SlideShare a Scribd company logo

Pandemic: Crisis or Opportunity? ISO 22301 best practice Implementation tips for your BCP

Alvin Integrated Services [AIS]
Alvin Integrated Services [AIS]

Rinske Geerlings, Managing Director, Business As Usual, Sydney, Australia

Education
1 of 27
Download to read offline
Contact us: info@alvinintegrated.com | +91 8802 505619, +91 8287509289 | www.alvinintegrated.com Platinum Sponsor OUR SPONSORS & PARTNERS Event Partner www.alvinintegrated.com Knowledge Partners 27th FEB 2021 (SATURDAY) 09:00 AM - 17:30 PM IST
Ms Rinske Geerlings MD, Founder and Principal Consultant/ Trainer @ Business As Usual (Sydney, Australia) Risk Consultant of the Year 2017 (RMIA) Outstanding Security Consultant of the Year 2019 (OSPAs Finalist) Pandemic: Crisis or Opportunity? ISO 22301 best practice implementation tips for your BCP
Kindly Note: Speaker will take your questions automatically. If you have any question, please comment that in chat box. Please keep your mic mute. 22/10/2020
Presenter background Rinske Geerlings, Founder & Principal Consultant, Business As Usual • 20+ years of management consultancy experience globally • Business As Usual (since 2006): Concultancy & training to 14 Central Banks and 100s of other Government/SME/Corporate organisations across Australia, Asia, Africa, Europe and Latin-America • Accredited in Business Continuity (BCM), IT Management, Information Security and Risk Management (trained 1000s of professionals) • Specific regulatory experience • Risk Consultant of the Year 2017 - RMIA (Australasia) • Outstanding Security Consultant of the Year 2019 Finalist - OSPAs • Australian Business Woman of the Year 2010-13 - BPW (global NGO) • Alumnus of the Year 2013 – TU Delft
Business Continuity and COVID-19 ‘The good, the bad and the ugly’ • Not everyone had a pandemic plan, and even less had actually tested it • Little consistency in responses and primarily ad-hoc forms of recovery • Lack of available (and properly validated) tools for staff to work ‘en masse’ from home (incl hardware, software, connectivity) • Communication and management styles not always appropriate for the new ways of work • Apathy... And laziness! • ‘Single Points of Failure’ (SPoF) • Renewed focus on what staff actually love to be/do/have • Financial damages... But also upsides
External vs internal crisis (or opportunity?)
External vs internal crisis (or opportunity?)
External vs internal crisis (or opportunity?)
External vs internal crisis (or opportunity?)
Covid review/brainstorm session
Covid review/brainstorm session During an incident (i.e. Emergency Management / Crisis Management / Business Continuity / Recovery related) Business as usual (i.e. current/future ongoing business operations related) Internal (staff/internal process related) Positives/strengths Positives/strengths People/role/skill related:  …  … People/role/skill related:  …  … Planning/process related:  …  … Planning/process related:  …  … Technology/tools related:  …  … Technology/tools related:  …  … Challenges/improvement ideas Challenges/improvement ideas People/role/skill related:  ...  … People/role/skill related:  …  … Planning/process related:  …  … Planning/process related:  …  … Technology/tools related:  …  … Technology/tools related:  …  …
During an incident (i.e. Emergency Management / Crisis Management / Business Continuity / Recovery related) Business as usual (i.e. current/future ongoing business operations related) External (client related) Positives strengths / Positives/strengths People/role/skill related:  ...  … People/role/skill related:  ...  … Planning/process related:  …  … Planning/process related:  …  … Technology/tools related:  …  … Technology/tools related:  …  … Challenges/improvement ideas Challenges/improvement ideas People/role/skill related:  ...  … People/role/skill related:  ...  … Planning/process related:  …  … Planning/process related:  …  … Technology/tools related:  …  … Technology/tools related:  …  … Covid review/brainstorm session
Success story: External opportunities
Success story: External opportunities
Success story: External opportunities
Success story: External opportunities
Success story: External opportunities
Other case studies
Other case studies
Other case studies
… plus a LOT of humour! “At the end of COVID, you are required to wear your mask for 2 weeks in this way, so that your ears can get back to their normal position.”
Common BCP pitfalls • The BCP is too long, or too short, or it resembles ‘Swiss cheese’ • Documents are inconsistent and it’s unclear how they all ‘hang together’ • The right versions are unfindable and the plan is not retrievable when the IT systems are down/unreachable • The plan doesn’t have clear, easy-to-perform steps and/or no clear role/ask discription • The BCP was built with a free template ‘off the Internet’ - and is as such not ‘fit for purpose’ • There is no pre-agreed list of BCP team members, nor any ‘additionals’ and their contact details (and team members not knowing their name is on a list of critical staff) • No proper tests/rehearsals, nor any (induction) training on the BCP is taking place • The IT Disaster Recovery Plan has not been validated end-to-end (rather just only piece-meal style) • Recovery Time Objectives (RTOs) are determined per application, but go ‘out the window’ if multiple applications are down at the same time • No centralised notification process, nor a suitable tool that has acknowledgement of message receipt and that works with multiple platforms (e.g. 4G/5G, email etc) • Overall ignorance about the importance of future BCP activities (“We did pretty well through COVID, right?”) All in all, staff are not actually ‘incident ready’
1. BC Facilitator team (i.e. not just 1 BCP manager) 2. Dynamic, browser-based BCM framework > prevent ‘collecting dust on the shelf’ (e.g. on secure network location / Sharepoint). Colourful, matrix style documentation. Hyperlink/utilise what is already there in your organisation. 3. Multi-disciplinary team structure across disaster ‘stages’ (to cater for fatigue and enable feasible exercise scope) 4. Consequence-based planning (i.e. not cause-based) 5. Toolkit approach to BCP activation (‘80/20 rule’ – KISS) 6. ‘Top down’ approach based on time-critical processes 7. Strong focus on communication/notification planning (including acknowledgement, pull communication etc) 8. Prioritise (be selective in order to achieve a few processes to work end-to-end ) 9. Develop, agree, document and validate any initial/manual workarounds 10.Training, awareness, rehearsing, exercising... To the point of boredom! Best practice BCP: How really make ISO 22301 work for you?
Stay in touch LinkedIn: Rinske Geerlings www.businessasusual.com.au rinskeg@businessasusual.com.au www.linkedin.com/in/businessasusual www.linkedin.com/company/ businessasusual
Questions are Welcome!
Please give your feedback in the chat box about the webinar.

