business continuity management
DESCRIPTION
Understanding Business Continuity Management System - Satya YadavTRANSCRIPT
From Crisis To Opportunity Business Continuity Management
Satya Yadav
Recon Business Advisory (P) Ltd
www.reconglobal.in
OBJECTIVE
To provide a basic appreciation on the importance of
Business Continuity Management.
To provide an overview on implementing BCM.
BUSINESS CONTINUITY MANAGEMENT
A holistic management process which:
Identifies threats to an organization and their impacts on business operations
Provides a framework for building organisational resilience
Develops capability for an effective response
Safeguards interests of key stakeholders, reputation, brand and value creating activities
NEED FOR BCM
Certification requirement:
ISO 22301 allows an organizations to be certified in Business Continuity
Branding requirement:
Improves customer confidence in an organisation
Compliance requirement:
Forms an important and integral part of Enterprise risk management
Strategic requirement:
A fundamental but differentiating parameter for clients while choosing a service provider
Regulatory requirement: Guidelines by regulators make it mandatory for organisations to develop & maintain a
business continuity plan
HISTORY OF BCM
Disaster recovery Planning
Business Continuity Management
Alternative Planning/Plan B
Fallback Plans, Contingency Plans
Holistic Contingency Plans
1
IT or Technical Contingency Plans
Business Continuity Planning
Organisation wide Contingency Plans
2
3
4
BCM LIFECYCLE
Understanding the
Organisation
Determining BCM
Strategies
Developing & Implementing
BCM Response
Exercising & Testing
BCM Terms of
Reference
BIA
Risk Assessment BCM Policy BCM Handbook
Business Continuity
Procedures for : Response, Resumption, Recovery, Restoration
Awareness & Training
Exercising & Testing Audits BCM Maintenance
Continual improvement
BCM
PROGRAM
MANAGEMENT
PHASES OF BCMS
Prevention Response Recovery & Resumption
Restoration Normalisation
Risk Management
Emergency Response,
Crisis Management,
Public Relations
Business Resumption
Plans, Disaster Recovery Plan
Damage Restoration,
Includes installation &
commissioning
Migration, Restart of all business
functions, Stand Down
Pre - Incident Incident Post - Incident
PHASES
ACTIONS
Monitor &
Response
Recover &
Resume
Rectify &
Restore
Migrate &
Normalize
WHY WE NEED BCM STANDARDS?
Infrastructure Dependence (power, voice, data, logistics, food)
System Up Time (computing, data,networks, etc.)
Lega
l & R
egu
lato
ry D
uti
es
Envi
ron
me
nt
Customer
Business
Partners
Suppliers
Regulators
Vendors
Your
Organisation
INCİDENT TİMELİNE
BCMS ISO 22301 METHODOLOGY
1.
Project Initiation
2.
BIA
3.
Risk Assessment
6.
Implement BCMS
5.
Develop BC Plans
4.
Develop BCM Strategies
7.
Awareness & Training
8.
Exercising & Testing
9.
Evaluation & Improvement
PROJECT MANAGEMENT & REPORTING
Forming a BCM Steering Committee.
Identify Key/Critical Services.
Determine exclusions from the BCM scope.
Deciding on implementation timelines.
Function Heads to nominate SPoCs from their respective business functions.
Management Commitment
Develop BCM Policy
BIA & RA BCM
Strategies and Plans
Implement BCMS
Exercise
& Test Evaluate &
Improve
Identify Business Continuity Objectives of the organisation.
Define acceptable levels of risk. (Finance, Delivery, Legal/Regulatory, Reputation, etc.)
Identify Statutory, Regulatory, and Contractual obligations.
Identify interested parties and their interests. (Customers, Employees, Environment, Regulatory Bodies, Shareholders, Public Bodies, etc.)
Define BCM policy around the BC scope and objectives.
Take approval of the Policy and communicate to all.
