Business Continuity/Crisis Management Assessment

Assessment Introduction

Page 1

Welcome to the Business Continuity/Crisis Management IQRM!

Symantec’s Disaster Preparedness Survey found that half of all small-to-medium-sized business (SMB) have no disaster recovery plans in place. It also found that 65% of respondents said that they live in areas susceptible to natural disasters. Despite our awareness of the impacts of COVID-19, 9/11, the anthrax attacks, Hurricanes Harvey and Katrina, the Virginia Tech massacre, petroleum processing plant explosions, and the Joplin tornado have had, disaster planning is overlooked in most organizations in the U.S.

Please click below to begin a 20 statement survey to gain your organization’s IQRM Effectiveness Risk Audit Score for Business Continuity/Crisis Management.

Statement 1

We have established a management group or committee to oversee the development and/or maintenance of the Readiness Program.

Statement 2

Our Board of Directors (or other appropriate oversight group) reviews and approves the company-wide Readiness Program and its procedures on an annual basis.

Statement 3

We have identified employees with dedicated Readiness planning responsibilities and assigned them to the program.

Statement 4

We have established a budget for our Readiness Program.

Statement 5

We have conducted a risk assessment that categorizes potential threats (both internal and external), as well as related impacts, on all critical facilities for both information technology and operational business units.

Statement 6

Our operational business units have identified the maximum tolerable time to recover critical business functions.

Statement 7

We have developed and funded business recovery strategies for the resumption of critical business processes and support services (i.e. systems, telecommunications, etc.).

Statement 8

Information technology recovery procedures have been established to accommodate the priorities and requirements mandated by the operational business units.

Statement 9

We have implemented a process to keep management aware of Readiness issues that exist at any point in time with our plans to recover business unit operations and technology. We have performed a gap analysis to identify the differences between the technical recovery requirements of the business units and the current recovery capacity and abilities of information technology.

Statement 10

It has been tested and confirmed that there is no chance that data could be irretrievably lost if a business disruption occurred between the last data backup process and the time of a business disruption.

Statement 11

Our business functions have created manual workaround procedures to perform critical business in the absence of technology.

Statement 12

Our recovery procedures for information technology and critical operational business units are tested on at least an annual basis.

Statement 13

Results of periodic Readiness exercises and tests are reported to senior management and the Board of Directors (or other appropriate oversight groups).

Statement 14

Readiness education and awareness programs exist to ensure that employees are trained to execute the Readiness procedures if required.

Statement 15

Building evacuation procedures have been developed and communicated with all employees.

Statement 16

Procedures to respond to emergency situations have been developed and communicated with employees.

Statement 17

Emergency response teams have been formed and trained to carry out procedures and respond to emergency situations.

Statement 18

A crisis management team has been formed to manage incidents and recovery of operations.

Statement 19

Regulators of our industry, consultants and auditors are satisfied with our organization’s Readiness planning efforts.

Statement 20

In the event of a significant business disruption, we feel certain that the critical components of our organization would be back in business within 3 business days.

Tell Us More About You