Recommended

ISO 31000: Culture vs Documentation, the way forward
ISO 31000: Culture vs Documentation, the way forwardISO 31000: Culture vs Documentation, the way forward
ISO 31000: Culture vs Documentation, the way forwardAlvin Integrated Services [AIS]
 
Thinking beyond “Conventional” Crisis Communication.
Thinking beyond “Conventional” Crisis Communication.Thinking beyond “Conventional” Crisis Communication.
Thinking beyond “Conventional” Crisis Communication.Alvin Integrated Services [AIS]
 
ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?Alvin Integrated Services [AIS]
 
Effective Mitigation Strategies for ISO 31000
Effective Mitigation Strategies for ISO 31000Effective Mitigation Strategies for ISO 31000
Effective Mitigation Strategies for ISO 31000PECB
 
Crisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksCrisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksPECB
 
Integrated Security & Risk Management: Benchmarking
Integrated Security & Risk Management: BenchmarkingIntegrated Security & Risk Management: Benchmarking
Integrated Security & Risk Management: BenchmarkingResolver Inc.
 
#Corpriskforum2016 - Andy Cox
#Corpriskforum2016 - Andy Cox#Corpriskforum2016 - Andy Cox
#Corpriskforum2016 - Andy CoxAlexei Sidorenko, CRMP
 
#corpriskforum2016 - Erike Young
#corpriskforum2016 - Erike Young#corpriskforum2016 - Erike Young
#corpriskforum2016 - Erike YoungAlexei Sidorenko, CRMP
 

Recommended

ISO 31000: Culture vs Documentation, the way forward
ISO 31000: Culture vs Documentation, the way forwardISO 31000: Culture vs Documentation, the way forward
ISO 31000: Culture vs Documentation, the way forwardAlvin Integrated Services [AIS]
 
Thinking beyond “Conventional” Crisis Communication.
Thinking beyond “Conventional” Crisis Communication.Thinking beyond “Conventional” Crisis Communication.
Thinking beyond “Conventional” Crisis Communication.Alvin Integrated Services [AIS]
 
ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?Alvin Integrated Services [AIS]
 
Effective Mitigation Strategies for ISO 31000
Effective Mitigation Strategies for ISO 31000Effective Mitigation Strategies for ISO 31000
Effective Mitigation Strategies for ISO 31000PECB
 
Crisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksCrisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksPECB
 
Integrated Security & Risk Management: Benchmarking
Integrated Security & Risk Management: BenchmarkingIntegrated Security & Risk Management: Benchmarking
Integrated Security & Risk Management: BenchmarkingResolver Inc.
 
