π‘οΈInteractive Checklist
Business Continuity & DR Checklist
Verify that your BC/DR plans are complete, tested, and current.
25 items0%
Critical items (marked β ) carry 4β5Γ weight. BC/DR readiness is only as strong as its weakest link β prioritise testing and recovery infrastructure validation.
Governance & Planning
Establish the foundation for BC/DR with clear ownership, scope, and documentation.
0/5
A business impact analysis (BIA) has been completed within the last 12 months, identifying critical processes and their RTOs/RPOs.β
Critical
BC/DR plans are formally documented, version-controlled, and accessible to all relevant stakeholders during an outage.
Executive sponsorship and a named BC/DR programme owner are in place with clear authority.
Regulatory and contractual continuity requirements (e.g., SOX, DORA, customer SLAs) are documented and addressed.
BC/DR plans are reviewed and updated at least annually or after any significant infrastructure change.
Recovery Infrastructure
Ensure technical recovery capabilities match business requirements.
0/5
Recovery infrastructure (hot/warm/cold sites, cloud DR regions) is provisioned and meets documented RTO targets.β
Critical
Backup strategies (frequency, retention, immutability) are defined for all Tier 1 and Tier 2 systems.β
Critical
Database replication and failover mechanisms are configured and tested for all critical data stores.
Network connectivity (DNS failover, VPN re-routing, ISP redundancy) is designed for continuity scenarios.
Identity and access management systems can operate or fail over independently during a primary-site outage.
Testing & Exercises
Validate plans through regular, realistic testing.
0/5
A full DR failover test has been conducted within the last 12 months with documented results and remediation actions.β
Critical
Tabletop exercises are conducted at least twice a year with business and IT leadership participation.
Backup restoration tests are performed quarterly, verifying data integrity and restoration time.
Test results are formally documented with identified gaps tracked to remediation.
Third-party and cloud provider DR capabilities are validated through joint testing or evidence review.
Communication & Coordination
Ensure clear, reliable communication during a crisis.
0/5
A crisis communication plan exists with predefined templates, channels, and escalation paths for internal and external stakeholders.β
Critical
An out-of-band communication channel (not dependent on corporate email or network) is established and tested.
Roles and responsibilities during a DR event are documented in a RACI matrix and known to all participants.
Customer, regulator, and media notification procedures are documented with legal review completed.
Contact lists (on-call rosters, vendor escalation, executive contacts) are current and accessible offline.
Continuous Improvement
Embed BC/DR into ongoing operations rather than treating it as a one-time project.
0/5
Post-incident and post-test reviews feed improvements back into BC/DR plans within 30 days.
BC/DR maturity is assessed annually against a recognised framework (e.g., ISO 22301, NIST).
Change management processes include a BC/DR impact assessment for infrastructure and application changes.
Staff training and awareness programmes include BC/DR roles and responsibilities for all critical personnel.
BC/DR metrics (RTO achievement, test pass rates, plan currency) are reported to the board at least annually.