Sooner or later if your organization had a commitment to process improvement, you will need to audit your existing business continuity plans. As it is a combination of audit and testing that absence a real disaster tells you whether you are on the right track.
Performing the Audit
When performing your 1st audit, where do you start? You will need to settle on a framework. If your plan was initially put together using a framework, that’s great, because that might be the best framework to use. However, some organizations have additional requirements, they may not expressly be included in the framework chosen. (Ex. FFIEC and NASD all have Business Continuity Requirements).
Once the framework is chosen, performing the audit needs to include both a document review against the framework requirements, as well as specific testing. This testing may take the form of sample interviewing and performance of establish tasks. It is important to also review any test/rehearsals that took place during the review period.
Business Continuity Technology – Documenting your Plan
There are many tools that are available to Business Continuity Planners. Many of these tools assist a planner in the development and maintenance of their plan. Prior to purchasing one of these planning tools, an organization should take stock of their business needs, the plan scope and the current and projected future size of the business.
Ultimately the technology an organization settles on can be as simple as a series of Excel spreadsheets and Word documents, placed into a document management tool such as SharePoint, to a complex tool such as SunGard/Strohl’s LDRPS. The important thing is to fit the Business Continuity Technology utilized to the needs of the organization and not the other way around.