#Corpriskforum2016 - Andy Cox
#Corpriskforum2016 - Andy Cox#Corpriskforum2016 - Andy Cox
#Corpriskforum2016 - Andy CoxAlexei Sidorenko, CRMP
 
#corpriskforum2016 - Erike Young
#corpriskforum2016 - Erike Young#corpriskforum2016 - Erike Young
#corpriskforum2016 - Erike YoungAlexei Sidorenko, CRMP
 
Business Continuity Management or Risk Management? Aligning Expectations for ...
Business Continuity Management or Risk Management? Aligning Expectations for ...Business Continuity Management or Risk Management? Aligning Expectations for ...
Business Continuity Management or Risk Management? Aligning Expectations for ...BCM Institute
 
Achieving integrated mandatory compliance with ISO 31000
Achieving integrated mandatory compliance with ISO 31000Achieving integrated mandatory compliance with ISO 31000
Achieving integrated mandatory compliance with ISO 31000PECB
 
The Journey to Integrated Risk Management: Lessons from the Field
The Journey to Integrated Risk Management: Lessons from the Field The Journey to Integrated Risk Management: Lessons from the Field
The Journey to Integrated Risk Management: Lessons from the Field Resolver Inc.
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB
 
HSCG - Who We Are - What We Do
HSCG - Who We Are - What We DoHSCG - Who We Are - What We Do
HSCG - Who We Are - What We Dothommcelroy
 
#corpriskforum2016 - Julia Graham
#corpriskforum2016 - Julia Graham#corpriskforum2016 - Julia Graham
#corpriskforum2016 - Julia GrahamAlexei Sidorenko, CRMP
 
Emerging Risks
Emerging RisksEmerging Risks
Emerging RisksSociety of Actuaries
 
How to apply and benefit from the new risk management guide ISO/TR 31004:2013...
How to apply and benefit from the new risk management guide ISO/TR 31004:2013...How to apply and benefit from the new risk management guide ISO/TR 31004:2013...
How to apply and benefit from the new risk management guide ISO/TR 31004:2013...Risk Management Institution of Australasia
 
PECB Webinar: Risk-management in IT intensive SMEs
PECB Webinar: Risk-management in IT intensive SMEsPECB Webinar: Risk-management in IT intensive SMEs
PECB Webinar: Risk-management in IT intensive SMEsPECB
 
How to Achieve a Fully Integrated Approach to Business Resilience
How to Achieve a Fully Integrated Approach to Business ResilienceHow to Achieve a Fully Integrated Approach to Business Resilience
How to Achieve a Fully Integrated Approach to Business ResilienceResolver Inc.
 
2013-07-31 ISS-CAPACITY-STATEMENT 2p
2013-07-31 ISS-CAPACITY-STATEMENT 2p2013-07-31 ISS-CAPACITY-STATEMENT 2p
2013-07-31 ISS-CAPACITY-STATEMENT 2pStuart D. Baulk
 
Cyber Crisis Management - Kloudlearn
Cyber Crisis Management - KloudlearnCyber Crisis Management - Kloudlearn
Cyber Crisis Management - KloudlearnKloudLearn
 
Int:rsect: CEO Address with Will Anderson
Int:rsect: CEO Address with Will AndersonInt:rsect: CEO Address with Will Anderson
Int:rsect: CEO Address with Will AndersonResolver Inc.
 
5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum ben...
5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum ben...5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum ben...
5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum ben...Continuity and Resilience
 
Centralized operations – Risk, Control, and Compliance
Centralized operations – Risk, Control, and ComplianceCentralized operations – Risk, Control, and Compliance
Centralized operations – Risk, Control, and CompliancePECB
 
5th ME Business & IT Resilience Summit 2016 - Business Resiliency Pitfalls
5th ME Business & IT Resilience Summit 2016 - Business Resiliency Pitfalls5th ME Business & IT Resilience Summit 2016 - Business Resiliency Pitfalls
5th ME Business & IT Resilience Summit 2016 - Business Resiliency PitfallsSohan Masih
 
#Corpriskforum2016 - Tatiana Budishevskaya
#Corpriskforum2016 - Tatiana Budishevskaya#Corpriskforum2016 - Tatiana Budishevskaya
#Corpriskforum2016 - Tatiana BudishevskayaAlexei Sidorenko, CRMP
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right postureParag Deodhar
 
AFB Operational Risk Forum
AFB Operational Risk ForumAFB Operational Risk Forum
AFB Operational Risk ForumGail Danvers
 
BPMN -The Very First Step in Business Continuity
BPMN -The Very First Step in Business ContinuityBPMN -The Very First Step in Business Continuity
BPMN -The Very First Step in Business ContinuityPECB
 
Thesis Concept Km V0.1
Thesis Concept Km V0.1Thesis Concept Km V0.1
Thesis Concept Km V0.1Amber Krishan
 
Business Continuity & Disaster Recovery Planning, 30 November - 02 December 2...
Business Continuity & Disaster Recovery Planning, 30 November - 02 December 2...Business Continuity & Disaster Recovery Planning, 30 November - 02 December 2...
Business Continuity & Disaster Recovery Planning, 30 November - 02 December 2...360 BSI
 

More Related Content

What's hot

Business Continuity Management or Risk Management? Aligning Expectations for ...
Business Continuity Management or Risk Management? Aligning Expectations for ...Business Continuity Management or Risk Management? Aligning Expectations for ...
Business Continuity Management or Risk Management? Aligning Expectations for ...BCM Institute
 
