Business Continutiy Plan (BCP) Training, Testing, and Auditing Checklists

Download Free Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) Training, Testing, and Auditing Checklists

Training and Testing
- Identify scope, timeline, and requirements for training.
- Determine training needs for each participant group (ERT, CMT, damage assessment, IT, etc.).
- Develop training approach (may use testing methods for training, see item 6).
- Develop training objectives.
- Develop training or testing duration and cost estimates.
- Develop training or test scenarios.
- Develop training or testing method (paper walk-through, functional, or fi eld exercises, full interruption).
- Develop training or testing evaluation criteria.
- Identify training or testing participants.
- Identify training or testing resources needed.
- Deliver training or conduct testing.
- Evaluate training or testing based on evaluation criteria.
- Collect and analyze lessons learned.
- Revise training, testing, or BC/DR plan, as appropriate.

IT Auditing
- Identify IT risk mitigation strategies selected.
- Audit IT risk mitigation strategies to ensure they have been properly implemented and configured.
- Audit IT systems to ensure systems identifi ed in BC/DR plan are still in place and functioning.
- Identify new technology implementations (planned or in progress) and assess against BC/DR objectives. Recommend revisions to technology plans or BC/DR plans as appropriate.
- Identify technology to be replaced or decommissioned (planned or in progress) to assess the impact on BC/DR plans. Recommend revisions to technology plans or BC/DR plans as appropriate.
- Audit all processes in BC/DR plan related to IT systems to ensure steps, processes, requirements, tools, supplies, and resources identifi ed are still accurate, current, relevant, and complete.
- Audit IT response team to ensure team is intact, ready to respond, has clear understanding of roles/responsibilities, has tools/resources to implement plan.
- Audit existing systems to ensure compliance with current BC/DR plans including: Operating systems, Networking and telecommunications equipment, Database and applications, Systems backups, Security controls, Integration and testing ,Other (define)