Disaster Recovery Business Continuity Rating Risk

ITIL Framework to Rate Risk

Order DRP Audit Program  Version History  Download Sample

Janco has found that over 30% of all Disaster Recovery Business Continuity Plans are in-complete or in-accurate

The typical organization has hundreds of applications all at different recoverability capability. For example some have no plan, some have out of region architectures some have not exercised in long time and some are in great shape testing every quarter.

All of the applications need to be categorizing them so that the Disaster Planning Team can start remediating the ones that place the enterprise at the most risk to the business from both a compliance and readiness perspective.

Using the ITIL framework, you can weigh each Critical Success Factor (CSF) and scoring their Key Performance Indicators (KPI). That allows you to create a rating system and developing a score card report by tiers.

Weighting Critical Success Factors


  • 6 = Critical to success of recovery
  • 3 = Required for timely recovery (could recover without but risk is increased)
  • 1 = Needed to support recovery but only minimal impact on recovery efforts

Scoring of Key Performance Indicators


  • Not in place or not implemented = 0
  • Completed but past the KPI deadline, not accurate or incomplete = 1
  • In place or completed on time = 3
  • Final rating for each CSF and the associated KPI multiply the weight of the CSF by the score of the KPI

Critical Success Factors/Key Performance Indicators Examples:

  • CSF: Conduct exercise at alternate facility (Weight 6)
    • KPI = Conduct an annual exercise alternate facility
  • CSF: Update BCP Plans (Weight 3)
    • KPI = Update BCP plans by <insert date> each year
  • CSF: Conduct Annual Tabletop of recovery Plan (Weight 3)
    • KPI = Conduct at least 1 annual tabletop of BCP plans by December

Order DR Audit Program  Sample DR Audit Program

DRP BCP Sample Audit ProgramDisaser Recovery Business Contininty and Security Audit Bundle

  • Disaster Recovery Business Continuity Template
  • Security Manual Template
  • Disaster Recovery Business Continuity Audit Program
  • Security Audit Program

Order Audit Program  Download Table of Contents

Security Audit ProgramSecurity Audit Program - Self Scoring Tool

  • Comes in MS EXCEL and PDF formats
  • Addresses Ransomware and Work From Home (WFH)
  • Meets ISO 28000, 27001, 27002, Sarbanes-Oxley, PCI-DSS and HIPAA requirements
  • Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 39 separate task groupings including BYOD

Over 3,000 enterprises from around the world have chosen at least one of Janco's products. The Security Audit program is a must have tool that not only assists in meeting compliance requirements but also is a great way to validate that your enterprise is ready for your next external audit.

Order Audit Program  Download Table of Contents

DRP BCP AuditDR/BC Audit Program

  • Comes in MS WORD format and PDF
  • Meets ISO 27001, 27002, 27031, 28000, Sarbanes-Oxley, PCI-DSS, FIPS-199, and HIPAA requirements
  • Includes BYOD and other mobile devices
  • Approximately 50 specific items that the audit covers in theĀ 17 page audit program

Order DR Audit Program  Sample DR Audit Program

Order Audit Program  Download Table of Contents

Security Manual Template - Standard Edition

Security Manual Template
  • Business and IT Impact Questionnaire
  • Threat and Vulnerability Assessment Toolkit
  • Security Management Checklist
  • Full Detail Policies for
    • Blog and Personal Website Policy
    • Internet, Email, Social Networking, Mobile Device, and Electronic Communication Policy
    • Mobile Device Policy
    • Physical and Virtual File Server Policy
    • Sensitive Information Policy
    • Travel and Off-Site Meeting Policy
  • Job Descriptions for the Chief Compliance Officer, Chief Security Officer, Data Protection Officer, Manager Security and Workstations, Manager WFH Support, Security Architect, and Systems Administrator.
  • Work From Home (WFH) operational rules
  • HIPAA Audit Program
  • GDPR Compliance Checklist to meet EU Requirements
  • CCPA - California Consumer Privacy Act requirements definition
  • Consumer Bill of Rights
  • Sarbanes Oxley Section 404 Checklist
  • HIPPA Audit Proram
  • Security Audit Program- fully editable -- Comes in MS EXCEL and PDF formats -- Meets GDPR, ISO 28000, 27001, 27002, Sarbanes-Oxley, PCI-DSS, HIPAA FIPS 199, and NIS SP 800-53 requirements -- Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings
  • Electronic forms that can be Emailed, completed via a computer or tablet, and stored electronically including: Blog Policy Compliance, BYOD Access and Use, Company Asset Employee Control Log, Email - Employee Acknowledgment, Employee Termination Checklist, FIPS 199 Assessment Electronic Form, Internet Access Request, Internet Use Approval, Internet & Electronic Communication - Employee Acknowledgment, Mobile Device Access and Use Agreement, Employee Security Acknowledgment Release, Preliminary Security Audit Checklist, Risk Assessment, Security Access Application, Security Audit Report, Security Violation Reporting, Sensitive Information Policy Compliance Agreement, Server Registration, and Threat and Vulnerability Assessment
  • eReader version of the Security Manual Template

Order Security Manual Template Download Sample

Disaster Recovery Business ContinuityDisaster Recovery Business Continuity Standard Edition

Disaster Recovery Business Continuity Template (WORD) - comes with the latest electronic forms and is fully compliant with all mandated US, EU, and ISO requirements.

  • Fully editable Disaster Recovery Business Continuit template
  • Disaster Recovery Business Continuity Audit Program - Compliant with ISO 27031, ISO 22301, and ISO 28000
  • Disaster Recovery Manager Job Description
  • Manager Disaster Recovery & Business Continuity Job Description
  • Application Inventory and Business Impact Analysis Questionnaire
  • Incident Communication Plan and Policy with BEST PRACTICES for
    • News Conferences
    • Media Relations
  • Social Network Checklist
  • Included with the template are Electronic Forms which have been designed to lower the cost of maintenance of the plan. Electronic Forms that can be e-mailed, completed via a computer or tablet, and stored electronically including:
    • LAN Inventory, Location Contact Numbers, Off-Site Inventory, Pandemic Planning Checklist; Personnel Locations, Plan Distribution, Remote Location Contact Information, Server Registration, Team Call List, Vendor Contact Information, and Vendor/Partner Questionnaire
    • Added Bonus - Safety Program Electronic Forms -- Area Safety Inspection, Employee Job Hazard Analysis, First Report of Injury, Inspection Checklist - Alternative Locations, Inspection Checklist - Office Locations, New Employee Safety Checklist, Safety Program Contact List, and Training Record

Order DRP BCP Template  DRP BCP Sample

Disaster Planning Security Policies Procedures Job Descriptions IT Governance Infrastructure Strategy IT Salary Survey DRP Security