Business Continuity Planning Presentation Overview


Published on

Business Continuity Presentation

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Business Continuity Planning Presentation Overview

  1. 1. Business Continuity Planning Presented by Robert Winkler December 15, 2008
  2. 2. Meeting Objectives <ul><li>Review the six steps in developing a Business Continuity Plan </li></ul><ul><li>Review the results of the BIA & Questionnaire </li></ul><ul><li>Discuss “workarounds” for Critical Applications </li></ul><ul><li>Overview of the Business Continuity Process </li></ul><ul><li>Next Steps – Building your plans. </li></ul><ul><li>Preparing for a Pandemic </li></ul>
  3. 3. Definition of Terms <ul><li>Business continuity plan (BCP) </li></ul><ul><li>The documentation of predetermined set of instructions or procedures that describe how an organization’s business functions will be sustained during and after a significant disruption. </li></ul><ul><li>Disaster recovery plan (DRP) </li></ul><ul><li>A written plan for processing critical applications in the event of a major hardware or software failure or destruction of facilities. </li></ul>
  4. 4. BCP Mission Statement <ul><li>Provide guidelines </li></ul><ul><li>Maintain a central repository for all plans </li></ul><ul><li>Monitor disaster recovery exercises </li></ul><ul><li>Ensure that an exercise plan is developed that will test the functions and responsibilities of all plans and participants </li></ul>
  5. 5. Key Steps In Developing Business Continuity Plans
  6. 6. Risk Analysis <ul><li>There are two aspects to every risk to your business </li></ul><ul><li>How likely is it to happen ? </li></ul><ul><li>What effect will it have on your business ? </li></ul>
  7. 7. Develop Your Strategy <ul><li>What is your appetite for risk ? </li></ul><ul><li>Does senior management agree with your analysis of the business risks, and which people and tasks are essential. This will give you a clear understanding of the “appetite for risk” within your business unit. </li></ul>
  8. 8. Develop Your Strategy <ul><li>Define your strategy </li></ul><ul><li>Choose one of the following strategies : </li></ul><ul><li>Accept the risks – change nothing </li></ul><ul><li>Accept the risks, but make a mutual agreement with another business continuity supplier to ensure that you have help after an incident. </li></ul><ul><li>Attempt to reduce the risks. </li></ul><ul><li>Attempt to reduce the risks and make arrangements for help after an incident. </li></ul><ul><li>Reduce all risks to the point where you should not need outside help. </li></ul>
  9. 9. Business Impact Analysis <ul><li>A BIA will identify the impact to this organization by measuring the operating, financial, legal and regulatory impact. This part of the process will identify the critical functions within the business. </li></ul>
  10. 10. Recovery Strategies <ul><li>The information that is gathered from the Business Impact Analysis & Questionnaire will be used to identify potential recovery options and their associated costs, present the options to management, and get agreement on the approach to be taken. </li></ul>
  11. 11. Develop Your Plan <ul><li>Visualize your plan </li></ul><ul><li>Set-up </li></ul><ul><li>Make it clear that you have consulted throughout the business. </li></ul><ul><li>Use non-technical language that everyone can understand . </li></ul>
  12. 12. Develop Your Plan <ul><li>Visualize your plan </li></ul><ul><li>Contents </li></ul><ul><li>Make it clear who needs to do what and who takes responsibility for what. </li></ul><ul><li>Create user checklists that readers can follow easily. </li></ul><ul><li>Include clear, direct instructions for the crucial first hour after an incident. </li></ul><ul><li>Include a list of things that do not need to be thought about until after the first hour. </li></ul>
