More Related Content
Similar to 企業營運持續管理技術手冊.pdf
Similar to 企業營運持續管理技術手冊.pdf (20)
企業營運持續管理技術手冊.pdf
- 1. ҾᔼၮុᆅೌמЋн
Ҟ ᒵ
ಃക ق ...........................................................................................................1
1.1! ጔଆ ..................................................................................................1
1.2! ЋнϣϷ٬Ҕᇥܴ ......................................................................3
1.3! ԖӜຒှញ ..................................................................................5
ಃΒക Ҿᔼၮុᆅϟಏ ...........................................................................11
2.1! ୯ሞ BCM ݩ .......................................................................11
2.1.1! ᐞࢪʏફՋើ॥ᓀᆅྗ AS/NZS4360:1999 ...............17
2.1.2! म୯ྗڐ PAS 56 ᔼၮុᆅࡰᏤᆜा………….20
2.1.3! ऍ୯ٛО্ؠڐ٣ࡺ/ᆙ࡚ᔈᡂᆅϷᔼၮុी
ฝྗ (NFPA1600).............................................................23
2.1.4! ISO 17799 ၗૻӼӄྗ....................................................26
2.1.5! DRII Professional Practices...................................................27
2.1.6! ཥуڵᔼၮុᆅࢎᄬϷྗ .......................................29
2.2! BCM ࢎᄬϷࢬำ ....................................................................36
ಃΟക Ҿ॥ᓀຑϷౣೕჄ .......................................................................42
3.1! Ҿ॥ᓀϩϷਢٯᇥܴ ..............................................................42
3.2! ᔼၮፂᔐϩ ..................................................................................51
3.3! ᔼၮុᆅౣೕჄ ..................................................................56
3.4! ൺচౣᒧ ..................................................................................63
ಃѤക Ҿុीฝว ...................................................................................70
4.1! ᆙ࡚ᔈᡂीฝೕჄ ..........................................................................70
4.2! Ӓᐒྎ೯ीฝೕჄ ..........................................................................71
4.2.1! ࡌҥӒᐒೀλಔ .............................................................72
4.2.2! Ӓᐒ٣ҹϐϩᜪ .................................................................73
4.2.3! Ӓᐒૻ৲ୀෳ .....................................................................73
I
- 2. 4.2.4! ӒᐒྗޑഢϷႣٛ .............................................................74
4.2.5! ҾӒᐒޑڋϷೀ .....................................................74
4.2.6! ӒᐒೀϐࢬำϷำׇ .....................................................75
4.2.7! ࡌҥӒᐒྎ೯ीฝ .............................................................76
4.2.8! ࡰࢴӒᐒ٣ҹวقΓ .........................................................76
4.3! ൺচीฝೕჄ ..................................................................................81
ಃϖക ၗྍྗഢǵෳ၂ᆶ૽ግ ...........................................................................87
5.1 ၗྍྗഢ………………………………………………………...…88
5.2! ᄽግᆶෳ၂ ......................................................................................89
5.3! ᇡޕᆶ૽ግ ......................................................................................92
5.4! ीฝᆢៈϷᡂ׳ᆅ ......................................................................95
ಃϤകʳ ่ፕ ...........................................................................................................97
ୖԵЎ ...................................................................................................................99
ߕᒵ ...........................................................................................................................101
ߕᒵ 1-1 XXX Ҿࡌ BCM ϣ.....................................................................101
ߕᒵ 1-2 XXX ߎϦљࡌᔼၮុीฝϐᡍ ...........................................105
ߕᒵ 2 Ҿ॥ᓀϩ ..........................................................................................132
ߕᒵ 3 BCM ᕮਏຑ߄.....................................................................................146
II
- 3. ߄Ҟᒵ!
