Guest Speaker February Meeting

  • 1,088 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,088
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
13
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Business Continuity Planning – Overview ELEMENTS OF A COMPLETE BUSINESS CONTINUITY PROGRAM PROJECT INITIATION AND MANAGEMENT Establish the need for a Business Continuity Plan (BCP), including obtaining management support and organizing and managing the BCP project to completion. (This includes defining the problem; communicating the need for a BCP; developing budget requirements; identifying Planning Team(s) and Action Plans; and developing project management and documentation requirements.) RISK EVALUATION AND CONTROL Determine the events and environmental surroundings that can adversely affect an organization, the damage that such events can cause, and the controls needed to prevent or minimize the effects of potential loss. (This includes understanding loss potentials; determining the organization’s vulnerability to loss potentials; identifying controls and safeguards to prevent or minimize the effect of the loss potential; and evaluating the effectiveness of controls and safeguards.) BUSINESS IMPACT ANALYSIS Identify the impacts that result from disruptions that can affect the organization and the techniques that can be used to quantify and qualify such impacts. (This includes assessing effects of disruptions; defining criticality and prioritizing the business functions and records; and determining recovery timeframes and minimum resource requirements.) DEVELOP BUSINESS CONTINUITY STRATEGIES Determine and guide the selection of alternative business recovery operating strategies to be used to maintain the organization’s critical functions. (This includes identifying recovery strategy requirements; assessing suitability of alternative strategies; preparing cost/benefit analysis of recovery strategies; and selecting alternate site(s) and off-site storage.) EMERGENCY RESPONSE AND OPERATIONS Develop and implement procedures to respond to and stabilize the situation following an incident or event. (This includes identifying and developing emergency response procedures; identifying command and control requirements and procedures; and defining strategy for salvage and restoration.) DEVELOP AND IMPLEMENT BUSINESS CONTINUITY PLANS Design, develop, and implement the Business Continuity Plans. (This includes defining recovery management and control requirements; identifying and defining the format and structure of major plan components; developing the business operations plan; developing the information technology recovery plan; developing the communication systems plan; and developing end-user plans.) AWARENESS AND TRAINING PROGRAMS Prepare a program to create an organizational awareness and enhance the skills required to develop, implement, maintain, and execute the Business Continuity Plan. (This includes defining the objectives of training; developing the types of training programs; developing awareness programs; and identifying other opportunities for education.) MAINTAIN AND EXERCISE BUSINESS CONTINUITY PLANS Pre-plan, coordinate, evaluate, test and exercise the Plan, and document the results. Develop processes to maintain the currency of the Plan in accordance with the strategic direction of the organization. (This includes determining exercise requirements; developing scenarios; establishing evaluation criteria; defining exercising objectives; preparing post-exercise reporting; defining a plan maintenance schedule; maintaining the plan; and developing change control procedures.) PUBLIC RELATIONS AND CRISIS COMMUNICATION Develop, coordinate, evaluate, implement, and exercise public relations and crisis communication plans. (This includes identifying components of a public relations program and identifying external agencies with which prior relationships need to be established.) COORDINATION WITH PUBLIC AUTHORITIES Establish applicable procedures and policies for coordinating response, continuity, and restoration activities with local authorities while ensuring compliance with applicable statutes or regulations. (This includes identifying applicable laws and regulations governing emergency response; identifying agencies supporting disaster recovery and business continuity; and developing plans to meet statutory requirements.)

