BCP Internal Audit Form v3
BCP Internal Audit Form v3
BCP Internal Audit Form v3
Risk / Threat Assessment completed as part of the BIA 5.4 4.1.2 4.3.1 3.0
RTO and RPO identified for each Critical Business Process 5.5 4.1.1 4.3.3 6.0
Supply base (supply chain) risks identified 5.5 4.1.1 4.3.3 3.0/5.0/6.0
Potential points of failure identified and documented 5.5 4.1.1 4.4.6/4.4.7 3.0
ASIS
Best NFPA 1600-
Y N N/A SUBJECT BS 25999-2 SPC.1 - DRII - 2008
Practice 2010
2009
Describes site response procedures and responsibilities 5.1-5.3/5.6/5.7 4.1.3 4.4.7 5.0
Includes listing of internal and external emergency contacts 5.1-5.3/5.6/5.7 4.1.3 4.4.7 9.0/10.0
Includes list of all regulatory agencies to be notified 5.1-5.3/5.6/5.7 4.1.3 4.4.7 9.0/10.0
Outlines responsibilities for emergency public information 6.8 4.3 4.4.7 10.0
4.3.1/4.3.
Describes incidents most likely to occur on site 5.4 4.1.2 3.0
2
4.4.3/4.4.
Includes all internal notification procedures 6.3 4.3 9.0
7
Includes activation/escalation procedures for the crisis 4.4.3/4.4.
6.3 4.3 5.0/9.0
response team 7
4.4.3/4.4.
Includes initial response activity information 6.3 4.3 5.0/9.0
7
5.1-5.3/6.4- 4.4.6/4.4.
Describes process for requesting additional resources 4.3 5.0/6.0
6.6/6.9 7
4.4.6/4.4.
Describes process for completing initial damage assessments 6.4/6.7/6.9 4.3 5.0
7
Includes Site EH&S Plan and/or identifies roles and
responsibilities
Includes Site Security Plan and/or identifies roles and
responsibilities
Includes Site Facilities Plan and/or identifies roles and
responsibilities
Describes Incident Command Post criteria and locations 6.10 4.3 4.4.7 5.0/6.0
3.1/3.2.2/3. 4.1.1/4.2.
Plan is distributed and available to critical team members 4.1/4.2/4.3/4.4 2.3/3.2.4/3. 1/4.2.2/4. 1.0
3 4.1
ASIS
Best NFPA 1600- DRII -
Y N N/A SUBJECT BS 25999-2 SPC.1 -
Practice 2010 2008
2009
Describes roles and responsibilities (per organization chart)
5.1-5.3/5.6/5.7 4.1.3 4.4.1 1.0
of crisis response team members
3.1/3.2.2/3. 4.1.1/4.2.
Plan is accessible for all team members 4.1/4.2/4.3/4.4 2.3/3.2.4/3. 1/4.2.2/4. 1.0
3 4.1
ASIS
Best NFPA 1600- DRII -
Y N N/A SUBJECT BS 25999-2 SPC.1 -
Practice 2010 2008
2009
Describes roles and responsibilities for ensuring business
4.4.1/4.4.
operations are restarted immediately following any major 9.0/9.2/9.4 5.1-5.3/5.6/5.7 4.1.3 2.0/5.0
7
emergency or disaster
Includes names and telephone numbers of key team
9.6 5.1-5.3/5.6/5.7 4.1.3 4.4.7 9.0
members including at least one alternate for each position
Describes business recovery team activation/notification 4.4.3/4.4.
9.2/9.3 6.3 4.3 5.0/9.0
procedures 7
Describes activities critical to restarting critical operations 9.4 5.5 4.1.1 4.3.1 3.0
Includes procedures for administrative support activities 9.2 minimal 4.7 4.3 4.4.6 1.0
Establishes guidelines to communicate with employees 8.0/9.2 6.3 4.3 4.4.3 9.0
3.1/3.2.2/3. 4.1.1/4.2.
Plan is accessible to all team members 9.6 4.8/4.1-4.4 2.3/3.2.4/3. 1/4.2.2/4. 1.0
3 4.1
Process identified to source and train alternate workforce 9.4 6.1 4.3 4.4.1 6.0
ASIS
Best NFPA 1600- DRII -
Y N N/A SUBJECT BS 25999-2 SPC.1 -
Practice 2010 2008
2009
4.1.1/4.2.
Basic Plan information - All basic plans and other critical 3.1/3.2.2/3.2.
4.1/4.2/4.3/4.4 1/4.2.2/4. 1.0
documents are loaded on the Global BCP database. 3/3.2.4/3.3
4.1
4.1.1/4.2.
Plan includes General Manager certification for current 3.1/3.2.2/3.2.
4.1/4.2/4.3/4.4 1/4.2.2/4. 1.0
fiscal year. 3/3.2.4/3.3
4.1
4.1.1/4.2.
3.1/3.2.2/3.2.
Obsolete information is removed. 4.1/4.2/4.3/4.4 1/4.2.2/4. 1.0
3/3.2.4/3.3
4.1
ASIS
Best NFPA 1600- DRII -
Y N N/A SUBJECT BS 25999-2 SPC.1 -
Practice 2010 2008
2009
After action report documenting activation of the crisis
response / business recovery team during a real event
7 4.4.1/4.4.2 4.5 8.0
has been submitted to Global BCP within 10 days
following the close of the event.
After action report documenting completion of a crisis
response / business recovery functional exercise within 10 4.4.3/5.1/5.2/
8 4.5/4.6 8.0
days following the exercise. Report must include action 6.1/6.2
items resulting from the exercise.
Additional Comments: