1. Sécurité & Continuité Interactions complexes ? Bertrand Milot, RSSI TMX - Bourse de Montréal +1 (514) 871 2424 [email_address] Jeudi 22 janvier 2009 3e conférence annuelle de RÉCO-Québec sur la Continuité des Opérations
2.
3.
4.
5.
6. A 2 . Que disent les normes de sécurité ? 05/07/10 Sécurité & Continuité : interactions complexes Questionnaire d’audit ISO 27002 : 2005 Whether procedures were included within the organisations change management programme to ensure that Business continuity matters are appropriately addressed . Whether Business continuity plans were maintained by regular reviews and updates to ensure their continuing effectiveness. Whether Business continuity plans are tested regularly to ensure that they are up to date and effective. 11.1.5 Testing, maintaining and re-assessing business continuity plan Whether this identifies conditions for activation and individuals responsible for executing each component of the plan. Whether this framework is maintained to ensure that all plans are consistent and identify priorities for testing and maintenance. Whether there is a single framework of Business continuity plan. 11.1.4 Business continuity planning framework Whether the plan is regularly tested and updated . Whether plans were developed to restore business operations within the required time frame following an interruption or failure to business process. 11.1.3 Writing and implementing continuity plan Whether a strategy plan was developed based on the risk assessment results to determine an overall approach to business continuity. Whether a risk assessment was conducted to determine impact of such interruptions. Whether events that could cause interruptions to business process were identified example: equipment failure, flood and fire. 11.1.2 Business continuity and impact analysis This might include Organisation wide Business continuity plan, regular testing and updating of the plan , formulating and documenting a business continuity strategy etc., Whether there is a managed process in place for developing and maintaining business continuity throughout the organisation. 11.1.1 Business continuity management process