Transcript

  • 1. Business Continuity Planning Overview Clarence Elliott, MBCP
  • 2. What is Business Continuity Planning?
    • BUSINESS CONTINUITY MANAGEMENT PROGRAM: An ongoing management and governance process, supported by senior management, and resourced to ensure that the necessary steps are taken to identify the impact of potential losses, maintain viable recovery strategies and plans, and ensure continuity of products/services, through exercising, rehearsal, testing, training, maintenance and assurance.
    • Source: Disaster Recovery Journal/Disaster Recovery Institute
  • 3. Benefits of Continuity Planning
    • Maintain continuity of operations – stay in business!
    • Maintain customer service
    • Relocate critical operations quickly
    • Minimize financial losses
    • Reduce disruptions to critical operations
    • Achieve an orderly recovery
    • Provide organizational stability
    • Limit potential exposure and reduce legal liability
    • Lower the probability of occurrence
    • Reduce reliance on key personnel
    • Protect assets
    • Increase the safety of all personnel
    • Minimize decision making during the recovery
    • Reduce delays during the recovery process
    • Provide a sense of security
    • Comply with legal, contractual, audits, and government regulations
  • 4. Elements of Business Continuity Planning – the Complete Program
    • PROJECT INITIATION AND MANAGEMENT
    • RISK EVALUATION AND CONTROL
    • BUSINESS IMPACT ANALYSIS
    • BUSINESS CONTINUITY STRATEGIES
    • EMERGENCY RESPONSE AND OPERATIONS
    • BUSINESS CONTINUITY PLANS, IT DR PLAN
    • AWARENESS AND TRAINING PROGRAMS
    • MAINTAIN AND EXERCISE BUSINESS CONTINUITY PLANS
    • PUBLIC RELATIONS AND CRISIS COMMUNICATION, CRISIS MANAGEMENT PLAN
    • COORDINATION WITH PUBLIC AUTHORITIES
  • 5. All Elements fit together to form a complete Business Continuity Program
  • 6. BCP is an ongoing process cycle
    • Risk Analysis
    • Business Impact Analysis
    Project Initiation & Mgmt Develop/ Maintain Plans: Business, IT etc. Exercise Plans Emergency Response, Crisis Mgmt Awareness, Communication
  • 7. BCP approach: sequence
    • These should be done in sequence if at all possible :
    • PROJECT INITIATION AND MANAGEMENT
    • RISK EVALUATION AND CONTROL
    • BUSINESS IMPACT ANALYSIS
    • BUSINESS CONTINUITY STRATEGIES
    • These may be done simultaneously:
    • EMERGENCY RESPONSE PLANS
    • BUSINESS CONTINUITY PLANS
    • IT DR PLAN
    • CRISIS MANAGEMENT PLAN
    • AWARENESS AND TRAINING PROGRAMS
    • This follows plan completion:
    • MAINTAIN AND EXERCISE BUSINESS CONTINUITY PLANS
    • PUBLIC RELATIONS AND CRISIS COMMUNICATION, COORDINATION WITH PUBLIC AUTHORITIES
  • 8. Consider these as Building Blocks, in Sequence PROJECT INITIATION AND MANAGEMENT RISK ANALYSIS BUSINESS IMPACT ANALYSIS BUSINESS CONTINUITY STRATEGIES BUSINESS CONTINUITY PLANS, IT PLAN, CRISIS MGMT PLAN, EMERGENCY RESPONSE PLANS MAINTAIN AND TEST PLANS TOTAL QUALITY BUSINESS CONTINUITY PLAN! =
  • 9. Business Continuity Planning Approach
    • Initial Components
        • Project Plan
        • Risk Assessment
        • Business Impact Analysis
        • Review Strategies for Recovery
        • Review Emergency Response Plan
        • Plan for IT Disaster Recovery Plan
        • Plan for Business Continuity Plans
  • 10. BCP Approach
      • Process vs. just a Project
        • Annual Risk Assessment/BIA, plus Plan Reviews
        • Efforts for Next Year identified before budget cycle
        • Annual testing of at least some aspect of the plan
        • BCP Coordination ongoing
  • 11. BCP Approach
      • Next Steps
        • Select Strategy for recovery
        • Business and IT alternate sites etc.
        • Draft Business Continuity/IT Plans
        • Integrate Emergency Response Plans
        • Complete/distribute Plans
        • Exercise Plans
  • 12. Risk Assessment
    • Scope :
    • Complete a Risk Assessment for the geographic area and facilities. This Risk Assessment will be a site “threats and hazards” assessment.
    • Methodology :
    • Develop a plan for this effort, and Business Continuity Planning overall
    • Utilize BCP “Industry Standard” templates for Risk Assessment/Survey
    • Customize survey templates, with risks pre-defined
    • Keep survey short/concise, yet complete (cover all areas)
    • Complete most of survey ourselves, with Facilities input
    • Utilize available public information (e.g., VDEM, geographical risk info)
    • Review findings with project team, business representatives
    • Present findings to management, set stage for next efforts (BIA etc.)
  • 13. Business Impact Analysis (BIA)
    • Scope :
    • Complete a BIA for the entire organization, all functions. The BIA will be an assessment of business functions, to complement the Risk Assessment. It quantifies financial and operational impacts of disruptions, and helps determine recovery priorities.
    • Methodology :
    • Develop a plan for the BIA, and Business Continuity Planning overall – incorporate project team with business representatives
    • Utilize BCP “Industry Standard” templates for BIA/Survey
    • Customize survey templates, with areas of analysis and IT applications pre-defined
    • Include both business functions and computer applications in analysis
    • Keep survey short/concise, yet complete (cover all areas)
    • Provide overview (memo, explanation) for Business Unit representatives
    • Conduct BIA by Business Unit – survey plus follow-up interview
    • Collect data for Business Continuity Plans as part of the BIA
    • Minimize business resource requirements
    • Verify results with business representatives
    • Present findings to management, set stage for next efforts
  • 14. Emergency Response Plans
    • Approach
      • Review existing plan(s)
      • Conduct Physical facility review
      • Collect additional information
      • Incorporate into Business Continuity Plan
      • Review, approve completed plans
      • Publish plans
      • Train employees
      • Test plans
      • Maintain plans
  • 15. Business Continuity Plan(s)
    • Approach
      • Base plan(s) on BIA and Risk Assessment
      • Agree on outline of plan
      • Get plan template
      • Get management guidance/approval
      • Collect information (note – part of BIA)
      • Determine any BCP software use
      • Draft plan(s) – IT and business
      • Review, approve completed plans
      • Publish plans
      • Train employees
      • Test plans
      • Maintain plans