Page 554 - ITGC_Audit Guides
P. 554
GTAG — BCM Requirements
5. BCM Requirements 5.1 Management Support
Management support is critical to the success of BC at every
Figure 3 shows the action necessary to meet BCM organization. Senior management must ensure that there are
requirements. policies in place that require management teams throughout
the organization to deploy a BCM program for their business
Management Commitment to BCM Program
- Build a business case
- Understand the value
- Establish a BCM program
Conduct a BC Risk Assessment & BC Mitigation
- Assess the impact of disruptive events
- Define BC disruptive (credible) events
- Develop BC risk mitigation strategies
Conduct a Business Impact Analysis (BIA)
- Identify business processes & define critical processes
- Define recovery time objective and recovery point
objective for processes, resources, etc.
- Identify other parties and physical resources for recovery
Define Business Recovery Establish Disaster Recovery for IT
and Continuity Strategies - Understand business recovery requirements
- Define staffing alternatives needed for recovery - Select recovery solutions and recovery sites
- Define alternative sourcing of critical functions
- Define alternative offices needed for recovery
- Plan to transition back to normal operations
Deploy, Verify, and Maintain BCM Program Capabilities
- Deploy BCM program awareness and training
- Maintain the BCM program and BC plans
- Exercise BC capabilities
- Establish crisis communications and align with crisis management
- Align with emergency response and external agencies coordination
Figure 3. BCM Requirement Flow Chart
7
