business continuity planning (bcp) 101 - asia-pacific...

___________________________________________________________________________

2011/EPWG/WKSP/004 Intro 1

Business Continuity Planning (BCP) 101

Submitted by: Business Continuity Management Institute

Workshop on Private Sector Emergency PreparednessSendai, Japan

1-3 August 2011

APEC EPWG Workshop: Private Sector Emergency Preparedness BCP 101

Copyright @ 2011 BCM Institute 1

APEC EPWG Workshop: Private Sector Emergency PreparednessBCP 101

August 2, 2011Hotel Monterey SendaiSendai, Japan

Dr Goh Moh Heng PhD BCCE DRCE BCCLA CBCP FBCI

P id tPresident

2



Introduction 1: Business Continuity Planning (BCP) 101

09:45- 11:10Overview, including benefits and challenges to implementation, practices for mitigating threats and risks, and examples of BCP

Dr Goh Moh Heng

• President– Business Continuity Management

(BCM) Institute(BCM) Institute– www.bcm-institute.org

• Managing Director– GMH Continuity Architects– Asia Pacific BCM Consulting Firm– www.GMHasia.com

• Professional BCM Appointments– Technical Advisor for TR19:2005 &

SS540:2008 BCM Standard (Management Council and Technical (Management Council and Technical Committee) www.ss540.org

– Project Director, Technical Working Group for SS507:2004

• ISO/IEC 24762 Guidelines for BC-DR Services

http://www.bcmpedia.org/wiki/Dr_Goh_Moh_Heng



Dr Goh Moh Heng

Prior Appointments• Government of Singapore Investment

Corporation (GIC)• Standard Chartered Bank

– Global Head for BCM• PriceWaterhouse (Coopers)

• Past Certification Broad Member for DRI International’s Certification BoardPast Executive Director for DRI Asia• Past Executive Director for DRI Asia

• Senior Technical Advisor, China Business Continuity Management Forum

http://www.bcmpedia.org/wiki/Dr_Goh_Moh_Heng

BCM Institute

• Started in January 2005.• Provide competency based BC-DR training to all levels.p y g• Certify BC-DR professionals globally.• Started Certification programme in April 2007.• Trained more than 3000 professionals from 850

organizations and 40 countries.



Agenda (Part 1 of BCM-101)

• Business Continuity Management– Overview and Fundamentals

• BCM Planning Methodology– Planning Process

• Comparison with BCM Standards– Flexibility and consistency in global compliance

• Process for implementing business continuity

CRISISITRECOVERY SECURITYBUSINESS

CONTINUITY

Incidents, Emergencies,

Events, Disasters

PlanSPECIFIC CRISIS

MANAGEMENTPLAN

IT DR PLAN SPECIFICPLANS SECURITY PLANBC PLAN



BCM Planning Methodology

http://www.bcmpedia.org/wiki/ BCM_Planning_Process_or_Methodology

Key International BCM Standards

BS 25999BS 25999SS 540SS 540

BS 25999BS 25999

NFPA 1600NFPA 1600ANZ 5050ANZ 5050

10



BCM Planning Methodology

Ste-by-Step Approachy p pp

Project Management

Objectives• Formulate a workable

project proposal.• Seek endorsement and

commitment on the project from management committee:

Objective

Tasks• BCM Steering Committee

& BCP Project Team• Review and understand

organisation environment.• Agree and formalise

project management

Deliverables• Project plan proposal

includes:– Definition– Scope– Objective

– Objective– Scope– Approach– Schedule– Manpower

• Establish project management structure and control.

project management structure and resource allocation.

• Establish project administration reporting and control mechanism.

– Roles & Responsibilities

• Project workplan.• Project reporting

mechanism.



