Disaster Recovery Planning (DRP) / Business Continuity Planning (BCP) Audits
BDO’s DRP and BCP audits focus on an organisation’s continuity planning to offset the impact of manmade or natural disasters.
Normally, the objective of a DRP audit is to verify that the DR plan is:
- Adequate to ensure resumption of computer systems in a timely manner during adverse circumstances.
- In line with the current business continuation plan (BCP).
- Reflecting the current business operating environment and needs.
A typical scope could include an assessment of:
- Disaster prevention controls (e.g. server room physical access and environmental controls).
- Backup and recovery procedures and training.
- Off-site storage and rotation practices.
- DR plan, covering, among other things, a review of:
- Cost effectiveness
- DR risk assessment and catering for different disasters
- The identification of critical business processes and applications
- Level of tolerance
- Recovery Time Objective (RTO)
- Recovery Point Objective (RPO)
- Alternate processing plans
- Initiation of the business continuity effort
- Third party or offsite DR sites
- Contact lists
- Offsite copies of DRP
- Assigned responsibilities and responsible parties
- Movement to recovery site
- Reconstruction of facilities
- Rendezvous points
- DR testing and results
- DRP training
- DRP updates
- DRP approval by appropriate parties
BDO has the qualifications and required experience in DRP auditing. Key to our success is our business focused approach in DRP audits - we ascertain whether an organisation’s DRP aligns itself with the BCP, which, again, should be aligned with the business strategy of the organisation. Any DRP should be business driven, hence our focus from a business perspective.
BDO can also be contracted in an advisory role to advise on or to develop DRP and BCP plans.