Your SlideShare is downloading. ×

BUSINESS CONTINUITY PLANNING

3,522

Published on

BUSINESS CONTINUITY PLANNING Workshop …

BUSINESS CONTINUITY PLANNING Workshop
Dr Karolyn Kerr

Published in: Business, Technology
0 Comments
21 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,522
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
21
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. BUSINESS CONTINUITY PLANNING Dr Karolyn Kerr
  • 2.
    • What is Business Continuity Planning (BCP)?
    • Possible Threats
    • Scope and Context of BCP
    • Business Impact Assessments
    • Business Continuity Plan Development
    • Testing and Validation
    • Training
    • Roles and Responsibilities
  • 3. What is Business Continuity Planning (BCP)?
    • BCP seeks to mitigate all major interruptions of business systems and to ensure a level of capability remains during and following disruption to core business systems
  • 4. Possible Threats
    • Human error
    • Application failure
    • Intentional disruption from an external source to a network (virus or worm)
    • Power outage
    • Service provider failure
  • 5. Scope and Context of BCP
    • Significant outage of technology leading to the unavailability of critical business systems
    • Disaster recovery planning a subset of BCP
    • Contingency plans generally relate to a planned event, BCPs relate to services and assets that are already operational
  • 6. Scope and Context of BCP
    • At a minimum, a BCP must have:
    • A budget formalised and approved by senior management
    • Formal disaster declaration authorities which will be responsible for activating the BCP
    • An incident management system within the organisation to manage BCP processes once activated
    • A regularly reviewed BCP that is benchmarked against industry regulations, where
    • present, and other organisations’
    • processes
  • 7. BCP Development
    • The steps in the process to develop and implement a BCP commonly noted as required are:
    • Business impact analysis
    • Business continuity plan development
    • Training and testing of the plan
  • 8. Business Impact Assessment
    • Provides the supporting evidence of where priorities for plans and preparation should take place
    • Criticality criteria identify critical functions the organisation must perform to continue to deliver services
    • Identify risks to critical functions
    • Rate risks according to the likelihood of them occurring & level of impact
  • 9. Business Impact Assessment
    • Clinical and administrative impact
    • Core information required to treat patients in each area
    • Core clinical services required
    • Core people required to get the systems back up and running
    • Impact of length of time and time of day
  • 10. Business Continuity Plan Development
    • Complicated process due to the size and complexity of health care organisations.
    • Automated BCP software is available
    • The key tasks in BCP development are:
    • Reduction (of risk)
    • Readiness
    • Response
    • Recovery
  • 11. Reduction (of risk)
    • Supported through readiness actions
    • Could include ensuring staff have an understanding of any workarounds required i.e. manual admission and discharge packs
  • 12. Readiness
    • Plans and actions that could be done in preparation for an outage
    • Management and co-ordination requirements
    • Communication – who and how
    • Appropriate team of people aware of their roles - able to be brought together when the BCP is activated
  • 13. Response
    • Initial response to an outage including impact assessment
    • Pre-planned response cascade
    • Ongoing risk status reported back to emergency team at regular intervals
    • One central control centre with clear guidelines to assist with understanding roles and decision making
  • 14. Recovery
    • Input electronic data missed during outage
    • Reschedule appointments
    • Temporary admin staff may be required
    • Recovery time dependant on length of outage
  • 15. Testing and Validation
    • When testing the plan, consider:
    • Is the plan achievable?
    • Is there a clearly defined starting point for the plan, i.e. activation?
    • Does the plan address the situation in a timely, cost-effective, consistent way ?
  • 16. Testing and Validation
    • Review of the BCP process is required following an outage
    • Ongoing maintenance and review of the plan required to ensure applicability to changing systems and processes.
  • 17. Training
    • Staff are aware that such a plan exists and where it is kept, their role in BCP
    • Making staff aware of what the impact may be will increase staff ability to function through appropriate workarounds
  • 18. Roles & Responsibilities
    • IS departments are seen to be responsible for the co-ordination of development
    • Senior health care providers from all disciplines provide analysis of criticality and feasible workarounds and maintain plans
    • Senior executive staff support the development and implementation of the BCP and adequate ongoing funding
  • 19. Conclusions
    • Likely to become increasingly common throughout the health sector as awareness increases and the shift to almost entirely paperless systems continues.
    • Comprehensive plan required in health care organisations, given the criticality of many business systems and the risk to patient care delivery.
  • 20. Conclusions
    • Development complex and time consuming, with subsequent possible mitigation strategies requiring considerable financial support.
    • No standard benchmarks for the development of BCPs, but consistency enough within the literature to guide developers towards an appropriate plan for their organisation.

×