HR, Legal and Media Communications Disaster Recovery 10 Point Checklist
Even with detailed disaster recovery and business continuity plans in place there are significant risks to the execution of the plans and safety of enterprise employees. Janco has produced a 10 point checklist that addresses these issues. . .
A list of 10 questions to rank how comprehensive your organization's processes are around disaster recovery and business continuity plans.
- Is there a consistent security, safety, and HR approach across all service areas and lines of business?
- Is there a business continuity champion within
- Legal Department and
- Media Communications
- Do you regularly involve, brief, and train staff on the organization's business continuity plans?
- Is a Social Media channel established?
- Has this been communicated to everyone with the enterprise?
- Have pre-approved messages been written for each stage of the recovery process?
- Do you have an enterprise information line or HR incident line?
- Have your response plans considered duty of care and reputational implications?
- Does your plan include cross-training of both in-house and out-house staff?
- Do you have a detail organization chart with job descriptions, role definitions, and responsibilities for all major and minor participants during the recovery process?
- Are responsibilities and succession planning defined in the plan?
- Is it clear how communication with staff will be handled?
- Does your plan cover common people-related impacts, such as unavailability of key players?
- Do you review all enterprise policies to consider whether they will hold up during a crisis?
- Have you considered how you will deal with staff with special needs requirements at any disaster recovery center or alternative site?
- Is all staff contact data, including next of kin, current? Is it updated at least quarterly or when there are staff changes?
- Do you have a process for locating staff to ensure that they are safe?
- Have you reviewed your travel and purchasing policies to accommodate the need for flexibility during and after an incident?
- Does your testing go beyond a regular disaster recovery - business continuity tests?
- Do you have sufficient flexibility in contracts to deal with the need for change of location, extended working hours or other changes to working terms and conditions?
- Do you have established methods for monitoring threats and receiving government advice, for example, for pandemics?
Score one point for each area and sub-point covered in your plan. Deduct one point if it is absent and score zero if you don't know! Ranking Matrix scoring table:
- 0–15 points - Revisit your disaster recovery business continuity plan retest your plan on a quarterly basis.
- 16–20 points - Work on improving your plans implementation and retest your plan on a semi-annual basis
- 20+ points - Review and retest you plan at least on an annual basis
Disaster Recovery and Business Continuity Job Descriptions Updated
What roles and responsibilities do people have during the planning, plan activation and recovery process is a question that need to be addressed before an event occurs. . .
CIOs and HT managers have have asked us what are the roles and responsibilities of staff in the disaster and business continuity process. Janco has recently updated all of its job descriptions and the Disaster Recovery Business Continuity Job Description Bundle. Each job description is at least 3 pages (single spaced) long, comes in Microsoft WORD, and is easily modifiable. The job descriptions included are:
- Chief Information Officer,
- Chief Security Officer,
- Chief Compliance Officer,
- VP Strategy and Architecture,
- Director Disaster Recovery and Business Continuity,
- Director e-Commerce,
- Director Media Communications,
- Manager Disaster Recovery,
- Manager Disaster Recovery and Business Continuity,
- Disaster Recovery Coordinator,
- Disaster Recovery - Special Projects Supervisor,
- Manager Database,
- Capacity Planning Supervisor,
- Manager Media Library Support,
- Manager Site Management, and
- Pandemic Coordinator
Audit Program for Disaster Recovery Business Continuity Updated for ISO 22310
ISO 22310 is a more robust standard than the earlier ones set by ISO
ISO 22301 is the latest ISO Business Continuity standard. It is called "Societal security - Business continuity management systems - Requirements". In addition ISO's "Plan-Act-Do-Check" it addresses:
- Objectives and monitoring performance - While continuity objectives were required in BS 25999, the requirement for them to be measurable was not specifically defined. ISO 22301 changes this by placing emphasis on measurable objectives as well as emphasis on monitoring performance.
- Terms and Definitions - The terms and definition section (Clause 3) have been expanded significantly. It now includes reference to terms that have been common in business continuity such as RPO (Recovery Point Objective).
- Legal and Regulatory Requirements - Similar to ISO 27001 Annex A.15, ISO 22301 places a requirement on the organization to establish, implement, and maintain a procedure to identify, have access to and assess the applicable legal and regulatory requirements for its organization as they relate to continuity of its operations, products, services, and the interests of interested parties.
- Communication - There is an expanded communication section within the new standard which specifically requires communication plans for internal and external interested parties.
- Business Continuity Strategy - BS 25999 did an excellent laying out a framework for Business Impact Analysis and Risk Assessment. ISO 22301 goes into much more detail on business continuity strategy.
- Alignment to other Management System Standards - BS 25999 was not a fully integrated management system standard; although many companies implemented BS 25999 as if it was a full management system ISO 22301. ISO 22301 follows the new requirements and alignment for all management system standards and is the 1st new standard to adopt these practices.