Auditing business continuity management plans. Assess and improve your performance against ISO 22301
Every organization needs a plan in place to recover key business processes following an incident which needs to match its priorities and expectations. This can be achieved through successful business continuity planning which is effectively a proactive incident management programme that is driven by business requirements.
The role of auditing is to assess and evaluate the effectiveness of the activities and functions of an organization against standards, regulations, best practice and organizational objectives. It can then provide advice and assurance as required by management.
Using risk as its basic evaluation tool and looking at those threats identified by the business as relevant provides audits with a unique insight into how organizations operate and how things may be improved or simplified.
Based on the new international standard for business continuity BS ISO 22301, this book combines personal experience and extensive research to produce an essential aid to developing a successful business continuity management programme.
It is a practical guide to using the insights that an auditor can provide through scrutiny and advice to help ensure that the plans decided on by management will achieve their planned and stated objectives.
About the Author
John Silltow has worked extensively in IT, audit and security across the UK and Europe. He has undertaken business continuity and disaster recovery reviews in private, public and for not-for-profit organizations. John has actively engaged in promoting the management, security and recovery of information assets. He has authored a number of books and articles and has presented at various international conferences. He has also been the editor of three magazines concerned with audit, security and control and currently works as a consultant, trainer and writer.
What does this book include?
1. Overview of business continuity and the role of audit
2. Setting the business continuity management policy
3. Developing the business continuity programme
4. Understanding the organization and its continuity requirements
5. Developing the business continuity strategy
6. Incident recovery
7. The continuity plans
8. Exercising and maintaining the continuity plans
9. Bringing business continuity into the culture
Appendix 1) Certification to ISO 22301:2012
Appendix 2) Risk
Appendix 3) Auditing the business continuity life cycle
Appendix 4) Auditing the project
Appendix 5) Document management
Appendix 6) Gold-silver-bronze command structure
Appendix 7) Business continuity policy statement