BCM Institute MTE Series: http://www.worldcontinuitycongress.com/wcc08/mte.html
As part of the C3 Program in the region, BCM Institute has brought together experts to assist businesses and organisations to be resilient. Partnering with various global experts the program ensures that each program receives holistic support from Training (Competency) to Implementation (Capability) to Certification (Capacity) for both organisations and personnel.
BCM Institute MTE Dr Goh Moh Heng - Holistic Approach to Implementing Business Continuity Management with Funding
1. A Holistic Approach to
Implementing Business
Continuity Management
with Funding
Dr Goh Moh Heng
PhD, BCCE, DRCE, BCCLA
President
23 November 2010
Holiday Inn Atrium
Singapore
2. Dr Goh Moh Heng
• President
– Business Continuity Management (BCM)
Institute
– www.bcm-institute.org
• Managing Director
– GMH Continuity Architects
– Asia Pacific BCM Consulting Firm
– www.GMHasia.com
• Professional BCM Appointments
– Technical Advisor for TR19:2005 &
SS540:2008 BCM Standard
(Management Council and Technical
Committee) www.ss540.org
– Project Director, Technical Working
Group for SS507:2004
• ISO/IEC 24762 Guidelines for BC-DR
Services
http://www.bcmpedia.org/wiki/Dr_Goh_Moh_Heng
2
3. Dr Goh Moh Heng
Prior Appointments
• Government of Singapore Investment
Corporation (GIC)
• Standard Chartered Bank
– Global Head for BCM
• PriceWaterhouse (Coopers)
• Past Certification Broad Member for
DRI International’s Certification Board
• Past Executive Director for DRI Asia
• Senior Technical Advisor, China
Business Continuity Management
Forum
http://www.bcmpedia.org/wiki/Dr_Goh_Moh_Heng
3
4. BCM Institute
• Started in January 2005.
• Provide competency based BC-DR
training to all levels.
• Certify BC-DR professionals
globally.
• Started Certification programme
in April 2007.
• More than 1500 professionals
from 850 organizations and 40
countries.
4
12. BCM Planning Methodology &
Singapore Standard for BCM
(SS:540)
BCM
Planning
Process/
BCM BoK
Project
Management
RiskAnalysisand
Review
BusinessImpact
Analysis
RecoveryStrategy
PlanDevelopment
Testingand
Exercising
Program
Management
Singapore
Standard
for BCM
(SS540)
Risk Analysis
and Review l
Business
Impact Analysis l
Strategy l
BC Plan l
Tests and
Exercises
l
Programme
Management l l
13. BCM Roadmap
Business Continuity Reports – BC Plan
BC-DR Test / Exercise
External SS540/BS25999 Audit
Internal Audit
Policy and
Framework
3
4
5
6
Risk
Analysis
Report
Business
Impact
Report
Recovery
Strategy
Report
Business
Continuity
Plans
Test Plan
Program – Project - Organisational Development1
Training and Competency Development2
Designed to be in alignment to SS540 and BS25999
Mandatory Requirements
13
16. BCM Internal
Auditor
Business Unit
Coordinator/
Representative
BU Technology/
Support Coordinator/
Representative
Organization
BC Manager
BCM Steering Committee
• Chairperson
• Project Sponsor
• Head of Business Units
BCM
8450
BCM
820
DRP
5000
BCM
5000
BCM
100
17. BCM-5000 – Implementing and
Managing BCM
• Advance BCM course for BCM Project Managers or
Business Unit Coordinators
• 4 full day training
• 1 half day 150 MCQ Examination
• SGD $ 3,850 before CITREP
• SGD $ 850 after CITREP (Additional $200 absentee payroll reimbursement for
companies)
• Leads up:
17
18. DRP 5000 – Implementing and
Managing IT Disaster Recovery
• Advance BCM course for BCM IT Project
Managers
• 4 full day training
• 1 half day 150 MCQ Examination
• SGD $ 3,850 before CITREP
• SGD $ 850 after CITREP (Additional $200 absentee payroll reimbursement for
companies)
• Leads up to:
19. BCM 8540 – BCM Lead Auditor
• Advance BCM Lead Auditor course for
experienced financial auditors, standards/QMS
auditors and experienced advanced BCM
Professionals
• 4 full day training
• 1 half day 150 MCQ Examination
• SGD $ 4,000 before CITREP
• SGD $ 1,000 after CITREP
• Leads up to:
20.
