Your SlideShare is downloading. ×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

What’s & Why’s of Business Continuity Planning (BCP)


Published on

What’s & Why’s of Business Continuity Planning (BCP)

What’s & Why’s of Business Continuity Planning (BCP)

Published in: Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Business Continuity Planning Developing a Readiness Strategy that is Actionable and Easy to Implement
  • 2. Overview: 1. The What’s & Why’s of Business Continuity Planning (BCP)? 2. Understanding Risk and the Impact on Your Business • Recoverability • Usability 3. The BCP Life Cycle- It Doesn’t Have to Be Complicated • Getting Started • Creating & Re-Evaluating BCP Plans-Keep It Simple • Risk Assessment • Strategic Planning • Plan Creation, Test, Train, & Maintenance 4. Summary-BCP Today & Tomorrow 2
  • 3. Disruptions to Your Business…How Do You React? 3
  • 4. 4
  • 5. What is Business Continuity Planning (BCP)?A process whereby businesses ensure the recovery of criticalbusiness operations, including services to customers whenconfronted with adverse events such as natural disasters,technological failures, human error, or other unplannedincidents. 5
  • 6. What is Business Continuity Planning (BCP)?More simply described…It is a coordinated strategy involving plans and proceduresthat assures your Clients that you have the ability tocontinually meet their needs following an unplannedbusiness disruption. 6
  • 7. What is Business Continuity Planning (BCP)?BCP is a process to ensure that the necessary steps are taken to: • Identify the impact of potential losses. • Maintain viable response and recovery strategies and plans. • Ensure continuity of products/services, through testing-rehearsal exercises, training, and maintenance. IDENTIFY INCIDENT BUSINESS PLAN RISKS RESPONSE RECOVERY UPDATES 7
  • 8. Why Have a Business Continuity Plan? • Maintain continuity of operations, stay in business! • Maintain customer service • Relocate critical operations quickly • Minimize financial losses • Reduce disruptions to critical operations • Achieve an orderly recovery • Comply with legal, contractual, audits, and government regulations 8
  • 9. Why Have a Business Continuity Plan? • Reduce reliance on key personnel • Protect assets • Increase the safety of all personnel • Minimize decision making during the recovery • Reduce delays during the recovery process • Provide a sense of security • Limit potential exposure and reduce legal liability • Provide organizational stability 9
  • 10. Recoverability The most important recoverability requirements are often defined by your customers (internally and externally). What are their expectations? •Addresses requirement needs of clients and prospects. Business Continuity Planning and program maintenance is not an option with customers. •Must be an ‘Actionable’ plan. Continued availability of your services and support that is verifiable. •Distinguishes You from your competitors. 10
  • 11. UsabilityIs the implementation of the Plan easy to understand by everyone?1. Can Executive Management & Crisis Team easily assess the emergency?2. Do Department heads understand their roles during an incident?3. Does the Plan prioritize the most critical business functions? (Controls unnecessary documentation)4. Are testing/training programs in place to review overall readiness?5. Are procedures developed for manual processing? (Is recoverability dependent on systems availability?)6. Can procedures be followed by someone outside the critical function? (You cannot expect availability of all subject matter experts during an incident) 11
  • 12. Getting Started…• Do you have someone in your organization who is assigned with the responsibility for Business Continuity Planning?• Does Business Continuity Planning have sponsorship at the Executive level?• Has your company identified which systems and processes are essential to the survival of your business to deliver its core services?• Has your company determined how quickly essential systems and processes need to be back in operation following an unplanned incident. 12
  • 13. Creating and Re-Evaluating BCP Plans…Keep it Simple Phase 1: The Risk Assessment Phase which establishes the risk framework. The Risk Assessment will identify the primary threats to day- to-day operations identified through the identification of potential internal and external risks in each defined area. Phase 2: Activities include the development of Alternative Recovery Strategies. The project team will identify the most likely recovery strategies in which to mitigate risk. Phase 3: Activities includes documentation of the Business Continuity Plans, Plan Maintenance, Training and Testing Exercises. In addition, a process will be developed as part of the maintenance to continually re- evaluate the risk to day-to-day operations. 13
  • 14. Business Continuity Planning Life Cycle Discovery- Project Initiation Functional Requirements Training/ • What is in place today Awareness Strategies • Define the Business Continuity Plan Project Objectives and Requirements, Scope and Cost Maintaining/ Updating • Executive Support Planning • Identify BCP Team Assignments • Establish Business Continuity Policies Crisis Exercise/Testing Communications 14
  • 15. Business Continuity Planning Life Cycle Discovery- Project Initiation Functional Requirements Training/ • Identify client servicing needs Awareness Strategies and current regulation requirements • Site/Operational assessment/interviews Maintaining/ Updating (Business Impact Analysis) Planning • What are the hazards/ threats/vulnerabilities? (Risk Assessment) Exercise/Testing Crisis • Key personnel interviews Communications 15
