Meeting ISO 27031 Requirements

ISO 27031

The ISO Standard defines the Information and Communication Technology (ITC) Requirements for Business Continuity (IRBC) program that supports the mandate for an infrastructure that supports business operations when an event or incident with its related disruptions affects the continuity of critical business functions. This includes security of crucial data as well as enterprise operations.

The ISO standard centers around fours areas; Plan, Do, Check, and Act.

Plan - Establish a Disaster Recovery Business Continuity policy with objectives, metrics, and processes relevant to managing risk and improving the enterprise's Information and Communication Technology ability and readiness to operate at the level defined within the parameters of the enterprise's overall disaster recovery and business continuity objectives.
Do - Implement and operate the Disaster Recovery and Business Continuity policies, procedures, controls, and processes.
Check - Assess and monitor the performance metrics as defined within the Disaster Recovery and Business Continuity policy metrics and communicate the results to the management of the enterprise. This process can be done via an audit, a test of the plan, or an actual execution of the plan via a post event analysis session.
Act - Modify the Disaster Recovery and Business Continuity policies, procedures, and metrics based on the "Check" (audit, test, or execution of the plan) in order to improve the Disaster Recovery and Business Continuity Policy.

Disaster Recovery Business Continuity Template is ISO 22301 & 27031 compliant

In order to be compliant with ISO 22301 & 27031 there are a number of elements that that are required and this template meets all of those requirements.

Staffing with appropriate skills, knowledge, and execution ability

Organization Chart (Section 5)
Plan Distribution (Appendix)
DRP Management Job Descriptions (Appendix)
Disaster Recovery Team List (Appendix)
Key Customer Contact List (Appendix)
Personnel Location List (Appendix)
Detail Job Descriptions for 15 key team members (Premium Edition of the template)

Facilities for both the existing and recovery operation

Operational Facilities (Section 3 and Appendix)
Recovery Facilities (Appendix – Sample Contract)
Off-Inventory (Appendix)

Technology definition

Hardware – Hardware Inventory (Section 3 and Appendix)
Network – Network Inventory (Section 3 and Appendix)
Software – Software Inventory (Section 3 and Appendix)
Resources required for continuity process (Appendix)
Business Continuity off-site materials (Appendix)
Critical Resources to be retrieved (Appendix)

Data Identification

Application Inventory and Business Impact Questionnaire (Appendix)
Application data (Appendix)
Voice data (Appendix)
Other (Appendix)

Processes

DRP and Activation Workbook (Appendix)
General Distribution Materials (Appendix)
Web Site Disaster Planning Form (Appendix)
Work Plan (Appendix)
Incident Communication Plan (Appendix)
Social Networking checklist (Appendix)
Pandemic Checklist (Appendix)
Preventative Measures (Appendix)
Audit Plan Process (Appendix)

Suppliers

Vendor and Supplier Disaster Recovery Questionnaire (Appendix)
Disaster Recovery Sample Contract (Appendix)

Options for ordering the DRP Template include

DRP Standard
Premium
Gold
DRP/Security Standard
Premium
Gold

Disaster Recovery Business Continuity Standard Edition

Disaster Recovery Business Continuity Template (WORD)

Disaster Recovery Business Continuity Audit Program - Compliant with ISO 27031 and ISO 22301
Disaster Recovery Manager Job Description
Manager Disaster Recovery & Business Continuity Job Description
Application Inventory and Business Impact Analysis Questionnaire
Incident Communication Plan and Policy with BEST PRACTICES for
- News Conferences
- Media Relations
Social Network Checklist
Included with the template are Electronic Forms which have been designed to lower the cost of maintenance of the plan. Electonic Forms that can be emailed, completed via a computer or tablet, and stored electronically including:
LAN Inventory

Location Contact Numbers

Off-Site Inventory

Personnel Locations

Plan Distribution
Remote Location Contact Information

Team Call List

Vendor Contact Information

Disaster Recovery Business Continuity Premium Edition

Disaster Recovery Business Continuity Template
15 Job Descriptions (WORD)
- Chief Information Officer - CIO, Chief Security Officer - CSO, Chief Compliance Officer - CCO, VP Strategy and Architecture, Director Disaster Recovery and Business Continuity, Director e-Commerce, Director Media Communications, Manager Disaster Recovery, Manager Disaster Recovery and Business Continuity, Disaster Recovery Coordinator, Disaster Recovery - Special Projects Supervisor, Manager Database, Capacity Planning Supervisor, Manager Media Library Support, Manager Site Management, and Pandemic Coordinator

Disaster Recovery Business Continuity Gold Edition

Disaster Recovery Business Continuity Template
261 IT Job Descriptions including all of the job descriptions contained in the Premium edition

Disaster Recovery Business Continuity & Security Manual Templates Standard Edition Includes

Disaster Recovery Business Continuity Template
Disaster Recovery Business Continuity Audit Program
Security Manual Template
Business and IT Impact Questionnaire - 21 pages
Threat and Vulnerability Assessment Form

