Post on 06-May-2015
WHY Business Continuity Planning
• Business Interruption
• Employees
• Critical Information
• Business Resumption
If your normal business operations are interrupted ….
• Mission Critical Business Functions
• Severity of Business Interruption
• Business Continuity Plan
Main Menu
Stages of BCP life-cycle and their deliverables
Elements of business continuity management
Business continuity best practices, standards, and guidelines
Example of Business Continuity Outline
Short term and long term Strategies of BC
Business Continuity, Disaster Recovery and Crisis Management 1
2
3
4
5
6
7 FFIEC Business Continuity Guidelines
Main Menu
Stages of BCP life-cycle and their deliverables
Elements of business continuity management
Business continuity best practices, standards, and guidelines
Example of Business Continuity Outline
Short term and long term Strategies of BC
Business Continuity, Disaster Recovery and Crisis Management
1
2
3
4
5
6
7 FFIEC Business Continuity Guidelines
Do You Know
Do you know the difference between
Business Continuity
Disaster Recovery
Crisis Management
Do you know the difference betweenPlans?
Business Continuity Disaster Recovery Crisis Management
Resuming service delivery
Duplicating computer operations after a catastrophe occurs
Evacuating staff and visitors
How did 9/11 Plans Work?
Business Continuity Disaster Recovery Crisis Management
• Company inside WTC: Loss of paper files
• Company near WTC: Damages - Toll on the staff
• Service providers for disaster recovery sites• Duration of expected recovery time • PACE University
evacuating staff still left human psychological damages
Main Menu
Stages of BCP life-cycle and their deliverables
Elements Of Business Continuity Management
Business continuity best practices, standards, and guidelines
Example of Business Continuity Outline
Short term and long term Strategies of Business Continuity
Business Continuity, Disaster Recovery and Crisis Management 1
2
3
4
5
6
7 FFIEC Business Continuity Guidelines
CommunicationsEquipment
Information
IS/IT
People
Your organizationYour reputation
Processes &Capabilities
Facilities & Infrastructure
What’s at stake
Information
“Some day on the corporate balance sheet, there will be an entry which reads information, for in most cases the information is more valuable than the hardware which possess it.”
Admiral Grace Murray Hopper, United States Navy.
Photo Source: http://www.cacr.math.uwaterloo.ca/conferencesl
Implement the Business Continuity Management in a Corporate
2
7 Corporate Business Continuity
Elements Of Corporate Business Continuity Management
2
Enterprise Risk Management
Crisis Management
Pre-Event Phase Event Phase Post Event Phase
Enterprise Risk Management
Business Continuity ManagementBusiness Continuity
Management
Thailand Tsunami
Quiet bungalows on 25 Dec 2004 at 2:25pm
Same view on 1 Jan 2005 at 1:25pm
Risk Management – Identifying and Preventing The Causes before they happen
Business Continuity – Dealing with the Consequences after they happen
7 Corporate Business Continuity
Business Continuity
Management: BIA – BCP – Test BCP
Elements Of Corporate Business Continuity Management
2
Enterprise Risk Management: Risk Assessment – Risk
Strategy – Risk Appetite Crisis
Management: Escalation – Follow up
Pre-Event Phase Event Phase Post Event Phase
Business Continuity
Management: Update BCP – Test
BCP
Enterprise Risk Management:
Review Assessment - Strategies
Risk vs. Continuity
Risk Management Business Continuity Management
Key method Risk Analysis Business Impact Analysis
Key parameters Impact & Probability Impact and Time
Type of incident All types of events - though usually segmented
Events causing significant business disruption to critical services and capabilities
Size of events All sizes (costs) of events – although usually segmented
For strategy planning: “survival” threatening incidents only
Intensity All from gradual to sudden Sudden or rapid events (though response may also be appropriate if a creeping incident becomes severe)
Table: Comparison on Risk Management and Business Continuity Management (Source: The Business Continuity Institute, (2005), Good Practice Guidelines – A Framework for Business Continuity Management, UK).