Achieving integrated mandatory compliance with ISO 31000
Achieving integrated mandatory compliance with ISO 31000Achieving integrated mandatory compliance with ISO 31000
Achieving integrated mandatory compliance with ISO 31000PECB
 
The Journey to Integrated Risk Management: Lessons from the Field
The Journey to Integrated Risk Management: Lessons from the Field The Journey to Integrated Risk Management: Lessons from the Field
The Journey to Integrated Risk Management: Lessons from the Field Resolver Inc.
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB
 
HSCG - Who We Are - What We Do
HSCG - Who We Are - What We DoHSCG - Who We Are - What We Do
HSCG - Who We Are - What We Dothommcelroy
 
How to apply and benefit from the new risk management guide ISO/TR 31004:2013...
How to apply and benefit from the new risk management guide ISO/TR 31004:2013...How to apply and benefit from the new risk management guide ISO/TR 31004:2013...
How to apply and benefit from the new risk management guide ISO/TR 31004:2013...Risk Management Institution of Australasia
 
PECB Webinar: Risk-management in IT intensive SMEs
PECB Webinar: Risk-management in IT intensive SMEsPECB Webinar: Risk-management in IT intensive SMEs
PECB Webinar: Risk-management in IT intensive SMEsPECB
 
How to Achieve a Fully Integrated Approach to Business Resilience
How to Achieve a Fully Integrated Approach to Business ResilienceHow to Achieve a Fully Integrated Approach to Business Resilience
How to Achieve a Fully Integrated Approach to Business ResilienceResolver Inc.
 
2013-07-31 ISS-CAPACITY-STATEMENT 2p
2013-07-31 ISS-CAPACITY-STATEMENT 2p2013-07-31 ISS-CAPACITY-STATEMENT 2p
2013-07-31 ISS-CAPACITY-STATEMENT 2pStuart D. Baulk
 
Cyber Crisis Management - Kloudlearn
Cyber Crisis Management - KloudlearnCyber Crisis Management - Kloudlearn
Cyber Crisis Management - KloudlearnKloudLearn
 
Int:rsect: CEO Address with Will Anderson
Int:rsect: CEO Address with Will AndersonInt:rsect: CEO Address with Will Anderson
Int:rsect: CEO Address with Will AndersonResolver Inc.
 
5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum ben...
5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum ben...5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum ben...
5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum ben...Continuity and Resilience
 
Centralized operations – Risk, Control, and Compliance
Centralized operations – Risk, Control, and ComplianceCentralized operations – Risk, Control, and Compliance
Centralized operations – Risk, Control, and CompliancePECB
 
5th ME Business & IT Resilience Summit 2016 - Business Resiliency Pitfalls
5th ME Business & IT Resilience Summit 2016 - Business Resiliency Pitfalls5th ME Business & IT Resilience Summit 2016 - Business Resiliency Pitfalls
5th ME Business & IT Resilience Summit 2016 - Business Resiliency PitfallsSohan Masih
 
#Corpriskforum2016 - Tatiana Budishevskaya
#Corpriskforum2016 - Tatiana Budishevskaya#Corpriskforum2016 - Tatiana Budishevskaya
#Corpriskforum2016 - Tatiana BudishevskayaAlexei Sidorenko, CRMP
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right postureParag Deodhar
 
AFB Operational Risk Forum
AFB Operational Risk ForumAFB Operational Risk Forum
AFB Operational Risk ForumGail Danvers
 
BPMN -The Very First Step in Business Continuity
BPMN -The Very First Step in Business ContinuityBPMN -The Very First Step in Business Continuity
BPMN -The Very First Step in Business ContinuityPECB
 

What's hot (20)

Business Continuity Management or Risk Management? Aligning Expectations for ...
Business Continuity Management or Risk Management? Aligning Expectations for ...Business Continuity Management or Risk Management? Aligning Expectations for ...
Business Continuity Management or Risk Management? Aligning Expectations for ...
 
Achieving integrated mandatory compliance with ISO 31000
Achieving integrated mandatory compliance with ISO 31000Achieving integrated mandatory compliance with ISO 31000
Achieving integrated mandatory compliance with ISO 31000
 
The Journey to Integrated Risk Management: Lessons from the Field
The Journey to Integrated Risk Management: Lessons from the Field The Journey to Integrated Risk Management: Lessons from the Field
The Journey to Integrated Risk Management: Lessons from the Field
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
 
HSCG - Who We Are - What We Do
HSCG - Who We Are - What We DoHSCG - Who We Are - What We Do
HSCG - Who We Are - What We Do
 
#corpriskforum2016 - Julia Graham
#corpriskforum2016 - Julia Graham#corpriskforum2016 - Julia Graham
#corpriskforum2016 - Julia Graham
 
Emerging Risks
Emerging RisksEmerging Risks
Emerging Risks
 
How to apply and benefit from the new risk management guide ISO/TR 31004:2013...
How to apply and benefit from the new risk management guide ISO/TR 31004:2013...How to apply and benefit from the new risk management guide ISO/TR 31004:2013...
How to apply and benefit from the new risk management guide ISO/TR 31004:2013...
 