Disaster Recovery Business Continuity & Security Manual Templates Premium

Disaster Recovery Business Continuity Template
Security Manual Template
25 Job Descriptions
- Chief Information Officer - CIO; Chief Compliance Officer - CCO; Chief Security Officer - CSO;VP Strategy and Architecture; Director e-Commerce; Database Administrator; Data Security Administrator; Manager Data Security; Manager Database; Manager Disaster Recovery; Manager Disaster Recovery and Business Continuity; Pandemic Coordinator; Manager Facilities and Equipment; Manager Media Library Support; Manager Network and Computing Services; Manager Network Services; Manager Site Management; Manager Training and Documentation; Manager Voice and Data Communication; Manager Wireless Systems;Capacity Planning Supervisor; Disaster Recovery Coordinator; Disaster Recovery - Special Projects Supervisor; Network Security Analyst; System Administrator - Unix; System Administrator - Windows

Disaster Recovery Business Continuity & Security Manual Templates Gold Edition

Disaster Recovery Business Continuity Template (WORD)

Disaster Recovery Business Continuity Audit Program - Compliant with ISO 27031 and ISO 22301
Disaster Recovery Manager Job Description
Manager Disaster Recovery & Business Continuity Job Description
Application Inventory and Business Impact Analysis Questionnaire
Incident Communication Plan and Policy with BEST PRACTICES for
- News Conferences
- Media Relations
Social Network Checklist
Included with the template are Electronic Forms which have been designed to lower the cost of maintenance of the plan. Electonic Forms that can be emailed, completed via a computer or tablet, and stored electronically including:
LAN Inventory

Location Contact Numbers

Off-Site Inventory

Personnel Locations
Plan Distribution

Remote Location Contact Information

Team Call List

Vendor Contact Information

Security Manual Template (Word)

HIPAA Audit Program
ISO 2700 Security Audit
Business and IT Impact Questionnaire
Threat and Vulnerability Assessment Tool
Sarbanes-Oxley Section 404 Checklist
Electronic forms that can be Emailed, completed via a computer or tablet, and stored electronically including:
Blog Policy Compliance

Company Asset Employee Control Log

Email - Employee Acknowledgment

Employee Termination Checklist

Internet Access Request

Internet Use Approval

Internet & Electronic Communication - Employee Acknowledgment
Mobile Device Access and Use Agreement

Employee Security Acknowledgement Release

Preliminary Security Audit Checklist

Security Access Application

Security Audit Report

Security Violation Reporting

Sensitive Information Policy Compliance Agreement

243 Full Job Descriptions which includes all of the job descriptions in the premium edition

Plan Introduction

Mission and Objectives
Disaster Recovery / Business Continuity Scope
Authorization
Responsibility
Key Plan Assumptions
Disaster Definition
Metrics
Disaster Recovery / Business Continuity and Security Basics

Business Impact Analysis

Scope
Objectives
Critical Time Frame
Application System Impact Statements
Information Reporting
Best Data Practices
Summary

Backup Strategy

Site Strategy
Data Capture and Backups
Backup and Backup Retention Policy
Communication Strategy and Policy
ENTERPRISE Data Center Systems
Departmental File Servers
Wireless Network File Servers
Data at Outsourced Sites (including ISP’s)
Branch Offices (Remote Offices & Retail Locations)
Desktop Workstations (In Office)
Desktop Workstations (Off site including at home users)
Laptops
PDA’s and Smartphones

Recovery Strategy

Approach
Escalation Plans
Decision Points

Disaster Recovery Organization

Recovery Team Organization Chart
Disaster Recovery Team
Recovery Team Responsibilities

Disaster Recovery Emergency Procedures

General
Recovery Management
Damage Assessment and Salvage
Physical Security
Administration
Hardware Installation
Systems, Applications & Network Software
Communications
Operations

Plan Administration

Disaster Recovery Manager
Distribution of the Disaster Recovery Plan
Maintenance of the Business Impact Analysis
Training of the Disaster Recovery Team
Testing of the Disaster Recovery Plan
Evaluation of the Disaster Recovery Plan Tests
Maintenance of the Disaster Recovery Plan

Appendix and Forms

Plan Distribution
ENTERPRISE Sales Offices
Disaster Recovery Team Call List
Vendor Phone/Address List
Off-Site Inventory
Personnel Location Form
Hardware/Software Inventory
People Interviewed
Preventative Measures
Sample Application Systems Impact Statement
JOB Descriptions
- Disaster Recovery Manager
- Manager Disaster Recovery and Business
- Continuity
- Pandemic Coordinator
Application Inventory and Business Impact Analysis Questionnaire
Key Customer Notification List
Resources Required for Business Continuity
Critical Resources to Be Retrieved
Business Continuity Off-Site Materials
Work Plan
Audit Disaster Recovery Plan Process
Vendor Disaster Recovery Planning Questionnaire
Departmental DRP and BCP Activation Workbook
Web Site Disaster Recovery Planning Form
General Distribution Information
Business Pandemic Planning Checklist
Social Network checklist

Read on...