Fundamentals of Business Continuity Management 1 Objectives n
Fundamentals of Business Continuity Management 1
Objectives n n n n n Define Business Continuity Management (BCM) Define the relationship between BCM and risk management Review BCM responsibilities Identify BCM benefits, costs and the commitment required Examine the BCM development process Review the use of a project management approach within BCM Review the data collection process for BCM Present an overview of professional standards and terminology Review the relationship between information technology and business continuity Define Green BCM. 2
Business Continuity Management (BCM) A holistic management program that identifies potential events that threaten an organization and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, the environment, reputation, brand value creating activities. 3
Risk Management and BCM are strongly tied together n Risk management tends to be preventative. n BCM tends to deal more with consequences. 4
BCM program initiation keys § Communicate the need for BCM program § Obtain support of senior management § Establish a Steering Committee § Develop a Business Continuity Policy Statement § Obtain resources 5
Business Continuity Management § Before an event § During an event § After an event 6
Reasons for Business Continuity Management n Prevent a crisis where possible n Minimize the interruption of business n Mitigate damages 7
BCM Responsibility § Are prudent precautions in place to prevent or mitigate a crisis event? § Is the organization prepared to respond to safeguard people? § Senior Management is responsible for protecting the organization. 8
Responsibility § Board of Directors § Executives § All employees 9
Business Continuity Policy The organization is committed to providing continuous operation of all aspects of the organization under normal conditions and rapid recovery from disruptive events. 10
Communicate BCM Necessity § Communicate the dangers of not having Business Continuity plans § Show examples of disasters in relevant industries § Highlight actual incidents that could have been disasters 11
Awareness § § A company experiencing a disaster can lose 75% of its business within days 80% of businesses experiencing a disaster that do not have Business Continuity plans eventually go out of business 12
Benefits of Business Continuity Planning § § § § § Reduces exposure Improves business understanding Reduces downtime Provides legal compliance Secures assets Protects markets Provides cross-functional training Improves security Helps avoids liability 13
Senior Management Presentation § Relate BCM to organizational mission § Explain risks to which the organization is vulnerable § Explain management’s accountability and liability § Develop a policy for BCM program 14
BCM Costs n n n n Developing analysis and documentation Backup facilities and equipment Organization assets dedicated to response Improvements to mitigate damages Training programs Exercising plans Maintaining documentation Insurance 15
Business Continuity Program § § § § Protects human life Protects the environment Enables effective decisions during a crisis Protects assets Minimizes business loss Facilitates timely recovery Maintains organization’s reputation 16
Best Practices § Continuous program § Comprehensive across entire organization § Prioritized by business needs § Current and tested § Led by an empowered team § Modifies event impact to an acceptable level 17
Challenges § Communicate risk of not having program § Communicate value of BCM § Partner strategically with organization § Evaluate effectiveness of program § Need for regulations § Promote industry standards 18
Business Continuity Phases § Prevention § Mitigation § Response § Recovery § Restoration 19
Prevention Measures to lessen the likelihood of an event. 20
Mitigation Steps to make the impact of an event less severe. 21
Response The reaction of an organization to an event to address immediate effects. 22
Recovery The stabilization and resumption of critical operations. 23
Restoration Process of returning to normal operations at a permanent location. 24
BCM Stages n Development n Implementation n Maintenance 25
BCM Stages 26
Development n Program Initiation n Business Impact Analysis (BIA) n Risk Assessment (RA) n Strategy Development 27
Implementation n Emergency Response Plan (ERP) n Business Continuity Plan (BCP) 28
Maintenance n Awareness and Training n Testing and Exercising n Maintaining and Updating 29
30
Project Management § Define tasks, duration, dependencies § Secure resources § Use project management software § Track changes § Report on project progress § Adjust to meet management direction 31
Assess BCM Project Risk § Validate expectations § Evaluate initial plans § Assess feasibility of schedules and resources § Assess project risk 32
Report Progress § Document task completions § Validate completion times § Identify resource consumption § Perform project reviews 33
Report to Senior Management § Objectives § Assumptions § Constraints § Budget § Schedule § Accomplishments 34
Manage Change § Keep project within scope § Report variances in schedule and cost § Update plan with management approval § Validate ability to meet revised goals § Reschedule revised project 35
Interdependent Projects § The planner is responsible for several interdependent projects and keeping senior management informed 36
Data Collection § Identify business functions, operations and processes § Identify interrelationships and dependencies § Identify critical time frames § Determine exposures over time 37
Sources of Data n Interviews n Questionnaires n Workshops n Documents 38
Professional Standards and Guidelines n Disaster Recovery Institute International (DRII) n Business Continuity Institute (BCI) n NFPA 1600 - Standard on Disaster/Emergency Management and Business Continuity Programs n BS 25999 - Standard for Business Continuity Management n PS-Prep - Voluntary Private Sector Preparedness Accreditation and Certification Program 39
Professional Practices n n n n n Program Initiation and Management Risk Assessment Business Impact Analysis Developing Business Continuity Strategies Emergency Response Business Continuity Plan Development and Implementation Awareness and Training Maintaining and Exercise Crisis Communications Coordination with External Agencies 40
Terminology Used by Non-Business Entities n Continuity of Operations Plan n Continuity of Government Plan n Emergency Operations Plan 41
Information Technology and Business Continuity n Implementation of a disaster recovery of data center to restore the organization’s critical functions n Select cost-effective solution that accomplishes business continuity objectives n Disaster recovery planning is a subset of business continuity planning 42
Disaster Recovery Plan (DRP) A plan for the Information Technology (IT) Department to maintain or restore the systems and communication capabilities of the business 43
Green BCM n Green BCM is the conducting of the BCM program in a manner that is consistent with the objectives of reducing environmental impact, promoting sustainability, and conserving energy and other resources. 44
- Slides: 44