Your best bet would be to visit sites like knowledgeleader and infotech, they have tons of documentation andtemplates with questionnaires. Here's an example: This is the final section of a thirteen part mainframe data center general controls questionnaire. The questionnaire covers the following areas: • Organization and Management • Computer Operations • Physical Security • Environmental Controls • Program, Data File and Transaction Security • Security Administration • Applications Systems Development and Maintenance • Systems Software Support • Vendor Support • Data Base Administration • Hardware and Software Inventory Management • Telecommunications • Continuity of Operations Operations continuity deals with the notion that a business should be able to survive even if a disastrous event occurs.

Is confidential account information transmitted via unencrypted email format? Is strong cryptography and appropriate key controls in place to safeguard data during transmission? Yes for all data crossing externally accessible networks. Are modems connected to the internal systems or DMZ systems?

Rigorous planning and commitment of resources is necessary to adequately plan for such an event. Contingency planning is the primary responsibility of senior management as they are entrusted with the safeguarding of both the assets of the company and the viability of the company. This part of the questionnaire covers the following continuity of operations topics: The Disaster Recovery Plan (DRP) 2 Critical Applications 3 Backup 3 Testing 3 Insurance 4 The Disaster Recovery Plan (DRP) 1. Does the DRP identify a critical recovery time period during which business processing must be resumed before suffering significant or unrecoverable losses? Does the DRP include strategies for the following procedures: a.

Criteria for determining whether the situation is a disaster; b. Procedures for declaring a disaster and invoking the plan; c.

Reacting to a variety of crises; d. Notifying relevant managers in the event of a disaster; e. A contact list of home and emergency telephone numbers; f. Assessment of damage following a disaster; g. Reinstatement of voice and data communications at emergency service levels within a specified time; h.

Salvaging facilities, records and hardware.; i. Filing of insurance claims; j.

Determining the feasibility of reoccupying the disaster site; k. Relocating emergency operations (system, network and user) to the original or a new facility and their restoration to normal service levels; l. Obtaining the appropriate funds to pay for miscellaneous services? Does the DRP classify various levels of disaster, the repercussions of each form of disaster (Classifications may include non-disaster, disaster, and catastrophe.)? Does the DRP include a notification directory of key decision-making personnel required to initiate and carry out recovery efforts? Does this directory include: a. Primary and emergency telephone numbers and addresses for each critical contact person; b.

Phone numbers and addresses for representatives of equipment and software vendors; c. Phone numbers of contacts within companies that have been designated to provide supplies and equipment or services; d.

Phone numbers of contact persons at alternative processing facilities; e. Phone numbers of insurance company agents; f. Phone numbers of contacts at contract personnel services? Does the DRP include a formalized schedule for restoring critical systems, mapped out by days of the year? Does the DRP identify key IFP and end-user personnel, and their relationships and responsibilities with regard to timely recovery?

Does the DRP identify alternative manual procedures for critical applications? Does the DRP include provisions for alternative processing facilities should a lengthy interruption of computer processing occur? If alternative processing facilities require use of a third-party site, is such relationships supported by a legal contract? Is the DRP reviewed and updated on a scheduled basis to reflect continuing recognition of changing requirements?

Were end-users involved in initial development and subsequent updates to the DRP? Critical Applications 1.

Have computer applications and systems been ranked or prioritized according to time sensitivity and criticality with regard to their necessity for resumption of business activities following a disaster (Typical risk rankings may classify systems as critical, vital, sensitive, noncritical, etc.)? Is a current copy of the DRP maintained at a secured, off-site location? Are all data and software files backed-up on a periodic basis and stored at a secured, off-site location?

The Best Of Yarbrough And Peoples Raritan. Do these backups include the following: a. Application program source code; b. Application master files; c. Application transaction files; d.

System software; e. Have the schedules for backup and off-site storage of data and software files been approved by management?

Are application run books, job stream control instructions, operating system manuals, system and program documentation, special handling instructions, input source documents, and output documents backed up and retained at a secure off-site location? Are duplicate pieces of sensitive, unique, or hard to obtain computer hardware available at an off-site location in the event of a disaster? Are telecommunication facilities backed up? Is there an adequate stock of all supplies, forms, and documents necessary to the continuation of normal business activities secured at an off-site location? Is an inventory maintained of the contents at the off-site storage location? Is the off-site storage facility subject to the same security and environmental controls as the on-site information processing facility? Has the DRP been tested in the last year (Note: Most DRP tests are limited and purposefully fall somewhat short of a full-scale test of all operational portions of the organization.)?

Did the last test of the DRP evaluation of performance of the personnel involved in the exercise? Did a recent test of the DRP include testing of actual operational activities such as data entry, telephone calls, data processing, handling orders, and movement of personnel, equipment, and suppliers? Does the documentation of the last test of the DRP detail observations, problems, strengths, weaknesses, and resolutions? Does the review of the last test of the DRP include an evaluation of elapsed time for completion of prescribed tasks, amount of work that was performed at the backup site, and the accuracy of system and data recovery?

Do training agendas exist for affected employees, including IPF and end-user personnel? Insurance Does the information processing facility insurance policy include multi-peril coverage, providing coverage for such perils as fire, water damage, fraud, long-term loss of power and other natural disasters unique to the geographic area? If so, does the policy include provisions for computer equipment, facilities, software, costs of recovery, loss of profits, and replacement of valuable papers and records?

For more details and PDF download samples, please see the table further down the page. Why should I choose one of these templates? They are proven to work. We have helped thousands of companies acheive certification. Bought by small businesses and large corporations our templates have been sold online and CD since 2002.

