Auditing Business Continuity Plans - Assess and Improve Your Performance Against ISO 22301

Every organization needs to have in place a plan to recover key business processes following an incident - and that plan needs to match the organization's priorities and expectations. Business continuity planning is how this is achieved and is effectively a proactive management-led incident management programme that is driven by business requirements. The role of audit is to assess and evaluate the effectiveness of the activities and functions of an organization against standards, regulations, best practice and organizational objectives. It can then provide advice and assurance as required by management. Using risk as its basic evaluation tool and looking at those risks identified by the business as well as others that are relevant, provides audit with a unique insight into how organizations operate and how things may be improved or simplified. Informed by the new international standard for business continuity - ISO 22301 - and also by personal experience and research, Auditing Business Continuity Management Plans is an essential aid to developing a successful business continuity management programme. It is a practical guide to using the insights that an auditor can provide, through scrutiny and advice, to help ensure that the plans decided on by management will achieve their planned and stated objectives.