Transcription
ISO 22301 2019 BUSINESS CONTINUITY AUDIT TOOL7. ASSESS HOW WELL YOU CONFORM TO SUPPORT REQUIREMENTS7.1 ASSESS HOW WELL YOUR ORGANIZATION'S BCMS ACTIVITIES ARE RESOURCED1Do you identify the resources that your BCMS needs?2Did you identify the resources that are neededto establish your organization's BCMS?3Did you identify the resources that are neededto implement your organization's BCMS?4Do you identify the resources that are neededto maintain your organization's BCMS?5Do you identify the resources that are neededto continually improve your organization's BCMS?6Do you provide the resources that your BCMS needs?7Did you provide the resources that are neededto establish your organization's BCMS?8Did you provide the resources that are neededto implement your organization's BCMS?9Do you provide the resources that are neededto maintain your organization's BCMS?10Do you provide the resources that are neededto continually improve your organization's BCMS?YNYNYNYNYNYNYNYNYNYN7.2 ASSESS HOW WELL YOUR ORGANIZATION'S BCMS PERSONNEL PERFORM THEIR ROLES11Do you identify the competence requirements of thepeople under your organization's control who havean impact on its business continuity performance?1213Do you make sure that these people are competent?Do you ensure that they have the appropriateeducation, training, and experience?ORGANIZATION:YOUR LOCATION:COMPLETED BY:DATE COMPLETED:REVIEWED BY:DATE REVIEWED:AUGUST 2020PART 7YNYNYNPLAIN ENGLISH BUSINESS CONTINUITY AUDIT TOOLCOPYRIGHT 2020 BY PRAXIOM RESEARCH GROUP LIMITED. ALL RIGHTS RESERVED.EDITION 1.0PAGE 26
ISO 22301 2019 BUSINESS CONTINUITY AUDIT TOOL7. ASSESS HOW WELL YOU CONFORM TO SUPPORT REQUIREMENTSDo you document the competence of these people?1415Do you retain your documentation and use it as evidenceto demonstrate that your people are in fact competent?16Do you control your organization's competence documents?17Do you acquire necessary competence whenever current personnelfail to meet your organization's competence requirements?Do you consider helping your current personnelto improve their overall competence?18YNYNYNYNYN19Do you consider providing suitable training?YN20Do you consider offering mentoring services?YNYNDo you consider hiring competent people?2122Do you consider hiring competent employees?YN23Do you consider hiring competent contractors?YN24Do you consider reassigning unsuitable personnel?YNYN25Do you evaluate the effectiveness of any actions takento acquire the competence your organization needs?7.3 ASSESS HOW WELL YOUR ORGANIZATION'S BCMS PERSONNEL UNDERSTAND THEIR ROLES26Do you make your organization’s personnel aware of their BCMS?27Do you identify people working under your organization’s control?YNYN28Do you make sure that they are aware of the business continuity policy?YN29Do you make sure that they understand their approach to continuity?YNYNYN30Do you make sure that they understand theirown business continuity roles and responsibilities?31Do you make sure they understand whatthey need to do before disruptions occur?ORGANIZATION:YOUR LOCATION:COMPLETED BY:DATE COMPLETED:REVIEWED BY:DATE REVIEWED:AUGUST 2020PART 7PLAIN ENGLISH BUSINESS CONTINUITY AUDIT TOOLCOPYRIGHT 2020 BY PRAXIOM RESEARCH GROUP LIMITED. ALL RIGHTS RESERVED.EDITION 1.0PAGE 27
ISO 22301 2019 BUSINESS CONTINUITY AUDIT TOOL7. ASSESS HOW WELL YOU CONFORM TO SUPPORT REQUIREMENTS32Do you make sure they understand what theyneed to do while disruptions are occurring?33Do you make sure they understand what todo they need after disruptions have occurred?34Do you make sure that they understand whatcould happen if they fail to meet requirements?35Do you make sure that they understand how theycan help enhance the effectiveness of their BCMS?Do you explain why improving business continuityperformance is important to the organization?36YNYNYNYNYN7.4 ASSESS HOW WELL YOUR ORGANIZATION'S BCMS COMMUNICATIONS ARE CONTROLLED37Do you support your BCMS by managing BCMS communications?YN38Do you support BCMS by establishing BCMS communication systems?YN39Do you figure out how BCMS communications should be carried out?YN40Do you figure out how external communication must be handled?YN41Do you figure out what external communications need to say?YN42Do you figure out when external communication should be done?YN43Do you figure out who should carry out external communications?YN44Do you consider who should receive external communications?YN45Do you figure out how internal communication must be handled?YN46Do you figure out what internal communications need to say?YN47Do you figure out when internal communications should be done?YN48Do you figure out who should carry out internal communications?YN49Do you consider who should receive internal communications?YNORGANIZATION:YOUR LOCATION:COMPLETED BY:DATE COMPLETED:REVIEWED BY:DATE REVIEWED:AUGUST 2020PART 7PLAIN ENGLISH BUSINESS CONTINUITY AUDIT TOOLCOPYRIGHT 2020 BY PRAXIOM RESEARCH GROUP LIMITED. ALL RIGHTS RESERVED.EDITION 1.0PAGE 28
