SlideShare a Scribd company logo

Business Continuity Planning Guide

Download as PPTX, PDF
A
AstalapulosListestos

The document provides an overview of business continuity planning (BCP) by outlining key concepts such as objectives, approaches, dimensions of scope, and entry points. It discusses satisfying audit requirements, rebuilding infrastructure, resuming business activities, and ensuring customer service as potential objectives. The document also describes infrastructure, business, and business risk-based approaches and entry points. Finally, it provides examples of identifying business processes, information flows, infrastructure dependencies, and assessing risks.

Business
1 of 21
BUSINESS CONTINUITY GUIDE PLANNING
AGENDA • Introduction • Objectives of BCP • Approaches to BCP • Dimensions of Scope • Entry Points 2 • Q&A
INTRODUCTION So…you’ve decided to embark on a business continuity planning (BCP) project …but where do you start? • Define the objectives • Determine the dimensions of scope • Select an appropriate approach • Proceed from an entry point 3
OBJECTIVES (1/2) Satisfy audit or regulatory requirements 1 Rebuild the infrastructure 2 Resumption of business activities 3 Continuity in customer service 4 Four possible objectives of BCP: 4
OBJECTIVES (2/2) 5 Audit or Regulatory Requirements • If your focus is on: – Passing an audit or getting points cleared – Minimizing costs • Then your objective is to satisfy audit or regulatory requirements. Rebuild the Infrastructure • If your focus is on: – Alternative facilities and sites – Solutions to minimize downtime of key infrastructure and systems • Then your objective is to rebuild the infrastructure. Resumption of Business Activities • If your focus is on: – Setting up an organization and the required facilities to enable key staff to resume their activities • Then your objective is the resumption of business activities. Continuity in Customer Service • If your focus is on: – Defining what level of customer service must be maintained throughout a disaster – What is required to achieve that level of customer service • Then your objective is to ensure continuity in customer service at an acceptable level.
APPROACHES TO BCP 6 Approaches to BCP based on the objectives: Objective Approach Satisfy audit or regulatory requirements Tick-box approach Rebuild the infrastructure Infrastructure approach Resumption of business activities Gradual/subplans approach Continuity in customer service Business approach (holistic)
SCOPE 7 • Event Interrupting Operations – Asset protection Protection of assets (e.g., people, building, etc.) – BCP Preparation of critical elements for business continuity • Enterprise-wide versus IT… ...be clear on the scope of your BCP project
8 DIMENSIONS OF SCOPE Business Network Control Room IT DRP Network Resilience Server Mirroring Dealing Room Office Relocation Equipment Failures Infrastructure Business Interruption Risks (BIR) Infrastructure Risk Long-Term Business Viability Brand Image Client Satisfaction Capacity Regulatory
INFRASTRUCTURE 9 • …the identification and protection of critical (IT) infrastructure required to maintain an acceptable level of business, • ...to ensure the survival of the organization in times of business disruption. • Critical infrastructure can include: – Mainframe – Networks – Applications – PCs and desktops – Manufacturing infrastructure – Logistical infrastructure – Office locations
BUSINESS 10 • …the identification and protection of critical business processes required to maintain an acceptable level of business, • ...to ensure the survival of the organization in times of business disruption. • Critical business processes can include – Manufacturing – Sales/order entry – Payroll – Dealing room activities – Delivery – Client communication – Accounting and finance
BUSINESS INTERRUPTION RISK 11 • …the identification and protection against business risks resulting from a business interruption jeopardizing • ... the survival of the organization in times of business disruption.
ENTRY POINTS 12 There are four possible entry points depending on the drivers of the approach. If your approach is… Then your entry point is... Event driven Evaluate threats Business risk driven Assess risks from interruptions Business driven Analyze critical processes Applications or systems driven Dependency on (IT) infrastructure
THREATS 13 Classification of threats according to the type of event: • Acts of nature – hurricane, flood, earthquake, etc. • External man-made events – terrorism, evacuation, security intrusion, etc. • Internal unintentional events – accidental loss of files, computer failure, etc. • Internal intentional events – strike, sabotage, data deletion, etc.
