2 Minute Business Continuation Gap Analysis Worksheet
Download as DOCX, PDF
1 like635 views
This document is a gap analysis questionnaire that asks a company representative questions about their business continuity, emergency response, disaster recovery, and information security programs and policies. The questionnaire contains over 20 multiple choice questions regarding things like whether the company has assigned roles and responsibilities for these programs, formal policies and procedures, periodic reviews, business impact analyses, recovery time objectives, data backup procedures, and emergency response plans. The respondent is asked to select yes, no, or don't know answers for each question.
2 Minute Business Continuation Gap Analysis Worksheet
- 1. Gap Analysis Questionnaire Date Company Person Completing Questionnaire ----------------------------------------------------------------------------------------------------------------------------------Does your company have specific person(s) formally assigned to perform Business Continuation, Emergency Response, Disaster Recovery, or Information Security responsibilities? ( ) Yes ( ) No ( ) I dont know Optional Comment Does your company have a formal employee awareness campaign for Business Continuation, Emergency Response, or Information Security programs? ( ) Yes ( ) No ( ) I dont know Optional Comment Does your company have formal Corporate Business Continuation, Emergency Response, Disaster Recovery, or Information Security Policies / Procedures? ( ) Yes ( ) No ( ) I dont know Optional Comment Does your companys Senior Management formally review / approve the Business Continuation, Emergency Response, or Disaster Recovery plans on a periodic basis? ( ) Yes ( ) No ( ) I dont know Optional Comment Copyright 息 2014 All Rights Reserved. Page 1 of 5 Ver 5.0 Business As Usual, Inc. Confidential when completed.
- 2. Does your companys Senior Management formally review / approve the results of all Business Continuation, Emergency Response, and Disaster Recovery tests / exercises? ( ) Yes ( ) No ( ) I dont know Optional Comment Does your company conduct formal, periodic, and enterprise wide Business Impact Analysis (B.I.A.) and/or Risk Assessments? ( ) Yes ( ) No ( ) I dont know Optional Comment Does your company have a formal Business Unit work-area recovery (i.e., work-from-home, remote facility, etc.) strategy? ( ) Yes ( ) No ( ) I dont know Optional Comment Does your company formally identify, and prioritize, its mission critical business units and their respective mission critical business functions? ( ) Yes ( ) No ( ) I dont know Optional Comment Are Business Units and Information System Departments respective Recovery Time Objectives (R.T.O.) formally and periodically reconciled and gaps addressed? ( ) Yes ( ) No ( ) I dont know Optional Comment Does the Information Systems Department have formal access to hot, warm, or cold site(s) for their recovery efforts? ( ) Yes ( ) No ( ) I dont know Optional Comment Copyright 息 2014 All Rights Reserved. Page 2 of 5 Ver 5.0 Business As Usual, Inc. Confidential when completed.
- 3. Does the Information Systems Department have current, formal, and tested Disaster Recovery Plans? ( ) Yes ( ) No ( ) I dont know Optional Comment Does each mission critical Business Unit have a current, formal, and tested Business Continuation Plan? ( ) Yes ( ) No ( ) I dont know Optional comment _____________________________________________________________________ Does your Information Systems Department maintain an inventory of critical computer applications utilized by the Business Units along with the systems respective R.T.O.s? ( ) Yes ( ) No ( ) I dont know Optional Comment Are critical data files backed up on a periodic basis and the resulting backup media taken off-site in a timely manner? ( ) Yes ( ) No ( ) I dont know Optional Comment Does the Information Systems Department periodically audit its data back-up / off-site media storage programs? ( ) Yes ( ) No ( ) I dont know Optional Comment Does your company have a formal Crisis Management Team? ( ) Yes ( ) No ( ) I dont know Optional Comment Copyright 息 2014 All Rights Reserved. Page 3 of 5 V 4.3 Business As Usual, Inc. Confidential when completed.
- 4. After a significant adverse event, does your company conduct a formal Process Improvement Post-mortem? ( ) Yes ( ) No ( ) I dont know Optional Comment Does your company have a formal policy for using Social Media during an emergency event? ( ) Yes ( ) No ( ) I dont know Optional Comment Does your company have a formal and adequately equipped Emergency Operations Command Center? ( ) Yes ( ) No ( ) I dont know Optional Comment Has your company been recently written up by Audit (internal or external) regarding deficiencies in your Business Continuation, Emergency Response, Disaster Recovery, or Information Security programs? ( ) Yes ( ) No ( ) I dont know Optional Comment Does your company maintain, off-site, contact list(s) of its critical vendors and key customers (with respective emergency ( 7 x 24 ) contact information)? ( ) Yes ( ) No ( ) I dont know Optional Comment Are copies of the Business Continuation, Emergency Response, and Disaster Recovery plans stored at secure off-site location(s)? ( ) Yes ( ) No ( ) I dont know Optional Comment Copyright 息 2014 All Rights Reserved. Page 4 of 5 Ver 5.0 Business As Usual, Inc. Confidential when completed.
- 5. Business As Usual, Inc. (972) 743-2631 john-small@business-as-usual.com http://www.business-as-usual.com Copyright 息 2014 All Rights Reserved. Page 5 of 5 Ver 5.0 Business As Usual, Inc. Confidential when completed.