Business Continuity Management<br />Presenter:<br />Mike Jackson<br />
Agenda<br />Slide 2<br />
What is Business Continuity Management?<br />A good, although lengthy definition in BS 25999-1 is: <br />"A holistic manag...
An interesting recent aspect of this topic is that some consultants are grouping the approaches of Risk Management and Bus...
Business continuity and disaster recovery planning is a key governance responsibility. The UK Companies Act 2006 gives sta...
Principle responsibility lies with the CEO and his Executive Management team for their companies Business Continuity Manag...
Four Phases:<br />Understanding the organisation<br />Determine the Business Continuity Strategy<br />Develop and implemen...
There are 2 widely recognised standards: <br />BS25999<br />Two parts:<br /><ul><li>BS-25999-1 (2006) Code of Practice (Gu...
BS-25999-2 (2007) Specification</li></ul>ISO/PAS 22399 (2007) Societal Security <br />International Standards<br />Slide 8...
What activities in your organisation, if stopped, cause the most impact to your business?<br />Impact may be on: <br />Cas...
How are these activities delivered and what resources are used to support them?<br />Resources may be: <br />People<br />P...
Some other key questions are:<br />Who is essential?<br />What equipment, IT, Telecomms and other systems are necessary to...
You then need to consider:<br />How long can your business manage without key activities? (This is important as this dicta...
There are a number of things you can do before you bring in the consultant(s) <br />Understand your business<br />Identify...
Get agreement with the rest of the board team</li></ul>Conduct a high level SWOT analysis <br />Determine what and where y...
Identify Possible scenarios <br /><ul><li>Determine how long it takes to replace
Avoid doom and gloom – be realistic </li></ul>Establish and Understand replacement times<br />Place Profit Processes in a ...
Determine how long it takes to replace
Personnel
Resources
Upcoming SlideShare
Loading in...5
×

110430 bcm presentation v0.1 mj

321

Published on

BBBF IT COMMS SIG Event BCM Presentation by Michael Jackson at British Club 13th June 2011

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
321
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

