6
43 What quality tools were used to get through the analyze phase? 2 5 3 1 3 1 4 4 3 4 30 10 3
44 Which is the correct process for your organization to use? 4 4 3 3 3 3 4 3 4 3 34 10 3.4
45 Do you need more than one incident management process? 4 3 4 3 3 3 4 2 3 4 33 10 3.3
46 Are BCP processes disseminated throughout your organization? 3 3 3 3 3 3 3 3 3 4 31 10 3.1
47 What are your organizations processes? 1 3 3 4 3 3 4 3 3 4 31 10 3.1
48 What data or which gaps were replaced by calculations or estimates? 3 3 5 1 4 3 4 3 3 4 33 10 3.3
49
What alternatives to your organizations regular way of doing business have been developed to ensure the resiliency of its most critical data,
systems, business functions, services and processes? 3 1 4 3 4 3 5 1 3 5
32 10 3.2
50 Does process include identification and involvement of all customers and suppliers? 3 3 4 5 1 3 3 2 4 4 32 10 3.2
51 What are your people , process , technology , and mission related risks/barriers/rewards? 4 1 4 5 3 3 3 4 4 3 34 10 3.4
52 Are suppliers involved in the BCP process? 4 3 5 4 3 3 3 4 2 4 35 10 3.5
53 Is the data interpretation process logical, and can it be followed? 3 1 4 4 4 4 3 3 3 3 32 10 3.2
54 Is there a documented workaround process available for your information asset? 4 4 3 3 4 3 5 4 3 4 37 10 3.7
55 How long has your organization had a BCP process in place? 3 4 3 4 5 4 3 2 4 4 36 10 3.6
56 Where is the data/information stored? 4 3 4 4 4 1 4 4 3 4 35 10 3.5
57 What conclusions were drawn from the team’s data collection and analysis? How did the team reach these conclusions? 3 4 4 4 3 1 3 4 4 3 33 10 3.3
58 Is the amount of effort justified by the anticipated value of forming a new process? 4 3 4 3 4 3 3 4 1 3 32 10 3.2
59 Should client insource or outsource the recovery process? 3 3 4 3 2 4 3 4 2 3 31 10 3.1
60 Were there any improvement opportunities identified from the process analysis? 5 3 4 5 3 3 5 4 3 3 38 10 3.8
61 What is the process for sub contractors to be approved? 3 4 3 3 5 4 3 3 4 5 37 10 3.7
62 What is the status of data availability/key applications/telecoms? 4 3 3 4 3 3 3 3 3 4 33 10 3.3
63 What data should be backed up and how often should it be backed up? 3 4 3 4 4 3 4 4 2 3 34 10 3.4
64 Is the Business Continuity Plan Monitoring process severely broken such that a re-design is necessary? 4 3 4 4 4 4 3 4 3 4 37 10 3.7
65 What changes do you need to make to your business processes? 4 3 1 4 4 3 3 4 4 4 34 10 3.4
66 How are the business processes / workflow functioning? 2 4 3 3 3 3 3 2 3 3 29 10 2.9
67 What tools were used to generate the list of possible causes? 3 3 4 3 4 3 4 3 4 4 35 10 3.5
68 How was the detailed process map generated, verified, and validated? 4 4 3 3 3 5 2 1 3 2 30 10 3
69 Have any additional benefits been identified that will result from closing all or most of the gaps? 3 4 4 3 4 3 2 3 5 4 35 10 3.5
70 Are gaps between current performance and the goal performance identified? 3 3 4 3 5 5 3 4 1 5 36 10 3.6
71 Why did you develop the process for conducting the BCP process? 3 3 3 4 3 4 4 3 3 3 33 10 3.3
72 Does the follow up team have a formal process to evaluate the test results? 4 1 4 4 3 3 4 4 4 4 35 10 3.5
73 Is all data expected to be encrypted at rest and in transit at all times? 4 3 4 3 4 4 4 3 3 5 37 10 3.7
74 How quickly are the backups to be retrieved in the event of an emergency? 4 4 3 3 3 3 4 3 4 3 34 10 3.4
75 Which business processes need to be recovered? 4 3 4 4 4 4 3 3 3 3 35 10 3.5
76 Is there a defined process for identifying and reporting on issues? 4 3 4 3 3 3 4 3 3 2 32 10 3.2
77 What is the process for the subcontractor to be approved? 4 2 4 4 3 3 1 3 3 3 30 10 3
78 Were Pareto charts (or similar) used to portray the ‘heavy hitters’ (or key sources of variation)? 4 3 4 4 3 4 1 3 3 3 32 10 3.2
79 Did the selection process include consideration of internal recovery strategies? 3 2 3 3 5 3 1 5 3 3 31 10 3.1
80 Are security processes being communicated throughout your organization? 4 3 5 5 4 3 3 3 3 3 36 10 3.6
81 Is there one person/function with overall responsibility for developing the BCP process? 4 3 4 4 3 5 3 4 4 4 38 10 3.8
82 Is each asset in the asset database used by at least one service in the service repository? 3 3 3 4 3 1 4 3 3 5 32 10 3.2
83 Is data and process analysis, root cause analysis and quantifying the gap/opportunity in place? 2 4 4 3 3 3 3 5 4 3 34 10 3.4
84 What part of your organization should actually own responsibility for BCM processes? 3 3 3 4 4 4 4 4 4 3 36 10 3.6
85 Are you aware of any policies related to data classification or data retention? 4 4 3 4 4 3 4 4 4 3 37 10 3.7
86 Does each service in the service repository use assets from the asset database? 4 5 4 3 3 3 3 3 4 4 36 10 3.6
87 What were the crucial ‘moments of truth’ on the process map? 4 4 4 3 4 4 4 3 3 2 35 10 3.5
88 Are all employees involved in the process properly trained? 3 4 4 3 3 4 3 3 3 4 34 10 3.4
89 What does the data say about the performance of the stakeholder process? 4 5 4 4 3 3 4 4 4 3 38 10 3.8
90 Is the process/resource properly maintained? 4 4 3 3 4 3 2 2 3 4 32 10 3.2
91 Is there a distinct business process recovery team? 3 4 3 4 4 4 3 3 4 3 35 10 3.5
92 Did the strategy selection process include issues involving existing suppliers? 5 4 4 3 3 4 4 4 4 4 39 10 3.9
93 What applications or databases to recover? 4 1 3 4 4 4 3 4 4 3 34 10 3.4
94 Was a detailed process map created to amplify critical steps of the ‘as is’ stakeholder process? 3 4 4 3 3 5 4 4 4 4 38 10 3.8
95 Who will restore the data from the media? 3 4 2 3 3 3 5 4 3 4 34 10 3.4
96 Are there warnings system built in to the process? 3 4 4 4 3 3 5 3 2 3 34 10 3.4
97 How often does your organization review and update its BCP process? 3 4 1 4 3 4 4 4 3 3 33 10 3.3
98 What was the scope of your last recovery test process? 3 4 3 3 3 3 4 3 4 3 33 10 3.3
99 Are you exercising responsibility to protect sensitive data under your control? 5 4 3 4 4 4 3 4 4 5 40 10 4
100 Is there a formal review process involving senior management? 5 4 5 3 3 2 3 5 4 3 37 10 3.7
101 What tools were used to narrow the list of possible causes? 4 4 3 4 4 3 3 3 1 3 32 10 3.2
102 Were any designed experiments used to generate additional insight into the data analysis? 3 4 4 4 3 1 3 4 2 4 32 10 3.2
103 What is the cost of poor quality as supported by the team’s analysis? 3 3 4 4 3 4 5 4 4 3 37 10 3.7
104 Do you have a process in place to reassess the effectiveness of your BCM program? 1 4 4 4 4 4 3 4 4 4 36 10 3.6
105 Is the performance gap determined? 5 1 4 3 4 3 3 4 3 3 33 10 3.3
106 Are opinions supported by data and conclusions? 4 3 4 4 5 2 3 4 3 4 36 10 3.6
0 0 0
SCORE 364 355 364 361 369 349 357 349 349 353 3570 1060 3.4
5 Improve Participant 1 Participant 2 Participant 3 Participant 4 Participant 5 Participant 6 Participant 7 Participant 8 Participant 9 Participant 10 Total Count Avg
"In my belief, the answer to the following question is clearly defined:" 0 0 0
1 Has a BCM risk assessment been conducted for your organization? 3 3 3 2 2 2 3 2 2 2 24 10 2.4
2 Are improved process (‘should be’) maps modified based on pilot data and analysis? 3 3 2 3 3 2 3 5 4 3 31 10 3.1
3 Are test/exercise results documented and used to identify areas for remediation or improvement? 3 5 4 2 2 2 3 2 3 5 31 10 3.1
4 Who decides on the type of communication? 3 4 3 3 4 3 3 3 3 5 34 10 3.4
This document is a partial preview. Full document download can be found on Flevy:
https://flevy.com/browse/document/business-continuity-plan-monitoring--implementation-toolkit-5336
5 Are the risks well understood and communicated within your organization? 1 4 3 3 2 5 3 3 3 3 30 10 3
6 Which is the product mix affected by the risk? 4 3 4 2 2 3 2 3 2 2 27 10 2.7
7 Is executive leadership and/or management involved in risk management and mitigation decisions? 3 3 2 1 4 2 1 2 3 2 23 10 2.3
8 Are the testing/exercising objectives/criteria documented within the BCP? 2 2 3 3 3 3 3 4 3 2 28 10 2.8
9 What is Business Continuity Plan Monitoring's impact on utilizing the best solution(s)? 3 3 3 3 1 3 3 3 2 2 26 10 2.6
10 How does the solution remove the key sources of issues discovered in the analyze phase? 2 3 3 3 3 2 3 2 3 2 26 10 2.6
11 Are the best solutions selected? 2 3 2 3 3 2 3 2 2 3 25 10 2.5
12 What are the benefits of performing a technology risk assessment? 2 3 1 2 2 5 3 2 3 3 26 10 2.6
13 What tools were most useful during the improve phase? 3 5 2 2 3 3 2 5 3 3 31 10 3.1
14 What do you perceive as the biggest risk to your firm? 3 5 1 2 2 2 2 2 2 2 23 10 2.3
15 Have minimum personnel been documented for each phase of recovery? 2 2 3 3 2 2 4 3 2 3 26 10 2.6
16 Which participants are at heightened risk? 2 2 4 2 3 1 1 2 2 3 22 10 2.2
17 Is a contingency plan established? 3 2 3 3 2 2 2 2 3 2 24 10 2.4
18 Are policies and procedures developed and implemented to address security incidents? 3 2 2 2 2 3 3 4 2 2 25 10 2.5
19 What communications are necessary to support the implementation of the solution? 2 3 2 3 1 2 1 2 3 2 21 10 2.1
20 Are there any constraints (technical, political, cultural, or otherwise) that would inhibit certain solutions? 3 2 3 2 2 2 2 3 2 2 23 10 2.3
21 Are the scope and objectives for each test/exercise documented before the actual test? 4 3 3 3 3 2 2 1 2 3 26 10 2.6
22 Which hazards are high, medium, and low risk? 1 3 2 3 2 2 2 2 2 3 22 10 2.2
23 What would be the overall risk value for the threat or hazard? 3 2 3 5 3 3 3 2 2 5 31 10 3.1
24 Is there a strategy to address the dependency risk? 3 3 3 2 2 1 3 3 2 2 24 10 2.4
25 What is the greatest risk to overall operational efficiency? 3 4 1 2 3 2 3 2 3 5 28 10 2.8
26 Are formal business continuity procedures developed and documented? 2 2 2 3 1 2 2 3 3 2 22 10 2.2
27 What types of infrastructure are necessary to support post disaster re development? 2 5 2 2 1 2 3 3 5 2 27 10 2.7
28 What you understand to be business continuity? 3 3 1 3 2 2 2 2 2 3 23 10 2.3
29 Are you aware of any documented procedures for incident handling? 3 3 2 1 2 2 3 2 3 3 24 10 2.4
30 Is there a cost/benefit analysis of optimal solution(s)? 2 3 2 1 1 2 3 4 2 3 23 10 2.3
31 How probable is the risk of harm? 2 2 3 3 3 5 2 2 2 3 27 10 2.7
32 Is the implementation plan designed? 2 3 3 3 2 2 3 2 2 3 25 10 2.5
33 What do you do about disaster risk? 2 2 3 2 5 2 3 2 3 3 27 10 2.7
34 What error proofing will be done to address some of the discrepancies observed in the ‘as is’ process? 3 2 3 3 3 2 3 3 2 3 27 10 2.7
35 How are the results of the testing exercise documented and acted upon? 2 3 3 3 3 2 3 2 2 3 26 10 2.6
36 Are new and improved process (‘should be’) maps developed? 2 2 3 2 3 3 2 1 3 2 23 10 2.3
37 What are some alternatives to performing an exhaustive BIA and risk assessment? 3 2 2 2 2 3 2 5 3 3 27 10 2.7
38 What tools were used to tap into the creativity and encourage ‘outside the box’ thinking? 3 2 2 3 3 2 3 3 2 1 24 10 2.4
39 Which hazards pose the highest risk? 2 2 3 3 4 2 3 2 2 2 25 10 2.5
40 Have risks from all sources been identified? 3 3 2 3 5 3 3 2 3 1 28 10 2.8
41 How will the group know that the solution worked? 2 2 2 2 2 2 3 2 2 2 21 10 2.1
42 What kinds of risks are other organizations facing nowadays? 3 2 3 3 5 2 1 2 2 3 26 10 2.6
43 Is the primary/alternate recovery site documented in the BCP? 1 2 2 3 3 3 3 2 2 2 23 10 2.3
44 Is the BCP program coordinator held accountable for results of the program? 4 2 2 2 3 3 1 3 4 3 27 10 2.7
45 What actions does the supplier intend to implement in addressing risk? 2 4 3 3 2 2 3 3 2 2 26 10 2.6
46 Are directions to the recovery sites documented in the BCP? 3 2 5 4 2 3 1 3 3 2 28 10 2.8
47
Is a solution implementation plan established, including schedule/work breakdown structure, resources, risk management plan, cost/budget, and
control plan? 2 2 2 2 3 3 3 4 2 3
26 10 2.6
48 Is there a small-scale pilot for proposed improvement(s)? What conclusions were drawn from the outcomes of a pilot? 5 2 2 2 3 3 1 2 3 2 25 10 2.5
49 Describe the design of the pilot and what tests were conducted, if any? 3 5 3 2 2 3 2 3 3 3 29 10 2.9
50 Do you clearly understand responsibility? 3 5 2 2 2 3 3 3 3 2 28 10 2.8
51 Do the test scripts compare actual to expected results? 3 4 3 3 3 2 2 2 3 2 27 10 2.7
52 Do you have a risk assessment tool in place for inbound supply? 2 3 3 3 1 3 2 1 2 2 22 10 2.2
53 What are the risks that might give rise to business interruption? 3 3 2 2 5 3 2 3 3 3 29 10 2.9
54 What is the implementation plan? 4 2 2 2 2 5 3 3 3 2 28 10 2.8
55 What tools were used to evaluate the potential solutions? 3 4 2 2 2 4 3 3 3 3 29 10 2.9
56 How effective are risk management strategies as bcps for the BAC? 5 2 3 3 3 2 2 3 4 3 30 10 3
57 Has a training program been developed and established? 3 3 2 2 3 3 3 2 3 3 27 10 2.7
58 What risks are your organization most likely to encounter based on your geographical location? 3 3 5 3 3 2 2 2 3 3 29 10 2.9
59 Are the maintenance roles and responsibilities clearly defined and documented? 2 4 3 3 2 3 3 4 4 2 30 10 3
60 What were the underlying assumptions on the cost-benefit analysis? 3 3 2 3 3 3 2 3 2 2 26 10 2.6
61 How did the team generate the list of possible solutions? 3 1 2 2 2 2 3 3 2 2 22 10 2.2
62 Does management mandate an annual risk assessment? 2 2 3 3 4 2 2 3 2 2 25 10 2.5
63 Does your organization have documented team notification procedures? 2 2 3 2 3 2 2 3 2 5 26 10 2.6
64 Does your organization have documented vendor notification procedures? 2 3 5 3 2 2 2 3 2 3 27 10 2.7
65 Are system access policies and procedures documented and updated as necessary? 2 3 2 4 2 2 4 5 2 3 29 10 2.9
66 Was a pilot designed for the proposed solution(s)? 3 5 2 2 3 5 5 4 2 1 32 10 3.2
67 Are test objectives clearly defined and documented prior to each test? 2 3 2 3 3 5 3 2 3 2 28 10 2.8
68 Are manual workarounds documented in the BCP? 2 2 5 4 3 3 2 4 2 2 29 10 2.9
69 Have the risks been reviewed and signed off by the governance body? 3 2 3 3 3 3 3 3 3 4 30 10 3
70 How is authorization documented? 2 2 3 3 3 4 2 3 3 3 28 10 2.8
71 What risks pose the greatest threat to your business? 3 2 3 3 2 3 3 3 3 3 28 10 2.8
72 Which it services are already twinned and on what basis twinning was decided? 3 5 2 5 3 2 2 2 3 3 30 10 3
73 What is the risk that exists within the specific supplier being evaluated? 2 3 2 1 2 2 3 2 3 2 22 10 2.2
74 Is there documented acceptable user policy? 3 3 3 2 3 3 3 2 2 3 27 10 2.7
75 What is the team’s contingency plan for potential problems occurring in implementation? 2 2 3 2 4 5 2 3 2 2 27 10 2.7
76 What attendant changes will need to be made to ensure that the solution is successful? 2 3 3 3 1 4 3 2 3 5 29 10 2.9
77 What do you understand to be Business Continuity? 2 3 2 1 2 5 3 2 3 3 26 10 2.6
78 Which hazards pose the greatest risk? 1 2 3 5 3 2 4 3 2 4 29 10 2.9
79 Are possible solutions generated and tested? 2 2 3 3 3 3 2 2 2 2 24 10 2.4
80 Were any criteria developed to assist the team in testing and evaluating potential solutions? 3 2 2 1 2 3 2 2 4 2 23 10 2.3
81 Which risk areas are relevant to the listed IT services? 1 2 2 3 3 3 2 3 2 3 24 10 2.4
82 Is the risk depending on external suppliers? 5 3 2 3 3 1 2 2 3 2 26 10 2.6
83 Is the optimal solution selected based on testing and analysis? 2 2 3 3 5 3 2 2 3 3 28 10 2.8
84 Are the BCP program objectives documented? 2 3 2 3 3 4 3 2 3 2 27 10 2.7
85 What lessons, if any, from a pilot were incorporated into the design of the full-scale solution? 3 2 2 2 2 4 3 3 2 2 25 10 2.5
86 Is pilot data collected and analyzed? 3 3 3 3 2 3 2 2 2 2 25 10 2.5
87 Are there policies in place to address post disaster redevelopment? 1 2 2 3 2 3 3 3 2 2 23 10 2.3
88 Do you adapt seamlessly to changing risk environments? 4 2 1 2 3 3 2 2 3 3 25 10 2.5
89 How will the team or the process owner(s) monitor the implementation plan to see that it is working as intended? 2 3 2 1 2 4 2 3 3 2 24 10 2.4
90 What does the ‘should be’ process map/design look like? 3 2 2 2 2 3 3 2 4 2 25 10 2.5
91 Do you have a documented BCP awareness and training program? 5 3 2 5 3 2 3 4 2 2 31 10 3.1
92 Is the BCM program documented to define? 3 3 2 3 2 3 3 3 3 3 28 10 2.8
93 What, if any, policies are in place to address post disaster redevelopment? 3 2 3 3 2 3 2 3 3 2 26 10 2.6
94 Is there a change order procedure documented? 4 3 3 2 2 3 2 3 2 2 26 10 2.6
95 Does the incident result in disruption of any of your organizations business? 2 1 2 5 2 3 4 2 2 3 26 10 2.6
96 What is risk and risk management? 2 2 2 2 3 3 2 3 3 3 25 10 2.5
97 What are the risks and threats to essential services and activities? 3 2 2 5 3 3 3 3 3 3 30 10 3
98 What responsibility do you understand the BAC to have in an incident? 2 3 2 2 3 2 3 3 2 4 26 10 2.6
99 Are the risks reviewed and updated from time to time? 2 3 2 1 3 2 2 3 3 2 23 10 2.3
100 Are change orders properly documented for scope, budget, and schedule changes? 2 3 2 2 3 5 2 3 3 2 27 10 2.7
101 Do all organizations in the enterprise have defined risk parameters? 2 3 2 2 3 3 1 3 2 2 23 10 2.3
102 Is that level of risk acceptable? 2 1 2 1 2 3 2 3 2 3 21 10 2.1
103 Are clear reporting instructions documented in the BCP? 3 2 3 3 3 2 2 2 2 3 25 10 2.5
0 0 0
SCORE 268 282 260 268 269 284 258 275 267 270 2701 1030 2.6
6 Control Participant 1 Participant 2 Participant 3 Participant 4 Participant 5 Participant 6 Participant 7 Participant 8 Participant 9 Participant 10 Total Count Avg
"In my belief, the answer to the following question is clearly defined:" 0 0 0
1 Does your business continuity plan cover power outages specifically? 1 1 1 1 2 1 1 2 2 1 13 10 1.3
2 Has a plan been developed to facilitate notifications of changes to the BCP? 1 1 1 2 1 2 1 2 2 1 14 10 1.4
3 Are you aware of what your organization continuity plan entails? 1 5 5 1 4 1 1 2 2 1 23 10 2.3
4 Have the plans been verified or evaluated by independent third parties? 1 1 1 1 2 2 1 2 2 2 15 10 1.5
5 Does your business continuity plan have senior management approval and sponsorship? 3 5 1 1 5 2 1 4 1 4 27 10 2.7
6 How do you initiate business continuity planning? 1 1 2 1 1 1 5 2 5 2 21 10 2.1
7 How should regulations and standards shape the development of a BCM program? 5 1 4 1 1 1 3 1 1 2 20 10 2
8 Has the plan been approved by senior management? 2 2 2 1 1 5 2 1 1 2 19 10 1.9
9 Have you developed a plan to control access to the facility if the need arises? 3 2 1 1 1 2 1 1 2 1 15 10 1.5
10 Are the BCP program objectives integrated with your organizations strategic business plan? 1 1 1 2 2 2 1 1 2 4 17 10 1.7
11 How many primary control units will be installed? 1 2 5 2 1 1 1 1 2 1 17 10 1.7
12 Do you control the movement of staff between sites? 1 1 2 2 2 2 1 2 2 1 16 10 1.6
13 How often is the plan reviewed by the governance body? 1 1 1 1 2 2 4 1 2 4 19 10 1.9
14 What other resources do you need to successfully implement and maintain your plan? 2 1 2 1 1 1 1 2 1 2 14 10 1.4
15 Do individual plans need to be reviewed? 2 1 5 2 1 2 1 1 1 2 18 10 1.8
16 Are you aware of your suppliers business continuity plans? 1 1 1 2 1 2 2 2 2 2 16 10 1.6
17 Does the system design reflect the requirements? 1 2 1 5 1 1 2 2 1 5 21 10 2.1
18 Why do you need your organization continuity plan? 2 1 2 3 1 1 1 2 2 1 16 10 1.6
19 Is the policy well communicated and understood by plan users? 2 2 1 2 2 2 1 1 5 2 20 10 2
20 Why develop your organization continuity plan? 1 2 2 2 1 1 2 3 2 2 18 10 1.8
21 Is the plan approved by organization leadership? 1 3 2 2 2 5 3 1 2 2 23 10 2.3
22 Does your organization prepare an annual test plan? 2 3 2 1 1 1 1 2 2 1 16 10 1.6
23 What procedure is required to invoke the plan? 1 2 1 2 2 3 2 2 1 5 21 10 2.1
24 Is there an existing recovery plan? 4 1 2 2 1 1 1 1 2 2 17 10 1.7
25 Does the drp form part of the BCP or is it a separate plan altogether? 1 1 2 3 1 2 1 1 1 2 15 10 1.5
26 Does your organization have a formal security plan? 1 1 2 2 2 2 1 2 1 1 15 10 1.5
27 How many secondary control units will be installed? 1 2 5 2 1 2 1 2 2 4 22 10 2.2
28 Do you monitor the movement of participants between different places/ sites? 2 2 2 2 2 2 1 1 4 2 20 10 2
29 Has a project communications plan been developed? 1 1 1 2 2 2 1 2 2 2 16 10 1.6
30 Does sox mandate your organization continuity plan? 2 2 1 2 3 2 1 2 1 3 19 10 1.9
31 Does your organizations emergency plan include your organization continuity plan? 1 2 2 1 2 5 1 1 1 1 17 10 1.7
32 Who will manage and monitor cancellations of appointments/ meetings / groups? 4 4 2 1 1 1 1 1 2 1 18 10 1.8
33 Is the plan to work from home or alternate site? 1 2 2 5 5 2 2 1 5 2 27 10 2.7
34 Is there a defined schedule for updating the plan? 2 2 2 1 1 1 1 1 1 1 13 10 1.3
35 What are the training requirements for the planning team? 1 2 5 1 2 1 4 4 1 2 23 10 2.3
36 How has your organization communicated its BCP plans to the public? 1 1 4 2 1 2 2 1 1 3 18 10 1.8
37 Did work plan define work performed? 3 4 2 1 2 1 1 1 1 2 18 10 1.8
38 Do you have a current business continuity plan? 4 1 2 2 2 1 1 1 2 1 17 10 1.7
39 How do you structure an internal business continuity function or planning team? 1 2 2 2 1 1 1 1 1 1 13 10 1.3
40 What are the key elements of an effective business continuity plan? 1 2 2 2 1 1 2 2 5 1 19 10 1.9
41 What is the system scope for your recovery plan? 2 1 2 1 2 1 2 1 2 1 15 10 1.5
42 Is there a schedule for the testing of the plan? 2 1 1 1 1 2 1 1 4 2 16 10 1.6
43 Have all members of the planning team completed activity sheets? 3 2 2 1 1 1 1 1 1 1 14 10 1.4
44 Does management monitor and evaluate training progress, and reassess training needs? 1 5 5 1 1 2 1 2 1 2 21 10 2.1
45 Are staff members assigned to execute specific service continuity plans? 2 5 2 1 1 1 5 1 1 1 20 10 2
46 Has the approved plan been distributed to all appropriate personnel and offices? 1 1 1 2 2 1 2 1 4 1 16 10 1.6
47 How does the enterprise plan to react in case of emergency? 2 2 2 5 1 1 2 1 5 1 22 10 2.2
48 Why do business continuity plans fail? 2 2 1 1 2 1 4 1 1 1 16 10 1.6
49 Does your practice have an emergency plan? 1 2 2 4 2 1 1 2 2 2 19 10 1.9
50 Does your organization have a written business continuity plan? 1 3 1 2 5 2 1 1 2 2 20 10 2
51 Is the plan subject to review at least annually? 1 2 1 1 1 2 1 1 4 1 15 10 1.5
This document is a partial preview. Full document download can be found on Flevy:
https://flevy.com/browse/document/business-continuity-plan-monitoring--implementation-toolkit-5336
52 Have standards for testing service continuity plans been implemented? 5 2 2 1 2 1 2 5 3 1 24 10 2.4
53 How would/is responsible for a BCM plan in your organization? 1 4 2 1 2 2 1 1 2 2 18 10 1.8
54 How is progress on issues management monitored and reported? 1 2 1 2 1 4 1 2 2 2 18 10 1.8
55 How do you monitor and support a remote workforce? 1 2 1 2 2 5 1 2 2 2 20 10 2
56 Does your organization test plans? 1 2 2 4 2 2 5 1 1 1 21 10 2.1
57 How can a BCM plan help your organization? 2 1 2 2 2 5 4 2 1 2 23 10 2.3
58 Is your organization capable of and prepared to implement the plans? 1 1 1 1 1 5 1 1 2 3 17 10 1.7
59 How do risk management and information system contingency planning fit into a resilience program? 4 1 1 1 2 1 1 2 4 2 19 10 1.9
60 Has a schedule for testing service continuity plans been established? 2 2 1 2 2 4 1 1 2 2 19 10 1.9
61 What are business continuity plans? 1 1 1 2 2 5 1 1 2 1 17 10 1.7
62 How does management ensure the plan is reliably updated to reflect changes to your organizations business and operational risks? 1 5 2 1 1 2 2 1 1 2 18 10 1.8
63 Do the plans call for coordination with local emergency services? 2 2 1 1 2 4 1 1 1 2 17 10 1.7
64 Have user departments been involved in drawing up and testing the plan? 1 1 1 1 2 1 2 2 2 2 15 10 1.5
65 Is there a defined process for updating the plan based on the tests conducted? 2 1 2 1 5 1 1 1 1 2 17 10 1.7
66
Does internal audit or an independent third party provide regular assurance on the effectiveness of your organizations business continuity plan
and incident management process? 4 5 2 2 2 2 2 1 2 5
27 10 2.7
67 Have all the components of the plan been prepared? 2 2 2 2 2 2 1 1 1 1 16 10 1.6
68 How does your organization plan for business continuity? 1 2 2 2 1 3 1 3 1 2 18 10 1.8
69 Does the test formats satisfy industry standards and best practices? 2 2 2 2 5 1 4 1 1 1 21 10 2.1
70 Do your employees know and support your plan? 4 1 2 2 2 2 1 5 2 1 22 10 2.2
71 Does your business continuity plan take human resources impact into account? 1 4 3 1 1 5 2 2 1 1 21 10 2.1
72 Have planning responsibilities been assigned to key individuals and/or teams? 1 1 3 2 2 1 1 5 5 5 26 10 2.6
73 Have the plans and processes been audited/appraised by external experts? 3 2 2 4 4 1 1 1 2 1 21 10 2.1
74 Does the plan address what data is to be restored? 2 5 1 2 2 2 3 2 2 3 24 10 2.4
75 Does your office currently have your organization continuity plan? 1 2 1 1 1 1 1 2 2 1 13 10 1.3
76 Is a stakeholder management plan in place? 2 2 1 1 1 1 2 1 2 2 15 10 1.5
77 Have the members of the planning team had any BCP training? 1 2 2 1 2 1 5 4 2 2 22 10 2.2
78 Does your organization have a plan to deal with the risk of business interruption? 1 3 1 2 2 5 1 2 1 5 23 10 2.3
79 Do you have your organization continuity plan that is up to date and complete? 1 2 2 4 1 1 2 1 1 2 17 10 1.7
80 Are you confident that the plans for IT resilience and contingency are adequate? 1 2 2 2 1 1 1 2 2 1 15 10 1.5
81 How involved or aware is the BAC of your plans for continuity? 5 2 1 2 1 1 2 2 1 5 22 10 2.2
82 Who is responsible for invoking the plan, and who should be consulted? 2 2 5 1 2 2 1 2 1 1 19 10 1.9
83 What is your organization Continuity Plan? 2 1 2 2 5 2 3 2 2 2 23 10 2.3
84 Do you incur any problems in the implementation of plans? 1 2 5 1 2 1 3 2 2 1 20 10 2
85 Which organizations apply the iso 22301 standard? 2 2 4 2 2 2 1 1 1 2 19 10 1.9
86 Has the plan identified the right people to carry out the actions required? 2 2 2 2 2 1 1 2 2 1 17 10 1.7
87 Why bother reviewing and testing your plan? 2 4 1 1 1 3 1 1 2 1 17 10 1.7
88 Are appropriate references to all related plans included in the BCP? 2 1 1 1 1 1 2 2 2 5 18 10 1.8
