Business Continuity Management (BCM) <ul><ul><li>Best Practices </li></ul></ul><ul><ul><li>25 August 2008 </li></ul></ul><...
OVERALL IMPLEMENTATION APPROACH -confidential- Building Your Team & Capabilities Staff / Management Awareness & Training T...
Building the Team & Capabilities <ul><li>Identify the Champion </li></ul><ul><ul><li>Must be a person who has the overall ...
Understanding Your Business <ul><li>Initiation stage </li></ul><ul><ul><li>In-house vs. Outsource (make the decision) </li...
Understanding Your Business <ul><li>Requirements & strategy </li></ul><ul><ul><li>Define the policies </li></ul></ul><ul><...
Implementation <ul><li>Emergency response </li></ul><ul><ul><li>Life and safety first </li></ul></ul><ul><ul><li>Identify ...
Implementation <ul><li>Plan development </li></ul><ul><ul><li>Recovery plans </li></ul></ul><ul><ul><ul><li>When possible,...
Continual Improvement <ul><li>Testing (exercising) & review </li></ul>-confidential- Event Phase Situation Crisis Manageme...
Continual Improvement <ul><li>Compliance & Audit </li></ul><ul><ul><li>Must have a thorough understanding of the business,...
Hallmarks of a World-class BCP <ul><li>Centralized at the enterprise level </li></ul><ul><li>Identify a Control Champion <...
Upcoming SlideShare
Loading in...5
×

Business Continuity Management (BCM)

752

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
752
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
62
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Business Continuity Management (BCM)

