Docstoc

System

Document Sample
System Powered By Docstoc
					                                                             Audit Programme

Business Continuity Planning        Overall Objective:                  The organisation has in place up to date and tested business continuity plans for all
(Detailed)                                                              mission critical activities.



Control Objective                   1. An effective risk assessment has been carried out to identify the business and IT systems critical to the
                                       organisation.
       Expected Controls                                                              Tests                                                          WP
1.1 A business impact review has    1.1.1 Assess whether an effective business impact review has been carried out and documented.
    been carried out and an
    assessment made of the risks.   1.1.2 Review the conclusions arising from the review and action taken.
                                    1.1.3 Assess the adequacy of the arrangements.




Job No ____________________________________________                        Completed by ________________             Reviewed by __________________

Audit Title ___________________________________________                    Date ________________________             Date __________________________
                                                                 Audit Programme

Business Continuity Planning            Overall Objective:                  The organisation has in place up to date and tested business continuity plans for all
(Detailed)                                                                  mission critical activities.



Control Objective                       2. A continuity plan has been prepared that details the procedures to allow recovery from a partial or total loss of IT
                                           and business services in a controlled manner.
       Expected Controls                                                            Compliance Tests                                                      WP
2.1 A disaster recovery plan has        2.1.1 Ask to see a copy of the disaster plan and evaluate its currency and completeness.
    been prepared and approved          2.1.2 Check that the plan identifies the critical business and IT systems, resources, the interlinkages of
    by management.                            corporate and local processes and systems and logistical aspects fundamental to the recovery and
                                              survival of the business.
                                        2.1.3 Review the emergency arrangements for completeness and comprehensive coverage of all the
                                              emergencies that might occur.
                                        2.1.4 Verify that the plan is documented in sufficient depth to ensure recovery procedures will be
                                              executed correctly and in the right sequence.
2.2 Contingency plans have been         2.2.1 Confirm that contingency plans cater for all eventualities.
    prepared for non-critical
    failures.
2.3 Plans have been documented          2.3.1 Check that appropriate staff have been issued with a copy of the plan. Confirm that copies of the
    and circulated to key staff.              plan are held securely at relevant off-site locations.
2.4 Responsibility for dealing with a   2.4.1 Identify responsibilities for contingency planning and roles and responsibilities of all involved.
    disaster has been assigned to       2.4.2 Interview selected staff to establish their knowledge and understanding of the plan.
    a disaster recovery team and
    the respective roles and            2.4.3 Review the emergency procedures in the plan for completeness and comprehensive coverage of
    responsibilities of the team are          all the emergencies that might occur at the site.
    documented and understood by
    all team members.
2.5 The disaster recovery plan is       2.5.1 Obtain a copy of the computer disaster recovery plan.
    tested periodically, reappraised    2.5.2 Review the frequency of testing, the testing process and review the results.
    and kept up to date in the light
                                        2.5.3 Check that any failures of the plan are acted upon.


Job No ____________________________________________                            Completed by ________________              Reviewed by __________________

Audit Title ___________________________________________                        Date ________________________              Date __________________________
                                                               Audit Programme

Business Continuity Planning          Overall Objective:                  The organisation has in place up to date and tested business continuity plans for all
(Detailed)                                                                mission critical activities.


Control Objective                     2. A continuity plan has been prepared that details the procedures to allow recovery from a partial or total loss of IT
                                         and business services in a controlled manner.
        Expected Controls                                                         Compliance Tests                                                      WP
    of changes to the risk            2.5.4 Ask staff who is responsible for maintaining the document.
    assessment.
2.6 Standby disaster recovery         2.6.1 Check that the installation standby and recovery plans are well documented.
    facilities have been arranged     2.6.2 Ask to see a copy of the standby agreement and check that it is reviewed periodically.
    and are periodically tested to
    ensure that they are effective,   2.6.3 Establish the arrangements that exist to keep all parties to a standby agreement informed of any
    workable and current.                   hardware or software changes which would impact upon the agreement.
                                      2.6.4 Check that standby arrangements are tested from time to time in circumstances as near as
                                            possible to those that would prevail in a real emergency.
2.7 Disaster recovery procedures      2.7.1 Obtain a copy of the organisation’s system development methodology and check whether disaster
    are considered during the               recovery should be considered as part of the system specification.
    specification of any new          2.7.2 Request details for a recent system development and ask staff about any system recovery
    computer applications and to            procedures.
    safeguard systems under
    development.                      2.7.3 Obtain a copy of the disaster recovery plan and check that consideration has been given to test
                                            and development libraries.




Job No ____________________________________________                          Completed by ________________              Reviewed by __________________

Audit Title ___________________________________________                      Date ________________________              Date __________________________

				
DOCUMENT INFO
Shared By:
Tags: Syste
Stats:
views:60
posted:11/30/2009
language:English
pages:3
Description: System