RISKS 14 Competitor Catastrophic Loss Sensitivity Sovereign/Political Shareholder Relations Legal Capital Availability Industry Financial Markets Information For Decision Making Risk Operational Pricing Contract Commitment Measurement Alignment Completeness and Accuracy Regulatory Reporting Financial Budget and Planning Completeness and Accuracy Accounting Information Financial Reporting Evaluation Taxation Pension Fund Investment Evaluation Regulatory Reporting Strategic Environmental Scan Business Portfolio Valuation Measurement Organization Structure Resource Allocation Planning Life Cycle Operations Risk Customer Satisfaction Human Resources Product Development Efficiency Capacity Performance Gap Cycle Time Sourcing Commodity Pricing Obsolescence Shrinkage Compliance Business Interruption Product Service Failure Environmental Health & Safety Trademark/Brand Name Erosion Empowerment Risk Leadership Authority Limit Performance Incentives Communications Information Processing/Technology Risk Access Integrity Relevance Availability Integrity Risk Management Fraud Employee Fraud Illegal Acts Unauthorized Use Reputation Financial Risk Currency Interest Rate Liquidity Cash Transfer/Velocity Derivative Settlement Reinvestment/Rollover Credit Collateral Counterparty Process Risk Environment Risk Business Risk Model
15 ENTRY POINT: INFRASTRUCTURE Business Network Control Room IT DRP Network Resilience Server Mirroring Dealing Room Office Relocation Equipment Failures Infrastructure Business Interruption Risks (BIR) • Traditional approach. • Very often limited to IT, then extended to "departmental" infrastructure or office infrastructure. • Very often the business perspective is used to assess criticality of infrastructure elements, and to justify the cost (business impact analysis). • The risk scope is limited to infrastructure risks through analysis of threats (potential events). Infrastructure Risk Long-Term Business Viability Brand Image Client Satisfaction Capacity Regulatory
16 ENTRY POINT: BUSINESS Business Infrastructure Business Interruption Risks (BIR) Network Control Room IT DRP Network Resilience Server Mirroring Dealing Room Office Relocation Equipment Failures • Top-down approach. • Starting from a top-down analysis of the critical business domains or processes. • For the critical business processes, assess the dependencies and criticality. • Often, the business interruption risk dimension is included into the business impact assessment, although not always made explicit or limited to the obvious business interruption risks. Infrastructure Risk Long-Term Business Viability Brand Image Client Satisfaction Capacity Regulatory
17 ENTRY POINT: BUSINESS RISKS Business Infrastructure Business Interruption Risks (BIR) 1. 2. Network Control Room IT DRP Network Resilience Server Mirroring Dealing Room Office Relocation Equipment Failures • Entering from looking at the business risks created by a business interruption. • Allows to include more than only the operational impact, e.g., product quality, brand image, health & safety, cash flow, etc. • To manage these risks, next to BCP, other actions may be included, e.g., asset protection, supply chain management, crisis management, media management, etc. • Here we can provide the best added value. Infrastructure Risk Long-Term Business Viability Brand Image Client Satisfaction Capacity Regulatory
RISKS The “five As” of risk management : Assess Risk 1 Accept or reject risk 2 Avoid risk, transfer risk or reduce risk to an acceptable level 3 Analyze performance gaps 4 Act to improve 5 18
Business Processes Information Flows Infrastructure & Resources 19 Identify key dependencies and vulnerabilities within the business organization, top-down: • What does the company depend on to be successful? • What are the key business processes driving the business? • What are the flows within these business processes? • What are the vulnerabilities and dependencies within these flows and business operations? BUSINESS PROCESSES Key Business Drivers
(IT) INFRASTRUCTURE 20 Identifying recovery solutions Assessing the possible threats Selecting the critical infrastructure Analyzing the potential business impact Obtaining an inventory of (IT) infrastructure Achieved by
BCP METHODOLOGIES 21 Two main BCP methodologies: Entry Points BCP Methodology Infrastructure Infrastructure-oriented, threat-based Threat Business Business-oriented, risk-based Risk