Main Menu
Stages of BCP life-cycle and their deliverables
Elements of business continuity management
Business continuity best practices, standards, and guidelines
Example of Business Continuity Outline
Short term and long term Strategies of Business Continuity
Business Continuity, Disaster Recovery and Crisis Management 1
2
3
4
5
6
7 FFIEC Business Continuity Guidelines
Business Impact Analysis
3Initiation
and Management
1
Risk Evaluation
And Control
2
DevelopingBC
MgmtStrategies
4
EmergencyResponse
And Operations
5
Developing& Implementing
BC & CMPlans
6
AwarenessAnd
TrainingPrograms
7Maintaining &ExercisingBC & CM
Plans
8
CrisisCommunication
9
CoordinationWith External
Agencies
10
BCMShort Term Strategy
BCM Project for Startup
Elements Of Business Continuity Management
3
Set and Manage
Strategy Policy and Governance
Think and Analyze
Business Impact Analysis (BIA)
Risk Assessment
Run and Test
Scheduled Exercises
Maintenance
Audit
Reporting
Write and Maintain
Crisis Management (CM)
Disaster Recovery (DR)
Work area Recovery (WR)
Business Continuity Management Long Term Strategy
Main Menu
Stages of BCP life-cycle and their deliverables
Elements of business continuity management
Business continuity best practices, standards, and guidelines
Example of Business Continuity Outline
Short term and long term Strategies of Business Continuity
Business Continuity, Disaster Recovery and Crisis Management 1
2
3
4
5
6
7 FFIEC Business Continuity Guidelines
Business continuity best practices, standards, and guidelines
M
4
•BS 25999-1:2006 Country: United Kingdom
•NFPA 1600 Country: United States
•CSA Z1600 Country: Canada
•HB 221:2004 Country: Australia
•HB 292-2006 Country: Australia
•BS25777 Country: United Kingdom
•BS ISO/IEC 17799:2005 Country: United Kingdom
Main Menu
Stages of BCP life-cycle and their deliverables
Elements of business continuity management
Business continuity best practices, standards, and guidelines
Example of Business Continuity Outline
Short term and long term Strategies of Business Continuity
Business Continuity, Disaster Recovery and Crisis Management 1
2
3
4
5
6
7 FFIEC Business Continuity Guidelines
Business Continuity Plan OutlineExample
TABLE OF CONTENTS
1. BUSINESS FUNCTION DETAILS
2. WORKAREA IMPACT
2.1 Staff Impact
2.2 Financial & Operational Impact
2.3 Other Factors
3. TECHNICAL SERVICE IMPACT
3.1 Technical Impact
4. Dependencies
5. Applications Needed
6. Standard Workstations Needed
7. Vital Records [Electronic]
8. Vital Records [Paper]
9. Significant Information
Business Continuity Plan OutlineExample
ItemRecovery Time Objective
N/A 0-4 hrs
8-24 hrs
3 days
5 days U (specify)
Service to customer
Image / market share
3rd party involvement
Management capability
Operational Impact
Main Menu
Stages of BCP life-cycle and their deliverables
Elements Of Business Continuity Management
Business continuity best practices, standards, and guidelines
Example of Business Continuity Outline
Short term and long term Strategies of Business Continuity
Business Continuity, Disaster Recovery and Crisis Management 1
2
3
4
5
6
7 FFIEC Business Continuity Guidelines
1. Launch BCP Project
6
Stages Of BCP Life-cycle And Their Deliverables
2. Review Mission and Business Functions
3. Conduct a Business Impact Analysis
4. Develop Needed Policies, Procedures and Protocols
5. Create a Written BCP
6. Test and Maintain Your BCP
7. Inspire a Continuity Culture
1. Launch BCP Project
• Board and Executive Management Team • Project Team
• Employees
2. Review Mission and Business Functions
M
• Mission-Critical Services
• Maximum Acceptable Downtime
• Source of Interruption
• Service Delivery
3. Conduct a Business Impact Analysis
M
Purpose of BIA
• Effects on business function
• Criticality of business function
4. Develop Needed Policies, Procedures and Protocols
M
• What should be included• Document • Stakeholders
5. Create a Written BCP
M
• Table of Contents
• Distribution strategy
6. Test and Maintain Your BCP
M
•Realistic Conditions Approach
• Tabletop Exercise
• Simulated Event Exercise •Debriefing Participants
•Plan Maintenance
7. Inspire a Continuity Culture
M
• Employee training
• Regular Testing
• Periodic evaluation of BCP
Main Menu
Stages of BCP life-cycle and their deliverables
Elements Of Business Continuity Management
Business continuity best practices, standards, and guidelines
Example of Business Continuity Outline
Short term and long term Strategies of Business Continuity
Business Continuity, Disaster Recovery and Crisis Management 1
2
3
4
5
6
7 FFIEC Business Continuity Guidelines
Country, Territory and AreaCumulative total
Cases Deaths
Algeria 2 0
Argentina 1391 21
Australia 3280 3
Bahrain 15 0
Canada 6732 19
Chile 5186 7
China 1089 0
Colombia 72 2
Costa Rica 222 1
Dominican Republic 108 2
Egypt 43 0
Germany 333 0
Guatemala 254 2
Honduras 118 1
Israel 405 0
Country, Territory and AreaCumulative total
Cases Deaths
Japan 1049 0
Jordan 15 0
Kuwait 30 0
Mexico 8279 116
Morocco 11 0
Oman 3 0
Philippines 445 1
Qatar 10 0
Saudi Arabia 48 0
Tunisia 2 0
United Arab Emirates 7 0
United Kingdom 3597 1
United States of America 21449 87
West Bank and Gaza Strip 9 0
Yemen 6 0
Grand Total 59,814 263
26 June 2009 07:00 GMT W.H.O Influenza A(H1N1) Update
Differences between Traditional BCP and Pandemic Planning
M
7 Federal Financial Institutions Examination Council (FFIEC) Business Continuity Guidelines
1. A preventive program
2. A documented strategy
3. A comprehensive framework 4. A testing program
5. An oversight program
THANK
YOU