Auditing Business Continuity Plans According to ISO 22301
Dr. Michael C. Redmond, PhD is Consultant, Speaker, and Author. Her certifications Include MBCP, FBCI, PMP, CEM ISO 27001 Lead Implementer and Lead Auditor, as well as many other ISO certifications.
Michael also conducts ISO Certification Implementation and Audit Training for PECB. Michael is the Chapter President for the Association of Contingency Planners Eastern Great Lake Chapter and an active member of ISSA.
She has consulted in the area of Cyber Security for clients in the areas of Healthcare, Insurance, Financial, and Manufacturing. Her projects have included:
- SIEM Security information and event management which is Combining software products and services combining security information management (SIM) and security event management (SEM)
- (CSIRT) which is Cyber Security Incident Response Programs, Plans, Playbooks, Training, and Testing
- Audit of CSIRT programs and documentation
- Information Security Programs and Implementation
Michael has consulted in the fields of Business Continuity and Disaster Recovery in the areas of Healthcare, Insurance, Financial, Manufacturing, Education, and Government. She has 2 books that are coming out in 201yand are being published by one of the Top International Publishers in the world. The first is a Cyber Security book and the second is a Business Continuity and Disaster Recovery book.
Michael has a series of Audio Training that receive CEU’s from Disaster Recovery Institute (DRI) and other certifications. They are:
- Cyber Security Training for - 6 CEU’s
- Business Continuity Management for 20 CEU’s. www.rwknowledge.com
Michael’s been honored as Top Woman in her field at a White House Luncheon and was selected out of the world to write the prolog for the chapter on RISK Management by the United Nations for their Disaster Book which was given to the head of state for every UN member nation. She has recently been named on the list of “Women of Distinction for 2015” by Women of Distinction Magazine for her work in Cyber Security.
She was selected to speak on Cyber Security Incident Response and SIEM at such recent conferences as:
- International ISSA Conference in Chicago
- NYS Cyber Security Conference – Co Spoke with Acting CISO for New York State
- ISACA Western New York Conference
- Metric Stream Round Table in New York City
Successful business continuity planning
- Involves the entire organization
- Requires clear and consistent communication
- Encompasses how employees will communicate, where they will go, and how they will keep doing their jobs
- Prepares the organization for disruptive events
Why is BCP Important?
- 61% of companies surveyed had to invoke their BCP
- 43% had to invoke it more than once
- Key Causes: Natural Disaster, Power Outage, IT Failure, Flood, Fire, Telecom Failure, Utility Outage, Pandemic
- What were the top 3 lessons learned from invocation?
- There had not been enough training and awareness efforts across the company: 48%
- Plans didn’t adequately address emergency communications: 37%
- Key staff had not been included in testing; as a result, they did not know their roles and responsibilities in the plans: 25%
- What should be included in a business continuity audit?
- Setting controls
- Which regulations and standards apply to business continuity audits
- Examining evidence about the performance of activities
- Verifying measures to ensure continuity
- Evaluating quality vs. a general template
Course Level - Intermediate
Who Should Attend
- Business Continuity Planners
Why Should You Attend
ISO 22301 is a great standard to plan against and to audit against even if an organization does not plan on becoming ISO Certified.
Auditing a Business Continuity Plan; will cover the lifecycle of a BCP program, with specific emphasis on the following areas:
- Risk Assessment and Business Impact Analysis
- Designing a living BCP
- Testing & Maintenance
- Understand what’s involved in a full BCP Program (for those that are unfamiliar)
- Provide insights based upon field experience that can be applied to Internal Audit work and BCP program work
- Provide you with tools that you can bring back to your company to improve upon BCP programs
- Improve ability to audit BCP programs and provide targeted recommendations