WHY Business Continuity Planning Business Interruption

WHY Business Continuity Planning

• Business Interruption

• Employees

• Critical Information

• Business Resumption

http://us.fotolia.com/id/303702

If your normal business operations are interrupted ….

• Mission Critical Business Functions

• Severity of Business Interruption

• Business Continuity Plan

Main Menu

Stages of BCP life-cycle and their deliverables

Elements of business continuity management

Business continuity best practices, standards, and guidelines

Example of Business Continuity Outline

Short term and long term Strategies of BC

Business Continuity, Disaster Recovery and Crisis Management 1

2

3

4

5

6

7 FFIEC Business Continuity Guidelines

Main Menu





Short term and long term Strategies of BC

Business Continuity, Disaster Recovery and Crisis Management

1

2

3

4

5

6


Do You Know

Do you know the difference between

Business Continuity

Disaster Recovery

Crisis Management

Do you know the difference betweenPlans?

Business Continuity Disaster Recovery Crisis Management

Resuming service delivery

Duplicating computer operations after a catastrophe occurs

Evacuating staff and visitors

How did 9/11 Plans Work?

Business Continuity Disaster Recovery Crisis Management

• Company inside WTC: Loss of paper files

• Company near WTC: Damages - Toll on the staff

• Service providers for disaster recovery sites• Duration of expected recovery time • PACE University

evacuating staff still left human psychological damages

Main Menu


Elements Of Business Continuity Management



Short term and long term Strategies of Business Continuity


2

3

4

5

6


CommunicationsEquipment

Information

IS/IT

People

Your organizationYour reputation

Processes &Capabilities

Facilities & Infrastructure

What’s at stake

Information

“Some day on the corporate balance sheet, there will be an entry which reads information, for in most cases the information is more valuable than the hardware which possess it.”

Admiral Grace Murray Hopper, United States Navy.

Photo Source: http://www.cacr.math.uwaterloo.ca/conferencesl

Implement the Business Continuity Management in a Corporate

2

7 Corporate Business Continuity

Elements Of Corporate Business Continuity Management

2

Enterprise Risk Management

Crisis Management

Pre-Event Phase Event Phase Post Event Phase

Enterprise Risk Management

Business Continuity ManagementBusiness Continuity

Management

Thailand Tsunami

Quiet bungalows on 25 Dec 2004 at 2:25pm

Same view on 1 Jan 2005 at 1:25pm

Risk Management – Identifying and Preventing The Causes before they happen

Business Continuity – Dealing with the Consequences after they happen

7 Corporate Business Continuity

Business Continuity

Management: BIA – BCP – Test BCP

Elements Of Corporate Business Continuity Management

2

Enterprise Risk Management: Risk Assessment – Risk

Strategy – Risk Appetite Crisis

Management: Escalation – Follow up

Pre-Event Phase Event Phase Post Event Phase

Business Continuity

Management: Update BCP – Test

BCP

Enterprise Risk Management:

Review Assessment - Strategies

Risk vs. Continuity

Risk Management Business Continuity Management

Key method Risk Analysis Business Impact Analysis

Key parameters Impact & Probability Impact and Time

Type of incident All types of events - though usually segmented

Events causing significant business disruption to critical services and capabilities

Size of events All sizes (costs) of events – although usually segmented

For strategy planning: “survival” threatening incidents only

Intensity All from gradual to sudden Sudden or rapid events (though response may also be appropriate if a creeping incident becomes severe)

Table: Comparison on Risk Management and Business Continuity Management (Source: The Business Continuity Institute, (2005), Good Practice Guidelines – A Framework for Business Continuity Management, UK).

