Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Prepared by Rod Davis, CBCP
June, 2015
 Disaster – an event, which causes the loss of an
essential service, or part of it, for a length of time
which imperils m...
 If an ice storm struck a data center rendering several critical IT
services unavailable?
 If an unencrypted laptop host...
 The occurrence of some events could cause a temporary
disruption of mission-critical services.
 Some scenarios could ac...
43%
51%
6%
Never reopen
Close within two years
Survive long-term
Organizations that experience major data
loss without dis...
Disaster
Recovery
Planning
Business
Continuity
Planning
Crisis
Management
Emergency
Management
Business Continuity Theory
...
 a management approved strategic and comprehensive
capability of an organization to plan for and respond
to events and co...
1.) Risk
Assessment
2.) Business
Impact
Analysis
3.) Risk
Mitigation
Strategy
4.) Business
Continuity
Plan
Development
5.)...
Natural/Environmental
Threats
• Fire
• Flood
• Hurricane
• Winter storm
• Pandemics
• Tornado
• Lightning
• Drought
• Eart...
Threat
Assessment
• Compile a list
of relevant
threats;
relevant =
historical,
contemporary,
or emerging
Probability
Asses...
Business Continuity Theory
 A process designed to identify and quantify impacts
resulting from disruptive events and disa...
Create a list of the
mission’s
functional areas.
Assemble subject
matter experts.
Identify mission-
critical functions,
pr...
Protect
Data and
Operations
Essential to
Recovery
HR records, IT
Recovery
Documentation,
Corporate
Databases
Network
Opera...
Determine
Recovery
Options
Work at
home for key
employees
Alternate
work-site
Alternate site
for mission-
critical IT
oper...
• Response and Recovery
• Vital Records, Databases, IT ServicesPriorities
• Designated Roles and Responsibilities
• Contac...
Business Continuity Theory
 Plan should designate teams, roles, responsibilities;
 Plan should include actions required ...
Business
Continuity
Plan
Testing
• Tests Information
Technology &
Telecommunications
dependencies to find
design flaws
Exe...
Establish
Audit
Points to
Monitor
Monitor
Exercises &
Tests
Feedback to
Business
Continuity
Coordinator
Modify
Business
Co...
Project
Initiation
Risk
Assessment
Business Impact
Analysis
Mitigation
Strategy
Development
Business
Continuity Plan
Devel...
Upcoming SlideShare
Loading in …5
×

Business continuity overview

468 views

Published on

Overview of Business Continuity Planning: Terminology, Rationale, Business Continuity Planning Cycle, Methodology. A high-level description with minimal detail of each of these steps: Risk Assessment, Business Impact Analysis, Risk Mitigation Strategy, Business Continuity Plan, Training, Testing and Auditing, and Plan Maintenance.

