Bs 25999 Business Continuity Management by uub13461

VIEWS: 106 PAGES: 8

More Info
									                                  Assessing a Business Continuity
                                    Programme against BS25999


                                         Insert Organisation's Name

   Date:

   Compiled by:

   Description of service conducted:




   Instructions for Completing Assessment:
   For each question, select the description which best matches your current position by
   clicking on the drop down box in the 'degree of compliance' column.


   The selected option will automatically generate a score in the appropriate column.


   The Assessment Chart will be updated automatically.


   Results

   Assessment below 60% in any area is RED


   Assessment between 61% and 79% is AMBER


   Assessment greater than 80% is GREEN




D:\Docstoc\Working\pdf\f663b9b9-d083-454e-b68f-999904a0b6a9.xls                            1/10/2011
                                  Assessing a Business Continuity
                                    Programme against BS25999



                                                                       Degree of
Ownership and Management                                                             Score
                                                                      Compliance


    Does the BCM programme have a Champion at Board/Executive
1
    level?
                                                                       NoneScore 0     0



2 Has the business nominated a BCM Programme Co-ordinator?             NoneScore 0     0


    Are the objectives and scope of the BCM programme clearly
3
    documented?
                                                                       NoneScore 0     0


    Do the BCM objectives align with key Business Objectives of the
4
    Company?
                                                                       NoneScore 0     0


    Has a clear BCM policy statement been written and shared with
5
    staff and key stakeholders?
                                                                       NoneScore 0     0


Total Weighted Score                                                                   0


Percentage Achievement                                                   0.00%




D:\Docstoc\Working\pdf\f663b9b9-d083-454e-b68f-999904a0b6a9.xls                            1/10/2011
                                  Assessing a Business Continuity
                                    Programme against BS25999


                                                                             Degree of
Roles and Responsibilities                                                                Score
                                                                            Compliance


6 Does each Business team have a nominated BC Manager?                      NoneScore 0     0


  Is there a nominated Emergency Response Team Leader at each
7 business location? ('fixing the problem' at the time of the incident)     NoneScore 0     0


  Is there a nominated Crisis Team Leader?
8 (managing business issues' arising in the short/medium term after the     NoneScore 0     0
  incident)'


  Is there a nominated Business Recovery Team Leader?
9 ('getting the business on its feet again' in the medium/long term after   NoneScore 0     0
  the incident)



     Do each of the teams have clearly defined roles and
10
     responsibilities?
                                                                            NoneScore 0     0


     Does the BCM programme cover the whole business, including
11
     suppliers, customers and partners?
                                                                            NoneScore 0     0


   Is the BCM Programme Co-ordinator knowledgeable &/or
12 experienced in BCM, or has external advice been sought to                NoneScore 0     0
   ensure application of 'good BCM practice'?



Total Weighted Score                                                                        0


Percentage Achievement                                                        0.00%




D:\Docstoc\Working\pdf\f663b9b9-d083-454e-b68f-999904a0b6a9.xls                                 1/10/2011
                                  Assessing a Business Continuity
                                    Programme against BS25999


                                                                       Degree of
Risk Assessment and Business Impact Analysis                                        Score
                                                                      Compliance

   Has a Risk Assessment/Business Impact Analysis been carried
   out covering:
      What could go wrong?
13
      What could be affected?
                                                                      NoneScore 0     0
      What would be the short/long term effects on the company,
   customers and relationships with suppliers, partners etc?


   Has the tolerance to disruption been established? (how long or
14 how much cost can be sustained before unacceptable damage to the   NoneScore 0     0
   business occurs)



     Have the critical processes been defined? (consider critical
15
     processes to the business both inside and outside the company)
                                                                      NoneScore 0     0


     Have control measures for each risk been evaluated and an
16
     action plan to meet the agreed standards been put in place?
                                                                      NoneScore 0     0


   Have clear Recovery Time Objectives (RTO) and Recovery Point
17 Objectives (RPO) been established which are in line with the       NoneScore 0     0
   tolerance to interruption and the key business objectives?