Recommended

Auditing corporate governance guide
Auditing corporate governance guideAuditing corporate governance guide
Auditing corporate governance guideAstalapulosListestos
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guideAstalapulosListestos
 
Social media risks guide
Social media risks guideSocial media risks guide
Social media risks guideAstalapulosListestos
 
It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guideAstalapulosListestos
 
Risk assessment facilitation guide
Risk assessment facilitation guideRisk assessment facilitation guide
Risk assessment facilitation guideAstalapulosListestos
 
Root cause analysis questionnaire
Root cause analysis questionnaireRoot cause analysis questionnaire
Root cause analysis questionnaireAstalapulosListestos
 
It alignment-who-is-in-charge
It alignment-who-is-in-chargeIt alignment-who-is-in-charge
It alignment-who-is-in-chargeTapas Bhattacharya
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guideCenapSerdarolu
 

Recommended

Auditing corporate governance guide
Auditing corporate governance guideAuditing corporate governance guide
Auditing corporate governance guideAstalapulosListestos
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guideAstalapulosListestos
 
Social media risks guide
Social media risks guideSocial media risks guide
Social media risks guideAstalapulosListestos
 
It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guideAstalapulosListestos
 
Risk assessment facilitation guide
Risk assessment facilitation guideRisk assessment facilitation guide
Risk assessment facilitation guideAstalapulosListestos
 
Root cause analysis questionnaire
Root cause analysis questionnaireRoot cause analysis questionnaire
Root cause analysis questionnaireAstalapulosListestos
 
It alignment-who-is-in-charge
It alignment-who-is-in-chargeIt alignment-who-is-in-charge
It alignment-who-is-in-chargeTapas Bhattacharya
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guideCenapSerdarolu
 
Aligning IT and Business for Better Results
Aligning IT and Business for Better ResultsAligning IT and Business for Better Results
Aligning IT and Business for Better ResultsGlobal Knowledge Training
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guideCenapSerdarolu
 
Data governance guide
Data governance guideData governance guide
Data governance guideAstalapulosListestos
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controlsCenapSerdarolu
 
Audit ratings guide
Audit ratings guideAudit ratings guide
Audit ratings guideCenapSerdarolu
 
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk ManagementUnderstanding IT Governance and Risk Management
Understanding IT Governance and Risk Managementjiricejka
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information Systemarif prasetyo
 
Information technology risks
Information technology risksInformation technology risks
Information technology riskssalman butt
 
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011IBM Sverige
 
Sap security compliance tools_PennonSoft
Sap security compliance tools_PennonSoftSap security compliance tools_PennonSoft
Sap security compliance tools_PennonSoftPennonSoft
 
Sudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity modelSudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity modelnooralmousa
 
it grc
it grc it grc
it grc 9535814851
 
Fix nix, inc
Fix nix, incFix nix, inc
Fix nix, incFixNix Inc.,
 
Operational Risk Management for practitioners v1.0
Operational Risk Management for practitioners v1.0Operational Risk Management for practitioners v1.0
Operational Risk Management for practitioners v1.0Ignacio Reclusa
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
Simplifying IT GRC
Simplifying IT GRCSimplifying IT GRC
Simplifying IT GRCanand choudhary
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsSharing Slides Training
 
2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot Spots2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot SpotsRon Steinkamp
 
Fraud detection guide
Fraud detection guideFraud detection guide
Fraud detection guideCenapSerdarolu
 
OPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENTOPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENTIntan Noona
 
