Understanding Your Business
In the last three years, have you experienced a crisis that has impacted your business operations for at least 4-48 hours?
Is there someone in your business that has direct responsibility for Business Continuity Management?
Do employees know their roles and responsibilities during a crisis?
In the event of a crisis or major business disruption, have you identified what functions are critical to maintaining business operations?
Understanding Your Risk
Have you identified potential natural and man-made risks that could impact your business?
Are risk assessments conducted and updated each year?
Are emergency response plans in place to address these risks?
Understanding the Impact
Do you have recovery strategies and measures in place to minimize impacts to business operations?
Have you established recovery time objectives (RTOs) for critical functions?
Do you have an IT disaster recovery plan in place with formal backup and recovery procedures?
Business Continuity Planning (BCP)
Do you have a documented business continuity plan?
Is the business continuity plan annually reviewed and updated?
Do you have a crisis communications plan for internal/external stakeholders?
Embedding in Your Business
Are business continuity exercises or training conducted annually?
Are you incorporating lessons learned from exercises, tests, and real incidents into future crisis planning?