߄ 1 ӄౚ্ؠൺচᆶᔼၮុೕჄ࣬ᜢݤೕ༼߄ ........................................14
߄ 2! FEMA CAR / NFPA 1600 / BSI PAS56 / DRII Professional Practices
ཷॊ ...............................................................................................................34
߄ 3! FEMA CAR / NFPA 1600 / BSI PAS56 / DRII Professional Practices
Кၨ߄ ...........................................................................................................36
߄ 4! Ҿ॥ᓀϐϣ఼ᆶਢٯϟಏ ........................................................................46
߄ 5! ॥ᓀᆅᆶᔼၮុᆅϐКၨ߄ ............................................................51
߄ 6! ᔼၮፂᔐϩޑԋ݀ीᆶՉБԄ ........................................................54
߄ 7! Ҿᔼၮфૈϩᜪጄٯ ................................................................................56
߄ 8! BCM ൻᕉύϐ RACI ୖᆶޣ.......................................................................69
߄ 9! Ӓᐒೀλಔᖄ๎ΓӜнጄٯ ................................................................72
߄ 10! Ӓᐒ٣ҹϐϩᜪ ..........................................................................................73
߄ 11! ҾӒᐒ٣ҹೀਡ߄...........................................................................78
߄ 12! ҾӢᔈ SARS ٣ҹӒᐒೀᖂܴዺጄٯ ..............................................80
߄ 13! ҾᔼၮൺচλಔҺ୍ጓಔ߄ ..................................................................82
߄ 14! Ӓᐒวғࡕ 24 λਔϣޑൺচࢬำ ............................................................84
߄ 15! Ӓᐒวғࡕ 7 Ϻϐൺচࢬำ ..................................................................85
߄ 16! Ӓᐒวғࡕ 7~14 Ϻϐൺচࢬำ ............................................................86
߄ 17! ᄽግࠠޑԄϷБݤ ......................................................................................90
III
- 4. კҞᒵ!
კ 1! AS/NZS 4360BCM ࣴᔕำׇ............................................................………18
კ 2! PAS56 ගр BCM ޑำׇ..............................................................................21