Management Commitment
Develop BCM Policy
BIA & RA BCM
Strategies and Plans
Implement BCMS
Exercise
& Test Evaluate &
Improve
Identify business impact, MAO, RTO, MBCO, and process criticality for various Processes.
Identify resource dependencies for all processes. Employees, IT, Non IT, and Third party
Identify threats to high/medium criticality processes. Evaluate Present controls and calculate risk exposure .
Devise treatment plan for various risks Treat, Tolerate, Transfer, Terminate
Functional leaders to approve and sign off their respective BIA
Management Commitment
Develop BCM Policy
BIA & RA BCM
Strategies and Plans
Implement BCMS
Exercise
& Test Evaluate &
Improve
Determine number of processes with critical RTO
Determine the resource requirements for these Processes
Determine backup options for resuming these processes after an incident
Cost Benefit Analysis and finalise continuity strategies
Devise BCM Plans
Incident Response, IT DR, Work-area recovery, BCP, Crisis Communication, etc.
Management Commitment
Develop BCM Policy
BIA & RA BCM
Strategies and Plans
Implement BCMS
Exercise
& Test Evaluate &
Improve
Function leaders are owners of their respective BC Plans.
All BC plans will be validated and implemented in the various functions.
Preparation for BCM strategies and various BC plans to be implemented at Function level.
BCM Program Manager to Co-ordinate implementation.
Training and awareness of all stakeholders on the various BC plans.
Management Commitment
Develop BCM Policy
BIA & RA BCM
Strategies and Plans
Implement BCMS
Exercise
& Test Evaluate &
Improve
Design procedure for BCM tests.
Determine and communicate test schedule
Conduct BCM test – Business Functions to participate in coordination with BCM program Manager.
Carry out a post test analysis – identify lessons learnt.
Plug identified gaps through corrective actions.
Management Commitment
Develop BCM Policy
BIA & RA BCM
Strategies and Plans
Implement BCMS
Exercise
& Test Evaluate &
Improve
Carry out Corrections/Corrective actions on the occurrence of any incident/audits/tests, etc.
Function Heads to assign SPoCs to carry out corrective actions, periodic review, and maintenance of BC Plans.
Need based or scheduled review of BC Policy, BCM objectives, BIA, RA, BC plans, etc.
Incorporate changes after review, if required.
Continual improvement of BCMS – All business functions to proactively participate.
Management Commitment
Develop BCM Policy
BIA & RA BCM
Strategies and Plans
Implement BCMS
Exercise
& Test Evaluate &
Improve
TAKE AWAYS
BCM is a program and not a project.
The initial development of a BC Plan is a tedious and time consuming activity. It needs to be given adequate attention to be successful (i.e. workable)
The responsibility and success of BCM rests on every business Function’s shoulder.
All Functions have to earmark BCM SPoCs and spare them for BCM participation for a minimum no. of man-hours each month.
All Head of Functions are owners of their Function’s Business Continuity. There participation is absolutely necessary.
Top Management support and participation is absolutely necessary.
An annual budget should be allocated for the running & maintenance of the BCM program
Recon Business Advisory
Recon is a premium business risk consultancy committed to the Growth, Security, and
Continuity objectives of its clients. Through the breadth of our service offerings and the depth
of our domain expertise we ensure that you enjoy the highest standards of service delivery on
time, every time. We are a passionate lot, enjoy what we do, and excited at opportunities to
delight our clients with our industry leading delivery.
1. Current state assessments of your organisation’s BCMS
2. Planning, Implementing, and Testing your BCMS
3. Preparing your organisation for ISO 22301 Certification
4. Training programs on – Business impact analysis, Risk Assessment, BCM, etc.
5. BCM Awareness Tools - Off the shelf / Custom designed Posters, Wallpapers,
Screensavers, Games, Audio/Video awareness tools, etc.
Our Continuity Practice provides the following services:
Plans Are Nothing,
Planning Is Everything!
Recon Business Advisory (P) Ltd www.reconglobal.in | [email protected]
New Delhi - +91 813098 6963 | 011-6464 6963