ORA [Implement] Questionnaires: Map Processes and Resources

What is the Mapping of Processes and Resources?

Mapping is identifying, documenting and understanding the activities involved in delivering critical business services.

An organisation should identify, document and map the necessary people, processes, information, technology, facilities, and third parties service providers required to deliver each of its critical business services. This exercise should be undertaken collaboratively across the business to ensure comprehensive mapping.

1. People

• Are key roles and responsibilities clearly defined for supporting the delivery of products and services?
• Is there an organisational structure that ensures appropriate staffing levels and reporting lines?
• Are succession plans in place to mitigate risks associated with key personnel dependencies?
• Is there a process for identifying and addressing skill gaps or training needs?

2. Processes

• Are the critical processes for delivering products and services identified and documented?
• Are there documented procedures and workflows for each critical process?
• Are process owners assigned and accountable for the effectiveness and efficiency of the processes?
• Is there a process for regularly reviewing and updating documented procedures?

3. Technology

• Have the necessary technology systems and applications for delivering products and services been identified?
• Is there a comprehensive inventory of technology assets, including hardware, software, and networks?
• Are there backup and recovery procedures in place for critical technology systems?
• Is there a process for monitoring and updating technology infrastructure to ensure reliability and security?

4. Facilities

• Are the physical facilities required for delivering products and services identified?
• Is there an assessment of the adequacy and reliability of the facilities?
• Are contingency plans in place to address facility disruptions, such as alternate locations or remote work capabilities?
• Is there a process for maintaining and testing the infrastructure and facilities?

5. Information

• Is there a clear understanding of the information required to support the delivery of products and services?
• Are systems and procedures in place to ensure information integrity, availability, and confidentiality?
• Is there a backup and recovery strategy for critical information and data?
• Are there mechanisms for regular data backups, testing of data restoration, and protection against data breaches?

6. Inter-dependencies and Inter-connections

• Have the dependencies and interconnections among people, processes, technology, facilities, and information been identified and documented?
• Is there an understanding of how disruptions to one resource can impact others?
• Are there contingency plans in place to address disruptions in dependent resources?
• Is there a process for regularly reviewing and updating the mapping of dependencies and interconnections?

7. Performance Monitoring

• Is there a monitoring process to track the performance and availability of resources?
• Are there defined metrics and indicators to measure the effectiveness and efficiency of resource utilisation?
• Is there a reporting mechanism to communicate resource performance to relevant stakeholders?
• Are there mechanisms to identify and address resource bottlenecks or capacity constraints?

8. Testing and Validation

• Are resources tested and validated through exercises and simulations?
• Is there a process to assess whether the resources can adequately support the delivery of products and services?
• Are testing and validation results used to refine and improve resource mapping and related plans?

9. Documentation and Communication

• Is the mapping of resources well-documented and easily accessible to relevant personnel?
• Is there clear communication of roles, responsibilities, and dependencies among stakeholders?
• Are there mechanisms to ensure resource mapping updates are effectively communicated to relevant parties?
• Is there a process for addressing feedback and incorporating suggestions for resource optimisation?

10. Continuous Improvement

• Is there a process to capture and incorporate lessons learned from disruptions into resource mapping and planning?
• Is there a culture of continuous improvement to enhance the organisation's ability to deliver products and services?
• Are resource mapping and planning regularly reviewed to ensure they remain aligned with the organisation's objectives and evolving needs?

Questionnaires and Checklist "Implement" Phase

Set Impact Tolerance

Conduct Scenario Testing

Improve Lesson Learnt