Disaster Recovery Planning
A Governance, Risk & Compliance case study
The University of Western Sydney (UWS) began operation on 1st January 1989. The single multi-campus University of Western Sydney has six campuses: Bankstown, Blacktown, Campbelltown, Hawkesbury, Parramatta, and Penrith. Western Sydney University values academic excellence, integrity and the pursuit of knowledge. Ranked in the top two per cent of unis in the world. It is globally focused, research-led and committed to making a positive impact on the communities it engages with. Western Sydney University’s business continuity framework includes Business Resilience Framework and a Crisis Management Team Plan. OCM was engaged to conduct an internal audit of the University’s arrangement.
OCM conducted an internal audit of the University’s business continuity plan. An assessment was conducted, and an understanding of the University’s processes examined to provide assurance as to whether or not business continuity planning and crisis management are integrated and adequately managed and can continue to serve its staff, students and customers.
To achieve this objective, the internal audit addressed the following specific objectives and related risks:
- To assess if the business continuity framework is consistent with any legislative requirements and standards.
- To assess the adequacy and effectiveness of the BCP framework including reviewing the policy, procedures, crisis management plan, crisis communication plan and business continuity plans (and related documents).
- To assess if the plans align with supporting business impact assessment and plans, including emergency management plans, disaster recovery plans and crisis communication plans.
- To assess whether there are any significant areas of risk not addressed or not sufficiently covered.
- To assess if sufficient testing of the business continuity plans has been undertaken including different scenarios and locations.
- To review existing training materials and assess if the material is consistent with the BCP framework and if staff are appropriately trained to participate in the response to a business continuity event.
- To assess if appropriate records have been retained in relation to business continuity planning, testing and activation.