• Documents are MS Word files, fully editable • All documents use styles – format quickly and easily to your branding • Same format and numbering as the standard - • Each Procedure and Form is a separate document - Are the templates suitable for my business? The templates are suitable for small, medium and large businesses in all sectors. Internal Audit Templates - more detail First time implementation Transition from 9001:2008 £49.99 £96.99 With guidance & interpretation £96.99 £149.99 With guidance & interpretation Who is this for? Companies who wish to create ISO 9001 Internal Audit Documentation for the first time Good knowledge of ISO 9001:2015 Companies who wish to create ISO 9001 Internal Audit Documentation for the first time New to ISO 9001:2015 Companies already ISO 9001:2008 certified who wish to make the transition to ISO 9001:2015 for their Internal Audit Documentation Good knowledge of ISO 9001:2015 Companies already ISO 9001:2008 certified who wish to make the transition to ISO 9001:2015 for their Internal Audit Documentation New to ISO 9001:2015 Procedures. Other Templates • (ISO 9001) • (ISO 9001) • (ISO 14001) • (ISO 14001) • (ISO 9001, 14001, 18001) What is the buying process? • Make payment • Download the files • You will be sent 2 emails. The first contains a link to the download files.

The second is a sales receipt. Payment • Credit Card • Debit Card • Paypal • Purchase order – • Wire Transfer, BACS or CHAPS – After you click 'Buy now' you can choose to pay. After payment, we use to send you the download files. 100% Secure Safety is our #1 priority. We guarantee our website and payment processing is 100% secure. You can use the (VIP) Network which offers an extra layer of security when you log in to PayPal with your PayPal Security Key. Systems requirements • Microsoft Windows or Mac OS • for PC or Mac • (version 97 and newer) or (version 2.0 and newer) • (version 5 and newer) More Information • Document Format • What format are the templates?

All of the templates are supplied as MS Word (2007) documents to be edited and modified to suit your company. • Do the templates use styles and headings? Yes, the templates use styles for text and headlines, allowing you to easily and quickly adjust the formatting. • Are the headings linked to the table of contents (TOC)? Yes, the table of contents (TOC) is auto formatted to align with headings 1,2, etc. • How should I assign document numbers and their sequence?

We use the same numbering sequence as ISO 9001 in our quality manual templates. You are free to replace these with a system that works best for your staff and for the business - as long as the system is logical, documented and communicated, it should be more than adequate. • • Payment and Billing • How can I pay?

• Credit Card • Debit Card • Paypal • Bank Transfer / Wire Transfer / BACS Payment processor - We use Paypal and to process all credit card and debit card payments. Wire Transfer or BACS - Roger Daltrey Under A Raging Moon Rar. For more information please. • What currencies do you accept? Wire Transfer or BACS - All currencies. For more information please. Credit Card or Debit Card - We accept payment in 135 currencies. The currency conversion calculation will be displayed to you at the time of payment.

• Can I use a Credit Card or Debit Card? Yes, we accept payment by credit card and debit card: • Visa/Delta/Electon • Mastercard/Eurocard • Discover • American Express • Switch/Meastro Payment processor - You can choose to use Paypal or to process your credit card or debit card payments. • Can I pay by wire transfer, bank transfer or BACS? Yes, for more information please. • • Downloading and Delivery • How do I download the product? After payment you will be taken to the download page.

You will be emailed download instructions. • Can I download the product immediately and start using it? • Do you send me an email with the download? • How do I download the product if I pay by bank transfer or BACS? You will be sent an email.

For more information please. • • Support • Do you provide ongoing support? Yes, we provide ongoing technical support and can advise on questions regarding the templates and their application. Please to discuss your requirements and ensure our templates are right for you. • Can I call you? Yes, you can. For ISO 9001 documentation support it is best to with your documentation attached along with your questions.

• Do you offer consultancy services? Yes we offer ISO consultancy services in the UK, please for more information.

• • License and Updates • What is the product license? Template license - the product is licensed for you to use within one company indefinately. For more details please read our. Support and Updates - you receive one years email support and updates from the date of purchase. If you have any questions, please with your documentation attached along with your questions. • Can I use the Templates for more than one company? If you wish to use the templates for another company, and we will offer you a discount on subsequent purchases.

• How often do you update the products? Product development - major updates occur once a year, generally in January or February. This includes updates to the Quality Manual Template, procedures and supporting materials. Auditors like to see continuous improvement to your Quality System documentation. We aim to help you by refining the documentation through projects we have worked on throughout the year.

Implementing these changes to your Quality Manual or Procedures provides evidence of this work for your next Audit. We also provide new content we insert into the Template packages to you free of charge - for example this year we are working on training materials for Internal Auditor and Staff Training.

Minor improvements are not usually scheduled for release as an update unless they will help your business - such as better processes or flow-chart diagrams. • Any Questions? Please email or call us on 020 8144 1863 if you have any questions about our Quality Manual Templates and if they're suitable for you.

Recent Clients Please. 'Excellent value for money, simple, easy to follow, professional and comprehensive and would recommend it without reservation to any company seeking ISO accreditation.

With these documents, we achieved accreditation, with praise from the accrediting organisation for our outstanding system.' - Chania Trent GPS Ltd 'I found the service exceptional and the content of the manufacturing Pack easy to use, understand and implement. Definately leagues ahead of competitors offerings.' - PMD Device Solutions Limited 'Excellent quality manual and procedures - Easy to use.' - Asco Industries 'A massive assist within the implementation process and subsequent U.K.A.S certification award. The external Auditors commented upon the presentation standard of the documentation.

Simple to follow and amend to bespoke requirements and procedures.' - Queensgate Instruments.