Your SlideShare is downloading. ×
0
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

BUSINESS CONTINUITY PLANNING

3,548

Published on

BUSINESS CONTINUITY PLANNING Workshop …

BUSINESS CONTINUITY PLANNING Workshop
Dr Karolyn Kerr

Published in: Business, Technology
0 Comments
22 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,548
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
22
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. BUSINESS CONTINUITY PLANNING Dr Karolyn Kerr
  • 2. <ul><li>What is Business Continuity Planning (BCP)? </li></ul><ul><li>Possible Threats </li></ul><ul><li>Scope and Context of BCP </li></ul><ul><li>Business Impact Assessments </li></ul><ul><li>Business Continuity Plan Development </li></ul><ul><li>Testing and Validation </li></ul><ul><li>Training </li></ul><ul><li>Roles and Responsibilities </li></ul>
  • 3. What is Business Continuity Planning (BCP)? <ul><li>BCP seeks to mitigate all major interruptions of business systems and to ensure a level of capability remains during and following disruption to core business systems </li></ul>
  • 4. Possible Threats <ul><li>Human error </li></ul><ul><li>Application failure </li></ul><ul><li>Intentional disruption from an external source to a network (virus or worm) </li></ul><ul><li>Power outage </li></ul><ul><li>Service provider failure </li></ul>
  • 5. Scope and Context of BCP <ul><li>Significant outage of technology leading to the unavailability of critical business systems </li></ul><ul><li>Disaster recovery planning a subset of BCP </li></ul><ul><li>Contingency plans generally relate to a planned event, BCPs relate to services and assets that are already operational </li></ul>
  • 6. Scope and Context of BCP <ul><li>At a minimum, a BCP must have: </li></ul><ul><li>A budget formalised and approved by senior management </li></ul><ul><li>Formal disaster declaration authorities which will be responsible for activating the BCP </li></ul><ul><li>An incident management system within the organisation to manage BCP processes once activated </li></ul><ul><li>A regularly reviewed BCP that is benchmarked against industry regulations, where </li></ul><ul><li>present, and other organisations’ </li></ul><ul><li>processes </li></ul>
  • 7. BCP Development <ul><li>The steps in the process to develop and implement a BCP commonly noted as required are: </li></ul><ul><li>Business impact analysis </li></ul><ul><li>Business continuity plan development </li></ul><ul><li>Training and testing of the plan </li></ul>
  • 8. Business Impact Assessment <ul><li>Provides the supporting evidence of where priorities for plans and preparation should take place </li></ul><ul><li>Criticality criteria identify critical functions the organisation must perform to continue to deliver services </li></ul><ul><li>Identify risks to critical functions </li></ul><ul><li>Rate risks according to the likelihood of them occurring & level of impact </li></ul>
  • 9. Business Impact Assessment <ul><li>Clinical and administrative impact </li></ul><ul><li>Core information required to treat patients in each area </li></ul><ul><li>Core clinical services required </li></ul><ul><li>Core people required to get the systems back up and running </li></ul><ul><li>Impact of length of time and time of day </li></ul>
  • 10. Business Continuity Plan Development <ul><li>Complicated process due to the size and complexity of health care organisations. </li></ul><ul><li>Automated BCP software is available </li></ul><ul><li>The key tasks in BCP development are: </li></ul><ul><li>Reduction (of risk) </li></ul><ul><li>Readiness </li></ul><ul><li>Response </li></ul><ul><li>Recovery </li></ul>
  • 11. Reduction (of risk) <ul><li>Supported through readiness actions </li></ul><ul><li>Could include ensuring staff have an understanding of any workarounds required i.e. manual admission and discharge packs </li></ul>
  • 12. Readiness <ul><li>Plans and actions that could be done in preparation for an outage </li></ul><ul><li>Management and co-ordination requirements </li></ul><ul><li>Communication – who and how </li></ul><ul><li>Appropriate team of people aware of their roles - able to be brought together when the BCP is activated </li></ul>
  • 13. Response <ul><li>Initial response to an outage including impact assessment </li></ul><ul><li>Pre-planned response cascade </li></ul><ul><li>Ongoing risk status reported back to emergency team at regular intervals </li></ul><ul><li>One central control centre with clear guidelines to assist with understanding roles and decision making </li></ul>
  • 14. Recovery <ul><li>Input electronic data missed during outage </li></ul><ul><li>Reschedule appointments </li></ul><ul><li>Temporary admin staff may be required </li></ul><ul><li>Recovery time dependant on length of outage </li></ul>
  • 15. Testing and Validation <ul><li>When testing the plan, consider: </li></ul><ul><li>Is the plan achievable? </li></ul><ul><li>Is there a clearly defined starting point for the plan, i.e. activation? </li></ul><ul><li>Does the plan address the situation in a timely, cost-effective, consistent way ? </li></ul>
  • 16. Testing and Validation <ul><li>Review of the BCP process is required following an outage </li></ul><ul><li>Ongoing maintenance and review of the plan required to ensure applicability to changing systems and processes. </li></ul>
  • 17. Training <ul><li>Staff are aware that such a plan exists and where it is kept, their role in BCP </li></ul><ul><li>Making staff aware of what the impact may be will increase staff ability to function through appropriate workarounds </li></ul>
  • 18. Roles & Responsibilities <ul><li>IS departments are seen to be responsible for the co-ordination of development </li></ul><ul><li>Senior health care providers from all disciplines provide analysis of criticality and feasible workarounds and maintain plans </li></ul><ul><li>Senior executive staff support the development and implementation of the BCP and adequate ongoing funding </li></ul>
  • 19. Conclusions <ul><li>Likely to become increasingly common throughout the health sector as awareness increases and the shift to almost entirely paperless systems continues. </li></ul><ul><li>Comprehensive plan required in health care organisations, given the criticality of many business systems and the risk to patient care delivery. </li></ul>
  • 20. Conclusions <ul><li>Development complex and time consuming, with subsequent possible mitigation strategies requiring considerable financial support. </li></ul><ul><li>No standard benchmarks for the development of BCPs, but consistency enough within the literature to guide developers towards an appropriate plan for their organisation. </li></ul>

×