21. BCM 820 – Implementing
Business Continuity Management
• Intermediate BCM Training for organisations to
implement Business Continuity Management.
• Option to integrate consulting as a Training Led
Consultancy to implement BCM.
• 1 full day training
• 4 half day modulated workshops
• 50 MCQ Examination
• SGD $ 3, 350 before CITREP
• SGD $ 670 after CITREP
(Additional $50 absentee payroll reimbursement for companies)
22. Competency Built-in
Implementation
Business Continuity Reports – BC Plan
Business
Impact
Analysis
Recovery
Strategy
Plan
Develop-
ment
Risk
Analysis
& Review
Program
Management
Fundamentals
of BCM
Session 3 Session 4 Session 5 Session 6
Each Session-Day is a minimum of 2 weeks apart
Session 2Session 1
Policy and
Framework
Risk
Assessment
Report
Business
Impact
Report
Recovery
Strategy
Report
Business
Continuity
Plans
Test Plan
Testing &
Exercising
23. THANK YOU
Dr Goh Moh Heng
President
Mobile: +65 96711022
Tel: +65 63231500
Fax: +65 63230933
Email: moh_heng@bcm-institute.org
Editor's Notes
BCM Institute
Leading global Business Continuity (BC) & Disaster Recovery (D R) Institute.
Established in 2005.
Offers a wide range of quality BC and DR courses.
Certified over 1,250 professionals from 36 countries.
MAJOR BCM AREAS
This framework divides into 6 broad BCM areas:
Risk Analysis and Review (This terms are similar for SS540 and BCM Planning Methodology)
The potential threats and risks to an organization can be uncovered via a risk analysis and review of its internal operations and external operating environment. Examples of risks due to internal operations include malfunction of critical manufacturing processes, failure of Information Technology (IT) systems and fire which destroys plant facilities. Examples of risks due to external operating environment include terrorist attacks, floods, political turmoil and disruption of supply chain.
Business Impact Analysis (This terms are similar for SS540 and BCM Planning Methodology)
The potential impacts of risks actually occurring to an organization and affecting its ability to achieve its business operation and service can be obtained by conducting a business impact analysis. The later would include, where possible, quantifying the loss impact from both a number of days of business disruption and a financial standpoint. For example, a fire which destroys the finished inventory at the warehouse can result in delay of shipment to key customers for a few days and incurring impact such as contractual penalty.
Strategy (Recovery Strategy)
Based on these potential loss impacts the organization would deliberate and select the appropriate strategy or strategies to safeguards its interests. These strategies can be preventive or pre-emptive in nature. For example, outsourcing the risks to third parties or setting up of alternate facilities at another location would be efforts towards preventing and pre-empting potential loss impact. The rationale behind these strategies is to build resilience for the organization against impact of loss.
Business Continuity Plan (Plan Development)
From the selected strategies a detail business continuity plan (BC Plan) should be instituted in place to respond to risks which can occur and impact its business operation and service. The BC Plan would specify and allocate the resources and thereby building up the capability of the organization to respond to risk occurrences. For example, by specifying the BC roles and responsibilities of staff in the BC Plan the organization is better adapt to respond to occurrence of risks.
Tests and Exercises (Testing and Exercising)
An established BC Plan should be subject to verification via Tests and exercises. Tests and exercises expose probable errors and omissions in carrying out the established plan. It examines if the resources committed are accessible, available and adequate for undertaking the recovery efficiently and effectively. It checks if staff in the organization are familiar with recovery procedures. Overall Tests and exercises validate if the BC Plan indeed meet its recovery objectives.
Programme Management (This terms are similar for SS540 and BCM Planning Methodology)
Besides an established and thoroughly tested BC Plan the organization should demonstrate commitment in maintaining the currency of its plan through regular and systematic review of its risks and business impacts, realigning of its BCM strategies and revalidating of its BC Plan on a continuous basis. BCM should become an integral part of the organization’s operations, audit, testing, quality assurance, change management and culture. Ownership of BCM becomes embedded in individual business units where BCM risks reside.
BCM is an ongoing management process and can be examined from 2 standpoints. Firstly, the impacts of issues and concerns arising from each of the 7 BCM areas identified above need to be examined. For example, the risk impacts upon people and physical infrastructure. Secondly, the direction and support needed to ensure that BCM efforts can be implemented and sustained. For example, organizational policies direct BCM processes to support BCM on an ongoing basis.