89 Why is continuity planning important? 2 1 1 2 1 2 1 2 1 1 14 10 1.4
90
Are your organizations incident response plans flexible enough to enable it to respond rapidly and appropriately to various types of interruptions
to its critical operations? 2 2 1 1 2 2 2 3 1 1
17 10 1.7
91 Has a succession plan been established at all levels? 1 2 2 1 1 2 2 2 2 1 16 10 1.6
92 Are there clear, regular time periods for updating of the plan? 1 2 1 2 1 1 2 1 2 2 15 10 1.5
93 Do your vendors business continuity planning preparations meet your business needs? 4 2 1 1 5 1 1 2 1 2 20 10 2
94 Is overall recovery possible using the current plan? 1 2 3 2 5 2 1 1 3 2 22 10 2.2
95 Do you have a disaster recovery plan? 2 2 1 1 1 1 1 1 1 2 13 10 1.3
96 Are the plans tested and revised based on the results? 1 2 2 1 1 2 2 3 1 1 16 10 1.6
97 What are the various phases of developing your organization continuity plan? 1 1 2 3 1 2 2 1 1 1 15 10 1.5
98 Are there automatic triggers to ensure that the core plan elements remain current? 2 2 2 2 1 2 2 1 5 1 20 10 2
99 Are the critical dependencies and their recovery reflected in contractual terms? 1 3 1 5 1 3 2 1 2 4 23 10 2.3
100 What is in your organization continuity plan? 1 1 1 1 2 2 1 1 2 1 13 10 1.3
101 Does your organization require to integrate on prem monitoring with cloud monitoring? 2 2 3 2 2 2 2 1 1 2 19 10 1.9
102 Are the key risks clearly stated in the plan? 3 1 1 1 2 1 2 1 2 2 16 10 1.6
103 How will you monitor the health of any employees that may be exposed? 1 2 1 2 1 1 1 3 4 1 17 10 1.7
104 Is execution of service continuity plans reviewed? 2 2 1 5 5 1 3 4 1 1 25 10 2.5
105 How often are your business continuity and disaster recovery plans tested, and in what ways? 1 1 1 4 1 2 1 1 2 2 16 10 1.6
106 Is the plan activation and process execution effective? 1 2 2 5 1 1 2 5 1 2 22 10 2.2
107 How could a BCM plan affect the supply chain? 2 2 1 2 2 2 1 1 2 1 16 10 1.6
108 Have project management standards and procedures been established and documented? 3 4 1 2 1 2 2 1 2 2 20 10 2
109 Do you have a plan for a pandemic or mass absentee situation? 1 1 1 2 5 1 2 1 2 1 17 10 1.7
110 Are crisis management and communication management plans available and rehearsed? 1 1 1 1 2 1 3 2 2 1 15 10 1.5
111 How frequently is your business continuity plan exercised? 2 2 2 2 1 1 1 1 2 3 17 10 1.7
112 What are the components of your organization continuity plan? 3 2 2 3 4 1 1 1 2 2 21 10 2.1
113 Does the disaster recovery plan address issues specific to the covered entitys operating environment? 1 1 1 2 2 2 1 1 2 2 15 10 1.5
114 Are plan maintenance schedules documented in the BCP? 1 1 1 2 2 1 2 2 4 1 17 10 1.7
115 What is an emergency response plan? 1 2 2 2 2 2 2 2 2 2 19 10 1.9
116 Will there be an overall corporate role that has responsibility for BCM planning? 1 2 2 1 1 1 2 1 1 1 13 10 1.3
117 Is your business continuity plan complete? 2 1 1 4 1 1 1 1 2 1 15 10 1.5
118 Does the backup plan include storage of backups in a safe, secure place? 2 1 2 2 1 2 1 2 1 4 18 10 1.8
119 Are responsibilities clearly defined for plan maintenance, training and testing? 1 2 3 2 1 2 2 1 2 1 17 10 1.7
120 When was the most recent business continuity plan exercise? 2 5 2 2 2 4 2 1 1 1 22 10 2.2
121 Is the plan updated as organizational objectives and priorities change? 2 2 2 3 2 1 2 2 2 2 20 10 2
122
How clearly do contracts and/or service level agreements define service providers responsibilities with respect to your organizations BCP, and
enable your organization to monitor compliance? 1 5 2 1 1 2 1 1 4 2
20 10 2
123 Has your organization planned and established a debriefing procedure? 2 4 1 2 2 1 2 2 1 1 18 10 1.8
124 Does the project have a formal project plan? 1 2 2 2 2 2 1 5 1 5 23 10 2.3
125 Have you established a mobilization plan for essential employees? 1 2 1 2 1 1 1 2 1 2 14 10 1.4
126 Does the plan conform to standards? 2 1 2 2 5 2 2 1 2 2 21 10 2.1
127 Does training support your organizational business plan & vision? 4 2 3 2 1 1 2 1 2 2 20 10 2
128 Is there a formally documented plan maintenance schedule? 2 1 1 2 4 1 2 2 1 1 17 10 1.7
129 Have adequate funding and resources been provided to develop and maintain your organizations business continuity plan? 2 2 1 2 1 2 1 2 1 2 16 10 1.6
130 Is there a communications component/plan as part of the BCP? 3 1 1 2 1 2 1 1 2 2 16 10 1.6
131 Is the plan reviewed and updated after a disruptive event? 2 1 2 1 2 1 2 2 1 1 15 10 1.5
132 How is it related to emergency response planning, and disaster recovery? 1 2 2 1 2 1 1 5 1 1 17 10 1.7
133 What about continuity planning for web based applications? 2 1 1 2 2 2 2 2 2 2 18 10 1.8
134 How does your department plan for business continuity? 1 1 2 2 1 4 1 1 2 2 17 10 1.7
135 What is information system contingency planning? 5 2 1 2 1 4 2 1 1 1 20 10 2
136 Are the plans stored properly and safely? 2 2 2 1 2 1 1 1 1 1 14 10 1.4
0 0 0
SCORE 241 270 250 255 251 252 226 231 256 254 2486 1360 1.8
7 Sustain Participant 1 Participant 2 Participant 3 Participant 4 Participant 5 Participant 6 Participant 7 Participant 8 Participant 9 Participant 10 Total Count Avg
"In my belief, the answer to the following question is clearly defined:" 0 0 0
1 Are all original staff available to return to work? 3 1 1 1 1 3 1 5 1 1 18 10 1.8
2 Is there an executive protection program for senior executives/managers? 1 1 1 1 1 1 3 1 5 1 16 10 1.6
3 Are there any key personnel unavailable? 2 1 1 1 1 1 1 4 1 1 14 10 1.4
4 Has a continuity team structure been established? 4 1 1 1 1 3 1 1 1 4 18 10 1.8
5 What alternative means of communication exist? 1 1 1 5 1 1 1 1 1 1 14 10 1.4
6 Have departmental services been listed? 1 1 4 3 1 1 1 1 1 1 15 10 1.5
7 How many ips per vlan does your organization currently have? 1 1 4 1 1 1 1 1 1 1 13 10 1.3
8 What locations do your organizations critical activities operate from? 4 1 1 1 1 1 2 1 1 1 14 10 1.4
9 Does the policy relate to an area with known inequalities? 5 1 1 1 1 1 1 1 1 1 14 10 1.4
10 Are the project members appropriately assigned and briefed? 4 1 1 3 1 1 1 1 1 3 17 10 1.7
11 What is your organization to do? 1 1 1 1 1 3 1 1 1 1 12 10 1.2
12 Is the workforce advised to commit their passwords to memory? 1 1 1 1 1 5 1 1 1 5 18 10 1.8
13 Is the policy sufficiently comprehensive and clear? 1 1 1 1 1 4 3 1 2 1 16 10 1.6
14 Which business units cannot be re housed in the short term? 1 1 1 1 1 1 1 1 1 1 10 10 1
15 Are appropriate security resources included in the BCP program? 1 1 1 1 1 1 1 1 1 1 10 10 1
16 Who does the business send payment to for the technology services? 1 1 1 1 1 1 1 5 1 1 14 10 1.4
17 Does the BCM manager coordinate and lead the implementation of BCM? 1 1 1 1 1 1 1 1 1 1 10 10 1
18 How might your inability to provide services affect your reputation? 5 1 2 1 1 1 1 1 1 3 17 10 1.7
19 How will the team communicate, particularly if the team is dispersed? 1 4 1 1 1 1 4 1 1 2 17 10 1.7
20 Does the BCP include the BCP organization & structure? 1 1 2 1 2 1 1 1 1 3 14 10 1.4
21 Is there a distinct technology recovery team? 1 1 5 1 4 3 1 1 1 1 19 10 1.9
22 Does your organization use any ITSM tools? 1 4 1 1 1 1 1 1 1 1 13 10 1.3
23 Is the it recovery strategy in line with the business objectives? 2 1 5 1 1 1 1 1 1 1 15 10 1.5
24 What are your goals that you feel are important for a successful project? 1 1 2 1 1 4 1 1 1 2 15 10 1.5
25 Are background checks made on temporary employees and contractors? 1 1 1 1 2 1 1 1 1 1 11 10 1.1
26 Which business units can use it after cosmetic attention? 1 2 1 1 1 1 5 4 1 1 18 10 1.8
27 Is your organization prepared for disasters? 1 1 1 1 2 1 1 1 1 1 11 10 1.1
28 Does your organization have a formal governance body for business continuity? 1 1 1 1 5 5 1 1 5 1 22 10 2.2
29 Why just web as a service what about other applications? 2 1 1 5 1 4 1 1 1 1 18 10 1.8
30 Who is the right person in your organization to own the BCM program? 1 1 1 1 1 1 1 1 1 1 10 10 1
31 Are backup and storage procedures for high value information assets tested? 1 3 4 3 1 1 1 1 1 1 17 10 1.7
32 When was the BCM policy last reviewed and updated? 1 1 1 3 3 1 1 1 1 1 14 10 1.4
33 Has your organization prepared an emergency contact list of employees? 1 1 1 1 1 5 1 1 1 1 14 10 1.4
34 Can any part of the service be relocated? 3 1 1 1 1 1 1 1 1 1 12 10 1.2
35 What type of network core switches/firewalls does your organization currently use? 1 1 1 1 1 1 1 1 5 1 14 10 1.4
36 How many saas based applications is your organization using? 1 3 1 1 1 1 1 1 1 1 12 10 1.2
37 What it is essential to carry out key functions? 4 1 1 1 2 2 3 1 1 1 17 10 1.7
38 What is the BCM maturity level in your organization? 1 5 1 3 4 2 1 3 1 1 22 10 2.2
39 What are a supply chain and supply chain management? 1 2 1 1 1 1 4 1 1 4 17 10 1.7
40 Are the most efficient solutions problem-specific? 1 1 2 1 1 1 1 1 4 1 14 10 1.4
41 What is your best mechanism for communication? 1 1 3 1 1 1 1 1 1 2 13 10 1.3
42 What are your Departments critical dependencies? 1 1 1 1 1 5 1 1 1 1 14 10 1.4
43 Which work areas are inaccessible and intact? 1 1 1 1 1 1 1 1 1 1 10 10 1
44 Did the test effectively detail the activities to be completed during a disaster? 1 1 1 1 1 1 1 1 1 1 10 10 1
45 Does the BCM executive have access to the leadership team? 1 1 1 4 1 1 1 1 1 1 13 10 1.3
46 How are segments of your economy dependent on infrastructure to function? 1 5 1 1 1 1 1 4 1 1 17 10 1.7
47 Why will people be away from work? 1 4 4 1 1 2 3 3 3 1 23 10 2.3
48 How much time should the BCP take? 1 1 1 1 1 1 3 1 1 1 12 10 1.2
49 Can the net support business continuity? 4 1 1 1 1 1 5 1 1 1 17 10 1.7
50 How and how often are you communicating with employees, customers and suppliers? 1 4 1 1 3 2 1 1 1 1 16 10 1.6
51 What it is essential to carry out your critical activities? 1 1 1 1 1 1 1 1 2 2 12 10 1.2
52 What are the necessary review and approval steps prior to information release? 1 1 1 1 1 1 1 1 1 3 12 10 1.2
53 How badly would your organizations effectiveness be affected? 1 5 1 1 1 1 1 1 1 1 14 10 1.4
54 What is the actual or threatened loss of workforce? 1 1 1 1 1 4 1 5 1 3 19 10 1.9
55 What is the value to your organization in designing and deploying BCM programs? 1 1 1 1 1 1 1 5 3 1 16 10 1.6
56 Is the strategy realistic and has it been tested? 2 1 1 1 2 1 5 1 1 1 16 10 1.6
57 Is there an overall sponsor/champion for the BCM programme? 1 2 1 2 1 1 1 1 3 1 14 10 1.4
58 What are the time imperatives on the delivery of the products or services? 1 1 1 1 3 3 1 1 1 5 18 10 1.8
59 Does your organization operate or follow any ITSM approaches? 1 1 1 4 5 1 1 1 1 2 18 10 1.8
60 Is security awareness training provided to employees? 1 1 1 1 2 1 1 1 1 3 13 10 1.3
61 What is the status of your organization? 1 1 1 1 2 2 1 1 1 1 12 10 1.2
62 Are policies and procedures in place for establishing access and modifying access? 1 1 3 4 2 1 1 1 1 1 16 10 1.6
63 Has access to the whole site been denied? 1 1 1 1 3 1 1 2 4 2 17 10 1.7
This document is a partial preview. Full document download can be found on Flevy:
https://flevy.com/browse/document/business-continuity-plan-monitoring--implementation-toolkit-5336
64 What are the trusted sources on which your organization will rely? 3 1 1 1 1 4 1 1 5 1 19 10 1.9
65 What online communication tools do you utilise to stay connected? 1 3 1 1 1 1 1 1 1 1 12 10 1.2
66 What would happen if a key team member was suddenly absent? 1 1 1 2 1 1 1 1 1 1 11 10 1.1
67 Are the activation procedures effective? 2 1 1 3 1 1 1 4 1 1 16 10 1.6
68 What is the timeframe for unacceptable loss of functions and critical assets? 1 1 1 1 1 2 1 1 1 1 11 10 1.1
69 Is there a distinct corporate support team? 1 1 1 1 1 1 1 1 1 1 10 10 1
70 What supports will be put in place in the short and medium term? 1 5 1 1 1 1 1 4 1 1 17 10 1.7
71 How did your organization handle the crisis? 1 1 1 1 1 1 1 1 1 1 10 10 1
72 How well integrated is the BCM program with capabilities? 1 1 1 1 1 1 1 1 1 1 10 10 1
73 Has detailed project schedule been prepared and considered with the client? 1 1 1 1 1 1 3 1 1 1 12 10 1.2
74 Does your organization support work from home with technology, management and policies? 1 1 1 1 1 1 1 5 2 1 15 10 1.5
75 Do sufficient and suitable continuity resources currently exist? 5 1 1 1 1 1 1 1 1 1 14 10 1.4
76 Are additional security personnel added when the threat level increases? 1 1 1 1 1 1 1 1 2 1 11 10 1.1
77 What information is essential to carry out your critical activities? 1 2 1 1 1 3 4 5 4 1 23 10 2.3
78 What are the advantages of certifying your business continuity management system? 1 5 5 1 1 1 1 1 1 4 21 10 2.1
79 What is the worst thing that can happen to your business? 4 4 1 1 1 1 5 1 3 1 22 10 2.2
80 Which systems and/or services are affected? 1 5 1 2 2 3 1 1 1 3 20 10 2
81 Do third parties remotely access your systems? 4 1 1 1 1 3 1 1 1 1 15 10 1.5
82 Do you have unscheduled BCP test? 4 1 3 1 1 1 1 1 1 3 17 10 1.7
83 Does anyone rely on information from your office in order to provide service? 5 1 4 1 1 1 1 1 1 1 17 10 1.7
84 What pattern of business will take place? 1 1 1 3 1 1 1 1 1 1 12 10 1.2
85 Which functions are critical to business continuity for your firm? 1 5 1 1 3 1 1 1 1 1 16 10 1.6
86 What are the benefits of testing? 1 1 1 1 1 2 1 1 1 1 11 10 1.1
87 How does the communication work between you and the consultants and the vendor? 1 1 4 1 1 1 1 5 1 5 21 10 2.1
88 Where to start with a BCM programme? 1 1 1 1 1 1 1 1 1 3 12 10 1.2
89 How to establish communication procedures? 1 1 1 1 5 1 1 4 1 1 17 10 1.7
90 How are your core business functions protected? 1 1 5 1 1 1 1 1 1 1 14 10 1.4
91 Who will disseminate the information? 4 1 1 2 1 1 1 3 1 1 16 10 1.6
92 What knowledge or experience is required? 1 1 1 1 4 5 5 1 1 1 21 10 2.1
93 What is the severity of the disaster? 1 1 1 1 1 1 1 4 1 1 13 10 1.3
94 Which parts of it are inaccessible? 1 1 2 1 1 1 1 1 4 1 14 10 1.4
95 Are there any exclusions to your BCP as personnel, natural disasters, and why? 1 1 1 1 1 1 1 1 5 1 14 10 1.4
96 What alternative responses are available to manage risk? 1 1 1 1 1 1 1 1 1 1 10 10 1
97 Are there ways to reduce the time it takes to get something approved? 1 1 1 1 1 1 5 1 1 1 14 10 1.4
98 Is existing fencing surrounding the facility perimeter in good repair? 1 1 1 1 1 1 1 1 1 2 11 10 1.1
99 What channels will be used to convey the information? 1 1 2 1 1 2 1 1 3 1 14 10 1.4
100 How many staff can work from home or relocate? 1 1 1 1 4 1 1 2 1 3 16 10 1.6
101 Did management involve a variety of business unit staff in the testing of the BCP? 1 5 3 3 5 1 1 1 2 1 23 10 2.3
102 What are you supposed to wear to a disaster? 1 1 4 1 1 3 1 1 1 1 15 10 1.5
103 Are there competing pressures for time and resources? 2 1 1 1 3 1 1 3 3 4 20 10 2
104 What are the processes for audit reporting and management? 1 1 1 1 1 1 5 1 1 1 14 10 1.4
105 Who is responsible to collecting the information? 2 1 1 1 1 1 3 1 1 1 13 10 1.3
106 Is the essential departmental services list correct? 1 3 1 1 3 1 1 1 1 5 18 10 1.8
107 Will the downtime incur serious extraordinary expenses? 1 1 3 1 1 1 1 1 1 1 12 10 1.2
108 Is the alternate site available and are the activation procedures for it correct? 1 2 1 1 1 1 1 3 1 1 13 10 1.3
109 What are the typical enterprise functions? 1 1 1 1 1 5 1 3 1 1 16 10 1.6
110 Will you depend on some vendors for recovery? 1 2 1 3 1 2 1 1 1 4 17 10 1.7
111 What communication channels would be utilized? 1 1 5 3 1 1 1 5 1 1 20 10 2
112 What is business continuity management? 1 2 1 3 1 2 1 5 1 1 18 10 1.8
113 What happens if a stock market or exchange closes for a period of time? 1 3 1 1 1 1 3 1 1 1 14 10 1.4
114 What was the nature of the security incident? 5 1 1 1 1 1 1 1 1 1 14 10 1.4
115 Do other institutions in your area provide similar services? 1 1 1 1 5 1 1 1 1 5 18 10 1.8
116 Who initiates and receives specific information? 1 1 3 1 1 1 1 1 1 1 12 10 1.2
117 Are there enough resources available to ensure that critical services are maintained? 2 1 1 1 1 1 1 4 3 1 16 10 1.6
118 Is your information accessible to all? 5 4 5 2 5 1 1 1 1 1 26 10 2.6
119 Who manages supplier risk management in your organization? 1 1 1 1 1 4 2 1 1 5 18 10 1.8
120 Will it be detrimental to your organizations public image? 5 1 1 1 1 1 1 1 3 1 16 10 1.6
121 Have you trained and prepared your workforce and your backup resources? 4 5 1 1 5 1 1 1 1 1 21 10 2.1
122 When should a process be art not science? 1 4 2 5 1 1 3 5 1 1 24 10 2.4
123 What offices / work space should be repaired first? 1 3 1 1 1 1 1 4 1 1 15 10 1.5
124 Is your business people dependent? 1 1 1 1 1 1 1 1 1 1 10 10 1
125 Why do you practice business continuity management? 1 1 1 1 1 1 1 1 1 1 10 10 1
126 What offices or work spaces should be repaired first? 1 1 1 1 1 1 1 1 1 1 10 10 1
127 Does management have the right priorities among projects? 1 1 1 4 1 1 1 1 1 1 13 10 1.3
128 Do you have up to date contact details for all staff and key external staff and stakeholders? 1 1 4 1 1 1 4 1 4 1 19 10 1.9
129 How long to keep data and how to manage retention costs? 1 1 1 2 1 1 1 1 1 1 11 10 1.1
130 Why business continuity management? 4 2 1 1 5 1 1 2 1 5 23 10 2.3
131 Where can employees provide feedback, if at all? 1 1 1 1 1 1 1 2 1 1 11 10 1.1
132 Do you have sufficient staff for managing program? 1 1 1 5 1 1 1 1 1 1 14 10 1.4
133 Who will step in to maintain the public health? 1 4 1 1 1 1 1 1 1 5 17 10 1.7
134 Which business units can use it immediately? 1 1 1 1 2 1 1 1 2 1 12 10 1.2
135 What are the advantages for your business? 1 1 1 4 2 1 1 1 1 1 14 10 1.4
136 Is your organizations frequency of backups appropriate for its environment? 1 1 1 1 1 1 1 1 5 1 14 10 1.4
137 Are key locations hardened and facilities conditioned? 1 1 2 1 1 1 1 1 1 1 11 10 1.1
138 How do business leaders proceed? 2 1 1 1 1 1 1 1 1 1 11 10 1.1
139 Why has progress been made in the financial services industry? 4 2 1 2 2 1 4 1 1 1 19 10 1.9
140 Do you supply a total inventory list of all current server hardware? 1 1 1 1 3 4 1 1 1 1 15 10 1.5
141 What is your current policy on visitors? 1 1 4 1 1 1 1 4 1 5 20 10 2
142 What alternatives can be put in place? 1 1 1 1 1 1 1 1 1 2 11 10 1.1
143 What is the desired level of recovery? 1 1 2 1 1 1 1 1 1 1 11 10 1.1
144 Is the it infrastructure still functioning properly? 1 1 1 3 3 3 2 1 1 4 20 10 2
145 Is the work to date meeting requirements? 1 1 1 1 1 1 1 1 1 1 10 10 1
146 How much time will it take to shift production from one product to another? 1 1 1 1 5 1 1 1 1 2 15 10 1.5
147 How will your organization review and debrief its response? 1 1 2 3 1 1 1 1 1 1 13 10 1.3
148 Has senior management commitment been obtained? 1 1 1 1 1 1 1 5 2 2 16 10 1.6
149 Are after hours checks made of facility access points? 1 1 1 1 1 2 1 1 1 1 11 10 1.1
150 Does your department have any role in the network recovery? 1 1 1 5 1 1 1 1 4 1 17 10 1.7
151 Do you provide your clients with detailed contact information for use in emergencies? 4 4 1 1 1 1 1 1 1 1 16 10 1.6
152 What is your organization currently using for backup/storage policies? 1 1 1 1 1 1 1 1 4 1 13 10 1.3
153 Is your organization able to support work from home policy? 1 1 1 1 1 1 1 3 1 1 12 10 1.2
154 Do your business and IT operations hinge on the availability of one or a few individuals skills? 1 1 1 1 1 1 1 1 1 1 10 10 1
155 Who is the sponsor within your organization? 1 1 1 1 2 1 1 1 1 1 11 10 1.1
156 Has the conduct of the exercise received the support of senior management? 1 1 1 4 1 1 2 1 1 1 14 10 1.4
157 Do large organizations feel the power supply to their organization is reliable? 2 1 1 1 4 1 1 1 1 4 17 10 1.7
158 What is business continuity and business continuity management? 1 1 1 1 1 1 1 1 1 1 10 10 1
159 Is there a consistent, broadly applied training program? 1 1 4 1 1 1 3 1 1 1 15 10 1.5
160 What do you put in place to safeguard more vulnerable participants? 1 1 1 1 1 1 1 1 1 5 14 10 1.4
161 Why implement business continuity training? 2 2 1 1 2 3 2 1 1 1 16 10 1.6
162 Do you have the capacity to handle increased faxes and email instructions as more clients work from home? 1 5 1 2 1 1 1 1 1 1 15 10 1.5
163 Do you utilize test scripts for your tests? 1 1 5 1 4 1 1 1 4 1 20 10 2
164 What happens if your office is damaged? 1 1 1 4 1 1 2 1 1 1 14 10 1.4
165 Are the it systems and services still running? 1 1 4 1 1 1 1 1 1 1 13 10 1.3
166 Are all critical business functions and systems covered? 1 5 1 1 1 1 1 1 1 1 14 10 1.4
167 What is your personnel change management –what is the system? 1 1 1 1 4 5 2 2 1 1 19 10 1.9
168 What could have made the test run more smoothly? 1 1 1 3 1 1 1 1 1 4 15 10 1.5
169 What is your organizations area of operation? 1 1 1 3 1 1 1 2 1 4 16 10 1.6
170 Are there any programs that promote security awareness? 3 1 1 1 1 1 1 4 1 1 15 10 1.5
171 Have BCP team members been appointed? 4 1 1 2 1 1 1 1 1 1 14 10 1.4
172 How resilient is your organization? 1 5 1 1 3 1 2 1 1 1 17 10 1.7
173 What access restrictions are placed on the users by their organization or programmatic office? 1 1 1 1 1 1 3 1 1 3 14 10 1.4
174 What are the key responsibilities that each role has? 1 1 1 3 1 1 1 2 1 1 13 10 1.3
175 How many casual/ on call staff do you have? 1 2 1 4 4 1 4 1 1 1 20 10 2
176 Which best describes your organization, entity, or enterprise? 3 1 3 5 4 1 1 1 1 1 21 10 2.1
177 Do you avoid disruption of service when key locations are closed? 3 1 1 1 1 1 4 1 1 1 15 10 1.5
178 How is the enterprise preparing for possible disasters? 5 1 3 3 1 3 1 2 1 1 21 10 2.1
179 Do the vendors have sound BCP in place? 1 1 5 1 4 1 1 1 1 1 17 10 1.7
180 Are risk management tasks balanced centrally and locally? 1 1 1 1 1 1 1 1 1 1 10 10 1
181 Does your facility have a backup generator? 1 1 1 1 1 4 1 2 1 1 14 10 1.4
182 What will be the consequences for their employees? 1 1 1 1 1 1 1 1 1 1 10 10 1
183 Did the bia include recovery time frames and workaround procedures? 1 1 1 1 1 1 1 1 2 1 11 10 1.1
184 How often do you perform a BCP test? 1 1 3 1 1 1 1 1 1 1 12 10 1.2
185 Is the perimeter checked routinely by security? 1 1 1 1 1 5 1 4 1 1 17 10 1.7
186 What is the business recovery time? 1 1 1 1 1 1 1 4 1 1 13 10 1.3
187 Who participated in the recovery? 1 1 1 1 1 1 1 1 1 1 10 10 1
188 What is the difference between crisis management and crisis communications? 1 1 1 1 4 1 5 1 1 1 17 10 1.7
189 Are the risks fully understood, reasonable and manageable? 1 1 1 1 1 1 1 1 5 1 14 10 1.4
190 Are you extending your organization network to include the vendor? 1 2 1 1 1 1 1 4 3 1 16 10 1.6
191 Does your organizations periodic testing program include pandemic testing? 1 1 1 1 1 1 1 1 1 1 10 10 1
192 Has the BCP policy been communicated to all employees? 1 1 1 1 1 1 1 2 5 2 16 10 1.6
193 Are the key business and technology risks being managed? 1 1 4 1 1 1 2 5 1 1 18 10 1.8
194 What systems/processes must you excel at? 1 1 1 1 4 1 1 1 1 3 15 10 1.5
195 Why are other organizations focusing on resilience now? 1 1 1 1 1 1 1 5 1 1 14 10 1.4
196 How much of the network must be restored in order to continue operations? 2 1 1 3 1 1 1 1 5 1 17 10 1.7
197 Are your current suppliers able to ensure supply continuity? 1 1 4 1 1 1 3 1 5 1 19 10 1.9
198 Are there procedures for reporting suspicious personnel or activities? 1 1 1 1 1 1 1 1 3 1 12 10 1.2
199 Is staff trained on the software technologies that are being used on the project? 1 1 1 1 1 5 1 1 1 1 14 10 1.4
200 Is the physical safety of the public or your organizations employees jeopardized? 1 1 1 1 5 3 2 1 1 1 17 10 1.7
201 Are products/services reliant upon any non you personnel or facilities? 1 1 1 4 1 1 1 1 1 1 13 10 1.3
202 What are your organizations key products, services and functions? 5 1 1 1 1 3 1 1 1 1 16 10 1.6
203 Where are you on the business continuity spectrum? 1 1 1 3 1 1 1 2 3 1 15 10 1.5
204 What assumptions are made about the solution and approach? 1 1 1 1 1 1 1 1 1 1 10 10 1
205 Is het proces afhankelijk van fax? 4 1 4 1 1 1 5 1 1 1 20 10 2
206 How disaster tolerant is your organization? 4 1 1 1 1 5 1 4 3 1 22 10 2.2
207 How will team members be notified and updated? 1 1 1 1 1 1 1 1 1 1 10 10 1
208 What is the estimated physical project completion stage? 1 1 1 1 1 1 1 1 1 1 10 10 1
209 What is your current time frame for the business continuance project? 4 1 1 1 4 1 1 1 3 5 22 10 2.2
210 Does your organization maintain a backup work facility? 3 1 1 1 1 4 1 1 1 1 15 10 1.5
211 Are warning signs placed at the perimeter? 1 1 1 1 1 5 1 5 1 3 20 10 2
212 Does upper management proactively engage in the periodic review of BCM activities? 1 1 1 2 2 1 1 1 1 1 12 10 1.2
213 What are the consequences when contact management system is down? 1 1 1 1 1 1 1 1 1 1 10 10 1
214 How long is the disruption to business expected to be? 1 1 1 5 4 1 1 1 1 1 17 10 1.7
215 Will it significantly affect the customer confidence level? 1 4 1 3 1 1 1 1 3 5 21 10 2.1
216 Are there any threats to the health/safety of employees at the affected location? 1 1 1 1 1 1 1 1 1 1 10 10 1
217 Does your organization engage in hedging transactions? 2 2 1 2 1 1 1 1 1 1 13 10 1.3
218 What is your current IT recovery strategy? 3 1 1 4 1 1 1 1 1 1 15 10 1.5
219 Does your organization have all essential supplies in stock? 1 1 1 1 1 4 3 2 1 1 16 10 1.6
220 What are the primary reasons that your organization has established a BCM program? 1 1 4 1 1 1 1 1 5 1 17 10 1.7
221 Are systems and other resources unavailable? 1 1 1 1 1 1 1 1 1 1 10 10 1
This document is a partial preview. Full document download can be found on Flevy:
https://flevy.com/browse/document/business-continuity-plan-monitoring--implementation-toolkit-5336
Business Continuity Plan Monitoring - Implementation Toolkit
Business Continuity Plan Monitoring - Implementation Toolkit
Business Continuity Plan Monitoring - Implementation Toolkit
Business Continuity Plan Monitoring - Implementation Toolkit
Business Continuity Plan Monitoring - Implementation Toolkit
Business Continuity Plan Monitoring - Implementation Toolkit
Business Continuity Plan Monitoring - Implementation Toolkit
Business Continuity Plan Monitoring - Implementation Toolkit

