Buisness contingency plan
description
Transcript of Buisness contingency plan
AN APPROACH TO BUSINESS CONTINUITY MANAGEMENT
(FOR THE PEOPLE WHO WORK FOR THE PEOPLE)
PREPARED BYSHIBASURJYA &TRIDEEP
What is BCM ?
WHAT ARE DISASTERS ?
TSUNAMI
TORNADOEARTHQUAKE
FLOOD
TERRORIST ATTACKFIREIMPACT OF DISASTER
1. Project Initiation and Planning2. Business impact analysis and risk analysis3. Business Continuity Planning
a. Preparing for possible emergencyb. Disaster recoveryc. Business recovery
4. Training and awareness5. Testing6. Maintenance and managing to keep it up to
date.
STEPS IN BCM
PROJECT INITIATION & PLANNING
In this phase an agreement is arrived upon by the senior management on the need of Business recovery and continuity planning.
Development of BCP should be driven from the board level and a proper budget and an assurance of cooperation is of prime importance.
Then this is followed by organization of planning team comprising of individuals of various departments and consultants to undertake detailed technical analysis and business recovery planning.
Then the scope and the aim of Business recovery plan is identified and an brief over view of the recovery program is defined.
BUSINESS IMPACT ANALYSIS & RISK
ANALYSIS
It involves understanding the business and identifying the key business functions.
Data from the middle management is very helpful for the understanding the criticality of the functions of the various departments.
Impacts on the business can be divided into qualitative and quantitative aspects.◦ Quantitative aspects include the financial
impacts.◦ Qualitative aspects is the operational impacts.
Risk analysis starts by documenting the threats to these processes, their internal vulnerabilities and the consequences of various failure scenarios.
At the end we estimate how to control the impact of the most serious ones.
Risk analysis can also b done by using software packages with the database of historical threats and vulnerabilities relevant to the organization’s environment and business.
CONT….
BUSINESS CONTINUITY PLANNING
PREPARING FOR POSSIBLE EMERGENCIES
IDENTIFYING WAYS TO PREVENT AN EMERGENCY FROM TURNING INTO A DISASTER.
PRIMARY FOCUS SHOULD BE ON KEY BUSINESS PRACTICES.
ORGANIZATIONS SHOULD BE PREPARED FOR POSSIBLE EMERGENCY SITUATIONS WITH BACK-UP AND PREVENTIVE STRATEGIES.
◦ ALTERNATIVE BUSINESS PROCESS HANDING STRATEGY.◦ IT SYSTEM BACKUP AND RECOVERY STRATEGY. ◦ PREMISES AND ESSENTIAL EQUIPMENT BACK-UP AND RECOVERY
STRATEGY.◦ CUSTOMER SERVICE BACK-UP AND RECOVERY STRATEGY.◦ ADMINISTRATION AND OPERATION BACK-UP AND RECOVERY
STRATEGY.◦ INFORMATION AND DOCUMENTATION BACK-UP AND RECOVERY
STRATEGY.◦ INSURANCE COVERAGE.
BACK-UP AND RECOVERY STRATEGIES
THERE ARE SOME KEY MEMBERS OF MANAGEMENT AND STAFF WHO WILL PROVIDE THE TECHNICAL AND MANAGEMENT SKILLS NECESSARY TO ACHIEVE A SMOOTH BUSINESS RECOVERY PROCESS.
THESE KEY MEMBERS SHOULD BE PICKED ACCORDING TO THE SITUATION TO AVOID A CHAOS AND WILL BE RESPONSIBLE FOR IMPLEMENTATION OF BCP.
◦ FUNCTIONAL ORGANIZATION CHART.◦ BCP PROJECT COORDINATOR AND DEPUTY FOR EACH KEY
FUNCTIONAL AREA.◦ KEY PERSONNEL, SUPPLIERS, VENDORS AND EMERGENCY CONTACT
INFORMATION.◦ MANPOWER RECOVERY STRATEGY.◦ THE DISASTER RECOVERY TEAM.
KEY BCP PERSONNEL AND SUPPLIES.
ALL ORGANIZATIONS HAVE DOCUMENTS, RECORDS AND PROCEDURES, WHICH ARE, CONSIDERED VITAL PART OF THEIR OPERATION.
◦ DOCUMENTS AND RECORDS VITAL TO BUSINESS PROCESSES.
◦ EMERGENCY STATIONARY AND OFFICE SUPPLIES.◦ MEDIA HANDLING PROCEDURES.◦ EMERGENCY AUTHORIZATION PROCEDURES.◦ BUDGET FOR BACK-UP AND RECOVERY PHASE.
