This is an high level approach of an audit or review of the Business Service Continuity you can implement , based on Cobit5.
(This post is for people who have at least an high level understanding of Cobit).
During the entire processus, you have to adapt your priorities and approach regarding the Enterprise culture, activity and requirements.
The main CoBit 5 process related to Business recovery is DSS04, but don’t focus just on this one.
You have to extract the different entreprise activities related to Business Recovery.
- Start to validate the ‘Enterprise Goals’ related to ‘Business Service Continuity’.
- Cascade them to the related IT processes. (Primary and Secondary ones) and determine for each of them the ‘activities’ to review the ‘stakeholder(s)’.
For each process you picked-up you will define
- The “enablers”
- The ‘stakeholders’ to interview’
- Processes related
- Life cycle
- Practices ( extra information about the others related Guidances)
- The points / topics to review.
- The metrics to evaluate or to check.