Crisis Response / Business Recovery Plan Audit

Audit Conducted By: Date:

Location: BCP Coordinator:

Business Impact Analysis Revision Date: _________

ASIS
Best NFPA 1600-
Y N N/A COMPONENT BS 25999-2 SPC.1 - DRII - 2008
Practice 2010
2009

Risk / Threat Assessment completed as part of the BIA 5.4 4.1.2 4.3.1 3.0

Top 10 Critical Business Processes identified 5.5 4.1.1 4.3.1 6.0

RTO and RPO identified for each Critical Business Process 5.5 4.1.1 4.3.3 6.0

Interdependencies identified 5.5 4.1.1 4.3.3 6.0

Supply base (supply chain) risks identified 5.5 4.1.1 4.3.3 3.0/5.0/6.0

Mission Critical, Business Critical and Standard Application

4.6 4.1.3/4.2 4.3.3 6.0
requirements identified

Regulatory requirements identified and met 4.5 3.2.1 4.1.2 1.0

Critical utilities assessed 5.5 4.1.1 4.3.1 3.0/5.0

Operational risk mitigation completed (duplicate data,

alternate suppliers, service level agreements for critical 5.1-5.3/5.6/5.7 4.1.3 4.4.7 5.0
equipment/services, redundant operations)

Potential points of failure identified and documented 5.5 4.1.1 4.4.6/4.4.7 3.0

Emergency Response Plan Revision Date: ____________

Separate / Combined

ASIS
Best NFPA 1600-
Y N N/A SUBJECT BS 25999-2 SPC.1 - DRII - 2008
Practice 2010
2009

Describes site response procedures and responsibilities 5.1-5.3/5.6/5.7 4.1.3 4.4.7 5.0

Includes listing of internal and external emergency contacts 5.1-5.3/5.6/5.7 4.1.3 4.4.7 9.0/10.0

Includes list of all regulatory agencies to be notified 5.1-5.3/5.6/5.7 4.1.3 4.4.7 9.0/10.0

Details site incident command structure 6.10 4.3 4.4.7 6.0

Includes information about external emergency

6.8 4.3 4.4.7 9.0/10.0
communication
4.4.3/4.4.
Includes information about internal emergency communication 6.3/6.8 4.3 9.0/10.0
7

Outlines responsibilities for emergency public information 6.8 4.3 4.4.7 10.0

4.3.1/4.3.
Describes incidents most likely to occur on site 5.4 4.1.2 3.0
2

Applied Materials Confidential / Supply Chain Risk Leadership Council Page 1

 5.1-5.3/6.4- 4.4.6/4.4.
Outlines response actions specific to incident 4.3 5.0
6.6/6.9 7
Includes information about site/building evacuations and 5.1-5.3/6.4- 4.4.6/4.4.
4.3 5.0
assembly areas 6.6/6.9 7
Describes emergency response team activities and 5.1-5.3/6.4- 4.4.6/4.4.
4.3 5.0
responsibilities 6.6/6.9 7
5.1-5.3/6.4- 4.4.6/4.4.
States standards for emergency response team members 4.3 5.0
6.6/6.9 7

Includes all external notification procedures 6.8 4.3 4.4.3 10.0

4.4.3/4.4.
Includes all internal notification procedures 6.3 4.3 9.0
7
Includes activation/escalation procedures for the crisis 4.4.3/4.4.
6.3 4.3 5.0/9.0
response team 7
4.4.3/4.4.
Includes initial response activity information 6.3 4.3 5.0/9.0
7
5.1-5.3/6.4- 4.4.6/4.4.
Describes process for requesting additional resources 4.3 5.0/6.0
6.6/6.9 7
4.4.6/4.4.
Describes process for completing initial damage assessments 6.4/6.7/6.9 4.3 5.0
7
Includes Site EH&S Plan and/or identifies roles and
responsibilities
Includes Site Security Plan and/or identifies roles and
responsibilities
Includes Site Facilities Plan and/or identifies roles and
responsibilities

Describes Incident Command Post criteria and locations 6.10 4.3 4.4.7 5.0/6.0

Describes establishment and process for triage/first aid

6.2 4.3 4.4.7 5.0/6.0
stations
Includes pandemic response procedures including access
control, entry screening and case management.

