5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum benefit from the process

18
ANB Confidential Continuity and Resilience (CORE) ISO 22301 BCM Consulting Firm Presentations by speakers at the 5 th Middle East Business & IT Resilience Summit 20 21 April 2016 Palace Hotel DownTown Dubai Our Contact Details: INDIA UAE Continuity and Resilience Level 15,Eros Corporate Tower Nehru Place ,New Delhi-110019 Tel: +91 11 41055534/ +91 11 41613033 Fax: ++91 11 41055535 Email: [email protected] Continuity and Resilience P. O. Box 127557 Abu Dhabi, United Arab Emirates Mobile:+971 50 8460530 Tel: +971 2 8152831 Fax: +971 2 8152888 Email: [email protected] Please write to us if you would like to get in touch with the Speaker

Transcript of 5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum benefit from the process

Page 1: 5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum benefit from the process

ANB Confidential

Continuity and Resilience (CORE)

ISO 22301 BCM Consulting Firm

Presentations by speakers at the

5th Middle East Business & IT Resilience Summit

20 – 21 April 2016 – Palace Hotel DownTown Dubai

Our Contact Details:

INDIA UAE

Continuity and Resilience

Level 15,Eros Corporate Tower

Nehru Place ,New Delhi-110019

Tel: +91 11 41055534/ +91 11 41613033

Fax: ++91 11 41055535

Email: [email protected]

Continuity and Resilience

P. O. Box 127557

Abu Dhabi, United Arab Emirates

Mobile:+971 50 8460530

Tel: +971 2 8152831

Fax: +971 2 8152888

Email: [email protected]

Please write to us if you would like to get in touch with the Speaker

Page 2: 5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum benefit from the process

ANB Confidential

Business Impact Analysis – How To

Derive Maximum Benefit From The

Process?

Abdulrahman Alonaizan

Manager – Business Continuity Division

Arab National Bank

Saudi Arabia

2

Page 3: 5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum benefit from the process

ANB Confidential

3

Maintain and

Improve

(Act)

Implement and

Operate

(Do)

Establish

(Plan)

Monitor and

Review

(Check)

The BCM Cycle

I. Plan

a. Determining BCM Strategy

b. Embedding BCM in ANB Culture

II. Do

a. Continuity Level Agreement

(CLA)

b. Understanding the Organization

(BIA/Risk Analysis )

c. Developing & Implementing BCM

Response

d. Business Continuity Plan ( BCP )

e. Exercising , Maintenance and

Review (Scenarios)

III. Check

a. Management review

b. Auditing (External/Internal)

c) Act

Corrective Actions and

Preventions

Page 4: 5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum benefit from the process

ANB Confidential

The Business Impact Analysis (BIA) process

Information Collection

Impact Analysis

Measuring of disruptions

Deriving BC Strategies

Developing BC Plans

4

Page 5: 5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum benefit from the process

ANB Confidential

Information Collection

Sample BIA Survey Page

5

Service Code RGCAC01 RGCAC02 RGCAC03

Service Name Credit Document

Custody

Credit Limits

Maintenance

Credit Admin

Description Keep the Original copies

of documents from

Clients

Enter clients credit limit,

check loans against

limits.

- Update Credit

Information.

- Credit Reporting.

- Credit checking with

ANB and Others Banks.

- Enter treasury related

limits.

Is this service critical? Yes Yes Yes

Is there a workaround for the service /

process? If yes, please describe briefly

Yes, Manual Procedures No (Needs applications) No (Needs applications)

Minimum level at which the service needs to

be performed upon resumption

60% 60% 60%

Are there any seasonal features / aspects of

this service / process

Every last week of the

Month

Every last week of the

Month

Every last week of the Month

Page 6: 5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum benefit from the process

ANB Confidential

Information Analysis

Understand business processes

Define resource requirements

Determine business impact

Determine dependencies

Identify vital records

6

Page 7: 5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum benefit from the process

ANB Confidential

Disruption Timeline

7 7 7

Business As Usual

Time

Target time to recover the

service or product after an

incident

Service / product could not be

recovered. Organization’s

viability unresolved threatened.

RTO MTPD

Crisis

Management

BCMS

Plan

DO

Check

Act

Business

Continuity

Plan

Page 8: 5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum benefit from the process

ANB Confidential

Financial Impact

Methodology to link the RTO with the financial

loss due to the disruption of a service

If average daily net income of Organization is: SR 1,000,000

2% of average daily net income of Organization: SR 20,000

Average hourly lost revenue due to service disruption : SR 2,500

The RTO will be reached at (20,000/2500) = 8 hours 8

Page 9: 5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum benefit from the process

ANB Confidential

9

Page 10: 5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum benefit from the process

ANB Confidential

Using BIA results for Business Continuity Plans

Information update

o Resource requirements

Technology

Staff

Workplace

Dependencies

Workarounds / Manual Procedures

Vital Records

10

Page 11: 5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum benefit from the process

ANB Confidential

BC Strategy Elements Derived from BIA

Services RTO / MTPoD

Sequence of recovery

Seating capacity requirements

DRC capabilities

11

Page 12: 5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum benefit from the process

ANB Confidential

Corporate BIA

The Corporate BIA focuses on the business impact of a

disruption at the corporate level.

The objectives of the Corporate BIA Report are to:

Analyze continuity resource requirements from the

corporate viewpoint

Highlight the key items which need to be addressed at

the corporate level

12

Page 13: 5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum benefit from the process

ANB Confidential

key Resources

The Corporate BIA reviews the key resources of the

organization which have to be available for the business to

continue its operations and provide services to its

customers:

Technology

Workplace

People

13

Page 14: 5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum benefit from the process

ANB Confidential

Technology

DRC technical capacity

to provide continuity for

all services in the

Business Continuity

Plans

DRC technical

sustainability

Data replication

Sequence of recovery

14

Page 15: 5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum benefit from the process

ANB Confidential

Workplace

Review with Group managers’

about workspace requirements

o Up to three months’ time

from the disruption

o Up to 6 months’ time

o Up to one year time

Alternate arrangements

(e.g. shifts, work from home)

Summarized recommendations

15

Page 16: 5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum benefit from the process

ANB Confidential

People

Options to be considered to address unavailability

of staff (e.g. pandemic):

Working from home

Outsourcing

Skills matrix

16

Page 17: 5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum benefit from the process

ANB Confidential

Thank You

Any questions?

17

Page 18: 5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum benefit from the process

ANB Confidential

18

Continuity and Resilience (CORE)

ISO 22301 BCM Consulting Firm

Presentations by speakers at the

5th Middle East Business & IT Resilience Summit

20 – 21 April 2016 – Palace Hotel DownTown Dubai

Our Contact Details:

INDIA UAE

Continuity and Resilience

Level 15,Eros Corporate Tower

Nehru Place ,New Delhi-110019

Tel: +91 11 41055534/ +91 11 41613033

Fax: ++91 11 41055535

Email: [email protected]

Continuity and Resilience

P. O. Box 127557

Abu Dhabi, United Arab Emirates

Mobile:+971 50 8460530

Tel: +971 2 8152831

Fax: +971 2 8152888

Email: [email protected]

Please write to us if you would like to get in touch with the Speaker