Weitere ähnliche Inhalte

Mehr von Flevy.com Best Practices

[Whitepaper] 8 Key Steps of Data Integration: Restructuring Redeployment Asse...
[Whitepaper] 8 Key Steps of Data Integration: Restructuring Redeployment Asse...[Whitepaper] 8 Key Steps of Data Integration: Restructuring Redeployment Asse...
[Whitepaper] 8 Key Steps of Data Integration: Restructuring Redeployment Asse...Flevy.com Best Practices
 
[Whitepaper] Strategy Classics: Value Disciplines Model
[Whitepaper] Strategy Classics: Value Disciplines Model[Whitepaper] Strategy Classics: Value Disciplines Model
[Whitepaper] Strategy Classics: Value Disciplines ModelFlevy.com Best Practices
 
[Whitepaper] The Definitive Guide to Strategic Planning: Here’s What You Need...
[Whitepaper] The Definitive Guide to Strategic Planning: Here’s What You Need...[Whitepaper] The Definitive Guide to Strategic Planning: Here’s What You Need...
[Whitepaper] The Definitive Guide to Strategic Planning: Here’s What You Need...Flevy.com Best Practices
 
[Whitepaper] The Definitive Introduction to Strategy Development and Strategy...
[Whitepaper] The Definitive Introduction to Strategy Development and Strategy...[Whitepaper] The Definitive Introduction to Strategy Development and Strategy...
[Whitepaper] The Definitive Introduction to Strategy Development and Strategy...Flevy.com Best Practices
 
[Whitepaper] The “Theory of Constraints:” What’s Limiting Your Organization?
[Whitepaper] The “Theory of Constraints:” What’s Limiting Your Organization?[Whitepaper] The “Theory of Constraints:” What’s Limiting Your Organization?
[Whitepaper] The “Theory of Constraints:” What’s Limiting Your Organization?Flevy.com Best Practices
 
[Whitepaper] Transportation Cost Reduction in Supply Chain Management
[Whitepaper] Transportation Cost Reduction in Supply Chain Management[Whitepaper] Transportation Cost Reduction in Supply Chain Management
[Whitepaper] Transportation Cost Reduction in Supply Chain ManagementFlevy.com Best Practices
 
[Whitepaper] A Great Leadership Experience: Dr. Rachid Yazami, Inventor of th...
[Whitepaper] A Great Leadership Experience: Dr. Rachid Yazami, Inventor of th...[Whitepaper] A Great Leadership Experience: Dr. Rachid Yazami, Inventor of th...
[Whitepaper] A Great Leadership Experience: Dr. Rachid Yazami, Inventor of th...Flevy.com Best Practices
 
[Whitepaper] Finding It Hard to Manage Conflict at the Workplace? Use the Tho...
[Whitepaper] Finding It Hard to Manage Conflict at the Workplace? Use the Tho...[Whitepaper] Finding It Hard to Manage Conflict at the Workplace? Use the Tho...
[Whitepaper] Finding It Hard to Manage Conflict at the Workplace? Use the Tho...Flevy.com Best Practices
 
[Whitepaper] Key Account Management: Handling Large Global Accounts the Right...
[Whitepaper] Key Account Management: Handling Large Global Accounts the Right...[Whitepaper] Key Account Management: Handling Large Global Accounts the Right...
[Whitepaper] Key Account Management: Handling Large Global Accounts the Right...Flevy.com Best Practices
 
[Whitepaper] Nudge Theory: An Effective Way to Transform Negative Behaviors
[Whitepaper] Nudge Theory: An Effective Way to Transform Negative Behaviors[Whitepaper] Nudge Theory: An Effective Way to Transform Negative Behaviors
[Whitepaper] Nudge Theory: An Effective Way to Transform Negative BehaviorsFlevy.com Best Practices
 
[Whitepaper] Business Model Innovation: Creation of Scalable Business Models ...
[Whitepaper] Business Model Innovation: Creation of Scalable Business Models ...[Whitepaper] Business Model Innovation: Creation of Scalable Business Models ...
[Whitepaper] Business Model Innovation: Creation of Scalable Business Models ...Flevy.com Best Practices
 
[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...
[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...
[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...Flevy.com Best Practices
 
Six Sigma - Statistical Process Control (SPC)
Six Sigma - Statistical Process Control (SPC)Six Sigma - Statistical Process Control (SPC)
Six Sigma - Statistical Process Control (SPC)Flevy.com Best Practices
 
Lean Six Sigma - Process Risk Analysis (FMEA)
Lean Six Sigma - Process Risk Analysis (FMEA)Lean Six Sigma - Process Risk Analysis (FMEA)
Lean Six Sigma - Process Risk Analysis (FMEA)Flevy.com Best Practices
 
Effective Staff Suggestion System (Kaizen Teian)
Effective Staff Suggestion System (Kaizen Teian)Effective Staff Suggestion System (Kaizen Teian)
Effective Staff Suggestion System (Kaizen Teian)Flevy.com Best Practices
 

Mehr von Flevy.com Best Practices (20)

[Whitepaper] 8 Key Steps of Data Integration: Restructuring Redeployment Asse...
[Whitepaper] 8 Key Steps of Data Integration: Restructuring Redeployment Asse...[Whitepaper] 8 Key Steps of Data Integration: Restructuring Redeployment Asse...
[Whitepaper] 8 Key Steps of Data Integration: Restructuring Redeployment Asse...
 
[Whitepaper] Strategy Classics: Value Disciplines Model
[Whitepaper] Strategy Classics: Value Disciplines Model[Whitepaper] Strategy Classics: Value Disciplines Model
[Whitepaper] Strategy Classics: Value Disciplines Model
 
[Whitepaper] The Definitive Guide to Strategic Planning: Here’s What You Need...
[Whitepaper] The Definitive Guide to Strategic Planning: Here’s What You Need...[Whitepaper] The Definitive Guide to Strategic Planning: Here’s What You Need...
[Whitepaper] The Definitive Guide to Strategic Planning: Here’s What You Need...
 