ISO 22301 2019 BUSINESS CONTINUITY AUDIT TOOL7. ASSESS HOW WELL YOU CONFORM TO SUPPORT REQUIREMENTS50Do you support your BCMS by encouraging effective communication?YN51Do you explain why communication must always be effective?YN52Do you explain why external communication is important?YN53Do you explain why internal communication is important?YN7.5 ASSESS HOW WELL YOUR ORGANIZATION'S BCMS DOCUMENTATION IS MANAGED7.5.1 ASSESS HOW WELL BCMS INFORMATION IS BEING DOCUMENTED54Do you figure out how extensive documented BCMS information should be?YN55Do you consider your size when you establish your documents?YN56Do you consider your services when you establish your documents?YN57Do you consider your products when you establish your documents?YN58Do you consider your activities when you establish your documents?YN59Do you consider your resources when you establish your documents?YN60Do you consider your personnel when you establish your documents?YN61Do you consider the competence of your organization's personnel?YN62Do you consider your processes when you establish your documents?YNYNDo you consider the complexity of your organization's processes?6364Do you select all the documented information that your BCMS needs?YN65Do you select all the internal documents that your BCMS needs?YNYN66Do you include all the documents required by ISO 22301 2019?67Do you include information that documents BC policy?YN68Do you include information that documents BCMS scope?YNORGANIZATION:YOUR LOCATION:COMPLETED BY:DATE COMPLETED:REVIEWED BY:DATE REVIEWED:AUGUST 2020PART 7PLAIN ENGLISH BUSINESS CONTINUITY AUDIT TOOLCOPYRIGHT 2020 BY PRAXIOM RESEARCH GROUP LIMITED. ALL RIGHTS RESERVED.EDITION 1.0PAGE 29
ISO 22301 2019 BUSINESS CONTINUITY AUDIT TOOL7. ASSESS HOW WELL YOU CONFORM TO SUPPORT REQUIREMENTS69Do you include information that documents BC objectives?YN70Do you include information that documents BC competence?YN71Do you include information that documents BC requirements?YN72Do you include information that defines your legal requirements?YN73Do you include information that defines regulatory requirements?YNYNDo you include information that documents BC processes?7475Do you include information that shows how processes follow plans?YN76Do you include information that documents BC nonconformities?YN77Do you include information that details subsequent actions taken?YN78Do you include docs that describe corrective actions taken?YN79Do you include docs that describe how effective actions are?YNYNYNDo you include docs that describe the results achieved?80Do you include information that documents BCMS results?8182Do you include information that describes measuring results?YN83Do you include information that describes monitoring results?YN84Do you include information that describes analytical results?YN85Do you include information that describes evaluation results?YN86Do you include detail that describes BCMS performance results?YN87Do you include detail that describes how effective BCMS is?YN88Etcetera: this section has 190 questions.Answer each of the above questions. Two answers are possible: Y (yes) and N (no). Y means you're in compliance whileN means you're not in compliance. Y answers require no further action while N answers point to things that need to be doneto improve the performance of your business continuity activities. Also, please use the column on the right to record your notes,and in the spaces below, enter the name and location of your organization, who completed this page, who reviewed it, and the dates.ORGANIZATION:YOUR LOCATION:COMPLETED BY:DATE COMPLETED:REVIEWED BY:DATE REVIEWED:AUGUST 2020PART 7PLAIN ENGLISH BUSINESS CONTINUITY AUDIT TOOLCOPYRIGHT 2020 BY PRAXIOM RESEARCH GROUP LIMITED. ALL RIGHTS RESERVED.EDITION 1.0PAGE 30
Now that you've seen a sample of our approach,please consider purchasing our complete audit tool:ISO 22301 2019 Business Continuity Audit Tool (Title 41).If you purchase our Plain English Audit Tool, you'll find that it'sdetailed, exhaustive, and easy to understand. We guarantee it.Title 41 comes in both MS Word and pdf file formats and is 70 pages long.
ISO 22301 2019 Business Continuity Audit Tool (Title 41). If you purchase our Plain English Audit Tool, you'll find that it's detailed, exhaustive, and easy to understand. We guarantee it. Title 41 comes in both MS Word and pdf file formats and is 70 pages long.
