Auditing BCP and DRP
Assign topic to the user
Answer:
First of all you must select competent and independent auditors to perform the audit (by independent you must understand people that are not involved with these plans). After that you must identify which requirements are applicable to your Business Continuity and Disaster Recovery Plan, by means of identifying legal requirements, and business objectives. Once these issues are identified you should elaborate a checklist to help you cover these issues with proper questions and evidences to be verified.
These articles will provide you further explanation about preparing for an audit (they focuses on ISO 27001, but the concepts are applicable to ISO 22301 as well):
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
These materials will also help you regarding internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Additionally, this toolkit can help you plan and perform an audit compliant with ISO 22301: https://advisera.com/27001academy/iso-27001-22301-internal-audit-documentation-toolkit/
At this page you can download a free preview of the documents to see how they look like and if they can fulfill your needs.
Comment as guest or Sign in
Jun 03, 2019