[Whitepaper] The Definitive Introduction to Strategy Development and Strategy...
[Whitepaper] The Definitive Introduction to Strategy Development and Strategy...[Whitepaper] The Definitive Introduction to Strategy Development and Strategy...
[Whitepaper] The Definitive Introduction to Strategy Development and Strategy...
 
[Whitepaper] The “Theory of Constraints:” What’s Limiting Your Organization?
[Whitepaper] The “Theory of Constraints:” What’s Limiting Your Organization?[Whitepaper] The “Theory of Constraints:” What’s Limiting Your Organization?
[Whitepaper] The “Theory of Constraints:” What’s Limiting Your Organization?
 
[Whitepaper] Transportation Cost Reduction in Supply Chain Management
[Whitepaper] Transportation Cost Reduction in Supply Chain Management[Whitepaper] Transportation Cost Reduction in Supply Chain Management
[Whitepaper] Transportation Cost Reduction in Supply Chain Management
 
[Whitepaper] A Great Leadership Experience: Dr. Rachid Yazami, Inventor of th...
[Whitepaper] A Great Leadership Experience: Dr. Rachid Yazami, Inventor of th...[Whitepaper] A Great Leadership Experience: Dr. Rachid Yazami, Inventor of th...
[Whitepaper] A Great Leadership Experience: Dr. Rachid Yazami, Inventor of th...
 
[Whitepaper] Finding It Hard to Manage Conflict at the Workplace? Use the Tho...
[Whitepaper] Finding It Hard to Manage Conflict at the Workplace? Use the Tho...[Whitepaper] Finding It Hard to Manage Conflict at the Workplace? Use the Tho...
[Whitepaper] Finding It Hard to Manage Conflict at the Workplace? Use the Tho...
 
[Whitepaper] Key Account Management: Handling Large Global Accounts the Right...
[Whitepaper] Key Account Management: Handling Large Global Accounts the Right...[Whitepaper] Key Account Management: Handling Large Global Accounts the Right...
[Whitepaper] Key Account Management: Handling Large Global Accounts the Right...
 
[Whitepaper] Nudge Theory: An Effective Way to Transform Negative Behaviors
[Whitepaper] Nudge Theory: An Effective Way to Transform Negative Behaviors[Whitepaper] Nudge Theory: An Effective Way to Transform Negative Behaviors
[Whitepaper] Nudge Theory: An Effective Way to Transform Negative Behaviors
 
[Whitepaper] Business Model Innovation: Creation of Scalable Business Models ...
[Whitepaper] Business Model Innovation: Creation of Scalable Business Models ...[Whitepaper] Business Model Innovation: Creation of Scalable Business Models ...
[Whitepaper] Business Model Innovation: Creation of Scalable Business Models ...
 
[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...
[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...
[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...
 
The Top 101 Consulting Frameworks of 2020
The Top 101 Consulting Frameworks of 2020The Top 101 Consulting Frameworks of 2020
The Top 101 Consulting Frameworks of 2020
 
Six Sigma - Statistical Process Control (SPC)
Six Sigma - Statistical Process Control (SPC)Six Sigma - Statistical Process Control (SPC)
Six Sigma - Statistical Process Control (SPC)
 
Lean Six Sigma - Process Risk Analysis (FMEA)
Lean Six Sigma - Process Risk Analysis (FMEA)Lean Six Sigma - Process Risk Analysis (FMEA)
Lean Six Sigma - Process Risk Analysis (FMEA)
 
Lean Manufacturing
Lean ManufacturingLean Manufacturing
Lean Manufacturing
 
Effective Staff Suggestion System (Kaizen Teian)
Effective Staff Suggestion System (Kaizen Teian)Effective Staff Suggestion System (Kaizen Teian)
Effective Staff Suggestion System (Kaizen Teian)
 
Sales Excellence - Diagnostic Tool
Sales Excellence - Diagnostic ToolSales Excellence - Diagnostic Tool
Sales Excellence - Diagnostic Tool
 
Variance Analysis
Variance AnalysisVariance Analysis
Variance Analysis
 
Change Management Models
Change Management ModelsChange Management Models
Change Management Models
 

Kürzlich hochgeladen

Mihir Menda - Member of Supervisory Board at RMZ
Mihir Menda - Member of Supervisory Board at RMZMihir Menda - Member of Supervisory Board at RMZ
Mihir Menda - Member of Supervisory Board at RMZKanakChauhan5
 
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptxHELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptxHelene Heckrotte
 
NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023Steve Rader
 
Chicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdf
Chicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdfChicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdf
Chicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdfSourav Sikder
 
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdfTalent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdfCharles Cotter, PhD
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access
 
Anyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agencyAnyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agencyHanna Klim
 
Project Brief & Information Architecture Report
Project Brief & Information Architecture ReportProject Brief & Information Architecture Report
Project Brief & Information Architecture Reportamberjiles31
 
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...Khaled Al Awadi
 
Live-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry WebinarLive-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry WebinarNathanielSchmuck
 
Plano de marketing- inglês em formato ppt
Plano de marketing- inglês  em formato pptPlano de marketing- inglês  em formato ppt
Plano de marketing- inglês em formato pptElizangelaSoaresdaCo
 
Lecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb toLecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb toumarfarooquejamali32
 
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdf
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdfGraham and Doddsville - Issue 1 - Winter 2006 (1).pdf
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdfAnhNguyen97152
 
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxCracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxWorkforce Group
 
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John MeulemansBCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John MeulemansBBPMedia1
 
MC Heights construction company in Jhang
MC Heights construction company in JhangMC Heights construction company in Jhang
MC Heights construction company in Jhangmcgroupjeya
 
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003believeminhh
 
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdfAMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdfJohnCarloValencia4
 
Tata Kelola Bisnis perushaan yang bergerak
Tata Kelola Bisnis perushaan yang bergerakTata Kelola Bisnis perushaan yang bergerak
Tata Kelola Bisnis perushaan yang bergerakEditores1
 

Kürzlich hochgeladen (20)

Mihir Menda - Member of Supervisory Board at RMZ
Mihir Menda - Member of Supervisory Board at RMZMihir Menda - Member of Supervisory Board at RMZ
Mihir Menda - Member of Supervisory Board at RMZ
 
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptxHELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
 
NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023
 
Chicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdf
Chicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdfChicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdf
Chicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdf
 
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdfTalent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024
 
Anyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agencyAnyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agency
 
Project Brief & Information Architecture Report
Project Brief & Information Architecture ReportProject Brief & Information Architecture Report
Project Brief & Information Architecture Report
 
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...
 
Live-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry WebinarLive-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry Webinar
 
Plano de marketing- inglês em formato ppt
Plano de marketing- inglês  em formato pptPlano de marketing- inglês  em formato ppt
Plano de marketing- inglês em formato ppt
 
Lecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb toLecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb to
 
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdf
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdfGraham and Doddsville - Issue 1 - Winter 2006 (1).pdf
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdf
 
Investment Opportunity for Thailand's Automotive & EV Industries
Investment Opportunity for Thailand's Automotive & EV IndustriesInvestment Opportunity for Thailand's Automotive & EV Industries
Investment Opportunity for Thailand's Automotive & EV Industries
 
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxCracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
 
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John MeulemansBCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
 
MC Heights construction company in Jhang
MC Heights construction company in JhangMC Heights construction company in Jhang
MC Heights construction company in Jhang
 
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
 
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdfAMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
 
Tata Kelola Bisnis perushaan yang bergerak
Tata Kelola Bisnis perushaan yang bergerakTata Kelola Bisnis perushaan yang bergerak
Tata Kelola Bisnis perushaan yang bergerak
 