  1. 1. Business Continuity Management (BCM) <ul><ul><li>Best Practices </li></ul></ul><ul><ul><li>25 August 2008 </li></ul></ul><ul><ul><li>By Ros Yusoff </li></ul></ul><ul><ul><li>NUBE </li></ul></ul>
  2. 2. OVERALL IMPLEMENTATION APPROACH -confidential- Building Your Team & Capabilities Staff / Management Awareness & Training Training Matrix & Master Plan Short Training Sessions Workshops / Awareness Sessions Organizational Roles Incorporate R&R into JD’s Defining Roles & Responsibilities Defining the Committees & Teams Continual Improvement Testing & Review Update Review Testing Understanding Your Business Requirements & Strategy Policies Business Impact Risk Assessment Continuity Strategies Initiation Program Management Project Statement Timeline Maturity Assessment Preventive Measures Assurance Implementation Develop RTP Risk assessment Workshops Emergency Response Escalation & Notification Damage Assessment Life & Safety Crisis Mgmt Disaster Declaration Data & Record Recovery Plan Development Procedure Development Checklist Development Contact Information
  3. 3. Building the Team & Capabilities <ul><li>Identify the Champion </li></ul><ul><ul><li>Must be a person who has the overall view of all the processes involved </li></ul></ul><ul><li>Identify the key personnel & the backup personnel for each critical process </li></ul><ul><li>Incorporate BC roles & responsibilities into JD’s </li></ul><ul><ul><li>Make them as part of KPI’s </li></ul></ul><ul><li>Develop a skill matrix that your organization needs </li></ul><ul><ul><li>Draft annual training plan </li></ul></ul><ul><ul><li>Hold lots and lots of awareness sessions </li></ul></ul><ul><ul><li>Focus on specific skills required for the different team members </li></ul></ul>-confidential-
  4. 4. Understanding Your Business <ul><li>Initiation stage </li></ul><ul><ul><li>In-house vs. Outsource (make the decision) </li></ul></ul><ul><ul><ul><li>In-house: Get well-trained; get the experience required </li></ul></ul></ul><ul><ul><ul><li>Outsource: Never outsource fully </li></ul></ul></ul><ul><ul><li>Perform a maturity assessment (gap analysis) </li></ul></ul><ul><ul><ul><li>Should be brief and simple </li></ul></ul></ul><ul><ul><li>Develop the project/program based on the results of the maturity assessment </li></ul></ul><ul><ul><li>Do not rush to get it done. Get it done right </li></ul></ul>-confidential-
  5. 5. Understanding Your Business <ul><li>Requirements & strategy </li></ul><ul><ul><li>Define the policies </li></ul></ul><ul><ul><ul><li>The policies must be implementable during disasters </li></ul></ul></ul><ul><ul><li>Perform risk assessment & BIA </li></ul></ul><ul><ul><ul><li>Only high-level risk assessment to determine critical threats in relation to Availability </li></ul></ul></ul><ul><ul><ul><li>BIA - to determine the criticality of systems </li></ul></ul></ul><ul><ul><li>Identify preventive measures that exist already </li></ul></ul><ul><ul><li>Propose recovery strategies </li></ul></ul><ul><ul><ul><li>Go back to the manual way when possible </li></ul></ul></ul><ul><ul><ul><li>Minimally, should have off-site storage for critical data </li></ul></ul></ul><ul><ul><li>Go back and review BIA </li></ul></ul>-confidential-
  6. 6. Implementation <ul><li>Emergency response </li></ul><ul><ul><li>Life and safety first </li></ul></ul><ul><ul><li>Identify an alternate place to work at </li></ul></ul><ul><ul><ul><li>Determine requirements at the alternate place (voice communications is crucial during disaster) </li></ul></ul></ul><ul><ul><li>Notification & escalation procedures must be simple </li></ul></ul><ul><ul><ul><li>Ensure that contact information is accurate (requires frequent updates) </li></ul></ul></ul><ul><ul><li>Determine documents & records required to recover critical business </li></ul></ul><ul><ul><ul><li>War chest </li></ul></ul></ul>-confidential-
  7. 7. Implementation <ul><li>Plan development </li></ul><ul><ul><li>Recovery plans </li></ul></ul><ul><ul><ul><li>When possible, only use checklists </li></ul></ul></ul><ul><ul><ul><li>Should be developed by the team members that would be involved in the recovery activities </li></ul></ul></ul><ul><ul><ul><li>The goal is never to recover 100% of the business, but to an acceptable level </li></ul></ul></ul><ul><ul><ul><li>Use simple, straight forward sentences </li></ul></ul></ul><ul><ul><ul><li>Incorporate information security requirements into your plans </li></ul></ul></ul><ul><ul><li>Do not forget to draft the restoration plans </li></ul></ul><ul><ul><ul><li>Back to the original site </li></ul></ul></ul><ul><ul><li>Do not forget to develop plans for the mobilization of staff to the alternate site </li></ul></ul><ul><ul><ul><li>Transportation, office supply, food, accommodation … </li></ul></ul></ul>-confidential-
  8. 8. Continual Improvement <ul><li>Testing (exercising) & review </li></ul>-confidential- Event Phase Situation Crisis Management Plan Business Management Plan One Immediate aftermath Media management Strategic assessment Damage assessment Formal invocation of BC services Casualty management Two Damage contained Media management Monitoring of BC teams Mobilizing alternate resources Staff communications Three Resumption beginning Stood down Regular meetings for updates Managing alternate resources Resumption of critical functions Four Consolidation Review Resumption of further functions Back to originate site
  9. 9. Continual Improvement <ul><li>Compliance & Audit </li></ul><ul><ul><li>Must have a thorough understanding of the business, individual functions, and interdependent relationships </li></ul></ul><ul><ul><li>Challenge management related to potential risk </li></ul></ul><ul><ul><li>Participate in BIA workshops </li></ul></ul><ul><ul><li>Challenge recovery strategies </li></ul></ul><ul><ul><li>Participate during testing </li></ul></ul><ul><ul><li>Involve the right people as Subject Matter Experts </li></ul></ul>-confidential-
  10. 10. Hallmarks of a World-class BCP <ul><li>Centralized at the enterprise level </li></ul><ul><li>Identify a Control Champion </li></ul><ul><li>Committed and visible support from management </li></ul><ul><li>Buy-in at all levels, even non-key personnel </li></ul><ul><li>Use generally accepted standards </li></ul><ul><li>Perform constant review and testing </li></ul><ul><ul><li>MTDs are reviewed against Client Charters </li></ul></ul><ul><li>Must be cost effective – strategies must be “lean & mean” </li></ul>-confidential-
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×