კ 3! BCM ᆶځдᆅीฝϐᜢ߯.......................................................................21
კ 4! BCM ϐൻᕉᆢៈკ......................................................................................23
კ 5! SPRING ϐᇡࢬำ .....................................................................................31
კ 6! ཥуڵᔼၮុʏ্ؠൺচ୍ܺٮᔈྗࢎᄬ ....................................33
კ 7! Ҿᔼၮុᆅ(BCM)ࢬำ.............................................................41
კ 8! ӚᅿҾ॥ᓀྍٰޑ ....................................................................................47
კ 9! Ҿ॥ᓀϩ ................................................................................................48
კ 10! ॥ᓀᆅኳԄ ..............................................................................................49
კ 11! ॥ᓀᆅᆶ BCM ޑᜢ߯(ᐞࢪ AS/NZS 4360 ॥ᓀᆅࢎᄬ) ................50
კ 12! Ҿᔼၮፂᔐϩᆶ॥ᓀຑޑၸำ ......................................................52
კ 13! Ҿᔼၮፂᔐϩࢬำᇥܴ ......................................................................53
კ 14! BCP ࢎᄬวၸำ......................................................................................57
კ 15! Ӓᐒೀϐࢬำ ..........................................................................................75
კ 16! Ӓᐒೀϐำׇ ..........................................................................................75
კ 17! BCM ޑёҔ܄ϐᆢൻᕉ.........................................................................87
IV
- 9. ࡕؠൺচπբǴԶගܹԿҾᔼၮύᘐ॥ᓀϐᆅǴаᡏ॥ᓀᆅೕჄࣁচ
߾Ǵය٬ԖਏஒեӒ্॥ᓀϷᔼၮ॥ᓀǴᙖԜڀᡏගܹౢࣚ୯ሞѱޑᝡݾΚǶ
1.3 ԖӜຒှញ
1. ቹៜ (Consequence)
ঁ٣ҹ่݀ޑǴаۓໆ߄ٰ܄ۓ܈ҢǴёૈࢂཞѨǵ্ǵ፝ᒲ܈ᕇճǶ
ঁ٣ҹԖӭόӕޑёૈ่݀Ƕ
2. ԋҁ (Cost)
ޔௗ܈໔ௗࢲޑཞѨǴੋϷҺՖॄޑय़ቹៜǴхࡴΑߎᒲǵਔ໔ǵമΚǵ
ϩǵ៉ǵࡹکݯคၗౢޑཞѨǶ
3. ٣ҹ (Event)
ঁۓਔයϣǴӧঁۓӦᗺ܌วғޑ٣ᄊǶ
4. ٣ҹᐋϩ (Event Tree Analysis)
ᅿБݤǶӧ٣ҹখวғޑਔংǴҔٰඔॊځёૈቹៜޑጄൎϷׇǶ
5. ѨਏኳԄϷቹៜϩ ( Failure Mode and Effect Analysis, FMEA)
ำׇǴҔٰϩسೌמϣወӧޑѨ௳ኳԄǶFMEAёаว
ԋࣁ܌ᒏޑȨѨਏኳԄǵቹៜϷᝄख़(܄criticality)ϩȩ(FMECA)ǶӧFMECA
ύǴঁѨ௳ኳԄਥᏵځวғޑᐒаϷځቹៜޑᝄख़ำࡋٰՉϩ
ᜪǶ
6. Ѩᇤᐋϩ (Failure Tree Analysis)
سπำБݤǴҔٰᇥܴόӕسޑݩᆶۓ٣ҹޑёૈ่݀ޣٿ
ϐ໔่ޑӝǶ
7. ᓎ (Frequency)
ঁ٣ҹޑวғǴаঁۓਔ໔ϣ၀٣ҹวғޑԛኧٰ߄ҢǶፎୖྣ