PECB Webinar: Risk-management in IT intensive SMEs
PECB Webinar: Risk-management in IT intensive SMEsPECB Webinar: Risk-management in IT intensive SMEs
PECB Webinar: Risk-management in IT intensive SMEs
 
How to Achieve a Fully Integrated Approach to Business Resilience
How to Achieve a Fully Integrated Approach to Business ResilienceHow to Achieve a Fully Integrated Approach to Business Resilience
How to Achieve a Fully Integrated Approach to Business Resilience
 
2013-07-31 ISS-CAPACITY-STATEMENT 2p
2013-07-31 ISS-CAPACITY-STATEMENT 2p2013-07-31 ISS-CAPACITY-STATEMENT 2p
2013-07-31 ISS-CAPACITY-STATEMENT 2p
 
Cyber Crisis Management - Kloudlearn
Cyber Crisis Management - KloudlearnCyber Crisis Management - Kloudlearn
Cyber Crisis Management - Kloudlearn
 
Int:rsect: CEO Address with Will Anderson
Int:rsect: CEO Address with Will AndersonInt:rsect: CEO Address with Will Anderson
Int:rsect: CEO Address with Will Anderson
 
5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum ben...
5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum ben...5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum ben...
5th ME Business & IT Resilience Summit 2016 - BIA - how to derive maximum ben...
 
Centralized operations – Risk, Control, and Compliance
Centralized operations – Risk, Control, and ComplianceCentralized operations – Risk, Control, and Compliance
Centralized operations – Risk, Control, and Compliance
 
5th ME Business & IT Resilience Summit 2016 - Business Resiliency Pitfalls
5th ME Business & IT Resilience Summit 2016 - Business Resiliency Pitfalls5th ME Business & IT Resilience Summit 2016 - Business Resiliency Pitfalls
5th ME Business & IT Resilience Summit 2016 - Business Resiliency Pitfalls
 
#Corpriskforum2016 - Tatiana Budishevskaya
#Corpriskforum2016 - Tatiana Budishevskaya#Corpriskforum2016 - Tatiana Budishevskaya
#Corpriskforum2016 - Tatiana Budishevskaya
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right posture
 
AFB Operational Risk Forum
AFB Operational Risk ForumAFB Operational Risk Forum
AFB Operational Risk Forum
 
BPMN -The Very First Step in Business Continuity
BPMN -The Very First Step in Business ContinuityBPMN -The Very First Step in Business Continuity
BPMN -The Very First Step in Business Continuity
 

Similar to Pandemic: Crisis or Opportunity? ISO 22301 best practice Implementation tips for your BCP

Thesis Concept Km V0.1
Thesis Concept Km V0.1Thesis Concept Km V0.1
Thesis Concept Km V0.1Amber Krishan
 
Business Continuity & Disaster Recovery Planning, 30 November - 02 December 2...
Business Continuity & Disaster Recovery Planning, 30 November - 02 December 2...Business Continuity & Disaster Recovery Planning, 30 November - 02 December 2...
Business Continuity & Disaster Recovery Planning, 30 November - 02 December 2...360 BSI
 
TOA - How to survive a TechDD workshop
TOA - How to survive a TechDD workshopTOA - How to survive a TechDD workshop
TOA - How to survive a TechDD workshopChris Philipps
 
From Vision Statement to Product Backlog
From Vision Statement to Product BacklogFrom Vision Statement to Product Backlog
From Vision Statement to Product BacklogLuiz C. Parzianello
 
Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...
Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...
Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...360 BSI
 
Management Consulting - Project Management
Management Consulting - Project ManagementManagement Consulting - Project Management
Management Consulting - Project ManagementHocein
 
Business Continuity & Disaster Recovery Planning, 23 - 25 February 2016 Kuala...
Business Continuity & Disaster Recovery Planning, 23 - 25 February 2016 Kuala...Business Continuity & Disaster Recovery Planning, 23 - 25 February 2016 Kuala...
Business Continuity & Disaster Recovery Planning, 23 - 25 February 2016 Kuala...360 BSI
 
For Managers With Logo Sw
For Managers With Logo SwFor Managers With Logo Sw
For Managers With Logo SwLasa UK
 
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...360 BSI
 
Introduction to Project Management (workshop) - v.1
Introduction to Project Management (workshop) - v.1Introduction to Project Management (workshop) - v.1
Introduction to Project Management (workshop) - v.1Mena M. Eissa
 
Proactive Governance & Adoption In Microsoft 365 - M365Ottawa
Proactive Governance & Adoption In Microsoft 365 - M365OttawaProactive Governance & Adoption In Microsoft 365 - M365Ottawa
Proactive Governance & Adoption In Microsoft 365 - M365OttawaRichard Harbridge
 
Business Continuation - The basics according to John Small 2014-02-21
Business Continuation - The basics according to John Small 2014-02-21Business Continuation - The basics according to John Small 2014-02-21
Business Continuation - The basics according to John Small 2014-02-21Business As Usual, Inc.
 