  13. 13. Develop Your Plan <ul><li>Visualize your plan </li></ul><ul><li>Contents (cont’d) </li></ul><ul><li>Agree how often, when and how you will check your plan to make sure it is always a ‘living document’. Update your plan to reflect changes in your organization’s personnel and in the risks you might face. </li></ul><ul><li>A good plan will be simple. Remember that people need to be able to react quickly in an emergency: stopping to read lots of detail may make that more difficult. </li></ul><ul><li>Plan for worst-case scenarios. If your plan covers how to get back in business if a flood destroys your building, it will also work if one floor is flooded. </li></ul>
  14. 14. Develop Your Plan <ul><li>Include information from outside experts in planning for emergencies, or from other business people who face similar risks. </li></ul><ul><li>Emergency Planning Officer (city) : Find out what your local authority would do in response to a major incident. </li></ul><ul><li>Emergency Services : Ask your local fire house what they will want to know from you during a major incident ? How can you help the ambulance service to help you? Who will the police contact at an incident? </li></ul><ul><ul><li>Ask about access to your facility if your premises is cordoned off. </li></ul></ul><ul><ul><li>Would your local fire station video tape the inside of your building? </li></ul></ul>
  15. 15. Develop Your Plan <ul><li>Include information from outside your business (cont’d) </li></ul><ul><li>Utility Companies : Find out from the Utility companies what they will need to know if your business is involved in a major incident. </li></ul><ul><li>Suppliers & Customers : How will you contact your suppliers/customers to tell them you have been affected by an incident? </li></ul><ul><li>Your insurance company : What information does your insurance company need from you? Do you need their permission to replace damaged critical equipment immediately? </li></ul>
  16. 16. Exercise & Maintenance <ul><li>Rehearse your plan </li></ul><ul><li>Rehearsal helps you confirm that your plan will be connected and robust if you ever need it. </li></ul><ul><li>Remember your BCP are “living documents” and you will need to rehearse whenever you update. </li></ul><ul><li>Rehearsals are also good ways to train staff who have business continuity responsibilities. </li></ul><ul><li>Rehearse your plans at least annually . </li></ul>
  17. 17. Exercise & Maintenance <ul><li>Maintaining your plans </li></ul><ul><li>Review plans on a quarterly basis to ensure that they have been properly maintained and updated to reflect actual resumption and recovery needs. </li></ul><ul><li>Include Business Continuity concepts into your change management process. </li></ul>
  18. 18. Awareness <ul><li>Business Continuity should become part of your new hire orientation. </li></ul><ul><li>Business Continuity should become part of a managers performance review. </li></ul><ul><li>Exercises provide the opportunity to train the staff on the procedures documented in the plans. </li></ul>
  19. 19. Business Continuity Planning <ul><li>There are six steps involved in building continuity plans : </li></ul><ul><li>Step 1: Develop Continuity Planning Policies and Procedures </li></ul><ul><ul><li>Define your planning philosophies, policies and procedures in documents you will include with your printed plans. </li></ul></ul><ul><li>Step 2: Define Phases and Plan Structure </li></ul><ul><ul><li>Break down your planning effort into phases. Create plan names for each level within a phase. Hint: Your plan tree will mirror the physical structure of your organization. </li></ul></ul>
  20. 20. Business Continuity Planning <ul><li>Sample BCP Plan Hierarchy </li></ul><ul><li>Plan Name - Business Continuity Plan </li></ul><ul><li>Company Name – </li></ul><ul><li>Country – US </li></ul><ul><li>Location – Chicago, IL </li></ul><ul><li>Building – </li></ul><ul><li>Scenario – Administration </li></ul><ul><li>Agency Services </li></ul><ul><li>Sale & Marketing </li></ul><ul><li>Technical Solutions </li></ul>
  21. 21. Business Continuity Planning <ul><li>Step 3: Determine Plan Output </li></ul><ul><ul><li>Review the standard reports included in BCP determine the types of plan information you will want to see if a business interruption occurs. </li></ul></ul><ul><ul><li>Step 4: Create a Table of Contents </li></ul></ul><ul><ul><li>Set a table of contents for each of your BCP. </li></ul></ul><ul><ul><li>Step 5: Collect Plan Information </li></ul></ul><ul><ul><li>Responsibilities (Processes & Teams) </li></ul></ul><ul><ul><li>People (Employees, Call Lists, Vendors, Customers) </li></ul></ul><ul><ul><li>Materials (Software, Equipment, Supplies, Telecom, Assets, </li></ul></ul><ul><ul><li> Vital Records) </li></ul></ul><ul><ul><li>Miscellaneous (Documents, Workstations, Locations) </li></ul></ul>