110430 bcm presentation v0.1 mj

  1. 1. Business Continuity Management<br />Presenter:<br />Mike Jackson<br />
  2. 2. Agenda<br />Slide 2<br />
  3. 3. What is Business Continuity Management?<br />A good, although lengthy definition in BS 25999-1 is: <br />"A holistic management process that identifies potential threats to an organization and the impacts to business operations that those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities“<br />It is also called Business Continuity & Resiliency Planning<br />In Plain language – Working out how to stay in business in the event of a significant occurrence <br />Definition<br />Slide 3<br />
  4. 4. An interesting recent aspect of this topic is that some consultants are grouping the approaches of Risk Management and Business Continuity Management together. <br />In my experience, there are benefits to be had by grouping these aspects since there is commonality in the early processes, and therefore cost savings, but the outcomes are strategically different and must must be exercised to assure the corresponding deliverables.<br />For example, In the case of a glass being half full or half empty, RM will see it as probably half full and BCM will worry about the contents being hazardous or if the glass breaks how long it will take to clear up<br />Definition<br />Slide 4<br />
  5. 5. Business continuity and disaster recovery planning is a key governance responsibility. The UK Companies Act 2006 gives statutory force to what has long been the worldwide common law duty of directors, which is to exercise due care in relation to their companies. Specifically, directors must "exercise reasonable care, skill and diligence“  <br />Principle responsibility lies with the CEO and his Executive Management team for their companies Business Continuity Management . The board of directors is accountable for ensuring that the organization has developed and tested business continuity and disaster recovery plans that deal with all the likely risks that face the organization.  <br />Senior Management is responsible for providing BCM strategies that are necessary for the continuation of Business Critical functions<br />Responsibility<br />Slide 5<br />
  6. 6. Principle responsibility lies with the CEO and his Executive Management team for their companies Business Continuity Management<br />Senior Management is responsible for providing BCM strategies that are necessary for the continuation of Business Critical functions<br />Responsibility<br />Slide 6<br />
  7. 7. Four Phases:<br />Understanding the organisation<br />Determine the Business Continuity Strategy<br />Develop and implementing BCM response<br />Exercising maintaining and reviewing <br />Major Phases of BCM<br />Slide 7<br />
  8. 8. There are 2 widely recognised standards: <br />BS25999<br />Two parts:<br /><ul><li>BS-25999-1 (2006) Code of Practice (Guide)
  9. 9. BS-25999-2 (2007) Specification</li></ul>ISO/PAS 22399 (2007) Societal Security <br />International Standards<br />Slide 8<br />
  10. 10. What activities in your organisation, if stopped, cause the most impact to your business?<br />Impact may be on: <br />Cash Flow<br />Reputation<br />Meeting Statutory and Legal requirements<br />Key Questions to ask <br />Slide 9<br />
  11. 11. How are these activities delivered and what resources are used to support them?<br />Resources may be: <br />People<br />Plant and Machinery<br />Premises and Furniture<br />Computing and Telecommunications<br />Data and Information<br />Suppliers and Distributors<br />Key Questions to ask (2)<br />Slide 10<br />
  12. 12. Some other key questions are:<br />Who is essential?<br />What equipment, IT, Telecomms and other systems are necessary to continue to function?<br />Who does the Org rely upon to carry out key activities?<br />Who depends upon the Organisation?<br />Are there any service levels, legal or regulatory obligations?<br />Do Disaster Recovery, Business Continuity and emergency plans already exist?<br />Are there any natural fluctuations of operational activity e.g. Month-end payroll or end of year for accounts <br />Key Questions to ask (3)<br />Slide 11<br />
  13. 13. You then need to consider:<br />How long can your business manage without key activities? (This is important as this dictates what you focus on first)<br />How essential is a departments work to the overall performance of the business on a day to day basis?<br />Having identified key resources – consider the likelihood that these resources may be lost i.e. what are the risks to these resources?<br />Key Questions to ask (4)<br />Slide 12<br />
  14. 14. There are a number of things you can do before you bring in the consultant(s) <br />Understand your business<br />Identify what makes your business profitable<br /><ul><li>Map and document these processes
  15. 15. Get agreement with the rest of the board team</li></ul>Conduct a high level SWOT analysis <br />Determine what and where your vulnerabilities are that affect your productivity and profit<br />Understand which resources are necessary for the business to continue<br />Before the Consultants Arrive<br />Slide 13<br />
  16. 16. Identify Possible scenarios <br /><ul><li>Determine how long it takes to replace
  17. 17. Avoid doom and gloom – be realistic </li></ul>Establish and Understand replacement times<br />Place Profit Processes in a priority order <br /><ul><li>You can do this in term of frequency of use or profitability or ease – whatever you decide
  18. 18. Determine how long it takes to replace
  19. 19. Personnel
  20. 20. Resources
  21. 21. Manufacturing Materials
  22. 22. Suppliers
  23. 23. Buildings
  24. 24. Power, heating / cooling and lighting</li></ul>Before the Consultants Arrive<br />Slide 14<br />
  25. 25. Develop a Risk Analysis Quadrant<br />Before the Consultants Arrive<br />High<br />Materials<br />Unavailable<br />Operator<br />Injured<br />Political<br />Upheaval<br />Probability<br />Fire<br />Salesman<br />Killed<br />Operator<br />Killed<br />Flood<br />Reputation<br />Destroyed<br />Service Denial<br />attack<br />CEO Kidnapped<br />Production Machine<br />Breakdown<br />Theft<br />Low<br />Low<br />High<br />Impact<br />Slide 15<br />
  26. 26. Outline options for mitigating the identified business continuity risks<br />Bring in your BCM consultants to review and document your findings and to add their own experience and value <br />Before the Consultants Arrive<br />They should design and develop the Business Continuity Plan and recommend how it should be initiated and maintained<br />Slide 16<br />
  27. 27. You should expect the following outputs from this exercise:<br />Identified Risks and associated mitigations<br />Business Continuity Plan<br />BCP Test scenarios and Test plans<br />Outline Test schedule<br />Crisis Management/Emergency Response/Incident Management procedures<br />Outline DR Plans and Test scenario plans<br />Deliverables<br />Slide 17<br />
  28. 28. You should test aspects of your BCP and the underlying Incident management and DR responses<br />Use an external consultant where possible, as they should remain impartial and observe and report the outcome of the planned scenario<br />Test<br />Slide 18<br />
  29. 29. 80% of organizations with a tried and tested business continuity plan are likely to survive a major business discontinuity; only 20% of those without a business continuity plan are likely to survive. <br />Over 90% of organizations that suffer a significant data loss are not in business two years later. <br />The latest data indicates that many of the existing plans are not comprehensive and that maintenance (testing and updating) is generally inadequate.<br /> 'Backup' is not the same as a business continuity plan, and terrorism should be specifically addressed. <br />Public Domain Statistics<br />Slide 19<br />
  30. 30. Questions<br />Thank you<br />Shukran<br />Slide 20<br />
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×