BiznetGio Presentation Business Continuity
BiznetGio Presentation Business ContinuityBiznetGio Presentation Business Continuity
BiznetGio Presentation Business ContinuityYusuf Hadiwinata Sutandar
 
Resus Advisory Profile - Resilience services Nov 15
Resus Advisory Profile - Resilience services Nov 15Resus Advisory Profile - Resilience services Nov 15
Resus Advisory Profile - Resilience services Nov 15David John Bollaert
 

More Related Content

What's hot

Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guideCenapSerdarolu
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controlsCenapSerdarolu
 
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk ManagementUnderstanding IT Governance and Risk Management
Understanding IT Governance and Risk Managementjiricejka
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information Systemarif prasetyo
 
Information technology risks
Information technology risksInformation technology risks
Information technology riskssalman butt
 
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011IBM Sverige
 
Sap security compliance tools_PennonSoft
Sap security compliance tools_PennonSoftSap security compliance tools_PennonSoft
Sap security compliance tools_PennonSoftPennonSoft
 
Sudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity modelSudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity modelnooralmousa
 
Operational Risk Management for practitioners v1.0
Operational Risk Management for practitioners v1.0Operational Risk Management for practitioners v1.0
Operational Risk Management for practitioners v1.0Ignacio Reclusa
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsSharing Slides Training
 
2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot Spots2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot SpotsRon Steinkamp
 
OPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENTOPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENTIntan Noona
 

What's hot (20)

Aligning IT and Business for Better Results
Aligning IT and Business for Better ResultsAligning IT and Business for Better Results
Aligning IT and Business for Better Results
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guide
 
Data governance guide
Data governance guideData governance guide
Data governance guide
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controls
 
Audit ratings guide
Audit ratings guideAudit ratings guide
Audit ratings guide
 
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk ManagementUnderstanding IT Governance and Risk Management
Understanding IT Governance and Risk Management
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information System
 
Information technology risks
Information technology risksInformation technology risks
Information technology risks
 
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
 
Sap security compliance tools_PennonSoft
Sap security compliance tools_PennonSoftSap security compliance tools_PennonSoft
Sap security compliance tools_PennonSoft
 
Sudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity modelSudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity model
 
it grc
it grc it grc
it grc
 
Fix nix, inc
Fix nix, incFix nix, inc
Fix nix, inc
 
Operational Risk Management for practitioners v1.0
Operational Risk Management for practitioners v1.0Operational Risk Management for practitioners v1.0
Operational Risk Management for practitioners v1.0
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Management
 
Simplifying IT GRC
Simplifying IT GRCSimplifying IT GRC
Simplifying IT GRC
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based Is
 
2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot Spots2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot Spots
 
Fraud detection guide
Fraud detection guideFraud detection guide
Fraud detection guide
 
OPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENTOPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENT
 

Similar to Business Continuity Planning Guide

Resus Advisory Profile - Resilience services Nov 15
Resus Advisory Profile - Resilience services Nov 15Resus Advisory Profile - Resilience services Nov 15
Resus Advisory Profile - Resilience services Nov 15David John Bollaert
 
IT Outsourcing Risks In Financial Sector
IT Outsourcing Risks In Financial SectorIT Outsourcing Risks In Financial Sector
IT Outsourcing Risks In Financial SectorUKNGroupLtd
 
Security & Risk Management
Security & Risk ManagementSecurity & Risk Management
Security & Risk ManagementAhmed Sayed-
 
Framing the business case service provider v1 2
Framing the business case service provider v1 2Framing the business case service provider v1 2
Framing the business case service provider v1 2pskoularikos
 
Business Continuity Workshop Final
Business Continuity Workshop FinalBusiness Continuity Workshop Final
Business Continuity Workshop FinalBill Lisse
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear LLC
 
Bpo risk management 2013
Bpo risk management 2013Bpo risk management 2013
Bpo risk management 2013Nidhi Gupta
 