Business Continuity Plan Monitoring - Implementation Toolkit

  • 1. Self-Assessment: Business Continuity Plan Monitoring Read Introduction Self-Assess RACI Matrix View Scores
  • 2. Introduction, about the Business Continuity Plan Monitoring Self-Assessment Defining, designing, creating, and implementing a process to solve a business challenge or meet a business objective is the most valuable role… In EVERY company, organization and department. Unless you are talking a one-time, single-use project within a business, there should be a process. Whether that process is managed and implemented by humans, AI, or a combination of the two, it needs to be designed by someone with a complex enough perspective to ask the right questions. Someone capable of asking the right questions and step back and say, 'What are we really trying to accomplish here? And is there a different way to look at it?' For more than twenty years, The Art of Service's Self-Assessments empower people who can do just that - whether their title is marketer, entrepreneur, manager, salesperson, consultant, business process manager, executive assistant, IT Manager, CxO etc... - they are the people who rule the future. They are people who watch the process as it happens, and ask the right questions to make the process work better. This Self-Assessment is for managers, advisors, consultants, specialists, professionals and anyone interested in knowing the right questions to ask. Featuring new and updated case-based questions, organized into seven core areas of process design, this Self-Assessment will help you identify areas in which improvements can be made. In using the questions you will be better able to: ❑ diagnose projects, initiatives, organizations, businesses and processes using accepted diagnostic standards and practices ❑ implement evidence-based best practice strategies aligned with overall goals ❑ integrate recent advances in the topic and process design strategies into practice according to best practice guidelines Using a Self-Assessment tool known as the Self-Assessment Radar Chart, you will develop a clear picture of the areas where improvements can be made. This spreadsheet has been designed for 1-10 participants and is easy to expand; multiple spreadsheets can be used to assess with a large group or modify formula's etc. You can use this spreadsheet as the starting point for deeper analysis. One suggestion is to use Pivot Tables, for even more powerful analysis, or import the data in analysis and reporting tools like Tableau, SAP, ZOHO or the Business Intelligence tool of your choice. You are free to use the Self-Assessment contents in your presentations and materials for customers without asking us - we are here to help. The Art of Service has helped hundreds of clients to improve execution and meet the needs of customers better by applying process redesign. How can we help you? For all questions regarding this Self-Assessment or to discuss how our team can help your business achieve true results, please visit https://store.theartofservice.com/contact-us/ Start Self-Assessment This document is a partial preview. Full document download can be found on Flevy: https://flevy.com/browse/document/business-continuity-plan-monitoring--implementation-toolkit-5336
  • 3. Below are the only valid entries for the assessment. This Self-Assessment is set up to process 1-10 participant's views. When using for less than 10 participants, the entry fields need to stay clear/empty so it does not skew the results. Each participants answer is to be recorded using the drop down box next to the question and select an answer of 1-5, or leave at Non applicable for each question for each process area. In my belief, the answer to the following question is clearly defined: (click 'Not applicable' under Participant name to change value, leave at 'Not applicable' if the question is not matched to your goals/needs) 1 Strongly Disagree 2 Disagree 3 Neutral 4 Agree 5 Strongly Agree Step 1 - Enter the names of the participants here: Participant 1 Participant 2 Participant 3 Participant 4 Participant 5 Participant 6 Participant 7 Participant 8 Participant 9 Participant 10 Step 2 - Now have each participant answer each question for each Process area, under their name. Click 'Not applicable' under Participant name to change value, leave at 'Not applicable' if the question is not matched to your goals/needs. 1 Recognize Participant 1 Participant 2 Participant 3 Participant 4 Participant 5 Participant 6 Participant 7 Participant 8 Participant 9 Participant 10 Total Count Avg "In my belief, the answer to the following question is clearly defined:" 0 0 0 1 What problems are you facing and how do you consider Business Continuity Plan Monitoring will circumvent those obstacles? 5 5 5 5 5 5 5 5 5 5 50 10 5 2 How much money does your organization stand to lose in the event of one hour of downtime? 5 5 5 5 2 5 5 5 5 4 46 10 4.6 3 What problems could derail your organization continuity strategy? 5 5 5 5 5 5 5 3 5 5 48 10 4.8 4 Are there any specific expectations or concerns about the Business Continuity Plan Monitoring team, Business Continuity Plan Monitoring itself? 5 5 5 2 5 5 5 5 5 5 47 10 4.7 5 Are losses recognized in a timely manner? 5 2 5 5 5 5 5 5 2 5 44 10 4.4 6 Is access limited by a hazardous event? 5 5 5 5 5 5 5 3 5 5 48 10 4.8 7 Do you see any unique problems for BAC in achieving continuity of their operations? 5 5 5 5 5 5 5 5 1 5 46 10 4.6 8 Are there recognized Business Continuity Plan Monitoring problems? 5 2 5 2 2 2 1 5 5 5 34 10 3.4 9 Will a response program recognize when a crisis occurs and provide some level of response? 5 5 5 5 5 5 5 5 5 4 49 10 4.9 10 Are there employees and customers with special needs that need to be accommodated? 3 5 5 2 5 5 5 5 5 5 45 10 4.5 11 What are the problems/issues arising from that piece of information? 5 5 5 3 5 5 5 1 5 5 44 10 4.4 12 What are the minority interests and what amount of minority interests can be recognized? 5 5 5 5 5 5 5 5 5 5 50 10 5 13 Are controls defined to recognize and contain problems? 5 5 5 5 5 5 5 5 5 5 50 10 5 14 To what extent would your organization benefit from being recognized as a award recipient? 2 5 3 5 5 5 5 5 5 5 45 10 4.5 15 Have all business associates been identified? 5 5 5 5 5 5 5 5 5 5 50 10 5 16 Does Business Continuity Plan Monitoring create potential expectations in other areas that need to be recognized and considered? 5 5 1 5 5 5 5 5 5 5 46 10 4.6 17 How is business critical applications identified? 5 5 5 5 5 5 5 4 5 5 49 10 4.9 18 What are the expected benefits of Business Continuity Plan Monitoring to the stakeholder? 2 5 5 5 5 4 5 5 5 3 44 10 4.4 19 How much are sponsors, customers, partners, stakeholders involved in Business Continuity Plan Monitoring? In other words, what are the risks, if Business Continuity Plan Monitoring does not deliver successfully? 5 5 5 4 5 5 5 5 3 5 47 10 4.7 20 Are Business Continuity Plan Monitoring changes recognized early enough to be approved through the regular process? 5 5 5 5 5 1 5 5 5 5 46 10 4.6 21 Have you identified the staffing requirements to ensure the continuity of services? 5 5 2 5 5 5 5 5 1 5 43 10 4.3 22 Which parts of your organization need to participate? 3 5 5 5 5 5 5 3 5 5 46 10 4.6 23 Are there policies in place that prevent workforce members from sharing passwords with others? 5 5 4 5 5 5 5 5 3 5 47 10 4.7 24 Are there any significant quality assurance issues that need follow up by management? 5 5 5 5 5 5 5 5 1 5 46 10 4.6 25 Do all organizations need a real time recovery strategy in place? 5 5 5 5 5 5 5 5 5 5 50 10 5 26 How are the Business Continuity Plan Monitoring's objectives aligned to the group’s overall stakeholder strategy? 4 5 5 5 2 5 3 5 5 5 44 10 4.4 27 Are employees recognized or rewarded for performance that demonstrates the highest levels of integrity? 5 5 5 5 5 5 5 5 5 5 50 10 5 28 To what extent does management recognize Business Continuity Plan Monitoring as a tool to increase the results? 4 5 5 5 5 5 2 5 5 1 42 10 4.2 29 What are the options in the event of a key supplier failure? 3 5 5 5 5 5 5 5 5 5 48 10 4.8 30 Is the need for organizational change recognized? 5 5 5 5 5 5 5 5 5 5 50 10 5 31 What is the recognized need? 5 2 5 5 5 5 5 4 5 5 46 10 4.6 32 What measures has your organization taken to inform and protect its employees as well as to ensure that key expertise remains available in the event of a disaster? 5 5 2 5 2 5 5 5 4 5 43 10 4.3 33 What does Business Continuity Plan Monitoring success mean to the stakeholders? 5 5 5 3 5 5 5 5 5 5 48 10 4.8 34 Has your organizationwide BCM manager been identified? 5 5 1 5 5 4 5 5 5 5 45 10 4.5 35 How do the problems affect your organization? 5 5 5 5 5 5 5 5 5 5 50 10 5 36 What has been done to prevent incidents from happening in the future? 5 5 5 5 5 2 5 5 1 5 43 10 4.3 37 Are employees recognized for desired behaviors? 5 5 1 5 5 3 5 5 1 5 40 10 4 38 Who else hopes to benefit from it? 5 5 5 5 5 5 5 5 4 5 49 10 4.9 39 Do the exercise objectives address the needs of your organization? 3 5 5 5 3 5 5 5 5 5 46 10 4.6 40 Which problems do you experience as the most extensive? 5 1 5 3 5 3 1 5 5 3 36 10 3.6 41 Do you need to inform your clients and customers of any changes to your services? 5 5 3 5 5 5 5 5 3 1 42 10 4.2 42 Will staff need to be relocated? 5 5 2 5 5 5 5 5 5 5 47 10 4.7 43 How are you going to measure success? 5 5 5 5 5 5 5 5 5 4 49 10 4.9 44 How are new requirements or changes to requirements identified? 3 1 1 5 5 5 5 4 5 5 39 10 3.9 45 What tasks need to be done in the event of an incident and in what order? 5 5 4 1 5 5 1 5 5 5 41 10 4.1 46 Do you recognize Business Continuity Plan Monitoring achievements? 5 5 5 2 5 5 5 5 5 5 47 10 4.7 47 Is there a person/organization identified as being responsible for the updating? 2 5 5 5 5 5 5 5 5 5 47 10 4.7 48 Is there any need to change it security arrangements? 5 5 1 5 5 5 5 4 5 5 45 10 4.5 49 When an event occurs, who should be notified? 5 2 5 5 5 5 5 5 5 5 47 10 4.7 50 Do the security incident policies and procedures identify to whom security incidents must be reported? 5 1 5 5 1 4 5 5 2 5 38 10 3.8 51 What level of recovery is needed? 4 5 5 5 5 5 5 5 5 4 48 10 4.8 52 How are business critical applications identified? 5 5 5 5 5 5 5 5 3 3 46 10 4.6 53 Has your organizations leadership team identified a BCM executive? 2 5 5 2 5 5 5 5 5 5 44 10 4.4 54 Is it clear who has the authority and responsibility for addressing the issues? 5 5 5 5 5 5 5 5 5 5 50 10 5 55 How will you recognize and celebrate results? 5 1 5 5 5 5 5 5 5 5 46 10 4.6 56 As a sponsor, customer or management, how important is it to meet goals, objectives? 1 5 5 5 3 5 5 2 5 5 41 10 4.1 57 What actions would need to be taken, by whom and within what timeframes? 5 2 5 5 5 5 5 5 3 5 45 10 4.5 58 How prepared are your critical suppliers for the event of a disaster? 5 1 3 5 1 5 5 5 5 5 40 10 4 59 Has your organizationwide BCM coordinator been identified? 5 5 4 5 4 5 5 5 5 4 47 10 4.7 60 What are the stakeholder objectives to be achieved with Business Continuity Plan Monitoring? 5 5 5 5 5 5 5 5 2 5 47 10 4.7 61 How do you recognize an Business Continuity Plan Monitoring objection? 3 5 5 5 1 5 5 5 5 5 44 10 4.4 62 Does your office have peak times or other time critical issues? 5 5 4 5 5 5 5 5 5 5 49 10 4.9 63 Should you invest in industry-recognized qualifications? 5 5 5 5 5 5 2 5 2 5 44 10 4.4 64 How do you stay flexible and focused to recognize larger Business Continuity Plan Monitoring results? 5 5 3 4 5 5 5 5 5 3 45 10 4.5 65 What situation(s) led to this Business Continuity Plan Monitoring Self Assessment? 5 5 5 5 5 3 5 3 5 5 46 10 4.6 66 How do you recognize an objection? 5 5 5 5 5 5 4 5 2 5 46 10 4.6 67 How do employees solve problems? 5 5 5 5 5 5 5 5 5 5 50 10 5 68 How fast does each business function need to be up and running? 5 5 5 5 3 5 5 5 4 5 47 10 4.7 69 Do you see any unique problems for BAC in implementing business continuity? 5 5 5 5 5 5 5 4 5 5 49 10 4.9 70 To what extent does each concerned units management team recognize Business Continuity Plan Monitoring as an effective investment? 3 5 5 2 1 5 5 5 5 2 38 10 3.8 71 What would happen if Business Continuity Plan Monitoring weren’t done? 5 5 1 5 5 5 5 5 5 5 46 10 4.6 72 What practices helps your organization to develop its capacity to recognize patterns? 5 5 5 5 4 5 5 2 5 5 46 10 4.6 73 Do you know what to do in the event of a security incident? 5 5 3 5 4 5 5 5 1 5 43 10 4.3 74 When a Business Continuity Plan Monitoring manager recognizes a problem, what options are available? 5 5 5 5 3 5 5 5 1 5 44 10 4.4 75 Do the training objectives correspond to and support your organizational needs? 2 5 5 5 5 5 5 5 5 5 47 10 4.7 76 How much advanced notice of the hazard event will you have? 5 5 3 5 5 5 5 5 5 5 48 10 4.8 77 Do you have arrangements in place to prevent or reduce the likelihood? 5 5 5 5 5 5 5 5 5 5 50 10 5 78 Are badges used to identify employees and authorized personnel? 5 5 5 5 5 2 2 5 5 5 44 10 4.4 79 How does your organization manage communication in the event of technological breakdown? 5 5 5 4 5 5 5 5 5 5 49 10 4.9 80 How could the incident have been prevented or avoided? 1 5 2 5 5 3 5 4 5 5 40 10 4 81 How valid are BCM strategies for an event of consequence? 1 5 5 4 5 5 5 5 5 3 43 10 4.3 82 Would you recognize a threat from the inside? 5 5 5 5 3 5 5 5 5 4 47 10 4.7 83 What are the options in the event of a key internal supplier failure? 5 5 5 5 5 5 5 5 5 5 50 10 5 84 Are organizational units identified consistent with the most recent reorganization? 5 5 5 5 5 5 5 5 5 5 50 10 5 85 Is there a procedure/tool to log problems/issues during the test? 5 5 5 5 5 4 5 5 2 5 46 10 4.6 86 How many individual private offices will you need? 5 5 1 5 5 5 5 5 2 5 43 10 4.3 87 Does your organization have third party APIs which need to be enabled during a disaster? 5 5 4 5 5 5 5 3 2 5 44 10 4.4 88 Can management personnel recognize the monetary benefit of Business Continuity Plan Monitoring? 5 5 5 3 5 2 5 5 5 5 45 10 4.5 89 What are the key issues/competitive challenges facing your firm? 5 5 5 5 5 1 5 5 5 5 46 10 4.6 90 Is the required security available when and where it is needed? 5 5 5 5 5 5 5 5 5 5 50 10 5 91 How often does the team need to meet and require updates? 5 5 5 5 5 2 5 5 5 1 43 10 4.3 92 Is the event likely to require an emergency response? 5 5 5 5 5 5 5 5 5 5 50 10 5 0 0 0 SCORE 416 425 403 426 419 425 436 434 395 429 4208 920 4.6 2 Define Participant 1 Participant 2 Participant 3 Participant 4 Participant 5 Participant 6 Participant 7 Participant 8 Participant 9 Participant 10 Total Count Avg "In my belief, the answer to the following question is clearly defined:" 0 0 0 1 What measures will be put in place where essential services are required? 4 4 5 5 4 5 5 4 2 1 39 10 3.9 2 Is the team adequately staffed with the desired cross-functionality? If not, what additional resources are available to the team? 4 5 4 5 4 4 4 4 5 5 44 10 4.4 3 Do the problem and goal statements meet the SMART criteria (specific, measurable, attainable, relevant, and time-bound)? 4 4 5 2 4 4 5 5 4 5 42 10 4.2 4 Is your organization unable to meet its legal or regulatory requirements? 4 1 5 5 5 5 5 5 4 5 44 10 4.4 5 How does the Business Continuity Plan Monitoring manager ensure against scope creep? 4 5 4 5 5 4 4 3 4 5 43 10 4.3 6 Does the contract contain any continuity requirement? 4 5 5 4 5 3 2 4 4 4 40 10 4 7 Are customers identified and high impact areas defined? 1 2 5 4 5 4 5 5 5 5 41 10 4.1 8 Have the client and the project manager agreed on the number and scope of deliverables? 4 5 5 5 2 5 5 2 4 4 41 10 4.1 9 Is the current ‘as is’ process being followed? If not, what are the discrepancies? 4 4 4 4 4 4 5 2 5 5 41 10 4.1 10 How was the ‘as is’ process map developed, reviewed, verified and validated? 5 4 5 5 3 5 4 4 4 4 43 10 4.3 11 What specifically is the problem? Where does it occur? When does it occur? What is its extent? 5 5 5 5 3 5 4 5 5 5 47 10 4.7 Business Continuity Plan Monitoring Self-Assessment Questions SustainControlImproveAnalyzeMeasureDefineRecognize Show RACI Matrix Results This document is a partial preview. Full document download can be found on Flevy: https://flevy.com/browse/document/business-continuity-plan-monitoring--implementation-toolkit-5336
  • 4. 12 What key stakeholder process output measure(s) does Business Continuity Plan Monitoring leverage and how? 4 4 3 4 4 5 4 4 4 5 41 10 4.1 13 Are the roles and responsibilities of the various recovery teams clearly defined? 5 4 4 5 4 4 4 5 3 5 43 10 4.3 14 Is there a completed SIPOC representation, describing the Suppliers, Inputs, Process, Outputs, and Customers? 5 4 5 5 5 4 5 5 1 2 41 10 4.1 15 Are there any constraints known that bear on the ability to perform Business Continuity Plan Monitoring work? How is the team addressing them? 5 4 4 2 4 5 4 3 4 3 38 10 3.8 16 Who are the Business Continuity Plan Monitoring improvement team members, including Management Leads and Coaches? 5 5 5 4 5 4 4 5 5 4 46 10 4.6 17 How often are the team meetings? 5 4 4 4 2 5 4 5 5 4 42 10 4.2 18 Has everyone on the team, including the team leaders, been properly trained? 5 5 4 4 4 5 5 5 5 5 47 10 4.7 19 Has anyone else (internal or external to the group) attempted to solve this problem or a similar one before? If so, what knowledge can be leveraged from these previous efforts? 4 5 5 5 5 4 5 5 4 4 46 10 4.6 20 Is there conformance to the contracted scope of work? 4 1 4 5 4 5 1 2 5 4 35 10 3.5 21 Is the improvement team aware of the different versions of a process: what they think it is vs. what it actually is vs. what it should be vs. what it could be? 5 5 5 5 5 1 5 5 4 3 43 10 4.3 22 What would be the goal or target for a Business Continuity Plan Monitoring's improvement team? 4 3 5 5 5 4 4 4 4 4 42 10 4.2 23 What it systems, applications and services are required? 4 2 4 1 5 4 2 4 5 4 35 10 3.5 24 Will team members regularly document their Business Continuity Plan Monitoring work? 4 2 3 5 4 4 4 4 4 4 38 10 3.8 25 What systems and means of communication are required to carry out key functions? 5 5 5 5 4 4 4 4 3 5 44 10 4.4 26 Is there a critical path to deliver Business Continuity Plan Monitoring results? 5 4 1 5 4 4 4 4 4 4 39 10 3.9 27 What skills / level of expertise are required to undertake key functions? 5 4 5 4 4 3 5 4 5 5 44 10 4.4 28 Do the response programs include physical and logical security requirements? 5 4 5 5 5 4 4 5 1 1 39 10 3.9 29 What equipment / resources are required to carry out key functions? 4 5 5 4 4 1 5 5 5 4 42 10 4.2 30 Is there a completed, verified, and validated high-level ‘as is’ (not ‘should be’ or ‘could be’) stakeholder process map? 4 4 5 5 4 4 5 4 5 4 44 10 4.4 31 What is the minimum number of staff required to successfully complete the activity? 5 5 5 4 5 5 5 5 4 5 48 10 4.8 32 Are improvement team members fully trained on Business Continuity Plan Monitoring? 4 5 5 5 5 4 5 4 4 5 46 10 4.6 33 How will variation in the actual durations of each activity be dealt with to ensure that the expected Business Continuity Plan Monitoring results are met? 5 5 2 5 5 3 5 4 4 4 42 10 4.2 34 Are stakeholder processes mapped? 4 5 4 2 5 4 2 5 4 5 40 10 4 35 Are the required resources and staff in place to implement and maintain the BCP? 4 5 5 5 4 5 3 2 5 1 39 10 3.9 36 Has a team charter been developed and communicated? 5 1 5 4 5 2 5 3 4 4 38 10 3.8 37 Has the improvement team collected the ‘voice of the customer’ (obtained feedback – qualitative and quantitative)? 5 3 2 4 5 5 4 4 4 4 40 10 4 38 How appropriate is the scope and level of detail of the testing program? 5 5 5 5 1 4 4 5 5 4 43 10 4.3 39 Is the team sponsored by a champion or stakeholder leader? 5 4 4 5 5 5 5 4 4 5 46 10 4.6 40 Is full participation by members in regularly held team meetings guaranteed? 4 4 4 4 3 4 5 4 4 2 38 10 3.8 41 Is data collected and displayed to better understand customer(s) critical needs and requirements. 5 5 1 5 5 5 1 2 5 4 38 10 3.8 42 Who should you call in case of disaster? 5 2 5 5 5 5 5 5 3 1 41 10 4.1 43 What are the potential timelines, is urgent action required? 3 2 4 5 5 4 3 3 4 4 37 10 3.7 44 What level of business is your vendor willing to provide in case of a pandemic? 5 5 4 5 5 5 4 4 4 5 46 10 4.6 45 What are the dynamics of the communication plan? 4 5 4 4 3 4 4 4 5 2 39 10 3.9 46 Are the BCM purpose, scope and leader well known throughout your organization? 5 4 5 4 4 4 4 5 5 5 45 10 4.5 47 Has the direction changed at all during the course of Business Continuity Plan Monitoring? If so, when did it change and why? 5 4 5 4 5 4 4 5 5 5 46 10 4.6 48 How will the Business Continuity Plan Monitoring team and the group measure complete success of Business Continuity Plan Monitoring? 4 4 5 3 5 4 5 4 4 4 42 10 4.2 49 Does the team have regular meetings? 4 4 5 5 4 2 5 5 5 5 44 10 4.4 50 What constraints exist that might impact the team? 5 5 4 5 4 4 4 5 4 4 44 10 4.4 51 Do the test scripts require proof of test success/failure? 1 4 2 3 4 5 5 5 4 5 38 10 3.8 52 Is Business Continuity Plan Monitoring currently on schedule according to the plan? 4 1 5 5 4 5 5 5 5 4 43 10 4.3 53 Did scope of work, budget, and schedule comply with contractual obligations? 5 4 3 5 4 5 5 5 4 5 45 10 4.5 54 Has a high-level ‘as is’ process map been completed, verified and validated? 4 4 5 4 4 5 4 4 5 5 44 10 4.4 55 Is there a Business Continuity Plan Monitoring management charter, including stakeholder case, problem and goal statements, scope, milestones, roles and responsibilities, communication plan? 4 4 4 5 2 5 5 1 4 5 39 10 3.9 56 Will team members perform Business Continuity Plan Monitoring work when assigned and in a timely fashion? 4 4 4 2 2 1 3 1 4 4 29 10 2.9 57 Is the team formed and are team leaders (Coaches and Management Leads) assigned? 4 4 1 5 3 4 4 4 4 5 38 10 3.8 58 Are there any alternate space requirements? 4 4 4 4 5 5 5 4 4 5 44 10 4.4 59 How is the team tracking and documenting its work? 4 2 5 4 4 5 5 5 5 4 43 10 4.3 60 How do you maintain requirements between production and recovery? 3 3 5 5 2 3 4 5 5 4 39 10 3.9 61 Are customer(s) identified and segmented according to their different needs and requirements? 5 1 4 4 5 4 2 4 5 4 38 10 3.8 62 What staff required carrying out key functions? 5 5 5 4 5 4 4 5 4 5 46 10 4.6 63 When are meeting minutes sent out? Who is on the distribution list? 4 2 4 5 4 4 5 5 5 4 42 10 4.2 64 What are the boundaries of the scope? What is in bounds and what is not? What is the start point? What is the stop point? 5 3 4 5 5 5 2 5 4 5 43 10 4.3 65 When is the estimated completion date? 5 2 4 5 4 5 4 2 4 5 40 10 4 66 Has/have the customer(s) been identified? 4 5 4 4 5 5 3 4 5 4 43 10 4.3 67 Is there regularly 100% attendance at the team meetings? If not, have appointed substitutes attended to preserve cross-functionality and full representation? 