Trustees And Managers 200309
Trustees And Managers 200309Trustees And Managers 200309
Trustees And Managers 200309Julie Hawker
 
5_Why_Root_Cause_Corrective_Actions.pptx
5_Why_Root_Cause_Corrective_Actions.pptx5_Why_Root_Cause_Corrective_Actions.pptx
5_Why_Root_Cause_Corrective_Actions.pptxDeepakMore54
 
Ensuring Project Success Through Automated Risk Management
Ensuring Project Success Through Automated Risk ManagementEnsuring Project Success Through Automated Risk Management
Ensuring Project Success Through Automated Risk ManagementMitchell College
 
Perceptions of Project Managers in the Job Marketplace (and what to do about it)
Perceptions of Project Managers in the Job Marketplace (and what to do about it)Perceptions of Project Managers in the Job Marketplace (and what to do about it)
Perceptions of Project Managers in the Job Marketplace (and what to do about it)Bruce Kozuma
 
01 scope of the ba role
01 scope of the ba role01 scope of the ba role
01 scope of the ba rolebanuseymen
 

Similar to Pandemic: Crisis or Opportunity? ISO 22301 best practice Implementation tips for your BCP (20)

Thesis Concept Km V0.1
Thesis Concept Km V0.1Thesis Concept Km V0.1
Thesis Concept Km V0.1
 
Business Continuity & Disaster Recovery Planning, 30 November - 02 December 2...
Business Continuity & Disaster Recovery Planning, 30 November - 02 December 2...Business Continuity & Disaster Recovery Planning, 30 November - 02 December 2...
Business Continuity & Disaster Recovery Planning, 30 November - 02 December 2...
 
TOA - How to survive a TechDD workshop
TOA - How to survive a TechDD workshopTOA - How to survive a TechDD workshop
TOA - How to survive a TechDD workshop
 
From Vision Statement to Product Backlog
From Vision Statement to Product BacklogFrom Vision Statement to Product Backlog
From Vision Statement to Product Backlog
 
Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...
Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...
Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...
 
Management Consulting - Project Management
Management Consulting - Project ManagementManagement Consulting - Project Management
Management Consulting - Project Management
 
Business Continuity & Disaster Recovery Planning, 23 - 25 February 2016 Kuala...
Business Continuity & Disaster Recovery Planning, 23 - 25 February 2016 Kuala...Business Continuity & Disaster Recovery Planning, 23 - 25 February 2016 Kuala...
Business Continuity & Disaster Recovery Planning, 23 - 25 February 2016 Kuala...
 
For Managers With Logo Sw
For Managers With Logo SwFor Managers With Logo Sw
For Managers With Logo Sw
 
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
 
Cv of arupratan_bagchi
Cv of arupratan_bagchiCv of arupratan_bagchi
Cv of arupratan_bagchi
 
Introduction to Project Management (workshop) - v.1
Introduction to Project Management (workshop) - v.1Introduction to Project Management (workshop) - v.1
Introduction to Project Management (workshop) - v.1
 
Proactive Governance & Adoption In Microsoft 365 - M365Ottawa
Proactive Governance & Adoption In Microsoft 365 - M365OttawaProactive Governance & Adoption In Microsoft 365 - M365Ottawa
Proactive Governance & Adoption In Microsoft 365 - M365Ottawa
 
Business Continuation - The basics according to John Small 2014-02-21
Business Continuation - The basics according to John Small 2014-02-21Business Continuation - The basics according to John Small 2014-02-21
Business Continuation - The basics according to John Small 2014-02-21
 
Trustees And Managers 200309
Trustees And Managers 200309Trustees And Managers 200309
Trustees And Managers 200309
 
3A - Turning Data into Decisions - Implementing a Cloud-based HSE Leading Ind...
3A - Turning Data into Decisions - Implementing a Cloud-based HSE Leading Ind...3A - Turning Data into Decisions - Implementing a Cloud-based HSE Leading Ind...
3A - Turning Data into Decisions - Implementing a Cloud-based HSE Leading Ind...
 
