BUSINESS CONTINUITY PLANNING

3,924 views

Published on

BUSINESS CONTINUITY PLANNING Workshop
Dr Karolyn Kerr

Published in: Business, Technology
0 Comments
23 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,924
On SlideShare
0
From Embeds
0
Number of Embeds
50
Actions
Shares
0
Downloads
0
Comments
0
Likes
23
Embeds 0
No embeds

No notes for slide

BUSINESS CONTINUITY PLANNING

  1. 1. BUSINESS CONTINUITY PLANNING Dr Karolyn Kerr
  2. 2. <ul><li>What is Business Continuity Planning (BCP)? </li></ul><ul><li>Possible Threats </li></ul><ul><li>Scope and Context of BCP </li></ul><ul><li>Business Impact Assessments </li></ul><ul><li>Business Continuity Plan Development </li></ul><ul><li>Testing and Validation </li></ul><ul><li>Training </li></ul><ul><li>Roles and Responsibilities </li></ul>
  3. 3. What is Business Continuity Planning (BCP)? <ul><li>BCP seeks to mitigate all major interruptions of business systems and to ensure a level of capability remains during and following disruption to core business systems </li></ul>
  4. 4. Possible Threats <ul><li>Human error </li></ul><ul><li>Application failure </li></ul><ul><li>Intentional disruption from an external source to a network (virus or worm) </li></ul><ul><li>Power outage </li></ul><ul><li>Service provider failure </li></ul>
  5. 5. Scope and Context of BCP <ul><li>Significant outage of technology leading to the unavailability of critical business systems </li></ul><ul><li>Disaster recovery planning a subset of BCP </li></ul><ul><li>Contingency plans generally relate to a planned event, BCPs relate to services and assets that are already operational </li></ul>
  6. 6. Scope and Context of BCP <ul><li>At a minimum, a BCP must have: </li></ul><ul><li>A budget formalised and approved by senior management </li></ul><ul><li>Formal disaster declaration authorities which will be responsible for activating the BCP </li></ul><ul><li>An incident management system within the organisation to manage BCP processes once activated </li></ul><ul><li>A regularly reviewed BCP that is benchmarked against industry regulations, where </li></ul><ul><li>present, and other organisations’ </li></ul><ul><li>processes </li></ul>
  7. 7. BCP Development <ul><li>The steps in the process to develop and implement a BCP commonly noted as required are: </li></ul><ul><li>Business impact analysis </li></ul><ul><li>Business continuity plan development </li></ul><ul><li>Training and testing of the plan </li></ul>
  8. 8. Business Impact Assessment <ul><li>Provides the supporting evidence of where priorities for plans and preparation should take place </li></ul><ul><li>Criticality criteria identify critical functions the organisation must perform to continue to deliver services </li></ul><ul><li>Identify risks to critical functions </li></ul><ul><li>Rate risks according to the likelihood of them occurring & level of impact </li></ul>
  9. 9. Business Impact Assessment <ul><li>Clinical and administrative impact </li></ul><ul><li>Core information required to treat patients in each area </li></ul><ul><li>Core clinical services required </li></ul><ul><li>Core people required to get the systems back up and running </li></ul><ul><li>Impact of length of time and time of day </li></ul>
  10. 10. Business Continuity Plan Development <ul><li>Complicated process due to the size and complexity of health care organisations. </li></ul><ul><li>Automated BCP software is available </li></ul><ul><li>The key tasks in BCP development are: </li></ul><ul><li>Reduction (of risk) </li></ul><ul><li>Readiness </li></ul><ul><li>Response </li></ul><ul><li>Recovery </li></ul>
  11. 11. Reduction (of risk) <ul><li>Supported through readiness actions </li></ul><ul><li>Could include ensuring staff have an understanding of any workarounds required i.e. manual admission and discharge packs </li></ul>
  12. 12. Readiness <ul><li>Plans and actions that could be done in preparation for an outage </li></ul><ul><li>Management and co-ordination requirements </li></ul><ul><li>Communication – who and how </li></ul><ul><li>Appropriate team of people aware of their roles - able to be brought together when the BCP is activated </li></ul>
  13. 13. Response <ul><li>Initial response to an outage including impact assessment </li></ul><ul><li>Pre-planned response cascade </li></ul><ul><li>Ongoing risk status reported back to emergency team at regular intervals </li></ul><ul><li>One central control centre with clear guidelines to assist with understanding roles and decision making </li></ul>
  14. 14. Recovery <ul><li>Input electronic data missed during outage </li></ul><ul><li>Reschedule appointments </li></ul><ul><li>Temporary admin staff may be required </li></ul><ul><li>Recovery time dependant on length of outage </li></ul>
  15. 15. Testing and Validation <ul><li>When testing the plan, consider: </li></ul><ul><li>Is the plan achievable? </li></ul><ul><li>Is there a clearly defined starting point for the plan, i.e. activation? </li></ul><ul><li>Does the plan address the situation in a timely, cost-effective, consistent way ? </li></ul>
  16. 16. Testing and Validation <ul><li>Review of the BCP process is required following an outage </li></ul><ul><li>Ongoing maintenance and review of the plan required to ensure applicability to changing systems and processes. </li></ul>
  17. 17. Training <ul><li>Staff are aware that such a plan exists and where it is kept, their role in BCP </li></ul><ul><li>Making staff aware of what the impact may be will increase staff ability to function through appropriate workarounds </li></ul>
  18. 18. Roles & Responsibilities <ul><li>IS departments are seen to be responsible for the co-ordination of development </li></ul><ul><li>Senior health care providers from all disciplines provide analysis of criticality and feasible workarounds and maintain plans </li></ul><ul><li>Senior executive staff support the development and implementation of the BCP and adequate ongoing funding </li></ul>
  19. 19. Conclusions <ul><li>Likely to become increasingly common throughout the health sector as awareness increases and the shift to almost entirely paperless systems continues. </li></ul><ul><li>Comprehensive plan required in health care organisations, given the criticality of many business systems and the risk to patient care delivery. </li></ul>
  20. 20. Conclusions <ul><li>Development complex and time consuming, with subsequent possible mitigation strategies requiring considerable financial support. </li></ul><ul><li>No standard benchmarks for the development of BCPs, but consistency enough within the literature to guide developers towards an appropriate plan for their organisation. </li></ul>

×