4 2 4 4 5 4 5 4 4 4 40 10 4 68 Have the it requirements been assessed? 4 5 4 4 1 1 2 4 5 5 35 10 3.5 69 How would you define supply chain management? 5 1 5 4 5 5 5 5 5 2 42 10 4.2 70 Is Business Continuity Plan Monitoring linked to key stakeholder goals and objectives? 5 2 1 1 2 4 5 5 5 3 33 10 3.3 71 What are the business continuity requirements of the client? 4 3 5 2 2 5 5 4 1 4 35 10 3.5 72 Are the objectives of the project clearly defined? 5 4 4 4 4 4 4 5 4 5 43 10 4.3 73 Has the Business Continuity Plan Monitoring work been fairly and/or equitably divided and delegated among team members who are qualified and capable to perform the work? Has everyone contributed? 5 4 5 2 2 5 5 4 5 5 42 10 4.2 74 Are visitors required to sign in with security? 3 4 4 5 4 4 5 4 5 4 42 10 4.2 75 How do you keep key subject matter experts in the loop? 4 4 5 1 5 4 4 5 4 4 40 10 4 76 Does your organization require dedicated links between your organizations site and cloud? 5 4 4 4 4 2 4 5 5 4 41 10 4.1 77 If substitutes have been appointed, have they been briefed on the Business Continuity Plan Monitoring goals and received regular communications as to the progress to date? 5 4 2 5 4 4 5 3 5 3 40 10 4 78 What are the rough order estimates on cost savings/opportunities that Business Continuity Plan Monitoring brings? 5 4 4 5 4 5 4 4 4 5 44 10 4.4 79 Are access rules specific to applications and business requirements? 5 2 5 5 4 5 5 5 4 4 44 10 4.4 80 How did the Business Continuity Plan Monitoring manager receive input to the development of a Business Continuity Plan Monitoring improvement plan and the estimated completion dates/times of each activity? 4 4 5 5 4 4 5 5 1 5 42 10 4.2 81 What are the compelling stakeholder reasons for embarking on Business Continuity Plan Monitoring? 5 5 4 3 4 4 4 5 5 5 44 10 4.4 82 What critical content must be communicated – who, what, when, where, and how? 1 4 4 4 4 5 4 5 5 5 41 10 4.1 83 What are your organizations journaling retention requirements? 4 4 4 5 4 5 5 5 4 1 41 10 4.1 84 When is/was the Business Continuity Plan Monitoring start date? 4 4 5 4 5 5 1 1 5 5 39 10 3.9 85 What is the geographic scope of the incident? 5 5 2 5 4 4 4 5 5 4 43 10 4.3 86 How would you define business continuity management? 2 5 5 4 4 4 2 4 5 5 40 10 4 87 Are there any non IT specialist equipment required? 5 3 4 5 5 5 5 5 5 1 43 10 4.3 88 Does your organization require self managed load balancer blueprint? 4 4 3 2 5 5 5 1 5 5 39 10 3.9 89 Are requirements management tracking tools and procedures in place? 2 5 4 5 4 4 1 4 4 4 37 10 3.7 90 Are all test assumptions adequately defined and aligned with the test objectives? 5 5 5 4 4 5 4 5 5 4 46 10 4.6 91 Should non essential staff now be required to work from home? 4 5 5 4 4 4 5 4 5 5 45 10 4.5 92 Is a fully trained team formed, supported, and committed to work on the Business Continuity Plan Monitoring improvements? 4 4 3 5 5 5 2 5 5 5 43 10 4.3 93 What are the requirements for a comprehensive business continuity management system? 5 5 4 5 4 5 4 2 5 2 41 10 4.1 94 Is the team equipped with available and reliable resources? 4 2 4 5 4 5 4 5 2 5 40 10 4 95 What customer feedback methods were used to solicit their input? 5 5 4 5 4 2 1 4 5 5 40 10 4 96 Are different versions of process maps needed to account for the different types of inputs? 2 5 4 4 5 5 5 4 5 4 43 10 4.3 97 Have the customer needs been translated into specific, measurable requirements? How? 1 2 4 3 4 4 4 4 5 1 32 10 3.2 98 Are there different segments of customers? 4 3 4 4 5 4 5 4 4 5 42 10 4.2 99 Are visitors required to be escorted in sensitive facility locations? 4 5 4 5 5 1 4 4 4 5 41 10 4.1 100 What percentage of the workload is required to be mirrored? 4 3 5 4 4 5 5 5 4 3 42 10 4.2 101 Has a project plan, Gantt chart, or similar been developed/completed? 5 5 5 5 5 4 5 5 4 4 47 10 4.7 102 Is the Business Continuity Plan Monitoring scope manageable? 5 4 4 4 5 3 5 2 4 4 40 10 4 103 What are your technology recovery requirements? 4 5 5 4 5 4 2 2 5 4 40 10 4 104 Are critical applications replicated offsite in case of disaster? 4 4 3 1 2 4 5 5 4 5 37 10 3.7 105 Are team charters developed? 2 4 4 4 5 5 4 4 5 4 41 10 4.1 106 What are the Roles and Responsibilities for each team member and its leadership? Where is this documented? 2 5 4 4 4 5 5 4 4 5 42 10 4.2 0 0 0 SCORE 445 409 442 446 438 441 436 436 454 435 4382 1060 4.1 3 Measure Participant 1 Participant 2 Participant 3 Participant 4 Participant 5 Participant 6 Participant 7 Participant 8 Participant 9 Participant 10 Total Count Avg "In my belief, the answer to the following question is clearly defined:" 0 0 0 1 Does your organization have an effective process to prioritize business functions? 5 5 3 5 3 3 3 3 4 3 37 10 3.7 2 Is data collected on key measures that were identified? 5 4 1 5 4 3 5 4 4 3 38 10 3.8 3 What types of businesses will be impacted? 5 4 3 4 3 3 5 3 4 4 38 10 3.8 4 What access control measures are in place? 4 5 4 4 4 5 4 5 4 1 40 10 4 5 What physical and logical security measures are in place? 5 3 5 5 4 3 3 4 5 4 41 10 4.1 6 Have you conducted your organizations impact analysis covering a pandemic situation? 5 4 1 3 3 5 5 5 4 5 40 10 4 7 Which areas are, or may become impacted? 4 3 3 3 3 5 5 5 5 5 41 10 4.1 8 How many staff are impacted and to what extent? 3 3 5 3 4 3 4 5 4 5 39 10 3.9 9 How long can the activity / process go unattended before intolerable impacts are realized? 5 4 3 2 5 4 4 4 4 5 40 10 4 10 How would it impact your research? 5 3 5 5 3 3 3 3 3 2 35 10 3.5 11 What charts has the team used to display the components of variation in the process? 1 5 4 2 5 4 3 3 5 3 35 10 3.5 12 How will supplies impact on when your organization can re open? 5 3 3 5 5 5 3 1 4 3 37 10 3.7 13 Is the business impact analysis accurate? 3 5 4 5 5 4 5 2 4 4 41 10 4.1 14 How are the essential functions of your organization impacted? 4 3 3 4 5 4 5 4 5 5 42 10 4.2 15 How large is the gap between current performance and the customer-specified (goal) performance? 4 4 4 5 4 3 1 5 3 5 38 10 3.8 16 Is data collection planned and executed? 4 5 4 5 4 1 5 3 1 2 34 10 3.4 17 Are process variation components displayed/communicated using suitable charts, graphs, plots? 3 3 4 4 3 5 5 3 2 4 36 10 3.6 18 What would be the impact if the essential functions performance is disrupted? 2 4 3 5 4 2 5 3 3 3 34 10 3.4 19 What was the impact of the disaster on business? 2 4 3 4 3 1 5 5 4 5 36 10 3.6 20 Who participated in the data collection for measurements? 4 4 5 4 4 4 5 4 5 5 44 10 4.4 21 Has the risk cause occurred before? 3 2 2 2 5 5 3 3 3 2 30 10 3 22 Does emergency cause the closure of primary facility? 1 4 5 3 5 4 5 1 4 4 36 10 3.6 23 What are the key input variables? What are the key process variables? What are the key output variables? 4 3 4 5 5 4 3 4 5 3 40 10 4 24 What was the impact of the incident? 4 3 2 4 3 3 4 3 3 4 33 10 3.3 25 What data was collected (past, present, future/ongoing)? 4 3 5 5 3 3 4 3 5 3 38 10 3.8 26 Do you see your supply chain and quantify/qualify impacts? 4 5 3 4 4 3 5 3 3 5 39 10 3.9 27 How will your business be notified in case of vendor impact? 5 5 3 3 3 3 3 3 5 3 36 10 3.6 28 Was a data collection plan established? 2 5 3 4 4 5 1 5 3 4 36 10 3.6 29 Is key measure data collection planned and executed, process variation displayed and communicated and performance baselined? 4 4 4 3 4 3 3 5 4 3 37 10 3.7 30 How were the risks identified and prioritized? 3 3 4 5 4 5 3 4 4 4 39 10 3.9 31 What changes within the business would warrant another business impact assessment? 2 5 3 5 4 4 4 3 3 4 37 10 3.7 32 What is the analysis of internal and external risk areas? 1 4 3 5 5 3 2 5 5 5 38 10 3.8 33 How current is your list of critical business priorities? 4 4 4 1 3 3 4 5 4 3 35 10 3.5 34 What particular quality tools did the team find helpful in establishing measurements? 4 4 3 5 5 3 3 4 1 4 36 10 3.6 35 What positive or negative impact do you assess there may be? 4 5 5 3 3 3 4 3 4 1 35 10 3.5 36 Do you quantify and qualify risk management investments? 5 4 4 3 4 3 5 3 5 3 39 10 3.9 37 Is Process Variation Displayed/Communicated? 4 4 2 5 3 3 3 3 4 5 36 10 3.6 38 How much will the implementation cost approximately, and under different scenarios? 4 4 3 4 4 3 3 4 4 5 38 10 3.8 39 Are key measures identified and agreed upon? 5 1 4 3 5 5 2 3 2 5 35 10 3.5 40 How will allocation of any remaining available office space be prioritized? 4 3 5 3 5 4 4 3 5 5 41 10 4.1 41 What does your organization do to limit the economic impact on business operations? 3 3 3 3 3 2 3 5 4 5 34 10 3.4 42 What other departments were impacted? 3 5 2 5 3 5 3 4 3 5 38 10 3.8 43 Do you understand what the impact might be on annual/ sick leave and whs? 4 4 5 3 3 3 4 3 5 3 37 10 3.7 44 What is your current yearly cost associated with business continuance? 5 5 3 5 4 4 3 5 5 3 42 10 4.2 45 What is your organization priority? 4 3 3 4 5 3 5 4 3 4 38 10 3.8 46 Is there a Performance Baseline? 3 4 2 3 5 4 5 5 5 4 40 10 4 This document is a partial preview. Full document download can be found on Flevy: https://flevy.com/browse/document/business-continuity-plan-monitoring--implementation-toolkit-5336
  • 5. 47 Are the impact metrics associated with the BIA determined by senior management? 3 4 3 5 5 4 2 4 5 5 40 10 4 48 What is the impact of the hazard if realized? 5 3 3 5 5 5 5 4 5 5 45 10 4.5 49 Has your organization created a strategy to recover from potential impacts? 4 4 4 3 4 3 3 4 5 4 38 10 3.8 50 Is your organizations ability to provide adequate power for customers impacted? 3 4 2 5 4 5 1 3 5 3 35 10 3.5 51 What organizational information needs are resilience measures and analyses intended to satisfy? 3 3 4 4 3 3 4 5 3 4 36 10 3.6 52 Has your organization installed anti virus software, and/or taken measures to limit hacking? 5 2 3 5 2 4 1 3 5 4 34 10 3.4 53 Are the recovery actions directly related to the key risks and their impact? 3 1 2 3 3 4 5 3 3 5 32 10 3.2 54 Have you found any ‘ground fruit’ or ‘low-hanging fruit’ for immediate remedies to the gap in performance? 4 5 5 3 4 5 3 3 5 4 41 10 4.1 55 Are high impact defects defined and identified in the stakeholder process? 5 4 5 5 3 3 5 2 5 1 38 10 3.8 56 What will be the financial impact on your organization where sick leave is required? 5 4 3 4 4 4 3 3 4 1 35 10 3.5 57 Have departmental services been prioritized? 4 4 4 5 4 2 5 5 5 3 41 10 4.1 58 What measures could be taken to minimise impacts of staff shortfalls? 4 3 3 2 1 5 4 3 4 4 33 10 3.3 59 Is BCM a high priority for senior management? 5 5 3 5 5 5 3 4 3 3 41 10 4.1 60 Which priority one functions can share accommodation on a temporary basis? 1 3 3 4 3 3 3 4 5 4 33 10 3.3 61 What is your capacity to manage the impacts? 4 4 4 4 3 3 5 5 4 3 39 10 3.9 62 What key measures identified indicate the performance of the stakeholder process? 4 5 5 5 5 5 5 4 5 4 47 10 4.7 63 Has your organization ever been hacked, or has a virus had an adverse impact on your network? 3 3 2 3 5 3 3 3 3 3 31 10 3.1 64 What is the cost of an outage of your critical business operations? 4 1 5 3 5 3 4 4 5 4 38 10 3.8 65 What will be the financial impact on your organization? 2 4 4 5 3 5 3 4 5 5 40 10 4 66 How does your organization measure the performance of your BCM program? 5 4 3 3 4 3 5 4 1 5 37 10 3.7 67 Has your organization impact analysis been completed? 3 3 1 3 5 2 4 3 3 5 32 10 3.2 68 Which workload should be analyzed first? 4 1 5 3 5 1 4 3 5 4 35 10 3.5 69 What is business impact analysis? 3 3 3 5 5 4 5 4 5 4 41 10 4.1 70 Did the bia include recovery priorities for business units and systems? 4 3 5 4 3 3 5 4 3 5 39 10 3.9 71 What are the agreed upon definitions of the high impact areas, defect(s), unit(s), and opportunities that will figure into the process capability metrics? 4 5 4 3 2 4 4 4 5 3 38 10 3.8 72 What other teams / processes would be impacted by changes to the current process, and how? 3 4 3 4 5 5 3 3 4 1 35 10 3.5 73 What has the team done to assure the stability and accuracy of the measurement process? 4 5 1 3 3 5 4 5 3 4 37 10 3.7 74 Has your organization assessed the impact of a potential disruption? 3 5 5 4 5 4 5 3 3 5 42 10 4.2 75 Is long term and short term variability accounted for? 3 5 5 5 3 3 1 4 5 3 37 10 3.7 76 Has bias in analysis results been documented? 3 3 3 1 4 4 1 5 1 2 27 10 2.7 77 Do you have backup arrangements that could be activated to reduce the impact? 4 2 5 5 5 5 5 1 5 4 41 10 4.1 78 Is a solid data collection plan established that includes measurement systems analysis? 3 4 5 2 3 4 5 3 3 4 36 10 3.6 0 0 0 SCORE 288 290 274 303 305 284 292 286 308 293 2923 780 3.7 4 Analyze Participant 1 Participant 2 Participant 3 Participant 4 Participant 5 Participant 6 Participant 7 Participant 8 Participant 9 Participant 10 Total Count Avg "In my belief, the answer to the following question is clearly defined:" 0 0 0 1 What is your communication strategy to respond quickly to employees, customers and the media? 4 3 3 1 4 4 3 3 4 3 32 10 3.2 2 Do you backup all of your organizations critical data on a regular basis? 1 4 3 5 3 2 3 3 3 3 30 10 3 3 How do you test a process that is only performed under abnormal conditions? 3 3 4 3 4 4 3 3 4 4 35 10 3.5 4 What is the amount of data that needs to be recovered? 3 3 4 3 4 1 4 2 4 4 32 10 3.2 5 What were the financial benefits resulting from any ‘ground fruit or low-hanging fruit’ (quick fixes)? 1 3 4 4 4 4 3 3 3 3 32 10 3.2 6 What is the value to your organization of stabilizing operational resilience processes? 3 4 3 3 4 3 2 2 4 3 31 10 3.1 7 What is the overall current status of work in processes? 2 3 3 3 3 3 3 3 4 3 30 10 3 8 How much data is transported in what time frame? 4 3 3 4 5 3 4 3 4 1 34 10 3.4 9 Does process include specification of performance criteria for measuring quality? 2 3 4 3 4 3 3 3 3 3 31 10 3.1 10 Is there requirements traceability process in place? 5 3 3 2 3 3 4 1 4 1 29 10 2.9 11 What are the revised rough estimates of the financial savings/opportunity for Business Continuity Plan Monitoring improvements? 1 1 4 3 3 3 3 4 4 4 30 10 3 12 How will work change now that you are no longer processing as normal? 3 4 4 1 4 3 4 3 3 3 32 10 3.2 13 Is your organization recovery strategy selected for each business process? 4 2 4 5 4 5 4 2 3 4 37 10 3.7 14 When it is recovered, how much data do you afford to recreate? 4 4 3 3 3 4 3 3 3 3 33 10 3.3 15 How do you store operational data? 1 3 1 3 4 3 3 3 4 4 29 10 2.9 16 Is there non database data to be recovered? 3 3 1 3 4 5 3 3 3 4 32 10 3.2 17 Was a cause-and-effect diagram used to explore the different types of causes (or sources of variation)? 4 4 1 4 5 3 4 4 3 3 35 10 3.5 18 What did the team gain from developing a sub-process map? 4 3 4 4 4 3 4 4 3 1 34 10 3.4 19 Does your organization periodically backup its data? 5 3 4 3 1 3 4 4 4 3 34 10 3.4 20 What type of agreements are in place with data communications suppliers? 4 5 4 3 2 3 5 4 3 3 36 10 3.6 21 What are the vital records/data for the critical business functions? 4 3 3 3 4 4 3 3 4 2 33 10 3.3 22 Do you have backups of all important data? 4 4 3 5 3 3 3 3 3 3 34 10 3.4 23 Are facilities to handle data integrity included? 4 4 3 3 4 3 4 3 4 4 36 10 3.6 24 Is there transparency in how sense was made from the raw data? 4 3 4 4 3 5 1 3 4 4 35 10 3.5 25 What are your most critical business processes and applications? 4 4 3 4 4 3 3 4 1 3 33 10 3.3 26 Did any additional data need to be collected? 4 4 2 2 3 4 3 4 3 5 34 10 3.4 27 Is the gap/opportunity displayed and communicated in financial terms? 4 2 1 4 2 4 4 1 1 3 26 10 2.6 28 How are critical business processes maintained? 4 3 4 4 4 3 3 3 3 1 32 10 3.2 29 What is the daily data change rate? 3 4 3 4 4 3 4 3 4 3 35 10 3.5 30 Is the implementation for data migration or business continuity? 4 3 5 4 2 3 3 4 3 1 32 10 3.2 31 Does the process rely on supplies or services provided by a third party? 3 4 3 3 3 3 3 3 4 3 32 10 3.2 32 How is risk measured to evaluate potential losses in the BCP process? 4 4 3 2 4 4 3 4 4 4 36 10 3.6 33 Is there an asset management process in place? 2 4 4 1 3 4 1 4 4 3 30 10 3 34 Is the disaster declaration process clearly defined? 3 4 4 3 3 4 5 3 4 4 37 10 3.7 35 Can the risk occur as a result of changes in other processes? 4 4 2 4 3 3 4 3 3 1 31 10 3.1 36 What is/are the business processes and applications that need to be recovered? 3 4 3 4 3 3 3 3 3 2 31 10 3.1 37 How much data do you afford to lose? 4 3 4 3 3 4 4 4 3 3 35 10 3.5 38 Have the problem and goal statements been updated to reflect the additional knowledge gained from the analyze phase? 4 4 4 3 3 4 3 3 3 3 34 10 3.4 39 Do you involve users in rehearsal process? 2 4 3 3 4 4 3 3 2 3 31 10 3.1 40 Did any value-added analysis or ‘lean thinking’ take place to identify some of the gaps shown on the ‘as is’ process map? 4 4 3 4 4 4 4 4 4 3 38 10 3.8 41 How quickly will services be able to return to normal? 3 3 4 3 4 1 3 3 4 4 32 10 3.2 42 What is the process for decision making during times of crisis? 5 4 3 2 4 4 4 3 3 4 36 10 3.6 43 What quality tools were used to get through the analyze phase? 2 5 3 1 3 1 4 4 3 4 30 10 3 44 Which is the correct process for your organization to use? 4 4 3 3 3 3 4 3 4 3 34 10 3.4 45 Do you need more than one incident management process? 4 3 4 3 3 3 4 2 3 4 33 10 3.3 46 Are BCP processes disseminated throughout your organization? 3 3 3 3 3 3 3 3 3 4 31 10 3.1 47 What are your organizations processes? 1 3 3 4 3 3 4 3 3 4 31 10 3.1 48 What data or which gaps were replaced by calculations or estimates? 3 3 5 1 4 3 4 3 3 4 33 10 3.3 49 What alternatives to your organizations regular way of doing business have been developed to ensure the resiliency of its most critical data, systems, business functions, services and processes? 3 1 4 3 4 3 5 1 3 5 32 10 3.2 50 Does process include identification and involvement of all customers and suppliers? 3 3 4 5 1 3 3 2 4 4 32 10 3.2 51 What are your people , process , technology , and mission related risks/barriers/rewards? 4 1 4 5 3 3 3 4 4 3 34 10 3.4 52 Are suppliers involved in the BCP process? 4 3 5 4 3 3 3 4 2 4 35 10 3.5 53 Is the data interpretation process logical, and can it be followed? 3 1 4 4 4 4 3 3 3 3 32 10 3.2 54 Is there a documented workaround process available for your information asset? 4 4 3 3 4 3 5 4 3 4 37 10 3.7 55 How long has your organization had a BCP process in place? 3 4 3 4 5 4 3 2 4 4 36 10 3.6 56 Where is the data/information stored? 4 3 4 4 4 1 4 4 3 4 35 10 3.5 57 What conclusions were drawn from the team’s data collection and analysis? How did the team reach these conclusions? 3 4 4 4 3 1 3 4 4 3 33 10 3.3 58 Is the amount of effort justified by the anticipated value of forming a new process? 4 3 4 3 4 3 3 4 1 3 32 10 3.2 59 Should client insource or outsource the recovery process? 3 3 4 3 2 4 3 4 2 3 31 10 3.1 60 Were there any improvement opportunities identified from the process analysis? 5 3 4 5 3 3 5 4 3 3 38 10 3.8 61 What is the process for sub contractors to be approved? 3 4 3 3 5 4 3 3 4 5 37 10 3.7 62 What is the status of data availability/key applications/telecoms? 4 3 3 4 3 3 3 3 3 4 33 10 3.3 63 What data should be backed up and how often should it be backed up? 3 4 3 4 4 3 4 4 2 3 34 10 3.4 64 Is the Business Continuity Plan Monitoring process severely broken such that a re-design is necessary? 4 3 4 4 4 4 3 4 3 4 37 10 3.7 65 What changes do you need to make to your business processes? 4 3 1 4 4 3 3 4 4 4 34 10 3.4 66 How are the business processes / workflow functioning? 2 4 3 3 3 3 3 2 3 3 29 10 2.9 67 What tools were used to generate the list of possible causes? 3 3 4 3 4 3 4 3 4 4 35 10 3.5 68 How was the detailed process map generated, verified, and validated? 4 4 3 3 3 5 2 1 3 2 30 10 3 69 Have any additional benefits been identified that will result from closing all or most of the gaps? 3 4 4 3 4 3 2 3 5 4 35 10 3.5 70 Are gaps between current performance and the goal performance identified? 3 3 4 3 5 5 3 4 1 5 36 10 3.6 71 Why did you develop the process for conducting the BCP process? 3 3 3 4 3 4 4 3 3 3 33 10 3.3 72 Does the follow up team have a formal process to evaluate the test results? 4 1 4 4 3 3 4 4 4 4 35 10 3.5 73 Is all data expected to be encrypted at rest and in transit at all times? 4 3 4 3 4 4 4 3 3 5 37 10 3.7 74 How quickly are the backups to be retrieved in the event of an emergency? 4 4 3 3 3 3 4 3 4 3 34 10 3.4 75 Which business processes need to be recovered? 4 3 4 4 4 4 3 3 3 3 35 10 3.5 76 Is there a defined process for identifying and reporting on issues? 4 3 4 3 3 3 4 3 3 2 32 10 3.2 77 What is the process for the subcontractor to be approved? 4 2 4 4 3 3 1 3 3 3 30 10 3 78 Were Pareto charts (or similar) used to portray the ‘heavy hitters’ (or key sources of variation)? 4 3 4 4 3 4 1 3 3 3 32 10 3.2 79 Did the selection process include consideration of internal recovery strategies? 3 2 3 3 5 3 1 5 3 3 31 10 3.1 80 Are security processes being communicated throughout your organization? 4 3 5 5 4 3 3 3 3 3 36 10 3.6 81 Is there one person/function with overall responsibility for developing the BCP process? 4 3 4 4 3 5 3 4 4 4 38 10 3.8 82 Is each asset in the asset database used by at least one service in the service repository? 3 3 3 4 3 1 4 3 3 5 32 10 3.2 83 Is data and process analysis, root cause analysis and quantifying the gap/opportunity in place? 2 4 4 3 3 3 3 5 4 3 34 10 3.4 84 What part of your organization should actually own responsibility for BCM processes? 3 3 3 4 4 4 4 4 4 3 36 10 3.6 85 Are you aware of any policies related to data classification or data retention? 4 4 3 4 4 3 4 4 4 3 37 10 3.7 86 Does each service in the service repository use assets from the asset database? 4 5 4 3 3 3 3 3 4 4 36 10 3.6 87 What were the crucial ‘moments of truth’ on the process map? 4 4 4 3 4 4 4 3 3 2 35 10 3.5 88 Are all employees involved in the process properly trained? 3 4 4 3 3 4 3 3 3 4 34 10 3.4 89 What does the data say about the performance of the stakeholder process? 4 5 4 4 3 3 4 4 4 3 38 10 3.8 90 Is the process/resource properly maintained? 4 4 3 3 4 3 2 2 3 4 32 10 3.2 91 Is there a distinct business process recovery team? 3 4 3 4 4 4 3 3 4 3 35 10 3.5 92 Did the strategy selection process include issues involving existing suppliers? 5 4 4 3 3 4 4 4 4 4 39 10 3.9 93 What applications or databases to recover? 4 1 3 4 4 4 3 4 4 3 34 10 3.4 94 Was a detailed process map created to amplify critical steps of the ‘as is’ stakeholder process? 3 4 4 3 3 5 4 4 4 4 38 10 3.8 95 Who will restore the data from the media? 3 4 2 3 3 3 5 4 3 4 34 10 3.4 96 Are there warnings system built in to the process? 3 4 4 4 3 3 5 3 2 3 34 10 3.4 97 How often does your organization review and update its BCP process? 3 4 1 4 3 4 4 4 3 3 33 10 3.3 98 What was the scope of your last recovery test process? 3 4 3 3 3 3 4 3 4 3 33 10 3.3 99 Are you exercising responsibility to protect sensitive data under your control? 5 4 3 4 4 4 3 4 4 5 40 10 4 100 Is there a formal review process involving senior management? 5 4 5 3 3 2 3 5 4 3 37 10 3.7 101 What tools were used to narrow the list of possible causes? 4 4 3 4 4 3 3 3 1 3 32 10 3.2 102 Were any designed experiments used to generate additional insight into the data analysis? 3 4 4 4 3 1 3 4 2 4 32 10 3.2 103 What is the cost of poor quality as supported by the team’s analysis? 3 3 4 4 3 4 5 4 4 3 37 10 3.7 104 Do you have a process in place to reassess the effectiveness of your BCM program? 1 4 4 4 4 4 3 4 4 4 36 10 3.6 105 Is the performance gap determined? 5 1 4 3 4 3 3 4 3 3 33 10 3.3 106 Are opinions supported by data and conclusions? 4 3 4 4 5 2 3 4 3 4 36 10 3.6 0 0 0 SCORE 364 355 364 361 369 349 357 349 349 353 3570 1060 3.4 5 Improve Participant 1 Participant 2 Participant 3 Participant 4 Participant 5 Participant 6 Participant 7 Participant 8 Participant 9 Participant 10 Total Count Avg "In my belief, the answer to the following question is clearly defined:" 0 0 0 1 Has a BCM risk assessment been conducted for your organization? 3 3 3 2 2 2 3 2 2 2 24 10 2.4 2 Are improved process (‘should be’) maps modified based on pilot data and analysis? 3 3 2 3 3 2 3 5 4 3 31 10 3.1 3 Are test/exercise results documented and used to identify areas for remediation or improvement? 3 5 4 2 2 2 3 2 3 5 31 10 3.1 4 Who decides on the type of communication? 3 4 3 3 4 3 3 3 3 5 34 10 3.4 This document is a partial preview. Full document download can be found on Flevy: https://flevy.com/browse/document/business-continuity-plan-monitoring--implementation-toolkit-5336