Root Cause Analysis
Root Cause AnalysisRoot Cause Analysis
Root Cause Analysis
 
5_Why_Root_Cause_Corrective_Actions.pptx
5_Why_Root_Cause_Corrective_Actions.pptx5_Why_Root_Cause_Corrective_Actions.pptx
5_Why_Root_Cause_Corrective_Actions.pptx
 
Ensuring Project Success Through Automated Risk Management
Ensuring Project Success Through Automated Risk ManagementEnsuring Project Success Through Automated Risk Management
Ensuring Project Success Through Automated Risk Management
 
Perceptions of Project Managers in the Job Marketplace (and what to do about it)
Perceptions of Project Managers in the Job Marketplace (and what to do about it)Perceptions of Project Managers in the Job Marketplace (and what to do about it)
Perceptions of Project Managers in the Job Marketplace (and what to do about it)
 
01 scope of the ba role
01 scope of the ba role01 scope of the ba role
01 scope of the ba role
 

More from Alvin Integrated Services [AIS]

Digital Maturity – Business as Usual & Integration of multiple ISO Management...
Digital Maturity – Business as Usual & Integration of multiple ISO Management...Digital Maturity – Business as Usual & Integration of multiple ISO Management...
Digital Maturity – Business as Usual & Integration of multiple ISO Management...Alvin Integrated Services [AIS]
 
Effective Leadership – The Cornerstone – applied study on ISO 22000:2018 Food...
Effective Leadership – The Cornerstone – applied study on ISO 22000:2018 Food...Effective Leadership – The Cornerstone – applied study on ISO 22000:2018 Food...
Effective Leadership – The Cornerstone – applied study on ISO 22000:2018 Food...Alvin Integrated Services [AIS]
 
COVID – 19 and Resilience: Has ISO 22316 standard been responsive?
COVID – 19 and Resilience: Has ISO 22316 standard been responsive?COVID – 19 and Resilience: Has ISO 22316 standard been responsive?
COVID – 19 and Resilience: Has ISO 22316 standard been responsive?Alvin Integrated Services [AIS]
 
Business Continuity Management System: How, Why and for What?
Business Continuity Management System: How, Why and for What?Business Continuity Management System: How, Why and for What?
Business Continuity Management System: How, Why and for What?Alvin Integrated Services [AIS]
 
ISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationAlvin Integrated Services [AIS]
 

More from Alvin Integrated Services [AIS] (6)

Designing an effective Crisis Management Framework
Designing an effective Crisis Management FrameworkDesigning an effective Crisis Management Framework
Designing an effective Crisis Management Framework
 
Digital Maturity – Business as Usual & Integration of multiple ISO Management...
Digital Maturity – Business as Usual & Integration of multiple ISO Management...Digital Maturity – Business as Usual & Integration of multiple ISO Management...
Digital Maturity – Business as Usual & Integration of multiple ISO Management...
 
Effective Leadership – The Cornerstone – applied study on ISO 22000:2018 Food...
Effective Leadership – The Cornerstone – applied study on ISO 22000:2018 Food...Effective Leadership – The Cornerstone – applied study on ISO 22000:2018 Food...
Effective Leadership – The Cornerstone – applied study on ISO 22000:2018 Food...
 
COVID – 19 and Resilience: Has ISO 22316 standard been responsive?
COVID – 19 and Resilience: Has ISO 22316 standard been responsive?COVID – 19 and Resilience: Has ISO 22316 standard been responsive?
COVID – 19 and Resilience: Has ISO 22316 standard been responsive?
 
Business Continuity Management System: How, Why and for What?
Business Continuity Management System: How, Why and for What?Business Continuity Management System: How, Why and for What?
Business Continuity Management System: How, Why and for What?
 
ISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and Implementation
 

Recently uploaded

1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 

Recently uploaded (20)

1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 

Pandemic: Crisis or Opportunity? ISO 22301 best practice Implementation tips for your BCP