Bpo risk management 2013
Bpo risk management 2013Bpo risk management 2013
Bpo risk management 2013Nidhi Gupta
 
Insurance application modernisation
Insurance application modernisationInsurance application modernisation
Insurance application modernisationBrian Maguire
 
Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRobert Kloots
 
Lean dqm reporting
Lean dqm reportingLean dqm reporting
Lean dqm reportingdatatovalue
 
Get Smart About Technical Debt
Get Smart About Technical DebtGet Smart About Technical Debt
Get Smart About Technical DebtCAST
 
J-Knolla Presentation S1000D Users Forum 2015-W-Notes
J-Knolla Presentation S1000D Users Forum 2015-W-NotesJ-Knolla Presentation S1000D Users Forum 2015-W-Notes
J-Knolla Presentation S1000D Users Forum 2015-W-NotesJohn Knolla
 
CA PPM Rationalizaiton
CA PPM RationalizaitonCA PPM Rationalizaiton
CA PPM RationalizaitonDavid Messineo
 

Similar to Business Continuity Planning Guide (20)

BiznetGio Presentation Business Continuity
BiznetGio Presentation Business ContinuityBiznetGio Presentation Business Continuity
BiznetGio Presentation Business Continuity
 
Resus Advisory Profile - Resilience services Nov 15
Resus Advisory Profile - Resilience services Nov 15Resus Advisory Profile - Resilience services Nov 15
Resus Advisory Profile - Resilience services Nov 15
 
IT Outsourcing Risks In Financial Sector
IT Outsourcing Risks In Financial SectorIT Outsourcing Risks In Financial Sector
IT Outsourcing Risks In Financial Sector
 
Security & Risk Management
Security & Risk ManagementSecurity & Risk Management
Security & Risk Management
 
Framing the business case service provider v1 2
Framing the business case service provider v1 2Framing the business case service provider v1 2
Framing the business case service provider v1 2
 
Business Continuity Workshop Final
Business Continuity Workshop FinalBusiness Continuity Workshop Final
Business Continuity Workshop Final
 
Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsGovernment and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP Systems
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and Trends
 
Bpo risk management 2013
Bpo risk management 2013Bpo risk management 2013
Bpo risk management 2013
 
Bpo risk management 2013
Bpo risk management 2013Bpo risk management 2013
Bpo risk management 2013
 
Bpo risk management 2013
Bpo risk management 2013Bpo risk management 2013
Bpo risk management 2013
 
Bpo risk management 2013
Bpo risk management 2013Bpo risk management 2013
Bpo risk management 2013
 
Bpo risk management 2013
Bpo risk management 2013Bpo risk management 2013
Bpo risk management 2013
 
Insurance application modernisation
Insurance application modernisationInsurance application modernisation
Insurance application modernisation
 
Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcm
 
Lean dqm reporting
Lean dqm reportingLean dqm reporting
Lean dqm reporting
 
Get Smart About Technical Debt
Get Smart About Technical DebtGet Smart About Technical Debt
Get Smart About Technical Debt
 
J-Knolla Presentation S1000D Users Forum 2015-W-Notes
J-Knolla Presentation S1000D Users Forum 2015-W-NotesJ-Knolla Presentation S1000D Users Forum 2015-W-Notes
J-Knolla Presentation S1000D Users Forum 2015-W-Notes
 
CA PPM Rationalizaiton
CA PPM RationalizaitonCA PPM Rationalizaiton
CA PPM Rationalizaiton
 

Recently uploaded

8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024christinemoorman
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...lizamodels9
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfpollardmorgan
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesKeppelCorporation
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menzaictsugar
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In.../:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...lizamodels9
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCRsoniya singh
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingShawn Pang
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionMintel Group
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 

Recently uploaded (20)

8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation Slides
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In.../:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted Version
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 

