More Related Content
Similar to Resus Advisory Profile - Resilience services Nov 15
Similar to Resus Advisory Profile - Resilience services Nov 15 (20)
Resus Advisory Profile - Resilience services Nov 15
- 2. 1© 2015 Resus Advisory. All rights reserved.
Need for Resilience
We know that in today’s world of uncertainty, the resilience of business operations during events that
impact “business as usual” is more critical than ever.
A disruption to services can occur from various internal and external threats, that are often beyond our
control, including terrorism, the supply chain and environment.
However, it is how we prepare for and respond towards those threats that develops organisational resilience,
allowing for continued value to customers, even during times of disruption. Customers expect it, and the
value they place on it is evident below.
- 3. 2© 2015 Resus Advisory. All rights reserved.
Client services offered
Tailored and integrated consulting and training solutions, including:
• Enterprise Risk Management
• Business Continuity, Emergency Management,
Crisis Management and ICT Resilience
• Knowledge Management, Process Mapping and Improvement
• Information Security and Privacy Compliance
Resus Advisory is a proudly South African company
and a Licensed BCI Training Partner
- 4. 3© 2015 Resus Advisory. All rights reserved.
Resilience services overview
• BCM maturity reviews (against leading ISO22301 & BCI GPG standards and practical experience)
• IT DR (continuity) reviews
• Supply chain resilience and 3rd party BCM reviews
• Full BCM Lifecycle implementation projects, or specific elements including:
• BCM programme maintenance outsourcing
• Crisis co-ordination support
• Onsite coaching for BCM / Risk staff skills transfer
• BCM training (BCI official certification training and tailored practical training as required)
• Integrating risk and other functions to support organisational resilience by embedding and aligning
responsibilities. Including Governance, Risk and Compliance functions, IT Security and Privacy, OH&S,
Process Management, Insurance and Internal Audit
BCI GPG 2013: BCM Lifecycle
AuditAdvisory
Training
- 5. 4© 2015 Resus Advisory. All rights reserved.
Specialising in Business Continuity Management
What is Business Continuity Management (BCM)?
An enterprise-wide management process that identifies potential impacts that threaten an organisation and provides
a framework for building resilience and the capability for an effective response that safeguards the interests of its key
stakeholders, reputation, brand and value-creating activities.
BCM Elements include:
BUSINESSICT
RESPONSE TIMELINE
Ability to prioritise critical processes
and recovery requirements to continue
operations for key business functions
BUSINESS RECOVERY
Ability to direct response teams and
recovery actions, communications to
internal / external stakeholders
CRISIS MANAGEMENT
Ability to respond to a physical incident
safeguarding people and infrastructure,
interacting with emergency services
EMERGENCY RESPONSE
Ability to restore the IT systems, data
and communications infrastructure to
support business continuity
ICT RECOVERY
INCIDENT
- 6. 5© 2015 Resus Advisory. All rights reserved.
Specialising in Business Continuity Management
Why is BCM important?
King III Risk Management,
Principle 5
Management should regularly
demonstrate to the board that
the company has adequate
business resilience
arrangements in place for
disaster recovery.
Disaster Management Act
(57 of 2002)
Provides for a co-ordinated
and prepared response to
disasters and post-disaster
recovery.
Pro-active and re-active crisis response capabilities
Reduce
impact
Accelerate
Recovery
Incident
Prevention
Response
Recovery
Service
Level
Time
100%
(Business
as usual)
Resilient Non-resilient
- 7. 6© 2015 Resus Advisory. All rights reserved.
BCM system services include
BCM policy and related policies to support BCM and risk management activities within the organisation:
• Governance and policy frameworks
• The development of BCM programme schedules
• BCM response structures
• Required roles and responsibilities
• Interaction with other business areas and disciplines
Business Impact Analysis (BIA) workshop facilitation:
• Identify critical business activities, assets and processes within the organisation
• Define risk rating scales used to determine the impact (tangible and intangible) an interruption would have upon
critical business operations, including financial, legal / regulatory and stakeholder reputational impacts
• Identify key resources required to carry out critical business processes
• Identify support requirements in terms of operating equipment, IT systems / applications and personnel that support
the critical business processes of the organisation
• Identify manual or alternative procedures (work-arounds)
• Identifying key suppliers / vendors, customers, internal dependencies and external third parties which support
business operations
• BIA reporting and analysis of resource requirements information
Threat Assessment explores single points of failure and resilience related risk areas:
• IT and telecommunications
• Physical security, Operational health and safety
• Data privacy and security
• Supply Chain Management
• Succession planning
• Insurance and financial risks
• Knowledge and business processes management
- 8. 7© 2015 Resus Advisory. All rights reserved.
BCM system services include (cont.)
Recovery Strategies that meet the resource requirements identified during the BIA and address key risks
identified in the Threat Assessment to address interruptions to various elements:
• Infrastructure and office premises
• Information and communication technology (ICT)
• Critical information and documents
• Supply chain and vendors
• Staff and key people dependencies
• Cost/Benefit analyses for various recovery and risk mitigation strategies
Business Continuity Plan development documents the executable strategies:
• Emergency response plans to safeguard people and infrastructure
• Business recovery plans to resume critical operations
• ICT recovery plans to restore IT and communications services
• Crisis management for executive direction and coordination
• Communications plans to conduct internal and external communications
• Scenario plans to address specific response strategies for various threats (i.e. Pandemic plan)
Testing and exercising is critical to validating a proven capability:
• Defining testing outcomes and roadmap to improving BCM maturity through testing
• Conducting the test and exercising
• Post-test reporting and follow up actions
Awareness initiatives to promote BCM knowledge throughout the organisation, practical awareness
campaign options suitable for improving and embedding BCM within each unique environment:
• Training requirements
• BCM awareness campaigns
• BCM maintenance and improvement
• Stakeholder reporting
- 9. 8© 2015 Resus Advisory. All rights reserved.
Overview of the KPMG BCM Lifecycle and Services Offered
to discuss requirements and solutions
David Bollaert (MBCI, CISA, BBusSc)
Organisational Resilience Director
E david@resusadvisory.co.za
T +27 (0)82 998 8666
www.resusadvisory.co.za
Contact us