Includes revision history documentation 7 4.4.1/4.4.2 4.5 8.0

Includes appropriate IP labeling

3.1/3.2.2/3. 4.1.1/4.2.
Plan is distributed and available to critical team members 4.1/4.2/4.3/4.4 2.3/3.2.4/3. 1/4.2.2/4. 1.0
3 4.1

Crisis Response Plan Revision Date: _________________

Separate / Combined

ASIS
Best NFPA 1600- DRII -
Y N N/A SUBJECT BS 25999-2 SPC.1 -
Practice 2010 2008
2009
Describes roles and responsibilities (per organization chart)
5.1-5.3/5.6/5.7 4.1.3 4.4.1 1.0
of crisis response team members

Outlines specific responsibilities by department or division 5.1-5.3/5.6/5.7 4.1.3 4.4.1 1.0

Includes identification of primary and alternate emergency

6.10 4.3 4.4.7 5.0/6.0
operations centers
Establishes guidelines for initiating internal and external
6.3/6.8 4.3 4.4.3 9.0/10.0
notifications
Includes names and telephone numbers for key team
5.1-5.3/5.6/5.7 4.1.3 4.4.1 9.0
members and at least one alternate for each position

Applied Materials Confidential / Supply Chain Risk Leadership Council Page 2

 Identifies critical internal and external communication
6.3/6.8 4.3 4.4.3 9.0/10.0
elements

Establishes guidelines to communicate with employees 6.3 4.3 4.4.3 9.0

Involves top managers at site

Details crucial decision points for a 48 hour period

Includes activation / notification procedures for regional /

6.3 4.3 4.4.3 5.0/9.0
business unit crisis response team
Includes regional, business unit and corporate notification
6.3 4.3 4.4.3 5.0/9.0
lists

Includes insurance notification lists

Includes list of emergency contacts for both internal and 5.0/9.0/

6.3/6.8 4.3 4.4.3
external uses 10.0
Defines roles and responsibilities for BCP Coordinator
5.1-5.3/5.6/5.7 4.1.3 4.4.7 1.0
(Liaison to Corporate)

Includes revision history documentation 7 4.4.1/4.4.2 4.5 8.0

Includes appropriate IP labeling

3.1/3.2.2/3. 4.1.1/4.2.
Plan is accessible for all team members 4.1/4.2/4.3/4.4 2.3/3.2.4/3. 1/4.2.2/4. 1.0
3 4.1

Business Recovery Plan Revision Date: ___________________

Separate / Combined

ASIS
Best NFPA 1600- DRII -
Y N N/A SUBJECT BS 25999-2 SPC.1 -
Practice 2010 2008
2009
Describes roles and responsibilities for ensuring business
4.4.1/4.4.
operations are restarted immediately following any major 9.0/9.2/9.4 5.1-5.3/5.6/5.7 4.1.3 2.0/5.0
7
emergency or disaster
Includes names and telephone numbers of key team
9.6 5.1-5.3/5.6/5.7 4.1.3 4.4.7 9.0
members including at least one alternate for each position
Describes business recovery team activation/notification 4.4.3/4.4.
9.2/9.3 6.3 4.3 5.0/9.0
procedures 7

Describes activities critical to restarting critical operations 9.4 5.5 4.1.1 4.3.1 3.0

Loss of building scenario completed for top critical business 4.4.6/4.4.

9.4 minimal 6.4/6.7/6.9 4.3 5.0
processes including workarounds 7
Loss of network scenario completed for top critical business 4.4.6/4.4.
9.4/9.5 6.4/6.7/6.9 4.3 5.0
processes including workarounds 7
Loss of supplier scenario completed for top critical business 4.4.6/4.4.
9.4 minimal 6.4/6.7/6.9 4.3 5.0
processes including workarounds 7
Reduction of personnel (applicable for pandemic) scenario
4.0
completed for top critical business processes including
minimal/9/4
workarounds
Includes procedures for implementation of work from home
9.1 6.1 4.3 4.4.1 5.0/6.0
options
Includes procedures for critical operations assessment and 4.4.6/4.4.
missing 6.1 4.3 5.0/6.0
restoration 7

