Based on these policies, each individual enterprise within NEC formulates specific policies to guide BCP development according to the characteristics of the business. Each participating division compiled the points of improvement from the training drills into reports, and held follow-up meetings to make improvements.Internal auditIn fiscal 2012, NEC conducted internal audits of all BCPs that have already been completed and put into operation.
As of late, IS auditors are playing an important role in providing audit oversight in evaluating the process for developing, testing and deploying BCPs.
The prerequisite of a BCP is risk assessment, which involves the task of identifying and analysing the potential vulnerabilities and threats, including the source. The audit approach should keep in mind that BCP development, maintenance and activation are team efforts that include active and stable user groups.
The audit process must consider the areas to be reviewed and take into account the intended scope and objective of the review as well as the approach defined as part of the planning process. An effective audit review by a capable ISauditor can help uncover many deficiencies and operationallapses that may not come up in testing and points that have beenoverlooked in the design of the plan. In simpler terms, a BCP is the act of proactively strategising a method to prevent, if possible, and manage the consequences of a disaster, thus limiting the consequences to the extent that a business can absorb the impact. The approach must consider the critical areas, such as prioritisation of business processes and results of risk assessment, to provide reasonable assurance that the BCP is effectively implemented as intended. A BCP is a self-sustaining executable recovery process that assures the reintegration of procedures, applications, operations, systems, networks and facilities that are critical to resumption of business.


While a BCP refers to the activities required to keep the organisation running during a period of displacement or interruption of normal operation, a disaster recovery plan (DRP) is the process of rebuilding the operations or infrastructure after the disaster has passed. The audit process must recognise that the main areas of risk of a BCP include previously detected BCP weaknesses and changes introduced to the systems environment (such as applications, equipment, communications, processes and people) since the last BCP test.
The audit plan considers the audit approach for various phases of the BCP in the organisation—typically preimplementation phase, implementation phase, testing phase and postimplementation phase. The plan should explicitly state exclusions, if any, and clearly state the scope of the review.
BCP defines the roles and responsibilities and identifies the critical IT application programs, operating systems, networks, personnel, facilities, data files, hardware and time frames needed to assure high availability and system reliability based on the business impact analysis (BIA).
A DRP is a key component of a BCP, and refers to the technological aspect of a BCP—the advanced planning and preparations necessary to minimise loss and ensure continuity of critical business functions in the event of a disaster. BCP refers to the process of developing advanced arrangements and procedures that enable an organisation to respond to an event in such a manner that critical business functions continue with planned levels of interruption or essential change. To counter the threats associated with such risks, organisations are progressively evolving and adapting business continuity plans (BCPs) to suit their respective business requirements. The auditor recognises that a sound DRP is built from a comprehensive planning process involving all of the enterprise.
The audit is planned to ensure that the scope and objectives of the review are fulfilled in an objective and professional manner.


Review of the BCP includes exhaustive inspection of the key factors of a BCP, such as those in Figure 3.
Appropriate areas of BCP testing may be identified as part of annual risk analysis, thereby avoiding duplication of effort. By cooperating with other corporate staff, the Division provides assistance with any issues that cannot be solved at the business division level.Internal BCP formulation guidelines for NEC were developed, covering know-how related to plan development along with disaster scenarios. As a BCP review is essentially enterprise-specific, the auditor must be competent and have an overall understanding of the business environment, including the organisation's mission, business objectives, relevant business processes, the information requirements for those processes, the strategic value of IS and the extent to which such processes are aligned with the overall strategy of the organisation. The number of BCP formulation personnel with whom know-how and information have been shared in this manner has surpassed 2,000 individuals among the NEC Group.con03Business Continuity Management System (BCMS)From fiscal 2008, NEC has phased in the creation of BCPs for earthquakes by all business divisions at NEC Group consolidated subsidiaries in Japan. In addition, in fiscal 2009, we began working to obtain third-party certification via the BSI (British Standards Institution) standard BS25999-2, primarily in businesses where BCP creation is required by customers worldwide as a precondition for doing business.
In March 2012, in order to verify and familiarize personnel with the actual procedures, almost all overseas subsidiaries conducted training drills on the escalation of information about the status of damage envisaged in their disaster scenarios to their respective response headquarters in Japan.con05Monitoring and ImprovementDivisions formulating BCPs upload formulated or updated BCPs to the management site of a dedicated website.
The General Affairs Division confirms the uploaded plan, and provides feedback to the division that formulated the plan when improvements are necessary.Furthermore, the divisions formulating BCPs prepare implementation reports after conducting training drills and internal audits, and upload these reports in the same manner.



Emergency alert system sound
Creating a risk assessment template


Comments

  1. 05.09.2015 at 10:51:59


    Workouts are really is a hurricane or tornado, a flood.

    Author: UREY
  2. 05.09.2015 at 15:15:17


    Your also carrying a water bottle, rain gear & a high quality and one.

    Author: FiReInSide
  3. 05.09.2015 at 20:28:58


    Back, i only need to have to care one particular in town auditing bcp plans and 1 outside food is essential. Bag.

    Author: FB_GS_BJK_TURKIYE