Business Continuity Planning Guide

  • 2. AGENDA • Introduction • Objectives of BCP • Approaches to BCP • Dimensions of Scope • Entry Points 2 • Q&A
  • 3. INTRODUCTION So…you’ve decided to embark on a business continuity planning (BCP) project …but where do you start? • Define the objectives • Determine the dimensions of scope • Select an appropriate approach • Proceed from an entry point 3
  • 4. OBJECTIVES (1/2) Satisfy audit or regulatory requirements 1 Rebuild the infrastructure 2 Resumption of business activities 3 Continuity in customer service 4 Four possible objectives of BCP: 4
  • 5. OBJECTIVES (2/2) 5 Audit or Regulatory Requirements • If your focus is on: – Passing an audit or getting points cleared – Minimizing costs • Then your objective is to satisfy audit or regulatory requirements. Rebuild the Infrastructure • If your focus is on: – Alternative facilities and sites – Solutions to minimize downtime of key infrastructure and systems • Then your objective is to rebuild the infrastructure. Resumption of Business Activities • If your focus is on: – Setting up an organization and the required facilities to enable key staff to resume their activities • Then your objective is the resumption of business activities. Continuity in Customer Service • If your focus is on: – Defining what level of customer service must be maintained throughout a disaster – What is required to achieve that level of customer service • Then your objective is to ensure continuity in customer service at an acceptable level.
  • 6. APPROACHES TO BCP 6 Approaches to BCP based on the objectives: Objective Approach Satisfy audit or regulatory requirements Tick-box approach Rebuild the infrastructure Infrastructure approach Resumption of business activities Gradual/subplans approach Continuity in customer service Business approach (holistic)
  • 7. SCOPE 7 • Event Interrupting Operations – Asset protection Protection of assets (e.g., people, building, etc.) – BCP Preparation of critical elements for business continuity • Enterprise-wide versus IT… ...be clear on the scope of your BCP project
  • 8. 8 DIMENSIONS OF SCOPE Business Network Control Room IT DRP Network Resilience Server Mirroring Dealing Room Office Relocation Equipment Failures Infrastructure Business Interruption Risks (BIR) Infrastructure Risk Long-Term Business Viability Brand Image Client Satisfaction Capacity Regulatory
  • 9. INFRASTRUCTURE 9 • …the identification and protection of critical (IT) infrastructure required to maintain an acceptable level of business, • ...to ensure the survival of the organization in times of business disruption. • Critical infrastructure can include: – Mainframe – Networks – Applications – PCs and desktops – Manufacturing infrastructure – Logistical infrastructure – Office locations
  • 10. BUSINESS 10 • …the identification and protection of critical business processes required to maintain an acceptable level of business, • ...to ensure the survival of the organization in times of business disruption. • Critical business processes can include – Manufacturing – Sales/order entry – Payroll – Dealing room activities – Delivery – Client communication – Accounting and finance
  • 11. BUSINESS INTERRUPTION RISK 11 • …the identification and protection against business risks resulting from a business interruption jeopardizing • ... the survival of the organization in times of business disruption.
  • 12. ENTRY POINTS 12 There are four possible entry points depending on the drivers of the approach. If your approach is… Then your entry point is... Event driven Evaluate threats Business risk driven Assess risks from interruptions Business driven Analyze critical processes Applications or systems driven Dependency on (IT) infrastructure
  • 13. THREATS 13 Classification of threats according to the type of event: • Acts of nature – hurricane, flood, earthquake, etc. • External man-made events – terrorism, evacuation, security intrusion, etc. • Internal unintentional events – accidental loss of files, computer failure, etc. • Internal intentional events – strike, sabotage, data deletion, etc.
