{{index}}

Is Your Organization Ready For Today’s Threats?

This 10-question Business Continuity Assessment will grade your plan and give you concrete steps to improve.

A Business Impact Analysis (BIA) identifies critical processes, products and services and establishes how quickly they must be restored/recovered after a disaster.

When did you last conduct a BIA?
- Within the last 6 months
- We have never conducted a BIA.
- Within the last 12 months
- At least 2 years ago
- Not within the past 5 years
How quickly do you need to recover your business after a disaster before it faces bankruptcy?
- More than a week
- Don’t know
- Within 24 hours
- More than a month
- 2-5 days
If your business is interrupted by a serious incident:

What's your recovery time objective for key products or services?
- Greater than a week
- Less than or equal to 8 hours
- 2 to 5 days
- Less than or equal to 24 hours
- Don’t know
In the event of an incident that could result in some lost data:

How much data could you afford to lose?
- No more than a week’s worth
- No more than 4 hours worth
- Don’t know
- None
- No more than 24 hours worth
A Risk Assessment (RA) helps an organization identify and analyze threats that require mitigation and/or contingency measures:

How many risks have you identified that need mitigation or contingency measures?
- 5 or less
- We have not undertaken a risk assessment exercise.
- None - the company has a high risk appetite
- More than 12
- Between 6 and 12
Which strategy are you using?
- A Diversification strategy is where an organization spreads its operation over two or more locations.
- A Replication strategy is where an organization has a dormant copy of its operation that can be quickly used for a recovery.
- A Standby strategy is adopted when a facility can be operational within a few days of a disaster.
- The Do Nothing strategy is adopted by an organization that has decided to fix any incidents once they know the nature of the incident that they are dealing with.
- We have adopted a Standby strategy.
- We have adopted a Replication strategy.
- We have not yet decided upon a strategy.
- We have adopted a Do Nothing strategy.
- We have adopted a Diversification strategy.
A Business Continuity Plan (BCP) should contain the following sections:
- Clearly documented roles and responsibilities, with backups for each role
- Communication procedure for internal and external stakeholders, including contact details and communication channel
- An action list with details of prioritized activities with their respective timeframes
- Contingency measures to be put in place until normal operations have been restored
How many of the above are included in your Business Continuity Plan?
- None
- 3 or more
- 1
- 2
- We do not have a Business Continuity Plan.
Work Area Recovery (WAR) planning covers relocating your employees when your building can't be accessed:

How many employees will be accommodated by your WAR plan?
- Up to 75% of staff
- We do not have a Work Area Recovery plan.
- Up to 25% of staff
- 100% of staff
- Up to 50% of staff
It's important to validate your Business Continuity Plan annually

Excluding testing ICT disaster recovery plans, fire alarm and emergency evacuation exercises, how many exercises did you run within the last year?
- 12 or more
- We do not plan to validate our Business Continuity Plan.
- Less than 6
- Less than 12
- None
How many employees know what to do during a disaster, including their specific roles and responsibilities as part of the Business Continuity Plan?
- Up to 75% of staff
- Up to 50% of staff
- None
- Up to 25% of staff
- 100% of staff

©2018 Aurea MessageOne, All Rights Reserved