  22. 22. Business Continuity Planning <ul><li>Step 6: Print the Plan </li></ul><ul><li>Print your plans for frequent testing and review as well as when needed to respond to a business disruption. </li></ul>
  23. 23. Phases and Plan Names <ul><li>To help you think about the plan structure, ask yourself a few questions. </li></ul><ul><li>What kind of plans are you building? (Response/Resumption) </li></ul><ul><li>Who are you building them for? (Organization) </li></ul><ul><li>What are you planning for? </li></ul><ul><li>Who will own the plan? </li></ul><ul><li>How are the plans going to be maintained? (By whom and at what level – department? Process? Other?) </li></ul>
  24. 24. Build Plans – Assign Processes <ul><li>What are the critical functions in each department or business unit within my company ? </li></ul><ul><ul><li>Determining a critical rating and priority sequence for each process ensures that you will know right away the order in which your processes must be recovered during an incident. </li></ul></ul>
  25. 25. Build Plans – Employee Summary <ul><li>Who are the critical employees in each of my departments ? </li></ul><ul><li>Make sure you gather multiple contact methods for your key people. Build call lists to state who needs to be contacted during an actual incident in a specific order. </li></ul><ul><li>You can also assign specialty attributes to each person so you can quickly locate people who have a particular skills/attributes. </li></ul>
  26. 26. Build Plans – Identify Vendors & Customers <ul><li>Who are the critical vendors and customers that each of my departments needs to contact? </li></ul><ul><li>Who would you stay in communication with you during an actual incident? </li></ul><ul><li>Not all of you customers and vendors work outside of your organization. You also need to consider those people and departments that you rely on, and those who rely on you. </li></ul>
  27. 27. Build Plans – Team Summary <ul><li>Who will be doing what at the time of an incident? </li></ul><ul><li>How many teams will you need ? </li></ul><ul><ul><li>Teams should not exceed 20% of your staff. </li></ul></ul><ul><ul><li>Be certain that each member of those teams will be able to perform their duties. </li></ul></ul><ul><ul><ul><li>Are they the primary care taker (child or elderly parent)? </li></ul></ul></ul><ul><ul><ul><li>Would they be able to relocate if necessary? </li></ul></ul></ul><ul><li>What positions will be on those teams? </li></ul><ul><li>Who will be assigned to those positions? </li></ul><ul><li>What order will those tasks be performed? </li></ul>
  28. 28. Build Plans – Materials Summary <ul><li>What equipment, software, supplies, telecom lines, vital records, and assets are needed in order for my department to recover? </li></ul><ul><li>For each material: </li></ul><ul><ul><li>How many will you need? </li></ul></ul><ul><ul><li>When will you need them? </li></ul></ul>
  29. 29. Build Plans – Identify Locations <ul><li>Whether it is for response or resumption, you will need to document each physical location, its usage, and contact . </li></ul>
  30. 30. Build Plans – Assigning Documents <ul><li>Any pre-existing business continuity plans that are in MS Word, Excel, or Visio format can easily be included in your plans. </li></ul>
  31. 31. Plan Printing <ul><li>Whether you are printing a single plan, multiple plans, you will be able to print to a PDF file to keep electronically or send to a printer. </li></ul>
  32. 32. BCP – In Conclusion <ul><li>When developing you plans consider the company Record Retention Policy. </li></ul><ul><li>The server that will house your plans is located at a remote facility where it is backed up daily. </li></ul><ul><li>Keep a hard copy/compact disk of your plans close by. </li></ul><ul><li>Be sure your plans include returning home after an incident. </li></ul>