  • 6. 5 Are the risks well understood and communicated within your organization? 1 4 3 3 2 5 3 3 3 3 30 10 3 6 Which is the product mix affected by the risk? 4 3 4 2 2 3 2 3 2 2 27 10 2.7 7 Is executive leadership and/or management involved in risk management and mitigation decisions? 3 3 2 1 4 2 1 2 3 2 23 10 2.3 8 Are the testing/exercising objectives/criteria documented within the BCP? 2 2 3 3 3 3 3 4 3 2 28 10 2.8 9 What is Business Continuity Plan Monitoring's impact on utilizing the best solution(s)? 3 3 3 3 1 3 3 3 2 2 26 10 2.6 10 How does the solution remove the key sources of issues discovered in the analyze phase? 2 3 3 3 3 2 3 2 3 2 26 10 2.6 11 Are the best solutions selected? 2 3 2 3 3 2 3 2 2 3 25 10 2.5 12 What are the benefits of performing a technology risk assessment? 2 3 1 2 2 5 3 2 3 3 26 10 2.6 13 What tools were most useful during the improve phase? 3 5 2 2 3 3 2 5 3 3 31 10 3.1 14 What do you perceive as the biggest risk to your firm? 3 5 1 2 2 2 2 2 2 2 23 10 2.3 15 Have minimum personnel been documented for each phase of recovery? 2 2 3 3 2 2 4 3 2 3 26 10 2.6 16 Which participants are at heightened risk? 2 2 4 2 3 1 1 2 2 3 22 10 2.2 17 Is a contingency plan established? 3 2 3 3 2 2 2 2 3 2 24 10 2.4 18 Are policies and procedures developed and implemented to address security incidents? 3 2 2 2 2 3 3 4 2 2 25 10 2.5 19 What communications are necessary to support the implementation of the solution? 2 3 2 3 1 2 1 2 3 2 21 10 2.1 20 Are there any constraints (technical, political, cultural, or otherwise) that would inhibit certain solutions? 3 2 3 2 2 2 2 3 2 2 23 10 2.3 21 Are the scope and objectives for each test/exercise documented before the actual test? 4 3 3 3 3 2 2 1 2 3 26 10 2.6 22 Which hazards are high, medium, and low risk? 1 3 2 3 2 2 2 2 2 3 22 10 2.2 23 What would be the overall risk value for the threat or hazard? 3 2 3 5 3 3 3 2 2 5 31 10 3.1 24 Is there a strategy to address the dependency risk? 3 3 3 2 2 1 3 3 2 2 24 10 2.4 25 What is the greatest risk to overall operational efficiency? 3 4 1 2 3 2 3 2 3 5 28 10 2.8 26 Are formal business continuity procedures developed and documented? 2 2 2 3 1 2 2 3 3 2 22 10 2.2 27 What types of infrastructure are necessary to support post disaster re development? 2 5 2 2 1 2 3 3 5 2 27 10 2.7 28 What you understand to be business continuity? 3 3 1 3 2 2 2 2 2 3 23 10 2.3 29 Are you aware of any documented procedures for incident handling? 3 3 2 1 2 2 3 2 3 3 24 10 2.4 30 Is there a cost/benefit analysis of optimal solution(s)? 2 3 2 1 1 2 3 4 2 3 23 10 2.3 31 How probable is the risk of harm? 2 2 3 3 3 5 2 2 2 3 27 10 2.7 32 Is the implementation plan designed? 2 3 3 3 2 2 3 2 2 3 25 10 2.5 33 What do you do about disaster risk? 2 2 3 2 5 2 3 2 3 3 27 10 2.7 34 What error proofing will be done to address some of the discrepancies observed in the ‘as is’ process? 3 2 3 3 3 2 3 3 2 3 27 10 2.7 35 How are the results of the testing exercise documented and acted upon? 2 3 3 3 3 2 3 2 2 3 26 10 2.6 36 Are new and improved process (‘should be’) maps developed? 2 2 3 2 3 3 2 1 3 2 23 10 2.3 37 What are some alternatives to performing an exhaustive BIA and risk assessment? 3 2 2 2 2 3 2 5 3 3 27 10 2.7 38 What tools were used to tap into the creativity and encourage ‘outside the box’ thinking? 3 2 2 3 3 2 3 3 2 1 24 10 2.4 39 Which hazards pose the highest risk? 2 2 3 3 4 2 3 2 2 2 25 10 2.5 40 Have risks from all sources been identified? 3 3 2 3 5 3 3 2 3 1 28 10 2.8 41 How will the group know that the solution worked? 2 2 2 2 2 2 3 2 2 2 21 10 2.1 42 What kinds of risks are other organizations facing nowadays? 3 2 3 3 5 2 1 2 2 3 26 10 2.6 43 Is the primary/alternate recovery site documented in the BCP? 1 2 2 3 3 3 3 2 2 2 23 10 2.3 44 Is the BCP program coordinator held accountable for results of the program? 4 2 2 2 3 3 1 3 4 3 27 10 2.7 45 What actions does the supplier intend to implement in addressing risk? 2 4 3 3 2 2 3 3 2 2 26 10 2.6 46 Are directions to the recovery sites documented in the BCP? 3 2 5 4 2 3 1 3 3 2 28 10 2.8 47 Is a solution implementation plan established, including schedule/work breakdown structure, resources, risk management plan, cost/budget, and control plan? 2 2 2 2 3 3 3 4 2 3 26 10 2.6 48 Is there a small-scale pilot for proposed improvement(s)? What conclusions were drawn from the outcomes of a pilot? 5 2 2 2 3 3 1 2 3 2 25 10 2.5 49 Describe the design of the pilot and what tests were conducted, if any? 3 5 3 2 2 3 2 3 3 3 29 10 2.9 50 Do you clearly understand responsibility? 3 5 2 2 2 3 3 3 3 2 28 10 2.8 51 Do the test scripts compare actual to expected results? 3 4 3 3 3 2 2 2 3 2 27 10 2.7 52 Do you have a risk assessment tool in place for inbound supply? 2 3 3 3 1 3 2 1 2 2 22 10 2.2 53 What are the risks that might give rise to business interruption? 3 3 2 2 5 3 2 3 3 3 29 10 2.9 54 What is the implementation plan? 4 2 2 2 2 5 3 3 3 2 28 10 2.8 55 What tools were used to evaluate the potential solutions? 3 4 2 2 2 4 3 3 3 3 29 10 2.9 56 How effective are risk management strategies as bcps for the BAC? 5 2 3 3 3 2 2 3 4 3 30 10 3 57 Has a training program been developed and established? 3 3 2 2 3 3 3 2 3 3 27 10 2.7 58 What risks are your organization most likely to encounter based on your geographical location? 3 3 5 3 3 2 2 2 3 3 29 10 2.9 59 Are the maintenance roles and responsibilities clearly defined and documented? 2 4 3 3 2 3 3 4 4 2 30 10 3 60 What were the underlying assumptions on the cost-benefit analysis? 3 3 2 3 3 3 2 3 2 2 26 10 2.6 61 How did the team generate the list of possible solutions? 3 1 2 2 2 2 3 3 2 2 22 10 2.2 62 Does management mandate an annual risk assessment? 2 2 3 3 4 2 2 3 2 2 25 10 2.5 63 Does your organization have documented team notification procedures? 2 2 3 2 3 2 2 3 2 5 26 10 2.6 64 Does your organization have documented vendor notification procedures? 2 3 5 3 2 2 2 3 2 3 27 10 2.7 65 Are system access policies and procedures documented and updated as necessary? 2 3 2 4 2 2 4 5 2 3 29 10 2.9 66 Was a pilot designed for the proposed solution(s)? 3 5 2 2 3 5 5 4 2 1 32 10 3.2 67 Are test objectives clearly defined and documented prior to each test? 2 3 2 3 3 5 3 2 3 2 28 10 2.8 68 Are manual workarounds documented in the BCP? 2 2 5 4 3 3 2 4 2 2 29 10 2.9 69 Have the risks been reviewed and signed off by the governance body? 3 2 3 3 3 3 3 3 3 4 30 10 3 70 How is authorization documented? 2 2 3 3 3 4 2 3 3 3 28 10 2.8 71 What risks pose the greatest threat to your business? 3 2 3 3 2 3 3 3 3 3 28 10 2.8 72 Which it services are already twinned and on what basis twinning was decided? 3 5 2 5 3 2 2 2 3 3 30 10 3 73 What is the risk that exists within the specific supplier being evaluated? 2 3 2 1 2 2 3 2 3 2 22 10 2.2 74 Is there documented acceptable user policy? 3 3 3 2 3 3 3 2 2 3 27 10 2.7 75 What is the team’s contingency plan for potential problems occurring in implementation? 2 2 3 2 4 5 2 3 2 2 27 10 2.7 76 What attendant changes will need to be made to ensure that the solution is successful? 2 3 3 3 1 4 3 2 3 5 29 10 2.9 77 What do you understand to be Business Continuity? 2 3 2 1 2 5 3 2 3 3 26 10 2.6 78 Which hazards pose the greatest risk? 1 2 3 5 3 2 4 3 2 4 29 10 2.9 79 Are possible solutions generated and tested? 2 2 3 3 3 3 2 2 2 2 24 10 2.4 80 Were any criteria developed to assist the team in testing and evaluating potential solutions? 3 2 2 1 2 3 2 2 4 2 23 10 2.3 81 Which risk areas are relevant to the listed IT services? 1 2 2 3 3 3 2 3 2 3 24 10 2.4 82 Is the risk depending on external suppliers? 5 3 2 3 3 1 2 2 3 2 26 10 2.6 83 Is the optimal solution selected based on testing and analysis? 2 2 3 3 5 3 2 2 3 3 28 10 2.8 84 Are the BCP program objectives documented? 2 3 2 3 3 4 3 2 3 2 27 10 2.7 85 What lessons, if any, from a pilot were incorporated into the design of the full-scale solution? 3 2 2 2 2 4 3 3 2 2 25 10 2.5 86 Is pilot data collected and analyzed? 3 3 3 3 2 3 2 2 2 2 25 10 2.5 87 Are there policies in place to address post disaster redevelopment? 1 2 2 3 2 3 3 3 2 2 23 10 2.3 88 Do you adapt seamlessly to changing risk environments? 4 2 1 2 3 3 2 2 3 3 25 10 2.5 89 How will the team or the process owner(s) monitor the implementation plan to see that it is working as intended? 2 3 2 1 2 4 2 3 3 2 24 10 2.4 90 What does the ‘should be’ process map/design look like? 3 2 2 2 2 3 3 2 4 2 25 10 2.5 91 Do you have a documented BCP awareness and training program? 5 3 2 5 3 2 3 4 2 2 31 10 3.1 92 Is the BCM program documented to define? 3 3 2 3 2 3 3 3 3 3 28 10 2.8 93 What, if any, policies are in place to address post disaster redevelopment? 3 2 3 3 2 3 2 3 3 2 26 10 2.6 94 Is there a change order procedure documented? 4 3 3 2 2 3 2 3 2 2 26 10 2.6 95 Does the incident result in disruption of any of your organizations business? 2 1 2 5 2 3 4 2 2 3 26 10 2.6 96 What is risk and risk management? 2 2 2 2 3 3 2 3 3 3 25 10 2.5 97 What are the risks and threats to essential services and activities? 3 2 2 5 3 3 3 3 3 3 30 10 3 98 What responsibility do you understand the BAC to have in an incident? 2 3 2 2 3 2 3 3 2 4 26 10 2.6 99 Are the risks reviewed and updated from time to time? 2 3 2 1 3 2 2 3 3 2 23 10 2.3 100 Are change orders properly documented for scope, budget, and schedule changes? 2 3 2 2 3 5 2 3 3 2 27 10 2.7 101 Do all organizations in the enterprise have defined risk parameters? 2 3 2 2 3 3 1 3 2 2 23 10 2.3 102 Is that level of risk acceptable? 2 1 2 1 2 3 2 3 2 3 21 10 2.1 103 Are clear reporting instructions documented in the BCP? 3 2 3 3 3 2 2 2 2 3 25 10 2.5 0 0 0 SCORE 268 282 260 268 269 284 258 275 267 270 2701 1030 2.6 6 Control Participant 1 Participant 2 Participant 3 Participant 4 Participant 5 Participant 6 Participant 7 Participant 8 Participant 9 Participant 10 Total Count Avg "In my belief, the answer to the following question is clearly defined:" 0 0 0 1 Does your business continuity plan cover power outages specifically? 1 1 1 1 2 1 1 2 2 1 13 10 1.3 2 Has a plan been developed to facilitate notifications of changes to the BCP? 1 1 1 2 1 2 1 2 2 1 14 10 1.4 3 Are you aware of what your organization continuity plan entails? 1 5 5 1 4 1 1 2 2 1 23 10 2.3 4 Have the plans been verified or evaluated by independent third parties? 1 1 1 1 2 2 1 2 2 2 15 10 1.5 5 Does your business continuity plan have senior management approval and sponsorship? 3 5 1 1 5 2 1 4 1 4 27 10 2.7 6 How do you initiate business continuity planning? 1 1 2 1 1 1 5 2 5 2 21 10 2.1 7 How should regulations and standards shape the development of a BCM program? 5 1 4 1 1 1 3 1 1 2 20 10 2 8 Has the plan been approved by senior management? 2 2 2 1 1 5 2 1 1 2 19 10 1.9 9 Have you developed a plan to control access to the facility if the need arises? 3 2 1 1 1 2 1 1 2 1 15 10 1.5 10 Are the BCP program objectives integrated with your organizations strategic business plan? 1 1 1 2 2 2 1 1 2 4 17 10 1.7 11 How many primary control units will be installed? 1 2 5 2 1 1 1 1 2 1 17 10 1.7 12 Do you control the movement of staff between sites? 1 1 2 2 2 2 1 2 2 1 16 10 1.6 13 How often is the plan reviewed by the governance body? 1 1 1 1 2 2 4 1 2 4 19 10 1.9 14 What other resources do you need to successfully implement and maintain your plan? 2 1 2 1 1 1 1 2 1 2 14 10 1.4 15 Do individual plans need to be reviewed? 2 1 5 2 1 2 1 1 1 2 18 10 1.8 16 Are you aware of your suppliers business continuity plans? 1 1 1 2 1 2 2 2 2 2 16 10 1.6 17 Does the system design reflect the requirements? 1 2 1 5 1 1 2 2 1 5 21 10 2.1 18 Why do you need your organization continuity plan? 2 1 2 3 1 1 1 2 2 1 16 10 1.6 19 Is the policy well communicated and understood by plan users? 2 2 1 2 2 2 1 1 5 2 20 10 2 20 Why develop your organization continuity plan? 1 2 2 2 1 1 2 3 2 2 18 10 1.8 21 Is the plan approved by organization leadership? 1 3 2 2 2 5 3 1 2 2 23 10 2.3 22 Does your organization prepare an annual test plan? 2 3 2 1 1 1 1 2 2 1 16 10 1.6 23 What procedure is required to invoke the plan? 1 2 1 2 2 3 2 2 1 5 21 10 2.1 24 Is there an existing recovery plan? 4 1 2 2 1 1 1 1 2 2 17 10 1.7 25 Does the drp form part of the BCP or is it a separate plan altogether? 1 1 2 3 1 2 1 1 1 2 15 10 1.5 26 Does your organization have a formal security plan? 1 1 2 2 2 2 1 2 1 1 15 10 1.5 27 How many secondary control units will be installed? 1 2 5 2 1 2 1 2 2 4 22 10 2.2 28 Do you monitor the movement of participants between different places/ sites? 2 2 2 2 2 2 1 1 4 2 20 10 2 29 Has a project communications plan been developed? 1 1 1 2 2 2 1 2 2 2 16 10 1.6 30 Does sox mandate your organization continuity plan? 2 2 1 2 3 2 1 2 1 3 19 10 1.9 31 Does your organizations emergency plan include your organization continuity plan? 1 2 2 1 2 5 1 1 1 1 17 10 1.7 32 Who will manage and monitor cancellations of appointments/ meetings / groups? 4 4 2 1 1 1 1 1 2 1 18 10 1.8 33 Is the plan to work from home or alternate site? 1 2 2 5 5 2 2 1 5 2 27 10 2.7 34 Is there a defined schedule for updating the plan? 2 2 2 1 1 1 1 1 1 1 13 10 1.3 35 What are the training requirements for the planning team? 1 2 5 1 2 1 4 4 1 2 23 10 2.3 36 How has your organization communicated its BCP plans to the public? 1 1 4 2 1 2 2 1 1 3 18 10 1.8 37 Did work plan define work performed? 3 4 2 1 2 1 1 1 1 2 18 10 1.8 38 Do you have a current business continuity plan? 4 1 2 2 2 1 1 1 2 1 17 10 1.7 39 How do you structure an internal business continuity function or planning team? 1 2 2 2 1 1 1 1 1 1 13 10 1.3 40 What are the key elements of an effective business continuity plan? 1 2 2 2 1 1 2 2 5 1 19 10 1.9 41 What is the system scope for your recovery plan? 2 1 2 1 2 1 2 1 2 1 15 10 1.5 42 Is there a schedule for the testing of the plan? 2 1 1 1 1 2 1 1 4 2 16 10 1.6 43 Have all members of the planning team completed activity sheets? 3 2 2 1 1 1 1 1 1 1 14 10 1.4 44 Does management monitor and evaluate training progress, and reassess training needs? 1 5 5 1 1 2 1 2 1 2 21 10 2.1 45 Are staff members assigned to execute specific service continuity plans? 2 5 2 1 1 1 5 1 1 1 20 10 2 46 Has the approved plan been distributed to all appropriate personnel and offices? 1 1 1 2 2 1 2 1 4 1 16 10 1.6 47 How does the enterprise plan to react in case of emergency? 2 2 2 5 1 1 2 1 5 1 22 10 2.2 48 Why do business continuity plans fail? 2 2 1 1 2 1 4 1 1 1 16 10 1.6 49 Does your practice have an emergency plan? 1 2 2 4 2 1 1 2 2 2 19 10 1.9 50 Does your organization have a written business continuity plan? 1 3 1 2 5 2 1 1 2 2 20 10 2 51 Is the plan subject to review at least annually? 1 2 1 1 1 2 1 1 4 1 15 10 1.5 This document is a partial preview. Full document download can be found on Flevy: https://flevy.com/browse/document/business-continuity-plan-monitoring--implementation-toolkit-5336
  • 7. 52 Have standards for testing service continuity plans been implemented? 5 2 2 1 2 1 2 5 3 1 24 10 2.4 53 How would/is responsible for a BCM plan in your organization? 1 4 2 1 2 2 1 1 2 2 18 10 1.8 54 How is progress on issues management monitored and reported? 1 2 1 2 1 4 1 2 2 2 18 10 1.8 55 How do you monitor and support a remote workforce? 1 2 1 2 2 5 1 2 2 2 20 10 2 56 Does your organization test plans? 1 2 2 4 2 2 5 1 1 1 21 10 2.1 57 How can a BCM plan help your organization? 2 1 2 2 2 5 4 2 1 2 23 10 2.3 58 Is your organization capable of and prepared to implement the plans? 1 1 1 1 1 5 1 1 2 3 17 10 1.7 59 How do risk management and information system contingency planning fit into a resilience program? 4 1 1 1 2 1 1 2 4 2 19 10 1.9 60 Has a schedule for testing service continuity plans been established? 2 2 1 2 2 4 1 1 2 2 19 10 1.9 61 What are business continuity plans? 1 1 1 2 2 5 1 1 2 1 17 10 1.7 62 How does management ensure the plan is reliably updated to reflect changes to your organizations business and operational risks? 1 5 2 1 1 2 2 1 1 2 18 10 1.8 63 Do the plans call for coordination with local emergency services? 2 2 1 1 2 4 1 1 1 2 17 10 1.7 64 Have user departments been involved in drawing up and testing the plan? 1 1 1 1 2 1 2 2 2 2 15 10 1.5 65 Is there a defined process for updating the plan based on the tests conducted? 2 1 2 1 5 1 1 1 1 2 17 10 1.7 66 Does internal audit or an independent third party provide regular assurance on the effectiveness of your organizations business continuity plan and incident management process? 4 5 2 2 2 2 2 1 2 5 27 10 2.7 67 Have all the components of the plan been prepared? 2 2 2 2 2 2 1 1 1 1 16 10 1.6 68 How does your organization plan for business continuity? 1 2 2 2 1 3 1 3 1 2 18 10 1.8 69 Does the test formats satisfy industry standards and best practices? 2 2 2 2 5 1 4 1 1 1 21 10 2.1 70 Do your employees know and support your plan? 4 1 2 2 2 2 1 5 2 1 22 10 2.2 71 Does your business continuity plan take human resources impact into account? 1 4 3 1 1 5 2 2 1 1 21 10 2.1 72 Have planning responsibilities been assigned to key individuals and/or teams? 1 1 3 2 2 1 1 5 5 5 26 10 2.6 73 Have the plans and processes been audited/appraised by external experts? 3 2 2 4 4 1 1 1 2 1 21 10 2.1 74 Does the plan address what data is to be restored? 2 5 1 2 2 2 3 2 2 3 24 10 2.4 75 Does your office currently have your organization continuity plan? 1 2 1 1 1 1 1 2 2 1 13 10 1.3 76 Is a stakeholder management plan in place? 2 2 1 1 1 1 2 1 2 2 15 10 1.5 77 Have the members of the planning team had any BCP training? 1 2 2 1 2 1 5 4 2 2 22 10 2.2 78 Does your organization have a plan to deal with the risk of business interruption? 1 3 1 2 2 5 1 2 1 5 23 10 2.3 79 Do you have your organization continuity plan that is up to date and complete? 1 2 2 4 1 1 2 1 1 2 17 10 1.7 80 Are you confident that the plans for IT resilience and contingency are adequate? 1 2 2 2 1 1 1 2 2 1 15 10 1.5 81 How involved or aware is the BAC of your plans for continuity? 5 2 1 2 1 1 2 2 1 5 22 10 2.2 82 Who is responsible for invoking the plan, and who should be consulted? 2 2 5 1 2 2 1 2 1 1 19 10 1.9 83 What is your organization Continuity Plan? 2 1 2 2 5 2 3 2 2 2 23 10 2.3 84 Do you incur any problems in the implementation of plans? 1 2 5 1 2 1 3 2 2 1 20 10 2 85 Which organizations apply the iso 22301 standard? 2 2 4 2 2 2 1 1 1 2 19 10 1.9 86 Has the plan identified the right people to carry out the actions required? 2 2 2 2 2 1 1 2 2 1 17 10 1.7 87 Why bother reviewing and testing your plan? 2 4 1 1 1 3 1 1 2 1 17 10 1.7 88 Are appropriate references to all related plans included in the BCP? 2 1 1 1 1 1 2 2 2 5 18 10 1.8 89 Why is continuity planning important? 2 1 1 2 1 2 1 2 1 1 14 10 1.4 90 Are your organizations incident response plans flexible enough to enable it to respond rapidly and appropriately to various types of interruptions to its critical operations? 2 2 1 1 2 2 2 3 1 1 17 10 1.7 91 Has a succession plan been established at all levels? 1 2 2 1 1 2 2 2 2 1 16 10 1.6 92 Are there clear, regular time periods for updating of the plan? 1 2 1 2 1 1 2 1 2 2 15 10 1.5 93 Do your vendors business continuity planning preparations meet your business needs? 4 2 1 1 5 1 1 2 1 2 20 10 2 94 Is overall recovery possible using the current plan? 1 2 3 2 5 2 1 1 3 2 22 10 2.2 95 Do you have a disaster recovery plan? 2 2 1 1 1 1 1 1 1 2 13 10 1.3 96 Are the plans tested and revised based on the results? 1 2 2 1 1 2 2 3 1 1 16 10 1.6 97 What are the various phases of developing your organization continuity plan? 1 1 2 3 1 2 2 1 1 1 15 10 1.5 98 Are there automatic triggers to ensure that the core plan elements remain current? 2 2 2 2 1 2 2 1 5 1 20 10 2 99 Are the critical dependencies and their recovery reflected in contractual terms? 1 3 1 5 1 3 2 1 2 4 23 10 2.3 100 What is in your organization continuity plan? 1 1 1 1 2 2 1 1 2 1 13 10 1.3 101 Does your organization require to integrate on prem monitoring with cloud monitoring? 2 2 3 2 2 2 2 1 1 2 19 10 1.9 102 Are the key risks clearly stated in the plan? 3 1 1 1 2 1 2 1 2 2 16 10 1.6 103 How will you monitor the health of any employees that may be exposed? 1 2 1 2 1 1 1 3 4 1 17 10 1.7 104 Is execution of service continuity plans reviewed? 2 2 1 5 5 1 3 4 1 1 25 10 2.5 105 How often are your business continuity and disaster recovery plans tested, and in what ways? 1 1 1 4 1 2 1 1 2 2 16 10 1.6 106 Is the plan activation and process execution effective? 1 2 2 5 1 1 2 5 1 2 22 10 2.2 107 How could a BCM plan affect the supply chain? 2 2 1 2 2 2 1 1 2 1 16 10 1.6 108 Have project management standards and procedures been established and documented? 3 4 1 2 1 2 2 1 2 2 20 10 2 109 Do you have a plan for a pandemic or mass absentee situation? 1 1 1 2 5 1 2 1 2 1 17 10 1.7 110 Are crisis management and communication management plans available and rehearsed? 1 1 1 1 2 1 3 2 2 1 15 10 1.5 111 How frequently is your business continuity plan exercised? 2 2 2 2 1 1 1 1 2 3 17 10 1.7 112 What are the components of your organization continuity plan? 3 2 2 3 4 1 1 1 2 2 21 10 2.1 113 Does the disaster recovery plan address issues specific to the covered entitys operating environment? 1 1 1 2 2 2 1 1 2 2 15 10 1.5 114 Are plan maintenance schedules documented in the BCP? 1 1 1 2 2 1 2 2 4 1 17 10 1.7 115 What is an emergency response plan? 1 2 2 2 2 2 2 2 2 2 19 10 1.9 116 Will there be an overall corporate role that has responsibility for BCM planning? 