|Event Date||Tue Feb 25 EST (almost 2 years ago)|
ISO 22301 is a great standard to plan against and to audit against, even if an organization does not plan on becoming ISO Certified. Successful business continuity planning involves the entire organization, requires clear and consistent communication and encompasses how employees will communicate, where they will go and how they will keep doing their jobs. It also prepares the organization for disruptive events. Why is a Business Continuity Program important: 61% of companies surveyed had to invoke their BCP; 43% had to invoke it more than once. Key causes include: natural disaster, power outage, IT failure, flood, fire, telecom failure, utility outage and pandemic. What were the top 3 lessons learned from invocation? There had not been enough training and awareness efforts across the company: 48% of plans didn’t adequately address emergency communications: 37% of key staff had not been included in testing; as a result they did not know their roles and responsibilities in the plan and 25% had cyberattacks.
• You will be able to identify what should be included in a business continuity audit.
• You will be able to recognize which regulations and standards apply to business continuity audits.
• You will be able to explain how to verify measures to ensure continuity.
• You will be able to discuss how to evaluate quality vs. a general template.
Michael C. Redmond, PhD
Director, IT&GRC Consulting and Auditing (Cyber, Information Security, Business Continuity), EFPR Group