bcm presentation - investment or expense?
Post on 19-Jan-2015
135 Views
Preview:
DESCRIPTION
TRANSCRIPT
1
Business ContinuityInvestment or expense?
Sidney R. Modenesi, MCBCC, MBCI
IV Seminário de GCN Gestão da Continuidade de Negócios
Brasília – 25/06/13
This is a quick and straight translation of the original presentation, i.e., some translation errors may occur.
2
Agenda
Opening What is Business Continuity Some local significant regulations Standards and Good Practice Real experiences Investment or expense Adjourn
3
Presenter
Sidney R. Modenesi, MCBCC, MBCI,
BS 25999 Technical Expert;
BCI Area Representative for Brazil;
STROHL Brasil General manager since 2002;
Bachelor in Computer Sciences, IME/USP;
Master Degree in Entrepreneurship, FIA/FEA/USP;
Approved in the DRII certification exam in 2000;
Approved as MBCI by BCI in 2005;
BS 25999 Technical Expert by BSI in2011;
Contacts: sidneymd@thebci.com.br
sidney_modenesi@strohlbrasil.com.br
+55 11 5583-0033
4
Business Continuity Institute
Global leader institute in Business Continuity; Mission: to promote the art and science of Business
Continuity worldwide; With 10.000+ certified professionals in 100+
countries; Supported the development and enhancement of
many Business Continuity standards as: PAS 56, BS 25999, ISO 22301/22313, GPG 2013 ...
5
Assumptions
“If anything can go wrong, it will.”
Murphy´s Law
“And more, it will go wrong in the
worst manner, at the worst moment
and in a way it will cause the worst
possible damage.”
Corollary
“Murphy was an optimist”.
Clark´s Law
Noeh Arch
1st documented record of Business
Continuity in the Human Kind history,
although using an inside information …
6
What is Business Continuity?(according to ISO 22301/22313)
It is a holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities.
7
What is Business Continuity?(according to ISO 22301/22313)
8
What is Business Continuity?(according to ISO 22301/22313)
Or simply: to restart in a planned way services, products and/or critical business processes in a alternate location, in a priory defined time frame and service level, before the consequences and impacts become unacceptable.
9
Local significant regulations
3380 Regulation – BACEN (like FED)
Defines the implementation of the Operational Risk management strucuture in accordance with the Basel II agreement. Be in force since July 29th, 2006.
VI – existence of contingency plans containing strategies to be adopted to assure continuity conditions of core activities and to limit severe losses due to operational risks.
10
Significant regulations
Business Resiliency and Continuity
Principle 10: Banks should have business resiliency and continuity plans in place to ensure an ability to operate on an ongoing basis and limit losses in the event of severe business disruption.The Committee’s paper, High-level principles for business continuity, August 2006, discusses sound continuity principles in greater detail.
11
Local significant regulations
SAC Law(Customer Service Centers)
SUSEP – Circular # 285(insurance market)4. Operational Continuity Plans:
4.1. to indicate a summary plan of the operational continuity in contingency or emergency situations; 4.2. to present the results of the last test of the operational continuity test.
12
Standards and Good Practice in BCM
ISO 22301:2012 Good Practice Guidelines 2013
13
Real experiences
World Trade Center – 09/11/2001 London Underground - 2005
14
Real experiences
Riots – 2006 ...Riots – 2006 ...
RJ, SP ...
15
Real experiencesVulcano in Iceland Vulcano in Chile
16
Real experiences
Fukushima, Japão - 2011
Due to the Fukushima earthquake and tsunami some Brazilian car factories had to close one of the production shifts due to lack of core components. BALANCE: Lost sales
17
Real experiences
Oklahoma tornado - 2013 Petrópolis/RJ - 2011
18
Real experiences
All variations of flue Dengue, an endemic local problem
19
Real experiences
Fire in one of the Social Security buildings in Brasilia (INSS) - 2005 Data Center fire - 2009
20
Real experiences – Social Midia
Foreign Affairs invasion – 06/13Brasilia Congress invasion – 06/13
21
Real experiences – Crisis management
22
Real experiences
The potential risks list is endless:
Naturals: Heavy rains,
earthquakes, vulcanos, tornados ...
Humans, accidentals or deliberates: fire, explosion,
contamination ...
Technological: Hacker, invasion, virus,
systemic failure...
23
Risk Appetite
For each non eliminated risk
An strategy developed, documented, tested and updated will be needed
To restart in a planned way services, products and/or critical business processes in a alternate location, in a priory defined time frame and service level, before the consequences and impacts become unacceptable.
24
Implementation cycle
•To
identify and mitigate risks.
•FOR EACH NON ELIMNATED RISK
•Recovery Strategies
•Developed, documented, tested and updated
•To planned restart services, products and/or business processes in an alternate location
•PDCA - Plan, Do, Check and Act
25
Investments and expenses
The development and implementation of the Recovery Strategies will require de:• Initial (upfront) investments to adapt office space,
electrical power, network, PABX and phone lines, desks, chairs, workstations ...
• Recurring expenses to maintain all this infra structure and
• Eventual expenses with exercises, testes and validation tests (DRP).
26
Equilibrium point
RISK APPETITE
Time
Financialand operational
losses
Investments in prevention and
contingency
$
t0t1< t0
< Risk Appetite
t2 > t0
> Risk Appetite
$
27
Investment or expense?
• Financially BCM has:– Implementation investments CAPEX– Recurring expenses OPEX
• In the Management or Risk Appetite point of view BCM helps to increase the operational resilience– Increasing availability, productivity and time
redution of the interruptions Investment– It is part of the business cost.
28
Return of investment
Plan
Do
Check
Act
Plan the recovery strategy
Implement the recovery strategy
Exercise, test and stress the recovery strategy
Treat the Non Conformities:•Update the Recovery Strategies and/or•Update the BAUdaily processes.Benefits: improve in the quality, productivity and availability of the critical products, services and business processes.
29
Adjourn
A well developed, implemented and maintained Business Continuity Program will: Increase the Risk Awareness; Reduce the organization risks; Reduce the interruption durations; Bring ROI; Increase the organization value, specially with
a BCMS certification.
30
Closing
Plan for the WORST
Work for the BETTER.
31
Closing
Contacts:
Sidney R. Modenesi sidneymd@thebci.com.br sidney_modenesi@strohlbrasil.com.br +55 11 5583-0033
top related