  • 14. RISKS 14 Competitor Catastrophic Loss Sensitivity Sovereign/Political Shareholder Relations Legal Capital Availability Industry Financial Markets Information For Decision Making Risk Operational Pricing Contract Commitment Measurement Alignment Completeness and Accuracy Regulatory Reporting Financial Budget and Planning Completeness and Accuracy Accounting Information Financial Reporting Evaluation Taxation Pension Fund Investment Evaluation Regulatory Reporting Strategic Environmental Scan Business Portfolio Valuation Measurement Organization Structure Resource Allocation Planning Life Cycle Operations Risk Customer Satisfaction Human Resources Product Development Efficiency Capacity Performance Gap Cycle Time Sourcing Commodity Pricing Obsolescence Shrinkage Compliance Business Interruption Product Service Failure Environmental Health & Safety Trademark/Brand Name Erosion Empowerment Risk Leadership Authority Limit Performance Incentives Communications Information Processing/Technology Risk Access Integrity Relevance Availability Integrity Risk Management Fraud Employee Fraud Illegal Acts Unauthorized Use Reputation Financial Risk Currency Interest Rate Liquidity Cash Transfer/Velocity Derivative Settlement Reinvestment/Rollover Credit Collateral Counterparty Process Risk Environment Risk Business Risk Model
  • 15. 15 ENTRY POINT: INFRASTRUCTURE Business Network Control Room IT DRP Network Resilience Server Mirroring Dealing Room Office Relocation Equipment Failures Infrastructure Business Interruption Risks (BIR) • Traditional approach. • Very often limited to IT, then extended to "departmental" infrastructure or office infrastructure. • Very often the business perspective is used to assess criticality of infrastructure elements, and to justify the cost (business impact analysis). • The risk scope is limited to infrastructure risks through analysis of threats (potential events). Infrastructure Risk Long-Term Business Viability Brand Image Client Satisfaction Capacity Regulatory
  • 16. 16 ENTRY POINT: BUSINESS Business Infrastructure Business Interruption Risks (BIR) Network Control Room IT DRP Network Resilience Server Mirroring Dealing Room Office Relocation Equipment Failures • Top-down approach. • Starting from a top-down analysis of the critical business domains or processes. • For the critical business processes, assess the dependencies and criticality. • Often, the business interruption risk dimension is included into the business impact assessment, although not always made explicit or limited to the obvious business interruption risks. Infrastructure Risk Long-Term Business Viability Brand Image Client Satisfaction Capacity Regulatory
  • 17. 17 ENTRY POINT: BUSINESS RISKS Business Infrastructure Business Interruption Risks (BIR) 1. 2. Network Control Room IT DRP Network Resilience Server Mirroring Dealing Room Office Relocation Equipment Failures • Entering from looking at the business risks created by a business interruption. • Allows to include more than only the operational impact, e.g., product quality, brand image, health & safety, cash flow, etc. • To manage these risks, next to BCP, other actions may be included, e.g., asset protection, supply chain management, crisis management, media management, etc. • Here we can provide the best added value. Infrastructure Risk Long-Term Business Viability Brand Image Client Satisfaction Capacity Regulatory
  • 18. RISKS The “five As” of risk management : Assess Risk 1 Accept or reject risk 2 Avoid risk, transfer risk or reduce risk to an acceptable level 3 Analyze performance gaps 4 Act to improve 5 18
  • 19. Business Processes Information Flows Infrastructure & Resources 19 Identify key dependencies and vulnerabilities within the business organization, top-down: • What does the company depend on to be successful? • What are the key business processes driving the business? • What are the flows within these business processes? • What are the vulnerabilities and dependencies within these flows and business operations? BUSINESS PROCESSES Key Business Drivers
  • 20. (IT) INFRASTRUCTURE 20 Identifying recovery solutions Assessing the possible threats Selecting the critical infrastructure Analyzing the potential business impact Obtaining an inventory of (IT) infrastructure Achieved by
  • 21. BCP METHODOLOGIES 21 Two main BCP methodologies: Entry Points BCP Methodology Infrastructure Infrastructure-oriented, threat-based Threat Business Business-oriented, risk-based Risk