Understanding Your Organisation

  • 1,244 views
Uploaded on

Presentation explains the first step to be taken in designing and defining an appropriate BCM strategy that is fit for an organisation

Presentation explains the first step to be taken in designing and defining an appropriate BCM strategy that is fit for an organisation

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,244
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
0
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. UNDERSTANDING YOUR ORGANISATION - The bedrock on which a BCM policy & strategy rests Presented by: Eneni Oduwole at the 1 st Annual RIMAN/BCI BCM Workshop, Sept. 2008
  • 2. Why? ? ?
    • To understand the scope and focus of BCM plan
    • Determine key products & services to focus on
    • Determine scope of stakeholder involvement
    Eneni Oduwole, Sept. 2008
  • 3. Considerations
    • BCM is a holistic risk management process
    • BCM must align with the Organization’s objectives and obligations to all stakeholders
    • Statutory requirements of the organization
    • Impact of failure on stakeholders
    Eneni Oduwole, Sept. 2008
  • 4. Your Organization
    • Mission & vision
    • Strategic objectives
    • Business objective/goals
    • Key drivers for achieving goals
    • Critical business units
    • Critical business functions / processes
    • Critical systems
    • Critical support structures
    Eneni Oduwole, Sept. 2008
  • 5. Components
    • Business Impact Analysis
    • Estimating Continuity Recovery Requirements
    • Evaluating Threats (Risk Assessments)
    Eneni Oduwole, Sept. 2008
  • 6. Business Impact Analysis (BIA)
    • Identifies, quantifies and qualifies the business impacts of a loss, interruption or disruption of business processes
    • Provides appropriate continuity strategies for different business functions
    • Identifies the timescale and extent of the impact of a disruption at several levels in an organization
    Eneni Oduwole, Sept. 2008
  • 7. Considerations for scoping
    • Impact on business of loss of ability to deliver critical services or products
    • Interruption to internal & external activities that would disrupt the delivery of key products or services
    • Disruption of a key business area’s activity
    Eneni Oduwole, Sept. 2008
  • 8. Purpose of BIA
    • Identify and prioritize impacts that would lead to loss or disruption
    • Ascertain maximum tolerable period of disruption
    • Identify external & internal dependencies
    Eneni Oduwole, Sept. 2008
  • 9. BIA Concepts
    • Maximum Tolerable Period of Disruption (MTPD) – duration after which the organization cannot continue in business whether financially or through loss of reputation
    • Seasonality – tolerable outage for periodic functions e.g. year-end activities, one-off contracts with significant penalties for breach of deadlines
    Eneni Oduwole, Sept. 2008
  • 10. BIA Concepts
    • Recovery Time/Point Objectives (RTO / RPO) - point or timeframe required for information to be restored
    • Mission critical activities – activities that are time-critical, time-sensitive and urgent for recovery
    Eneni Oduwole, Sept. 2008
  • 11. BIA Process
    • Identify critical business activities across the organization
    • Identify suitable staff that would drive the process
    • Estimate the impact of loss in the event of business disruption
    • Allocate acceptable recovery timescales to activities
    • For multiple sites, prioritize critical recovery sites
    Eneni Oduwole, Sept. 2008
  • 12. BIA Process
    • Identify critical business activities across the organization
    • Identify suitable staff that would drive the process
    • Estimate the impact of loss in the event of business disruption
    • Allocate acceptable recovery timescales to activities
    • For multiple sites, prioritize critical recovery sites
    Eneni Oduwole, Sept. 2008
  • 13. Estimating Continuity Requirements (ECR)
    • Collect information on the number of resources required to resume business
    • Resources include
      • Human resource complement
      • IT infrastructure and availability
      • Physical documents & stationery
      • Site to resume business (DR Site)
      • Internal & External dependencies
    Eneni Oduwole, Sept. 2008
  • 14. Purpose of ECR
    • Provide the resource information required to derive an appropriate recovery strategy
    • Identify resource requirements of internal dependencies
    • Identify resource requirements of external dependencies
    Eneni Oduwole, Sept. 2008
  • 15. BCR Process
    • Quantify continuity requirements for:
      • People
      • Technology
      • Infrastructure
      • Consumables
    • Identify and allocate minimal critical resources required to respond & resume business
    • Document phased plan for business recovery and restoration (rate at which resources would be increased during the recovery process)
    Eneni Oduwole, Sept. 2008
  • 16. Evaluating Threats or Risk Assessments (RAS)
    • Risk Assessment evaluates the probability and impact of a variety of threats that could lead to a disruption
    • Prioritization of these threats
    • Concerns:
      • Not possible to identify all threats
      • Estimates are based on historical events or gut-feel; may not provide accurate basis
      • Impacts fluctuate over time and at different rates depending on business strategy and external environment
      • Use of numeric scales sometimes over-emphasize impact of minor events
    Eneni Oduwole, Sept. 2008
  • 17. Purpose of RAS
    • Identify internal & external threats that could cause disruptions
    • Assess the probability and impacts of these threats
    • To prioritize the threats according to an agreed formula
    • To design an appropriate risk management control programme and action plan
    Eneni Oduwole, Sept. 2008
  • 18. Assumption of RAS
    • All realistic threats can be identified
    • Statistics used are accurate and applicable
    • Risk Assessment provides basis for prioritization
    Eneni Oduwole, Sept. 2008
  • 19. RAS Process
    • Impact is estimated using a scoring system
    • A scoring system is used for determining the likelihood of occurrence (probability or frequency)
    • Risk is derived by combining the scores for impact & probability of each threat
    • Prioritize risks according to derived formula and ability to control threat
    • Agree on action plan for risk treatment (accept, reduce, avoid, transfer or share risk)
    • Management sign-off
    Eneni Oduwole, Sept. 2008
  • 20. Methods & Techniques of Data Collection
    • Workshop
    • Questionnaires (paper or automated software)
    • Interviews (structured & unstructured)
    Eneni Oduwole, Sept. 2008
  • 21.
    • The first step required when developing an appropriate BCM strategy for your organization is…
    • Understanding your Organization…
    Hope you now know… Eneni Oduwole, Sept. 2008