Total Weighted Score                                                                  0


Percentage Achievement                                                  0.00%




D:\Docstoc\Working\pdf\f663b9b9-d083-454e-b68f-999904a0b6a9.xls                           1/10/2011
                                  Assessing a Business Continuity
                                    Programme against BS25999


                                                                       Degree of
                 Business Continuity Plans                                          Score
                                                                      Compliance

   Is there an up-to-date and tested Business Continuity Plan which
18 includes specific actions relating to: Emergency Responses,        NoneScore 0     0
   Crisis Management and Business Recovery?




19 Is there a clear decision making and communication process?        NoneScore 0     0


     Does the plan include recovery strategies which meet the RTO
20
     and RPO for every critical business process?
                                                                      NoneScore 0     0


     Are the resource requirements for the recovery strategies
21
     identified and provided for?
                                                                      NoneScore 0     0



22 Have critical supplier BCP's been assessed?                        NoneScore 0     0


Total Weighted Score                                                                  0


Percentage Achievement                                                  0.00%




D:\Docstoc\Working\pdf\f663b9b9-d083-454e-b68f-999904a0b6a9.xls                           1/10/2011
                                  Assessing a Business Continuity
                                    Programme against BS25999


                                                                         Degree of
                           Making It Work                                             Score
                                                                        Compliance


     Is a formal programme in place for exercising each aspect of the
23
     BCM programme?
                                                                        NoneScore 0     0


   Is a formal programme in place for maintaining Emergency
24 Response, Crisis Response and Business Recovery aspects of           NoneScore 0     0
   the BCM programme?



     Is there a formal programme for auditing the BCM programme
25
     and reporting results to the Company Board?
                                                                        NoneScore 0     0


   Is there evidence of ongoing commitment to contribute to the
26 building and embedding of a BCM culture, to build awareness,         NoneScore 0     0
   confidence and competency within the Company?


   Are staff aware of the BCM programme, the plans in place and
27 are they trained to meet their individual roles in response to an    NoneScore 0     0
   incident?




28 Is BCM a regular agenda item for Management Team meetings?           NoneScore 0     0


   Are the results of exercising, maintenance, auditing and plan
29 invocations appropriately fed back to staff, Senior Management       NoneScore 0     0
   and the BCM team?


   Is there a clearly identified BCM Champion who will ensure that
30 action plans are developed to incorporate lessons into the BCM       NoneScore 0     0
   programme and will ensure these measures are pushed through?



Total Weighted Score                                                                    0


Percentage achievement                                                    0.00%




D:\Docstoc\Working\pdf\f663b9b9-d083-454e-b68f-999904a0b6a9.xls                             1/10/2011
                                  Assessing a Business Continuity
                                    Programme against BS25999



              BCM ASSESSMENT SUMMARY                                 Results


Ownership and Management                                            0%

Roles and Responsibilities                                          0%

Risk Assessment and Business Impact Analysis                        0%

Business Continuity Plans                                           0%

Making It Work                                                      0%

            OVERALL SCORE                                           0%




D:\Docstoc\Working\pdf\f663b9b9-d083-454e-b68f-999904a0b6a9.xls                1/10/2011
                                                                                                             9



                                                 Assessing
                                      [INSERT ORAGNISATIONS NAME]
                                      Business Continyiuty Programme
                                              against BS25999


                               BCM Assessment Against BS25999
              100%
                                                                                           Satisfac-tory
              80%

              60%                                                                          Needs
                                                                                           Attention

              40%

              20%                                                                          Unsatis-factory



               0%
                                                 Risk
                      Ownership               Assessment
                                 Roles and                 Business
                         and                     and                    Making It   OVERALL
                                Responsibilit              Continuity
                      Managemen                Business                  Work        SCORE
                                    ies                     Plans
                          t                     Impact
                                               Analysis
            Series1      0%          0%          0%           0%          0%          0%




1/10/2011

								
To top