1 2 2 1 1 1 2 1 1 1 13 10 1.3 117 Is your business continuity plan complete? 2 1 1 4 1 1 1 1 2 1 15 10 1.5 118 Does the backup plan include storage of backups in a safe, secure place? 2 1 2 2 1 2 1 2 1 4 18 10 1.8 119 Are responsibilities clearly defined for plan maintenance, training and testing? 1 2 3 2 1 2 2 1 2 1 17 10 1.7 120 When was the most recent business continuity plan exercise? 2 5 2 2 2 4 2 1 1 1 22 10 2.2 121 Is the plan updated as organizational objectives and priorities change? 2 2 2 3 2 1 2 2 2 2 20 10 2 122 How clearly do contracts and/or service level agreements define service providers responsibilities with respect to your organizations BCP, and enable your organization to monitor compliance? 1 5 2 1 1 2 1 1 4 2 20 10 2 123 Has your organization planned and established a debriefing procedure? 2 4 1 2 2 1 2 2 1 1 18 10 1.8 124 Does the project have a formal project plan? 1 2 2 2 2 2 1 5 1 5 23 10 2.3 125 Have you established a mobilization plan for essential employees? 1 2 1 2 1 1 1 2 1 2 14 10 1.4 126 Does the plan conform to standards? 2 1 2 2 5 2 2 1 2 2 21 10 2.1 127 Does training support your organizational business plan & vision? 4 2 3 2 1 1 2 1 2 2 20 10 2 128 Is there a formally documented plan maintenance schedule? 2 1 1 2 4 1 2 2 1 1 17 10 1.7 129 Have adequate funding and resources been provided to develop and maintain your organizations business continuity plan? 2 2 1 2 1 2 1 2 1 2 16 10 1.6 130 Is there a communications component/plan as part of the BCP? 3 1 1 2 1 2 1 1 2 2 16 10 1.6 131 Is the plan reviewed and updated after a disruptive event? 2 1 2 1 2 1 2 2 1 1 15 10 1.5 132 How is it related to emergency response planning, and disaster recovery? 1 2 2 1 2 1 1 5 1 1 17 10 1.7 133 What about continuity planning for web based applications? 2 1 1 2 2 2 2 2 2 2 18 10 1.8 134 How does your department plan for business continuity? 1 1 2 2 1 4 1 1 2 2 17 10 1.7 135 What is information system contingency planning? 5 2 1 2 1 4 2 1 1 1 20 10 2 136 Are the plans stored properly and safely? 2 2 2 1 2 1 1 1 1 1 14 10 1.4 0 0 0 SCORE 241 270 250 255 251 252 226 231 256 254 2486 1360 1.8 7 Sustain Participant 1 Participant 2 Participant 3 Participant 4 Participant 5 Participant 6 Participant 7 Participant 8 Participant 9 Participant 10 Total Count Avg "In my belief, the answer to the following question is clearly defined:" 0 0 0 1 Are all original staff available to return to work? 3 1 1 1 1 3 1 5 1 1 18 10 1.8 2 Is there an executive protection program for senior executives/managers? 1 1 1 1 1 1 3 1 5 1 16 10 1.6 3 Are there any key personnel unavailable? 2 1 1 1 1 1 1 4 1 1 14 10 1.4 4 Has a continuity team structure been established? 4 1 1 1 1 3 1 1 1 4 18 10 1.8 5 What alternative means of communication exist? 1 1 1 5 1 1 1 1 1 1 14 10 1.4 6 Have departmental services been listed? 1 1 4 3 1 1 1 1 1 1 15 10 1.5 7 How many ips per vlan does your organization currently have? 1 1 4 1 1 1 1 1 1 1 13 10 1.3 8 What locations do your organizations critical activities operate from? 4 1 1 1 1 1 2 1 1 1 14 10 1.4 9 Does the policy relate to an area with known inequalities? 5 1 1 1 1 1 1 1 1 1 14 10 1.4 10 Are the project members appropriately assigned and briefed? 4 1 1 3 1 1 1 1 1 3 17 10 1.7 11 What is your organization to do? 1 1 1 1 1 3 1 1 1 1 12 10 1.2 12 Is the workforce advised to commit their passwords to memory? 1 1 1 1 1 5 1 1 1 5 18 10 1.8 13 Is the policy sufficiently comprehensive and clear? 1 1 1 1 1 4 3 1 2 1 16 10 1.6 14 Which business units cannot be re housed in the short term? 1 1 1 1 1 1 1 1 1 1 10 10 1 15 Are appropriate security resources included in the BCP program? 1 1 1 1 1 1 1 1 1 1 10 10 1 16 Who does the business send payment to for the technology services? 1 1 1 1 1 1 1 5 1 1 14 10 1.4 17 Does the BCM manager coordinate and lead the implementation of BCM? 1 1 1 1 1 1 1 1 1 1 10 10 1 18 How might your inability to provide services affect your reputation? 5 1 2 1 1 1 1 1 1 3 17 10 1.7 19 How will the team communicate, particularly if the team is dispersed? 1 4 1 1 1 1 4 1 1 2 17 10 1.7 20 Does the BCP include the BCP organization & structure? 1 1 2 1 2 1 1 1 1 3 14 10 1.4 21 Is there a distinct technology recovery team? 1 1 5 1 4 3 1 1 1 1 19 10 1.9 22 Does your organization use any ITSM tools? 1 4 1 1 1 1 1 1 1 1 13 10 1.3 23 Is the it recovery strategy in line with the business objectives? 2 1 5 1 1 1 1 1 1 1 15 10 1.5 24 What are your goals that you feel are important for a successful project? 1 1 2 1 1 4 1 1 1 2 15 10 1.5 25 Are background checks made on temporary employees and contractors? 1 1 1 1 2 1 1 1 1 1 11 10 1.1 26 Which business units can use it after cosmetic attention? 1 2 1 1 1 1 5 4 1 1 18 10 1.8 27 Is your organization prepared for disasters? 1 1 1 1 2 1 1 1 1 1 11 10 1.1 28 Does your organization have a formal governance body for business continuity? 1 1 1 1 5 5 1 1 5 1 22 10 2.2 29 Why just web as a service what about other applications? 2 1 1 5 1 4 1 1 1 1 18 10 1.8 30 Who is the right person in your organization to own the BCM program? 1 1 1 1 1 1 1 1 1 1 10 10 1 31 Are backup and storage procedures for high value information assets tested? 1 3 4 3 1 1 1 1 1 1 17 10 1.7 32 When was the BCM policy last reviewed and updated? 1 1 1 3 3 1 1 1 1 1 14 10 1.4 33 Has your organization prepared an emergency contact list of employees? 1 1 1 1 1 5 1 1 1 1 14 10 1.4 34 Can any part of the service be relocated? 3 1 1 1 1 1 1 1 1 1 12 10 1.2 35 What type of network core switches/firewalls does your organization currently use? 1 1 1 1 1 1 1 1 5 1 14 10 1.4 36 How many saas based applications is your organization using? 1 3 1 1 1 1 1 1 1 1 12 10 1.2 37 What it is essential to carry out key functions? 4 1 1 1 2 2 3 1 1 1 17 10 1.7 38 What is the BCM maturity level in your organization? 1 5 1 3 4 2 1 3 1 1 22 10 2.2 39 What are a supply chain and supply chain management? 1 2 1 1 1 1 4 1 1 4 17 10 1.7 40 Are the most efficient solutions problem-specific? 1 1 2 1 1 1 1 1 4 1 14 10 1.4 41 What is your best mechanism for communication? 1 1 3 1 1 1 1 1 1 2 13 10 1.3 42 What are your Departments critical dependencies? 1 1 1 1 1 5 1 1 1 1 14 10 1.4 43 Which work areas are inaccessible and intact? 1 1 1 1 1 1 1 1 1 1 10 10 1 44 Did the test effectively detail the activities to be completed during a disaster? 1 1 1 1 1 1 1 1 1 1 10 10 1 45 Does the BCM executive have access to the leadership team? 1 1 1 4 1 1 1 1 1 1 13 10 1.3 46 How are segments of your economy dependent on infrastructure to function? 1 5 1 1 1 1 1 4 1 1 17 10 1.7 47 Why will people be away from work? 1 4 4 1 1 2 3 3 3 1 23 10 2.3 48 How much time should the BCP take? 1 1 1 1 1 1 3 1 1 1 12 10 1.2 49 Can the net support business continuity? 4 1 1 1 1 1 5 1 1 1 17 10 1.7 50 How and how often are you communicating with employees, customers and suppliers? 1 4 1 1 3 2 1 1 1 1 16 10 1.6 51 What it is essential to carry out your critical activities? 1 1 1 1 1 1 1 1 2 2 12 10 1.2 52 What are the necessary review and approval steps prior to information release? 1 1 1 1 1 1 1 1 1 3 12 10 1.2 53 How badly would your organizations effectiveness be affected? 1 5 1 1 1 1 1 1 1 1 14 10 1.4 54 What is the actual or threatened loss of workforce? 1 1 1 1 1 4 1 5 1 3 19 10 1.9 55 What is the value to your organization in designing and deploying BCM programs? 1 1 1 1 1 1 1 5 3 1 16 10 1.6 56 Is the strategy realistic and has it been tested? 2 1 1 1 2 1 5 1 1 1 16 10 1.6 57 Is there an overall sponsor/champion for the BCM programme? 1 2 1 2 1 1 1 1 3 1 14 10 1.4 58 What are the time imperatives on the delivery of the products or services? 1 1 1 1 3 3 1 1 1 5 18 10 1.8 59 Does your organization operate or follow any ITSM approaches? 1 1 1 4 5 1 1 1 1 2 18 10 1.8 60 Is security awareness training provided to employees? 1 1 1 1 2 1 1 1 1 3 13 10 1.3 61 What is the status of your organization? 1 1 1 1 2 2 1 1 1 1 12 10 1.2 62 Are policies and procedures in place for establishing access and modifying access? 1 1 3 4 2 1 1 1 1 1 16 10 1.6 63 Has access to the whole site been denied? 1 1 1 1 3 1 1 2 4 2 17 10 1.7 This document is a partial preview. Full document download can be found on Flevy: https://flevy.com/browse/document/business-continuity-plan-monitoring--implementation-toolkit-5336
  • 8. 64 What are the trusted sources on which your organization will rely? 3 1 1 1 1 4 1 1 5 1 19 10 1.9 65 What online communication tools do you utilise to stay connected? 1 3 1 1 1 1 1 1 1 1 12 10 1.2 66 What would happen if a key team member was suddenly absent? 1 1 1 2 1 1 1 1 1 1 11 10 1.1 67 Are the activation procedures effective? 2 1 1 3 1 1 1 4 1 1 16 10 1.6 68 What is the timeframe for unacceptable loss of functions and critical assets? 1 1 1 1 1 2 1 1 1 1 11 10 1.1 69 Is there a distinct corporate support team? 1 1 1 1 1 1 1 1 1 1 10 10 1 70 What supports will be put in place in the short and medium term? 1 5 1 1 1 1 1 4 1 1 17 10 1.7 71 How did your organization handle the crisis? 1 1 1 1 1 1 1 1 1 1 10 10 1 72 How well integrated is the BCM program with capabilities? 1 1 1 1 1 1 1 1 1 1 10 10 1 73 Has detailed project schedule been prepared and considered with the client? 1 1 1 1 1 1 3 1 1 1 12 10 1.2 74 Does your organization support work from home with technology, management and policies? 1 1 1 1 1 1 1 5 2 1 15 10 1.5 75 Do sufficient and suitable continuity resources currently exist? 5 1 1 1 1 1 1 1 1 1 14 10 1.4 76 Are additional security personnel added when the threat level increases? 1 1 1 1 1 1 1 1 2 1 11 10 1.1 77 What information is essential to carry out your critical activities? 1 2 1 1 1 3 4 5 4 1 23 10 2.3 78 What are the advantages of certifying your business continuity management system? 1 5 5 1 1 1 1 1 1 4 21 10 2.1 79 What is the worst thing that can happen to your business? 4 4 1 1 1 1 5 1 3 1 22 10 2.2 80 Which systems and/or services are affected? 1 5 1 2 2 3 1 1 1 3 20 10 2 81 Do third parties remotely access your systems? 4 1 1 1 1 3 1 1 1 1 15 10 1.5 82 Do you have unscheduled BCP test? 4 1 3 1 1 1 1 1 1 3 17 10 1.7 83 Does anyone rely on information from your office in order to provide service? 5 1 4 1 1 1 1 1 1 1 17 10 1.7 84 What pattern of business will take place? 1 1 1 3 1 1 1 1 1 1 12 10 1.2 85 Which functions are critical to business continuity for your firm? 1 5 1 1 3 1 1 1 1 1 16 10 1.6 86 What are the benefits of testing? 1 1 1 1 1 2 1 1 1 1 11 10 1.1 87 How does the communication work between you and the consultants and the vendor? 1 1 4 1 1 1 1 5 1 5 21 10 2.1 88 Where to start with a BCM programme? 1 1 1 1 1 1 1 1 1 3 12 10 1.2 89 How to establish communication procedures? 1 1 1 1 5 1 1 4 1 1 17 10 1.7 90 How are your core business functions protected? 1 1 5 1 1 1 1 1 1 1 14 10 1.4 91 Who will disseminate the information? 4 1 1 2 1 1 1 3 1 1 16 10 1.6 92 What knowledge or experience is required? 1 1 1 1 4 5 5 1 1 1 21 10 2.1 93 What is the severity of the disaster? 1 1 1 1 1 1 1 4 1 1 13 10 1.3 94 Which parts of it are inaccessible? 1 1 2 1 1 1 1 1 4 1 14 10 1.4 95 Are there any exclusions to your BCP as personnel, natural disasters, and why? 1 1 1 1 1 1 1 1 5 1 14 10 1.4 96 What alternative responses are available to manage risk? 1 1 1 1 1 1 1 1 1 1 10 10 1 97 Are there ways to reduce the time it takes to get something approved? 1 1 1 1 1 1 5 1 1 1 14 10 1.4 98 Is existing fencing surrounding the facility perimeter in good repair? 1 1 1 1 1 1 1 1 1 2 11 10 1.1 99 What channels will be used to convey the information? 1 1 2 1 1 2 1 1 3 1 14 10 1.4 100 How many staff can work from home or relocate? 1 1 1 1 4 1 1 2 1 3 16 10 1.6 101 Did management involve a variety of business unit staff in the testing of the BCP? 1 5 3 3 5 1 1 1 2 1 23 10 2.3 102 What are you supposed to wear to a disaster? 1 1 4 1 1 3 1 1 1 1 15 10 1.5 103 Are there competing pressures for time and resources? 2 1 1 1 3 1 1 3 3 4 20 10 2 104 What are the processes for audit reporting and management? 1 1 1 1 1 1 5 1 1 1 14 10 1.4 105 Who is responsible to collecting the information? 2 1 1 1 1 1 3 1 1 1 13 10 1.3 106 Is the essential departmental services list correct? 1 3 1 1 3 1 1 1 1 5 18 10 1.8 107 Will the downtime incur serious extraordinary expenses? 1 1 3 1 1 1 1 1 1 1 12 10 1.2 108 Is the alternate site available and are the activation procedures for it correct? 1 2 1 1 1 1 1 3 1 1 13 10 1.3 109 What are the typical enterprise functions? 1 1 1 1 1 5 1 3 1 1 16 10 1.6 110 Will you depend on some vendors for recovery? 1 2 1 3 1 2 1 1 1 4 17 10 1.7 111 What communication channels would be utilized? 1 1 5 3 1 1 1 5 1 1 20 10 2 112 What is business continuity management? 1 2 1 3 1 2 1 5 1 1 18 10 1.8 113 What happens if a stock market or exchange closes for a period of time? 1 3 1 1 1 1 3 1 1 1 14 10 1.4 114 What was the nature of the security incident? 5 1 1 1 1 1 1 1 1 1 14 10 1.4 115 Do other institutions in your area provide similar services? 1 1 1 1 5 1 1 1 1 5 18 10 1.8 116 Who initiates and receives specific information? 1 1 3 1 1 1 1 1 1 1 12 10 1.2 117 Are there enough resources available to ensure that critical services are maintained? 2 1 1 1 1 1 1 4 3 1 16 10 1.6 118 Is your information accessible to all? 5 4 5 2 5 1 1 1 1 1 26 10 2.6 119 Who manages supplier risk management in your organization? 1 1 1 1 1 4 2 1 1 5 18 10 1.8 120 Will it be detrimental to your organizations public image? 5 1 1 1 1 1 1 1 3 1 16 10 1.6 121 Have you trained and prepared your workforce and your backup resources? 4 5 1 1 5 1 1 1 1 1 21 10 2.1 122 When should a process be art not science? 1 4 2 5 1 1 3 5 1 1 24 10 2.4 123 What offices / work space should be repaired first? 1 3 1 1 1 1 1 4 1 1 15 10 1.5 124 Is your business people dependent? 1 1 1 1 1 1 1 1 1 1 10 10 1 125 Why do you practice business continuity management? 1 1 1 1 1 1 1 1 1 1 10 10 1 126 What offices or work spaces should be repaired first? 1 1 1 1 1 1 1 1 1 1 10 10 1 127 Does management have the right priorities among projects? 1 1 1 4 1 1 1 1 1 1 13 10 1.3 128 Do you have up to date contact details for all staff and key external staff and stakeholders? 1 1 4 1 1 1 4 1 4 1 19 10 1.9 129 How long to keep data and how to manage retention costs? 1 1 1 2 1 1 1 1 1 1 11 10 1.1 130 Why business continuity management? 4 2 1 1 5 1 1 2 1 5 23 10 2.3 131 Where can employees provide feedback, if at all? 1 1 1 1 1 1 1 2 1 1 11 10 1.1 132 Do you have sufficient staff for managing program? 1 1 1 5 1 1 1 1 1 1 14 10 1.4 133 Who will step in to maintain the public health? 1 4 1 1 1 1 1 1 1 5 17 10 1.7 134 Which business units can use it immediately? 1 1 1 1 2 1 1 1 2 1 12 10 1.2 135 What are the advantages for your business? 1 1 1 4 2 1 1 1 1 1 14 10 1.4 136 Is your organizations frequency of backups appropriate for its environment? 1 1 1 1 1 1 1 1 5 1 14 10 1.4 137 Are key locations hardened and facilities conditioned? 1 1 2 1 1 1 1 1 1 1 11 10 1.1 138 How do business leaders proceed? 2 1 1 1 1 1 1 1 1 1 11 10 1.1 139 Why has progress been made in the financial services industry? 4 2 1 2 2 1 4 1 1 1 19 10 1.9 140 Do you supply a total inventory list of all current server hardware? 1 1 1 1 3 4 1 1 1 1 15 10 1.5 141 What is your current policy on visitors? 1 1 4 1 1 1 1 4 1 5 20 10 2 142 What alternatives can be put in place? 1 1 1 1 1 1 1 1 1 2 11 10 1.1 143 What is the desired level of recovery? 1 1 2 1 1 1 1 1 1 1 11 10 1.1 144 Is the it infrastructure still functioning properly? 1 1 1 3 3 3 2 1 1 4 20 10 2 145 Is the work to date meeting requirements? 1 1 1 1 1 1 1 1 1 1 10 10 1 146 How much time will it take to shift production from one product to another? 1 1 1 1 5 1 1 1 1 2 15 10 1.5 147 How will your organization review and debrief its response? 1 1 2 3 1 1 1 1 1 1 13 10 1.3 148 Has senior management commitment been obtained? 1 1 1 1 1 1 1 5 2 2 16 10 1.6 149 Are after hours checks made of facility access points? 1 1 1 1 1 2 1 1 1 1 11 10 1.1 150 Does your department have any role in the network recovery? 1 1 1 5 1 1 1 1 4 1 17 10 1.7 151 Do you provide your clients with detailed contact information for use in emergencies? 4 4 1 1 1 1 1 1 1 1 16 10 1.6 152 What is your organization currently using for backup/storage policies? 1 1 1 1 1 1 1 1 4 1 13 10 1.3 153 Is your organization able to support work from home policy? 1 1 1 1 1 1 1 3 1 1 12 10 1.2 154 Do your business and IT operations hinge on the availability of one or a few individuals skills? 1 1 1 1 1 1 1 1 1 1 10 10 1 155 Who is the sponsor within your organization? 1 1 1 1 2 1 1 1 1 1 11 10 1.1 156 Has the conduct of the exercise received the support of senior management? 1 1 1 4 1 1 2 1 1 1 14 10 1.4 157 Do large organizations feel the power supply to their organization is reliable? 2 1 1 1 4 1 1 1 1 4 17 10 1.7 158 What is business continuity and business continuity management? 1 1 1 1 1 1 1 1 1 1 10 10 1 159 Is there a consistent, broadly applied training program? 1 1 4 1 1 1 3 1 1 1 15 10 1.5 160 What do you put in place to safeguard more vulnerable participants? 1 1 1 1 1 1 1 1 1 5 14 10 1.4 161 Why implement business continuity training? 2 2 1 1 2 3 2 1 1 1 16 10 1.6 162 Do you have the capacity to handle increased faxes and email instructions as more clients work from home? 1 5 1 2 1 1 1 1 1 1 15 10 1.5 163 Do you utilize test scripts for your tests? 1 1 5 1 4 1 1 1 4 1 20 10 2 164 What happens if your office is damaged? 1 1 1 4 1 1 2 1 1 1 14 10 1.4 165 Are the it systems and services still running? 1 1 4 1 1 1 1 1 1 1 13 10 1.3 166 Are all critical business functions and systems covered? 1 5 1 1 1 1 1 1 1 1 14 10 1.4 167 What is your personnel change management –what is the system? 1 1 1 1 4 5 2 2 1 1 19 10 1.9 168 What could have made the test run more smoothly? 1 1 1 3 1 1 1 1 1 4 15 10 1.5 169 What is your organizations area of operation? 1 1 1 3 1 1 1 2 1 4 16 10 1.6 170 Are there any programs that promote security awareness? 3 1 1 1 1 1 1 4 1 1 15 10 1.5 171 Have BCP team members been appointed? 4 1 1 2 1 1 1 1 1 1 14 10 1.4 172 How resilient is your organization? 1 5 1 1 3 1 2 1 1 1 17 10 1.7 173 What access restrictions are placed on the users by their organization or programmatic office? 1 1 1 1 1 1 3 1 1 3 14 10 1.4 174 What are the key responsibilities that each role has? 1 1 1 3 1 1 1 2 1 1 13 10 1.3 175 How many casual/ on call staff do you have? 1 2 1 4 4 1 4 1 1 1 20 10 2 176 Which best describes your organization, entity, or enterprise? 3 1 3 5 4 1 1 1 1 1 21 10 2.1 177 Do you avoid disruption of service when key locations are closed? 3 1 1 1 1 1 4 1 1 1 15 10 1.5 178 How is the enterprise preparing for possible disasters? 5 1 3 3 1 3 1 2 1 1 21 10 2.1 179 Do the vendors have sound BCP in place? 1 1 5 1 4 1 1 1 1 1 17 10 1.7 180 Are risk management tasks balanced centrally and locally? 1 1 1 1 1 1 1 1 1 1 10 10 1 181 Does your facility have a backup generator? 1 1 1 1 1 4 1 2 1 1 14 10 1.4 182 What will be the consequences for their employees? 1 1 1 1 1 1 1 1 1 1 10 10 1 183 Did the bia include recovery time frames and workaround procedures? 1 1 1 1 1 1 1 1 2 1 11 10 1.1 184 How often do you perform a BCP test? 1 1 3 1 1 1 1 1 1 1 12 10 1.2 185 Is the perimeter checked routinely by security? 1 1 1 1 1 5 1 4 1 1 17 10 1.7 186 What is the business recovery time? 1 1 1 1 1 1 1 4 1 1 13 10 1.3 187 Who participated in the recovery? 1 1 1 1 1 1 1 1 1 1 10 10 1 188 What is the difference between crisis management and crisis communications? 1 1 1 1 4 1 5 1 1 1 17 10 1.7 189 Are the risks fully understood, reasonable and manageable? 1 1 1 1 1 1 1 1 5 1 14 10 1.4 190 Are you extending your organization network to include the vendor? 1 2 1 1 1 1 1 4 3 1 16 10 1.6 191 Does your organizations periodic testing program include pandemic testing? 1 1 1 1 1 1 1 1 1 1 10 10 1 192 Has the BCP policy been communicated to all employees? 1 1 1 1 1 1 1 2 5 2 16 10 1.6 193 Are the key business and technology risks being managed? 1 1 4 1 1 1 2 5 1 1 18 10 1.8 194 What systems/processes must you excel at? 1 1 1 1 4 1 1 1 1 3 15 10 1.5 195 Why are other organizations focusing on resilience now? 1 1 1 1 1 1 1 5 1 1 14 10 1.4 196 How much of the network must be restored in order to continue operations? 2 1 1 3 1 1 1 1 5 1 17 10 1.7 197 Are your current suppliers able to ensure supply continuity? 1 1 4 1 1 1 3 1 5 1 19 10 1.9 198 Are there procedures for reporting suspicious personnel or activities? 1 1 1 1 1 1 1 1 3 1 12 10 1.2 199 Is staff trained on the software technologies that are being used on the project? 1 1 1 1 1 5 1 1 1 1 14 10 1.4 200 Is the physical safety of the public or your organizations employees jeopardized? 1 1 1 1 5 3 2 1 1 1 17 10 1.7 201 Are products/services reliant upon any non you personnel or facilities? 1 1 1 4 1 1 1 1 1 1 13 10 1.3 202 What are your organizations key products, services and functions? 5 1 1 1 1 3 1 1 1 1 16 10 1.6 203 Where are you on the business continuity spectrum? 1 1 1 3 1 1 1 2 3 1 15 10 1.5 204 What assumptions are made about the solution and approach? 1 1 1 1 1 1 1 1 1 1 10 10 1 205 Is het proces afhankelijk van fax? 4 1 4 1 1 1 5 1 1 1 20 10 2 206 How disaster tolerant is your organization? 4 1 1 1 1 5 1 4 3 1 22 10 2.2 207 How will team members be notified and updated? 1 1 1 1 1 1 1 1 1 1 10 10 1 208 What is the estimated physical project completion stage? 1 1 1 1 1 1 1 1 1 1 10 10 1 209 What is your current time frame for the business continuance project? 4 1 1 1 4 1 1 1 3 5 22 10 2.2 210 Does your organization maintain a backup work facility? 3 1 1 1 1 4 1 1 1 1 15 10 1.5 211 Are warning signs placed at the perimeter? 1 1 1 1 1 5 1 5 1 3 20 10 2 212 Does upper management proactively engage in the periodic review of BCM activities? 1 1 1 2 2 1 1 1 1 1 12 10 1.2 213 What are the consequences when contact management system is down? 1 1 1 1 1 1 1 1 1 1 10 10 1 214 How long is the disruption to business expected to be? 1 1 1 5 4 1 1 1 1 1 17 10 1.7 215 Will it significantly affect the customer confidence level? 1 4 1 3 1 1 1 1 3 5 21 10 2.1 216 Are there any threats to the health/safety of employees at the affected location? 1 1 1 1 1 1 1 1 1 1 10 10 1 217 Does your organization engage in hedging transactions? 2 2 1 2 1 1 1 1 1 1 13 10 1.3 218 What is your current IT recovery strategy? 3 1 1 4 1 1 1 1 1 1 15 10 1.5 219 Does your organization have all essential supplies in stock? 1 1 1 1 1 4 3 2 1 1 16 10 1.6 220 What are the primary reasons that your organization has established a BCM program? 1 1 4 1 1 1 1 1 5 1 17 10 1.7 221 Are systems and other resources unavailable? 1 1 1 1 1 1 1 1 1 1 10 10 1 This document is a partial preview. Full document download can be found on Flevy: https://flevy.com/browse/document/business-continuity-plan-monitoring--implementation-toolkit-5336