Download It

571 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
571
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Download It

  1. 1. ANZUIAG CONFERENCE 2002 Business Continuity Management Colin Maslen, MBCI
  2. 2. Characteristics of today’s world • Complexity • Coupling • Scope and size • Speed • Visibility
  3. 3. ‘For the first time, human- caused crises can now rival natural diasters in scope and magnitude’ (Mitroff, 2001)
  4. 4. Examples … • Challenger Explosion • AT&T Network Breakdown • Exxon Valdez • Lockerbie • Union Carbide and Bhopal • Piper Alpha • Barings • Enron • September 11
  5. 5. ‘Never before had the ability of business to recover been played out in the full glare of the worldwide media’ (Honour, 2002)
  6. 6. Business Continuity & the NY World Trade Centre (cont’d) • Deutsche Bank successfully switched operating system to back-up facility • Lehman Brothers used mirrored site in New Jersey - able to trade equities when New York Stock Exchange reopened on September 17
  7. 7. Business Continuity & the NY World Trade Centre • Comdisco had history of 421 DRP invocations before 11 Sept, then 74 invocations in 48 hours • IBM emergency operations centre already on full alert for a tropical storm in Gulf of Mexico
  8. 8. Crises/Disasters: Some Australian Examples • Hoddle Street massacre • Victorian power crisis • Longford gas plant explosion • Mobil jet fuel contamination • Product tampering in the pharmaceutical industry • Bankstown Civic Centre fire • Knox City Council fire • Auckland CBD power crisis • Childers backpacker hotel fire
  9. 9. Risk management - components Risk Control (Proactive - minimises Risk Transfer risk exposure and (Insurance & reduces likelihood, Contracts - e.g. Security) Manages Cost of Risk) Business Continuity & Contingency Planning (Reactive - Minimises impact or consequences)
  10. 10. Business Continuity Management Business Continuity Planning: IT (Disaster) to maintain continuity of Recovery Planning: critical processes & Recovery of critical functions, e.g.: systems and applications • customer service • administration • billing Crisis Management: Organisation & ability to manage any crisis or disaster
  11. 11. In context - BCM, BCP and DRP business continuity overall approach to management business continuity business address continuity continuity of plans processes IT disaster one specific recovery type of plan plan
  12. 12. Crisis management … the organisational capacity to manage a ‘crisis’ or ‘disaster’ through to recovery
  13. 13. Getting Started • BCM Team • Incident/Crisis Management Organisation • BCM Project/Program • Risk identification, assessment & treatment • Identify key business processes • Business Impact Analysis • Division/Faculty BCPs
  14. 14. The Risk Management Process (AS/NZS 4360:99) Establish context Monitor and Review Identify risks A A S S S Analyse risks S E E S S S S M Evaluate and M E prioritise risks E N N T T Treat risks
  15. 15. Identifying / Prioritizing Key Business Processes • Vital: Not easily transferred or replaced; low tolerance, high cost of interruption; data may be permanently damaged/lost • Important: Can be partially transferred for limited period; moderate tolerance; potentially high cost of interruption • Deferrable: Can be interrupted for extended period; minor inconvenience
  16. 16. Critical Business Processes: Examples • Student administration: enrolments, fees, student records, examinations, graduations; accommodation • Faculties: Budgeting; programming the academic year; resource allocation • Finance: payroll; accounts; tax • Human resources: HR records, remuneration; superannuation, worker’s compensation • On-line teaching
  17. 17. Business Impact Analysis (BIA) • Examines dependency of Vital & Important processes on Key Resources • Determines Maximum Tolerable Outage (MTO); i.e. the restoration timeframe, for each resource
  18. 18. BIA Example System MTO Peak Workarounds Laboratory 4 hours N/A Nil environment system E-mail 24 hours N/A Phone/fax Internet access 48 hours N/A Nil Student 48 hrs Enrolments Manual Administration On-line teaching 48 hours Nil Payroll 1 week Pay cycle Pay record
  19. 19. BCP Components • Objectives, scope, possible scenarios • Organisation, responsibilities & communications • Incident impact assessment, escalation & plan invocation • Procedures & checklists for phases: – Respond – Restore: Vital & Important Processes – Recover • Emergency contact lists • Document control & maintenance
  20. 20. Planning considerations • Emergency Services’ priorities • Staff • Communications: primary & back-up • Public relations • Continuity of Customer Service • Information Technology & Services • Salvage & restoration of documents (e.g. licences), records and artifacts
  21. 21. The big picture ... Incident Resume Incident Resume No Is it a Is it an IT No Business business reporting & normal IT ‘crisis’? ‘disaster’? as usual as usual escalation operations Yes Yes Convene Invoke DRP: Convene CCT BCPs DMT to coordinate Manage Implement DRP Manage HR Salvage & BCPs for & Repair PR Issues Business processes Restore Hardware & Communications Process restoration & Applications Off-site data catch-up & Data Recovery back-up Business resumption & Cost recovery
  22. 22. Incident/Crisis Management Respond •Identify, report & assess Incident/Crisis •Emergency procedures •Escalate activate CMT •Isolate/contain damage Restore •Stabilise - CMT coordinate company wide response •Damage control •Short term restoration of operations & customer service •Work-arounds & BCPs •Manage indirect consequences, e.g. media coverage Recover •Assess impact (cost) •Repair damage •Recover image & market share •Cost recovery, e.g. insurance
  23. 23. BCM - The Essential Ingredients • Commitment • Organisation • Communication • Testing & training • Plan maintenance & review
  24. 24. Sources of Information • Business Continuity Institute • BCI’s Business Guide to Continuity Management • ANAO’s Best Practice Guide: Business Continuity Management - Keeping the wheels in motion • Standards Australia: OB/7 Working Group Draft Business Continuity Management Guideline
  25. 25. Bombing at Hebrew University • 31 July 2002 • Bomb planted in university cafeteria • Killed 7 and wounded more than 80
  26. 26. Could your university carry on if the unthinkable happened?
  27. 27. Thank You! Any Questions?

×