  • 16. Business Continuity Planning Life Cycle Discovery- Project Initiation Functional Requirements Training/ Awareness Strategies • Where will we go • How will we operate Maintaining/ Updating Planning • What will we do for our employeesExercise/Testing Crisis Communications 16
  • 17. Business Continuity Planning Life Cycle Discovery- Project Initiation Functional Requirements Training/ Strategies Awareness • Create Business Continuity Plans • Crisis Management-Incident Response Maintaining/ Planning Updating • Site/Operational Recovery • IT/Systems Recovery Crisis Exercise/Testing Communications 17
  • 18. Business Continuity Planning Life Cycle Discovery- Project Initiation Functional Requirements Training/ • Who approves the messages and Strategies Awareness when they are published • How will we communicate to media Maintaining/ Planning Updating • How will we communicate with employees • How will we communicate with customersExercise/Testing Crisis Communications 18
  • 19. Business Continuity Planning Life Cycle Discovery- Project Initiation Functional Requirements Training/ Strategies Awareness • How often do we test • Who will be involved Maintaining/ • What are the objectives Updating Planning • Follow-up and lessons learned • Tabletop Exercise for developedExercise/Testing Crisis Plans Communications 19
  • 20. Business Continuity Planning Life Cycle Discovery- Project Initiation Functional Requirements Training/ Awareness Strategies • Who is responsible • How often should it be updated Maintaining/ Planning Updating • How do we communicate changes to the Plan CrisisExercise/Testing Communications 20
  • 21. Business Continuity Planning Life Cycle Discovery- Project Initiation Functional Requirements Training/ Awareness Strategies • Training people for preparedness • Home Maintaining/ • Work Updating Planning • Understand their roles in recovery • Understand the Business commitment to employees and CrisisExercise/Testing clients Communications 21
  • 22. Elements of an ‘Actionable’ BCP Program1. Risk Evaluation Results and Controls2. Business Continuity Defined Strategies3. Emergency Response and Operational Procedures4. Business Continuity Plans (Site /Dept), IT DR Plans5. Testing & Exercises6. Awareness & Training Program7. Public Relations & Crisis Communication Procedures8. Coordination with Public Authorities 22
  • 23. BCP Ongoing Approach Process vs. Project • Annual Risk Assessment/BIA, plus Plan Reviews. • Efforts for Next Year identified before budget cycle. • Annual testing of at least some aspect of the plan. • BCP Coordination ongoing. 23
  • 24. Summary: Business Continuity Today Focus On: •Assessing impacts and risks. •Establish crisis management response protocols to react to disruption. •Developing business recovery strategies that respond to assessed risks and impacts. •Testing strategies for viability, effectiveness, and to ensure solutions meet requirements. 24
  • 25. Summary: Business Continuity Tomorrow Evolve the Business Continuity Program to: •Utilize program as a way to establish risk controls •Incorporate the program as part of business-as-usual and an extension of normal operations rather than a reactive project. 25
  • 26. Mark E. MadarDirector of Corporate Risk Management and Quality AssuranceMark is the Director of Corporate Risk Management and Quality Assurance of CBIZ, Inc. With 20 years ofexperience, he has demonstrated significant abilities in strategic planning, Corporate IT Management, ITCompliance, Operations and Systems Consulting leadership roles. Leveraging a business background with bothOperational & IT expertise, he has successfully managed the development and implementation of strategic enterprisesystem rollouts, business process re-engineering, and merger and acquisition migrations. Prior to joining CBIZ, Markworked with a variety of financial, insurance, technology, and corporate banking companies including largeorganizations such as Moen Inc., Key Bank, AmeriTrust, State Farm and Fortune Brands.Most recently, he provides Corporate IT Governance support across the CBIZ organization and Business ContinuityPlanning oversight for the CBIZ Risk & Advisory practice. This includes the management of business resumptionand disaster recovery planning, business impact analysis, IT policies and controls, security site audits, due diligenceevaluations, regulatory compliance with state and federal agencies, and system quality control reviews. Mark has EDUCATIONbeen involved with large Sarbanes Oxley and Y2000 evaluation/implementation projects for publically traded • B.B.A Economics, Case Westerncompanies. Reserve UniversityActive in the professional space, he is a recurring member of the Internal Technology Leaders Forum interacting withthe CIO’s of many of the largest Accounting firms across the country. Firms discuss strategic planning and technical PROFESSIONAL CERTIFICATIONS  Project Management Certification, PMIbest practices, system and support requirements, policies, expense management and IT compliance. Mark is arecurring speaker on IT Compliance & Data Security topics including regulatory requirements, information handling, PROFESSIONAL ASSOCIATIONSIT policies and procedures, and disaster recovery planning. Other memberships includes active participation in the • Member, ITA-Internal Tech LeadersCleveland CIO Forum and Executive Summit, presented by Premier TCE and SIMS as well the Information Security • Member, MIS Institute-Information SecurityMIS Institute. Mark has also completed Business Resumption Planning and System Administration training through • Member, CIO Forum-SIMSSunGard. He currently serves on various local non-profit board of directors.
  • 27. CBIZ Risk & Advisory Services For more information please contact us at: Mark Madar,Director of Corporate Risk Management & Quality Assurance (216) 525-1956/(866) 956-1983 or