Includes procedures for administrative support activities 9.2 minimal 4.7 4.3 4.4.6 1.0

Applied Materials Confidential / Supply Chain Risk Leadership Council Page 3

 Includes listing of critical contacts and resources 9.3/9.6 6.1 4.3 4.4.1 5.0/6.0

Includes listing of primary and alternate vendors and

9.3/9.6 6.7 4.1.2 4.3.1 5.0/6.0
suppliers
Describes processes for initiating/receiving internal and
8.0 6.3/6.8 4.3 4.4.3 9.0/10.0
external communication

Includes comprehensive lists of customers 9.3/9.6 6.7 4.1.2 4.3.1 5.0/6.0

Describes emergency financial/purchasing procedures 4.0 4.7 4.3 4.4.7 1.0

Establishes guidelines to communicate with employees 8.0/9.2 6.3 4.3 4.4.3 9.0

Includes revision history documentation 9.4 7 4.4.1/4.4.2 4.5 8.0

Includes appropriate IP labeling Missing

3.1/3.2.2/3. 4.1.1/4.2.
Plan is accessible to all team members 9.6 4.8/4.1-4.4 2.3/3.2.4/3. 1/4.2.2/4. 1.0
3 4.1

For Manufacturing / Lab Locations only:

Includes detailed description of all critical manufacturing

9.7
equipment/tools
Describes business recovery team activation/notification 4.4.3/4.4.
9.2/9.3 6.3 4.3 5.0/9.0
procedures 7
Includes recovery/use of critical product specs, tooling,
9.7 6.7 4.1.1 4.4.7 3.0
programs and/or applications
Includes confirmation of alternate facility process
9.7
compatibility, equipment, raw materials, components

Includes production transfer options for products 9.0/9.4

Personnel requirements and skill sets defined for critical

9.4 6.1 4.3 4.4.1 6.0
functions

Process identified to source and train alternate workforce 9.4 6.1 4.3 4.4.1 6.0

Critical supplier business continuity plans have been 4.3.1/4.3.

9.4 5.4 4.1.2 6.0
requested and reviewed 2
Alternate modes of inbound and outbound shipping have
9.7
been identified

Global BCP Database

ASIS
Best NFPA 1600- DRII -
Y N N/A SUBJECT BS 25999-2 SPC.1 -
Practice 2010 2008
2009
4.1.1/4.2.
Basic Plan information - All basic plans and other critical 3.1/3.2.2/3.2.
4.1/4.2/4.3/4.4 1/4.2.2/4. 1.0
documents are loaded on the Global BCP database. 3/3.2.4/3.3
4.1
4.1.1/4.2.
Plan includes General Manager certification for current 3.1/3.2.2/3.2.
4.1/4.2/4.3/4.4 1/4.2.2/4. 1.0
fiscal year. 3/3.2.4/3.3
4.1
4.1.1/4.2.
3.1/3.2.2/3.2.
Obsolete information is removed. 4.1/4.2/4.3/4.4 1/4.2.2/4. 1.0
3/3.2.4/3.3
4.1

Applied Materials Confidential / Supply Chain Risk Leadership Council Page 4

Exercises

ASIS
Best NFPA 1600- DRII -
Y N N/A SUBJECT BS 25999-2 SPC.1 -
Practice 2010 2008
2009
After action report documenting activation of the crisis
response / business recovery team during a real event
7 4.4.1/4.4.2 4.5 8.0
has been submitted to Global BCP within 10 days
following the close of the event.
After action report documenting completion of a crisis
response / business recovery functional exercise within 10 4.4.3/5.1/5.2/
8 4.5/4.6 8.0
days following the exercise. Report must include action 6.1/6.2
items resulting from the exercise.

Plan COMMENTS: ( ) Meets ALL Corporate Standards

( ) Adequate (needs minor improvements – see above/below)
( ) Inadequate (Does NOT meet multiple Corporate Standards)

Additional Comments:

Applied Materials Confidential / Supply Chain Risk Leadership Council Page 5