  • 1. Contact us: info@alvinintegrated.com | +91 8802 505619, +91 8287509289 | www.alvinintegrated.com Platinum Sponsor OUR SPONSORS & PARTNERS Event Partner www.alvinintegrated.com Knowledge Partners 27th FEB 2021 (SATURDAY) 09:00 AM - 17:30 PM IST
  • 2. Ms Rinske Geerlings MD, Founder and Principal Consultant/ Trainer @ Business As Usual (Sydney, Australia) Risk Consultant of the Year 2017 (RMIA) Outstanding Security Consultant of the Year 2019 (OSPAs Finalist) Pandemic: Crisis or Opportunity? ISO 22301 best practice implementation tips for your BCP
  • 3. Kindly Note: Speaker will take your questions automatically. If you have any question, please comment that in chat box. Please keep your mic mute. 22/10/2020
  • 4. Presenter background Rinske Geerlings, Founder & Principal Consultant, Business As Usual • 20+ years of management consultancy experience globally • Business As Usual (since 2006): Concultancy & training to 14 Central Banks and 100s of other Government/SME/Corporate organisations across Australia, Asia, Africa, Europe and Latin-America • Accredited in Business Continuity (BCM), IT Management, Information Security and Risk Management (trained 1000s of professionals) • Specific regulatory experience • Risk Consultant of the Year 2017 - RMIA (Australasia) • Outstanding Security Consultant of the Year 2019 Finalist - OSPAs • Australian Business Woman of the Year 2010-13 - BPW (global NGO) • Alumnus of the Year 2013 – TU Delft
  • 5. Business Continuity and COVID-19 ‘The good, the bad and the ugly’ • Not everyone had a pandemic plan, and even less had actually tested it • Little consistency in responses and primarily ad-hoc forms of recovery • Lack of available (and properly validated) tools for staff to work ‘en masse’ from home (incl hardware, software, connectivity) • Communication and management styles not always appropriate for the new ways of work • Apathy... And laziness! • ‘Single Points of Failure’ (SPoF) • Renewed focus on what staff actually love to be/do/have • Financial damages... But also upsides
  • 6. External vs internal crisis (or opportunity?)
  • 7. External vs internal crisis (or opportunity?)
  • 8. External vs internal crisis (or opportunity?)
  • 9. External vs internal crisis (or opportunity?)
  • 10.
  • 12. Covid review/brainstorm session During an incident (i.e. Emergency Management / Crisis Management / Business Continuity / Recovery related) Business as usual (i.e. current/future ongoing business operations related) Internal (staff/internal process related) Positives/strengths Positives/strengths People/role/skill related:  …  … People/role/skill related:  …  … Planning/process related:  …  … Planning/process related:  …  … Technology/tools related:  …  … Technology/tools related:  …  … Challenges/improvement ideas Challenges/improvement ideas People/role/skill related:  ...  … People/role/skill related:  …  … Planning/process related:  …  … Planning/process related:  …  … Technology/tools related:  …  … Technology/tools related:  …  …
  • 13. During an incident (i.e. Emergency Management / Crisis Management / Business Continuity / Recovery related) Business as usual (i.e. current/future ongoing business operations related) External (client related) Positives strengths / Positives/strengths People/role/skill related:  ...  … People/role/skill related:  ...  … Planning/process related:  …  … Planning/process related:  …  … Technology/tools related:  …  … Technology/tools related:  …  … Challenges/improvement ideas Challenges/improvement ideas People/role/skill related:  ...  … People/role/skill related:  ...  … Planning/process related:  …  … Planning/process related:  …  … Technology/tools related:  …  … Technology/tools related:  …  … Covid review/brainstorm session
  • 14. Success story: External opportunities
  • 15. Success story: External opportunities
  • 16. Success story: External opportunities
  • 17. Success story: External opportunities
  • 18. Success story: External opportunities
  • 22. … plus a LOT of humour! “At the end of COVID, you are required to wear your mask for 2 weeks in this way, so that your ears can get back to their normal position.”
  • 23. Common BCP pitfalls • The BCP is too long, or too short, or it resembles ‘Swiss cheese’ • Documents are inconsistent and it’s unclear how they all ‘hang together’ • The right versions are unfindable and the plan is not retrievable when the IT systems are down/unreachable • The plan doesn’t have clear, easy-to-perform steps and/or no clear role/ask discription • The BCP was built with a free template ‘off the Internet’ - and is as such not ‘fit for purpose’ • There is no pre-agreed list of BCP team members, nor any ‘additionals’ and their contact details (and team members not knowing their name is on a list of critical staff) • No proper tests/rehearsals, nor any (induction) training on the BCP is taking place • The IT Disaster Recovery Plan has not been validated end-to-end (rather just only piece-meal style) • Recovery Time Objectives (RTOs) are determined per application, but go ‘out the window’ if multiple applications are down at the same time • No centralised notification process, nor a suitable tool that has acknowledgement of message receipt and that works with multiple platforms (e.g. 4G/5G, email etc) • Overall ignorance about the importance of future BCP activities (“We did pretty well through COVID, right?”) All in all, staff are not actually ‘incident ready’
  • 24. 1. BC Facilitator team (i.e. not just 1 BCP manager) 2. Dynamic, browser-based BCM framework > prevent ‘collecting dust on the shelf’ (e.g. on secure network location / Sharepoint). Colourful, matrix style documentation. Hyperlink/utilise what is already there in your organisation. 3. Multi-disciplinary team structure across disaster ‘stages’ (to cater for fatigue and enable feasible exercise scope) 4. Consequence-based planning (i.e. not cause-based) 5. Toolkit approach to BCP activation (‘80/20 rule’ – KISS) 6. ‘Top down’ approach based on time-critical processes 7. Strong focus on communication/notification planning (including acknowledgement, pull communication etc) 8. Prioritise (be selective in order to achieve a few processes to work end-to-end ) 9. Develop, agree, document and validate any initial/manual workarounds 10.Training, awareness, rehearsing, exercising... To the point of boredom! Best practice BCP: How really make ISO 22301 work for you?
  • 25. Stay in touch LinkedIn: Rinske Geerlings www.businessasusual.com.au rinskeg@businessasusual.com.au www.linkedin.com/in/businessasusual www.linkedin.com/company/ businessasusual
  • 27. Please give your feedback in the chat box about the webinar.