1
Have you done a risk assessment showing which risks cause the most serious damage to your company?
2
In the case of a disaster, has an evacuation site, evacuation procedures and roles been determined?
3
Is your company aware of all required recovery measures and procedures that must be conducted in the time of a disaster as determined by regulatory bodies?
4
Do you have proper insurance coverage on your company's fixed assets?
5
Have you set up an emergency communication network and it is being updated and maintained in a timely manner?
6
Have you identified all risks and have the corresponding counter measures been determined and do you have the approval of management concerning the risks that have not been addressed?
7
In the case of a disaster, have you determined the team that will evaluate the status of key operational, financial, reputation and other risk areas?
8
At the time of a disaster, given that resources are limited have you determined which business operations take priority over others and the impact of the suspension of certain operations?
9
Has upper management established a specific policy on Business Continuity?
10
Do you have at least one specific BCP plan related to a specific disaster case scenario?
11
Does your company periodically back up your system data and is this data being transferred to your backup data center located in a remote place?
12
Has a method of backing up important documents such as customer contracts, etc., inside the company been established and has it been implemented?
13
Have you signed SLA (service level agreements) with your vendors and service providers?
14
In the time of a crisis or disaster, has a plan to determine the flow of communication been established and can your company's Crisis Management Command Center be set up smoothly?
15
Have you established a Business Continuity Plan for each branch office and factory?
16
Are the proper measures in place for the restoration of your system within the limits of your RTO (Recovery Time Objectives)?
17
Does your company have periodic meetings where management is kept abreast of the current status of BCM?
18
Does your company periodically conduct training to test the effectiveness of your BCP?
19
Have you taken steps to set up production capabilities in various locations and have you taken steps to mitigate supply chain risk by using various vendors?
20
Have you considered more than 3 disaster case scenarios and do you have a specific BCP plan for each?
21
Have all material and human resources of the company including such things as intellectual property been properly appraised and is currently up to date?
22
Do you have more than 2 back up sites and is one of them in a foreign country?
23
Is your BCP an integrated part of your J-SOX internal control system?
24
Have you already acquired your Information Security Management System (ISMS) certification and is your BCP an integrated part of this system?
25
Following a disaster, do you update your BCP strategy taking into consideration industry, business environmental, and economic outlook factors?