Risk Analysis and Review

Objectives

• identify vulnerabilities• Establish reliable

recommendations for:

– Minimizing impact of

Tasks• Identify exposure to

internal & external threats and the likelihood of these threats occurring

• Recommend preventive responses and escalation

Deliverables• Comprehensive risk and

threat profile to the organization, with key disaster scenario

• Recommendation for:– Countermeasures

Immediate Response impact of identified threats

– Immediate and effective response to potential causes of disaster

responses and escalation procedures in conjunction with crisis management implementation

• Evaluate findings and prepare a status report & recommendation.

– Immediate Response Procedures

– Security Risk Review– to be implemented to

minimize the risks• Summary report of

recommendations agreed with senior management

Business Impact Analysis

Objectives

• Determine impact of unavailability/failure/ disaster on business functions.

• Determine critical business needs and

• Establish business criticality/ impact criteria using Business Impact Analysis Questionnaires (BIAQ).

• Prioritise the importance of each business unit vis-à-vis established criteria.

• Detailed report on findings (approved by management) containing:

– - tolerable limits;– classification of

criticality;– prioritised critical

business functions; business needs and tolerable limits.

established criteria.• Consolidate findings and

rankings.• Present results to

management committee to confirm critical classifications and priority listings.

;– minimum resources;– Critical applications and

systems; and– - restoration priority.

• Impact analysis of unavailability of business functions (quantitative and qualitative).



Recovery Strategy

Objectives• Establish business

functions & job priorities vis-à-vis business needs.

• Determine processing requirements for priority business functions.

• Identify and formalise b k f thi

Tasks• Analyse all division functions

to prioritise them based on business needs.

• Analyse hardware and software requirements to run high priority critical functions so that sufficient backup can be arranged.R i d t bli h b k

Deliverables• List of strategic plans for

recovering prioritised critical functions.

• List of critical functions requiring interim manual processing proceduresbackup for everything

needed to survive a disaster.

• Ensure that alternative processing procedure is available for continuity of critical business needs whilst recovery is in progress.

• Review and establish backup arrangements, if necessary.

• Identify necessary interim processing procedures for critical functions.

• Seek management’s review and endorsement of findings and recommendations.

processing procedures.• Recommend alternate

interim processing procedures.

Plan Development

Objectives• Train and equip users

with skill to complete the Microsoft Word plan template.

• Establish recovery procedures to fully

Tasks• Determine recovery teams

set-up and functional responsibilities.

• Identify members of each recovery team.

• Develop specific procedures

Deliverables• Propose:

– Recovery team structure;

– Staffing of the recovery teams with names of specific

restore normal business operations after a disaster, based on selected strategies.

• Ensure consistency and comprehensiveness of coverage.

for each recovery team.• Review and edit (based on

agreed structure) the plan component to ensure consistency and comprehensiveness of documentation.

staff members; and– List of action steps to

be taken by each member of respective recovery team.

• Completed Business Continuity Plan.



Testing and Exercising

Objectives

• Formulate an objective mechanism to validate the "workability" of the complete Business Continuity Plan.

Tasks• Design an overall program

for testing of plan.• Develop plans and

schedules for specific tests.

• Develop an evaluation

Deliverables• List of tests to be

conducted.• List of responsibilities of

parties involved: – Objectives, policies,

guidelines, responsibilities and test y • Develop an evaluation

mechanism.responsibilities and test specifications.

• Specific test plan: – Description, scenarios,

procedures and criteria.

• Evaluation forms/checklists for recovery plan tests.

Building Organizational Competency

Organization BCM Manager

BCM InternalAuditor

Business Unit Coordinator/

Representative BCM SteeringCommittee

Organization BCM Manager



BCMpedia: Common Language

www.bcmpedia.org

BCM Community ForumBuilding a Community

80% Asian and Middle Eastern BCM

and DR Professionals

bcmi.groupsite.com

3331



THANK YOUDr Goh Moh Heng

PresidentPresident

Mobile: +65 96711022Tel: +65 63231500

Email: [email protected]

business continuity planning (bcp) 101 - asia-pacific...

Documents