Business continuity management


Published on

Understanding Business Continuity Management System - Satya Yadav

Published in: Business, Economy & Finance
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Business continuity management

  1. 1. From Crisis To Opportunity Business Continuity Management Satya Yadav Recon Business Advisory (P) Ltd
  2. 2. OBJECTIVE To provide a basic appreciation on the importance of Business Continuity Management. To provide an overview on implementing BCM.
  3. 3. BUSINESS CONTINUITY MANAGEMENT A holistic management process which: Identifies threats to an organization and their impacts on business operations Provides a framework for building organisational resilience Develops capability for an effective response Safeguards interests of key stakeholders, reputation, brand and value creating activities
  4. 4. NEED FOR BCM Regulatory requirement: Guidelines by regulators make it mandatory for organisations to develop & maintain a business continuity plan Strategic requirement: A fundamental but differentiating parameter for clients while choosing a service provider Compliance requirement: Forms an important and integral part of Enterprise risk management Branding requirement: Improves customer confidence in an organisation Certification requirement: ISO 22301 allows an organizations to be certified in Business Continuity
  5. 5. HISTORY OF BCM Holistic Contingency Plans Organisation wide Contingency Plans IT or Technical Contingency Plans 3 2 Alternative Planning/Plan B 1 4 Business Continuity Planning Disaster recovery Planning Fallback Plans, Contingency Plans Business Continuity Management
  6. 6. BCM LIFECYCLE Awareness & Training Exercising & Testing Audits BCM Maintenance Continual improvement Exercising & Testing Business Continuity Procedures for : Response, Resumption, Recovery, Restoration Understanding the Organisation BCM PROGRAM MANAGEMENT Developing & Implementing BCM Response BCM Terms of Reference Determining BCM Strategies BIA Risk Assessment BCM Policy BCM Handbook
  7. 7. PHASES OF BCMS Monitor & Response Recover & Resume Rectify & Restore Migrate & Normalize PHASES Prevention Response Recovery & Resumption Restoration Normalisation Emergency Response, Crisis Management, Public Relations Business Resumption Plans, Disaster Recovery Plan Damage Restoration, Includes installation & commissioning Migration, Restart of all business functions, Stand Down ACTIONS Risk Management Pre - Incident Incident Post - Incident
  8. 8. WHY WE NEED BCM STANDARDS? Suppliers Customer Regulators Your Organisation Business Partners Vendors System Up Time (computing, data,networks, etc.) Environment Legal & Regulatory Duties Infrastructure Dependence (power, voice, data, logistics, food)
  10. 10. BCMS ISO 22301 METHODOLOGY 1. Project Initiation 4. Develop BCM Strategies 7. Awareness & Training 2. BIA 5. Develop BC Plans 8. Exercising & Testing 3. Risk Assessment 6. Implement BCMS 9. Evaluation & Improvement PROJECT MANAGEMENT & REPORTING
  11. 11. Management Commitment Develop BCM Policy BIA & RA BCM Strategies and Plans Implement BCMS Exercise & Test Evaluate & Improve Forming a BCM Steering Committee. Identify Key/Critical Services. Determine exclusions from the BCM scope. Deciding on implementation timelines. Function Heads to nominate SPoCs from their respective business functions.
  12. 12. Management Commitment Develop BCM Policy BIA & RA BCM Strategies and Plans Implement BCMS Exercise & Test Identify Business Continuity Objectives of the organisation. Define acceptable levels of risk. (Finance, Delivery, Legal/Regulatory, Reputation, etc.) Identify Statutory, Regulatory, and Contractual obligations. Identify interested parties and their interests. (Customers, Employees, Environment, Regulatory Bodies, Shareholders, Public Bodies, etc.) Define BCM policy around the BC scope and objectives. Take approval of the Policy and communicate to all. Evaluate & Improve
  13. 13. Management Commitment Develop BCM Policy BIA & RA BCM Strategies and Plans Implement BCMS Exercise & Test Evaluate & Improve Identify business impact, MAO, RTO, MBCO, and process criticality for various Processes. Identify resource dependencies for all processes. Employees, IT, Non IT, and Third party Identify threats to high/medium criticality processes. Evaluate Present controls and calculate risk exposure . Devise treatment plan for various risks Treat, Tolerate, Transfer, Terminate Functional leaders to approve and sign off their respective BIA
  14. 14. Management Commitment Develop BCM Policy BIA & RA BCM Strategies and Plans Implement BCMS Exercise & Test Determine number of processes with critical RTO Determine the resource requirements for these Processes Determine backup options for resuming these processes after an incident Cost Benefit Analysis and finalise continuity strategies Devise BCM Plans Incident Response, IT DR, Work-area recovery, BCP, Crisis Communication, etc. Evaluate & Improve
  15. 15. Management Commitment Develop BCM Policy BIA & RA BCM Strategies and Plans Implement BCMS Exercise & Test Evaluate & Improve Function leaders are owners of their respective BC Plans. All BC plans will be validated and implemented in the various functions. Preparation for BCM strategies and various BC plans to be implemented at Function level. BCM Program Manager to Co-ordinate implementation. Training and awareness of all stakeholders on the various BC plans.
  16. 16. Management Commitment Develop BCM Policy BIA & RA BCM Strategies and Plans Implement BCMS Exercise & Test Evaluate & Improve Design procedure for BCM tests. Determine and communicate test schedule Conduct BCM test – Business Functions to participate in coordination with BCM program Manager. Carry out a post test analysis – identify lessons learnt. Plug identified gaps through corrective actions.
  17. 17. Management Commitment Develop BCM Policy BIA & RA BCM Strategies and Plans Implement BCMS Exercise & Test Evaluate & Improve Carry out Corrections/Corrective actions on the occurrence of any incident/audits/tests, etc. Function Heads to assign SPoCs to carry out corrective actions, periodic review, and maintenance of BC Plans. Need based or scheduled review of BC Policy, BCM objectives, BIA, RA, BC plans, etc. Incorporate changes after review, if required. Continual improvement of BCMS – All business functions to proactively participate.
  18. 18. TAKE AWAYS BCM is a program and not a project. The initial development of a BC Plan is a tedious and time consuming activity. It needs to be given adequate attention to be successful (i.e. workable) The responsibility and success of BCM rests on every business Function’s shoulder. All Functions have to earmark BCM SPoCs and spare them for BCM participation for a minimum no. of man-hours each month. All Head of Functions are owners of their Function’s Business Continuity. There participation is absolutely necessary. Top Management support and participation is absolutely necessary. An annual budget should be allocated for the running & maintenance of the BCM program
  19. 19. Recon Business Advisory Recon is a premium business risk consultancy committed to the Growth, Security, and Continuity objectives of its clients. Through the breadth of our service offerings and the depth of our domain expertise we ensure that you enjoy the highest standards of service delivery on time, every time. We are a passionate lot, enjoy what we do, and excited at opportunities to delight our clients with our industry leading delivery. Our Continuity Practice provides the following services: 1. Current state assessments of your organisation’s BCMS 2. Planning, Implementing, and Testing your BCMS 3. Preparing your organisation for ISO 22301 Certification 4. Training programs on – Business impact analysis, Risk Assessment, BCM, etc. 5. BCM Awareness Tools - Off the shelf / Custom designed Posters, Wallpapers, Screensavers, Games, Audio/Video awareness tools, etc.
  20. 20. Plans Are Nothing, Planning Is Everything! Recon Business Advisory (P) Ltd | New Delhi - +91 813098 6963 | 011-6464 6963