Published in: Business
  • Be the first to comment

  • Be the first to like this

Business continuity overview

  1. 1. Prepared by Rod Davis, CBCP June, 2015
  2. 2.  Disaster – an event, which causes the loss of an essential service, or part of it, for a length of time which imperils mission achievement. (Andrew Hiles, Business Continuity: Best Practices) Rationale for Business Continuity Planning
  3. 3.  If an ice storm struck a data center rendering several critical IT services unavailable?  If an unencrypted laptop hosting proprietary information, financial or human resources data were stolen?  If an unsecured data server, workstations, and other equipment were confiscated from an overseas branch office?  If a terrorist attack targeted an overseas operations center?  If a pandemic threatened global operations for your business? Rationale for Business Continuity Planning
  4. 4.  The occurrence of some events could cause a temporary disruption of mission-critical services.  Some scenarios could actually result in long-term loss of mission-critical capacity.  The ‘unthinkable’ might include shutdown of programs or business segments supported by these services. Rationale for Business Continuity Planning
  5. 5. 43% 51% 6% Never reopen Close within two years Survive long-term Organizations that experience major data loss without disaster recovery plans* * Cummings, Haag, & McCubbrey (2005). Management Information Systems for the Information Age. Rationale for Business Continuity Planning
  6. 6. Disaster Recovery Planning Business Continuity Planning Crisis Management Emergency Management Business Continuity Theory Business Continuity Planning
  7. 7.  a management approved strategic and comprehensive capability of an organization to plan for and respond to events and conditions in order to continue business operations*.  It is the most proactive risk management discipline. Business Continuity Theory Business Continuity Planning * The International Consortium for Organizational Resilience, CS SS BCM 3030
  8. 8. 1.) Risk Assessment 2.) Business Impact Analysis 3.) Risk Mitigation Strategy 4.) Business Continuity Plan Development 5.) Training, Testing & Auditing 6.) Business Continuity Plan Maintenance Business Continuity Theory
  9. 9. Natural/Environmental Threats • Fire • Flood • Hurricane • Winter storm • Pandemics • Tornado • Lightning • Drought • Earthquake • Volcano • Tsunami Human Threats • Fire (accidental or arson) • Cyber-attack • Data theft or loss • Extortion • Terrorist attack • Sabotage/Vandalism • Workplace violence • Civil unrest & war • Chemical or biological hazard Infrastructure Threats • Power grid failure • Petroleum supply disruption • Food or water contamination • Public utility failure (water, sewer, etc.) • Heating/Cooling system failure (affects IT & people) • Public transport disruption Assess the threat landscape and determine relevant threats. Business Continuity Theory Risk Assessment
  10. 10. Threat Assessment • Compile a list of relevant threats; relevant = historical, contemporary, or emerging Probability Assessment • Example: High frequency of electrical storms = high probability of lightning strike Vulnerability Assessment • Example: Lack of lightning / surge suppression = high vulnerability to a lightning strike. Business Continuity Theory Risk Assessment
  11. 11. Business Continuity Theory  A process designed to identify and quantify impacts resulting from disruptive events and disaster scenarios.  Results include:  List of mission-critical functions, processes, & roles;  Recovery priorities and their interdependencies  Recovery Time Objectives (RTOs) for these priorities Business Impact Analysis
  12. 12. Create a list of the mission’s functional areas. Assemble subject matter experts. Identify mission- critical functions, processes, and roles. Determine the impact on mission of ‘outage’. Establish the ‘Maximum Tolerable Outage’. Identify any external/ internal dependencies. Business Continuity Theory Business Impact Analysis
  13. 13. Protect Data and Operations Essential to Recovery HR records, IT Recovery Documentation, Corporate Databases Network Operations, Essential IT Dependencies Voice & Data Communications Networks Business Continuity Theory Risk Mitigation Strategy
  14. 14. Determine Recovery Options Work at home for key employees Alternate work-site Alternate site for mission- critical IT operations Business Continuity Theory Risk Mitigation Strategy
  15. 15. • Response and Recovery • Vital Records, Databases, IT ServicesPriorities • Designated Roles and Responsibilities • Contact InformationTeams • Recovery of Mission-Critical IT Services • Replacement of Critical EquipmentProcedures • Plan Activation: Transition Point from Emergency Response to Plan Activation • Declaration: Disruptive Event to Disaster Criteria Business Continuity Theory Business Continuity Plan Development
  16. 16. Business Continuity Theory  Plan should designate teams, roles, responsibilities;  Plan should include actions required on a timeline basis … response, recovery, & restoration;  Particular attention should be given to protection and restoration of mission-critical processes and services. Business Continuity Plan Development
  17. 17. Business Continuity Plan Testing • Tests Information Technology & Telecommunications dependencies to find design flaws Exercises • Reveals potential points of failure in the Business Continuity Plan Training • Develops familiarity with the Business Continuity Plan and competence in its execution. Business Continuity Theory Training, Testing & Auditing
  18. 18. Establish Audit Points to Monitor Monitor Exercises & Tests Feedback to Business Continuity Coordinator Modify Business Continuity Plan Business Continuity Theory Business Continuity Plan Maintenance
  19. 19. Project Initiation Risk Assessment Business Impact Analysis Mitigation Strategy Development Business Continuity Plan Development Training, Testing, Auditing Business Continuity Plan Maintenance Business Continuity Planning is ... project oriented iterative ongoing multi-phased requires testing Business Continuity Theory

×