Main Menu







2

3

4

5

6


Business Impact Analysis

3Initiation

and Management

1

Risk Evaluation

And Control

2

DevelopingBC

MgmtStrategies

4

EmergencyResponse

And Operations

5

Developing& Implementing

BC & CMPlans

6

AwarenessAnd

TrainingPrograms

7Maintaining &ExercisingBC & CM

Plans

8

CrisisCommunication

9

CoordinationWith External

Agencies

10

BCMShort Term Strategy

BCM Project for Startup


3

Set and Manage

Strategy Policy and Governance

Think and Analyze

Business Impact Analysis (BIA)

Risk Assessment

Run and Test

Scheduled Exercises

Maintenance

Audit

Reporting

Write and Maintain

Crisis Management (CM)

Disaster Recovery (DR)

Work area Recovery (WR)

Business Continuity Management Long Term Strategy

Main Menu







2

3

4

5

6



M

4

•BS 25999-1:2006 Country: United Kingdom

•NFPA 1600 Country: United States

•CSA Z1600 Country: Canada

•HB 221:2004 Country: Australia

•HB 292-2006 Country: Australia

•BS25777 Country: United Kingdom

•BS ISO/IEC 17799:2005 Country: United Kingdom

Main Menu







2

3

4

5

6


Business Continuity Plan OutlineExample

TABLE OF CONTENTS

1. BUSINESS FUNCTION DETAILS

2. WORKAREA IMPACT

2.1 Staff Impact

2.2 Financial & Operational Impact

2.3 Other Factors

3. TECHNICAL SERVICE IMPACT

3.1 Technical Impact

4. Dependencies

5. Applications Needed

6. Standard Workstations Needed

7. Vital Records [Electronic]

8. Vital Records [Paper]

9. Significant Information

Business Continuity Plan OutlineExample

ItemRecovery Time Objective

N/A 0-4 hrs

8-24 hrs

3 days

5 days U (specify)

Service to customer

Image / market share

3rd party involvement

Management capability

Operational Impact

Main Menu







2

3

4

5

6


1. Launch BCP Project

6

Stages Of BCP Life-cycle And Their Deliverables

2. Review Mission and Business Functions

3. Conduct a Business Impact Analysis

4. Develop Needed Policies, Procedures and Protocols

5. Create a Written BCP

6. Test and Maintain Your BCP

7. Inspire a Continuity Culture

1. Launch BCP Project

• Board and Executive Management Team • Project Team

• Employees

2. Review Mission and Business Functions

M

• Mission-Critical Services

• Maximum Acceptable Downtime

• Source of Interruption

• Service Delivery

3. Conduct a Business Impact Analysis

M

Purpose of BIA

• Effects on business function

• Criticality of business function

4. Develop Needed Policies, Procedures and Protocols

M

• What should be included• Document • Stakeholders

5. Create a Written BCP

M

• Table of Contents

• Distribution strategy

6. Test and Maintain Your BCP

M

•Realistic Conditions Approach

• Tabletop Exercise

• Simulated Event Exercise •Debriefing Participants

•Plan Maintenance

7. Inspire a Continuity Culture

M

• Employee training

• Regular Testing

• Periodic evaluation of BCP

Main Menu







2

3

4

5

6


Country, Territory and AreaCumulative total

Cases Deaths

Algeria 2 0

Argentina 1391 21

Australia 3280 3

Bahrain 15 0

Canada 6732 19

Chile 5186 7

China 1089 0

Colombia 72 2

Costa Rica 222 1

Dominican Republic 108 2

Egypt 43 0

Germany 333 0

Guatemala 254 2

Honduras 118 1

Israel 405 0

Country, Territory and AreaCumulative total

Cases Deaths

Japan 1049 0

Jordan 15 0

Kuwait 30 0

Mexico 8279 116

Morocco 11 0

Oman 3 0

Philippines 445 1

Qatar 10 0

Saudi Arabia 48 0

Tunisia 2 0

United Arab Emirates 7 0

United Kingdom 3597 1

United States of America 21449 87

West Bank and Gaza Strip 9 0

Yemen 6 0

Grand Total 59,814 263

26 June 2009 07:00 GMT W.H.O Influenza A(H1N1) Update

Differences between Traditional BCP and Pandemic Planning

M

7 Federal Financial Institutions Examination Council (FFIEC) Business Continuity Guidelines

1. A preventive program

2. A documented strategy

3. A comprehensive framework 4. A testing program

5. An oversight program

THANK

YOU

WHY Business Continuity Planning Business Interruption

Documents

Transcript of WHY Business Continuity Planning Business Interruption