KEY DOCUMENT AND PROCEDURES
THE PRIORITY OF DURING THE DISASTER RECOVERY PHASE ARE
◦ THE SAFETY AND WELL BEING OF THE EMPLOYEES AND OTHER INVOLVED PERSONS,
◦ COMPLETION OF DAMAGE ASSESSMENT FORM,◦ THE MINIMIZATION OF EMERGENCY ITSELF,◦ THE MINIMIZATION OF THE THREAT OF FURTHER
DAMAGE,◦ REESTABLISHMENT OF EXTERNAL SERVICES SUCH AS
POWER, COMMUNICATION, WATER ETC.
ASSESSMENT OF INITIAL EMERGENCY SITUATION.
MOBILIZING THE DISASTER RECOVERY TEAM AND ASSESSING THE SCALE OF EMERGENCY.
IDENTIFICATION OF POTENTIAL DISASTER STATUS.
INVOLVEMENT OF EMERGENCY SERVICES. ASSESSING THE POTENTIAL BUSINESS IMPACT
OF THE EMERGENCY.
HANDLING TE EMERGENCY SITUATION
COMMUNICATION IS ONE OF THE MOST IMPORTANT INGREDIENTS.◦ IT IS NECESSARY TO KEEP VARIOUS GROUPS INFORMED
LIKE: DISASTER RECOVERY TEAM, BUSINESS RECOVERY TEAM, SENIOR &MIDDLE MANAGEMENT, FAMILIES OF AFFECTED EMPLOYEES, MEDIA ETC.
MOBILIZING THE DISASTER RECOVERY TEAM. DISASTER RECOVERY PHASE REPORT.
NOTIFICATION AND REPORTING DURING DISASTER RECOVERY PHASE.
Business recovery
THE BUSINESS RECOVERY INVOLVES THE RESTORATION OF NORMAL BUSINESS OPERATION AFTER AN UNEXPECTED EVENT.
THE EFFICIENCY AND THE EFFECTIVENESS OF THE PROCEDURES COULD HAVE A DIRECT BEARING ON ORGANIZATION’S ABILITY TO SURVIVE THE EMERGENCY.
MOBILIZING THE BUSINESS RECOVERY TEAM. ASSESSING EXTENT OF DAMAGE AND BUSINESS IMPACT. PREPARING SPECIFIC RECOVERY PLAN. MONITORING PROGRESS. KEEPING EVERYONE INFORMED. HANDING BUSINESS OPERATION BACK TO REGULAR
MANAGEMENT. PREPARING BUSINESS RECOVERY PHASE REPORT.
MANAGING THE BUSINESS RECOVERY
TRAINING & AWARENESS
PLANDOCHECKACT
PDCA CYCLE
A documented BCP awareness Awareness program should embrace the
culture & language of the enterprise Train-the-Trainer sessions should be
provided
Key aspect
BCP TESTING ACTIVITIES
PLANNING THE TESTS CONDUCTING THE TESTS
Objective & scope of tests Simulating & setting the Test Environment Preparation of Test Data Identifying who is to conduct the Tests Identifying who is to control & Monitor the Tests Preparing Feedback Questionnaires Preparing Budget For Testing Phase Training the core Testing team for each Business
unit Preparing the testing Policy & Guidelines
TEST PLANNING
Test Each part of Business Recovery Process Test Accuracy of Employee & Vendor
Emergency Contact Numbers Assess test results
CONDUCTING THE TESTS
PLAN MAINTENANCE & KEEPING IT UP-TO-DATE
Maintaining & keeping the BCP up-to-date ensuring its effectiveness is a continuous process
Maintenance procedures & schedules should be established
A schedule for regular, systematic review of the content of the disaster recovery/business resumption plan should also be provided along with defining a procedure for making appropriate changes to plan
Getting management buy-in & commitment evidenced by the provision of adequate resources & budget with the responsibility of BCP resting with top executives
Clearly spelling out management’s objective BCF should be designed from start as a business
requirement “Whole-System” continuity should be planned Plans should be continuously tested It should be ensured that continuity plans are
accessible
Key Success factors
85% of large organization have some sort of disaster recovery plan, a broader business recovery plan, & only 10% to 15 % of those are up to date
2 of 5 business experiencing a disaster are likely to be gone in 5 years
GARTNER ESTIMATES
No one plans to fail, they just fail to plan.
There is an Old Saying…