ᐒ܈کฅǶ
5
- 10. 8. Ӓ্ (Hazard)
ঁወӧޑཞ্܈ঁёૈԋཞѨޑ٣ᄊǶ
9. ᐒ (Likelihood)
ҔٰඔॊᓎϷ܈ฅޑჴሞኧॶǶ
10. ཞѨ (Loss)
ӧᔮځ܈дБय़܌วғॄޑय़ቹៜǶ
11. ᅱ࿎ (Monitor)
ۓයЪᝄӦᔠǵࡰᏤǵᢀჸϷइᒵࢲǵբس܈ޑၸำǴҞࢂޑ
ӧวᡂϯǶ
12. ಔᙃ (Organization)
ϦљǵҾǵځࢂ܈ڐдޑӝݤიᡏǴᏱԖԾρޑфૈϷᆅ่ᄬǴό
ፕࢂځցࣁݤΓಔᙃǴҭόፕࢂځϦৎد܈ΓᐒᄬǶ
13. ܈ฅ (Probability)
ঁۓ٣ҹ่݀ځ܈วғޑᐒǴаۓ٣ҹ่݀܈ӧ܌Ԗޑёૈ٣ҹ
่݀܈ύ܌՞ޑКٰ߄ҢǶ܈ฅࢂаϟܭ0ډ1ϐ໔ޑኧӷٰ߄ҢǴ0߄Ң
٣ҹόёૈวғǴ1߄Ң٣ҹۓวғǶ
14. ූᎩ॥ᓀ (Residual Risk)
Չ॥ᓀჹࡕ܌ഭΠޑ॥ᓀભǶ
15. ॥ᓀ (Risk)
ቹៜҞ٣ҹޑวғᐒǴаቹៜ่݀Ϸᐒٰෳໆ॥ᓀޑำࡋǶ
16. ॥ᓀௗڙ (Risk Acceptance)
،ۓௗڙঁۓ॥ᓀޑቹៜϷځวғޑᐒǶ
17. ॥ᓀϩ (Risk Analysis)
ԖسӦၮҔԖਏޑၗૻǴٰղᘐۓ٣ҹวғޑᐒځ܈ቹៜޑᝄख़ำ
ࡋǶ
6
- 11. 18. ॥ᓀຑ (Risk Assessment)
ঁхࡴ॥ᓀϩϷ॥ᓀຑໆޑၸำǶ
19. ॥ᓀೕᗉ (Risk Avoidance)
،ۓόੋϷԖ॥ᓀޑ٣ᄊǶ
20. ॥ᓀڋ (Risk Control)
॥ᓀᆅޑϩǴхࡴࡹǵྗᆶᡯޑՉϷᐒૈׯޑᡂǴаନ
܈फ़եόճޑ॥ᓀǶ
21. ॥ᓀπำ (Risk Engineering)
ஒπำᏢޑፕϷБݤᔈҔډ॥ᓀᆅǶ
22. ॥ᓀຑໆ (Risk Evaluation)
Ҕٰ،ۓ॥ᓀᆅӃࡕޑׇᡯǴஒ॥ᓀᆶ٣ӃޑۓڋྗКၨǴа
،ۓ၀॥ᓀޑભϷځд࣬ᜢҞǶ
23. ॥ᓀ୍ (Risk Financing)
Ҕٰٮᔈ॥ᓀჹ܌ሡޑҔаϷံշ॥ᓀ܌ٰޑ୍ཞѨǶ
ഢຏǺჹࢌ٤ౢԶقǴ॥ᓀၗߎѝхࡴံշ॥ᓀ܌ٰޑ୍ཞѨǶ
24. ॥ᓀዴᇡ (Risk Identification)
วёૈวғޑ٣ᄊϷځวғޑচӢکวғБԄǶ
25. ॥ᓀᆅ (Risk Management)
ࣁΑԖਏӦᆅёૈวғޑ٣ҹϷځόճޑቹៜ܌ՉޑᡯϷ่ᄬǶ
26. ॥ᓀᆅำׇ (Risk Management Process)
ԖسӦၮҔᆅࡹᆶำׇǴٰࡌҥࢎᄬǴаϷวǵϩǵຑໆǵೀ
ǵྎ೯ុکᅱ࿎॥ᓀǶ
27. ॥ᓀफ़ե (Risk Reduction)
ᒧ٬ҔמޑѯϷᆅচ߾ٰ෧ե॥ᓀځ܈ቹៜวғޑᐒǶ
28. ॥ᓀߥԖ (Risk Retention)
7
- 12. ཀߚ܈ཀӦ܍ᏼ॥ᓀ܌ԋޑཞѨǴࣁ܈ಔᙃϣޑނཞѨॄೢǶ
29. ॥ᓀᙯ༬ (Risk Transfer)
ၸҥݤǵӝऊǵߥᓀځ܈дБԄஒཞѨޑೢҺϷཞѨ܌ٰޑख़ᏼᙯ౽
๏ځдიᡏǶ॥ᓀᙯ༬Ψёаࡰᙯ౽ނ॥ᓀ(physical risk)ϷځϩǶ
30. ॥ᓀჹ (Risk Treatment)
ᒧ٠Չޑ॥ᓀೀБݤǶ
31. ௵གࡋϩ (Sensitivity Analysis)
ࢌঁႣෳॶׯᡂਔǴᔠीᆉ่݀ϷኳԄޑᡂϯǶ
32. ճ্࣬ᜢޣ (Stakeholders)
ჹܭ،ࢲ܈ǴڀԖቹៜΚǵёૈځڙቹៜǵ܈Ծᇡࣁёૈቹៜঁޑ
Γ܈ಔᙃǶ
33. ҾុБਢ(Business Continuity Program)
ঁҗၗుЬᆅЍԋҥόᘐՉࢬޑำǶЪࣁዴߥᒣ্ؠወӧཞѨቹ
ៜǴᆢៈёՉޑൺচౣǴᙖҗΓ૽ግǵीฝෳ၂Ǵᆢៈаዴߥ୍ܺёаᝩ
ុගٮϐൺচीฝޑѸाޑᡯՉԶԋҥǶ
34. ཞ্ຑȐDamage Assessmentȑ
্ؠჹΓǴჴᡏǴᔮǴԾฅၗྍቹៜޑຑሽ܈،ۓǶ
35. ্ؠ/ᆙ࡚٣ҹᆅБਢȐDisaster/Emergency Management Programȑ
ՉےԑǵᜫඳǵౣБଞکҞϷБਢکಔᙃᆅࢎᄬޑीฝǶ
36. ᐒᄬȐEntityȑ
Ԗ্ؠ/ᆙ࡚٣ҹᆅុکᔼၮೢҺ۬ࡹޑᐒᄬǴدΓϷѱϦљǴӝუ
٣Ǵߚᔼճᐒᄬځ܈дಔᙃǶ
37.ᔼၮፂᔐϩȐBusiness Impact AnalysisǴBIAȑ
ᆅ໘ቫჹܭᒣ഼ѨᐒᄬȐentityȑၗྍԋޑፂᔐޑϩǶԜϩᑽໆ
ၗྍ഼Ѩޑቹៜکᒿਔ໔ಕीޑཞѨǶ٠ගٮᐒᄬڀёࡋޑၗаࣁफ़եӒ
8
- 13. ্ǵൺচౣǵុکीฝ،ྗ୷ޑǶ
38. ্ؠ٣ࡺᆅس ȐIncident Management Systemȑ
ӧ্ؠᆶᆙ࡚٣ҹᆅޑჴ୍ǴჹܭۓၗྍᆅॄԖೢҺൂޑՏ܈ಔ
ᙃǴᔈӝڬځᜐࡼǵᐒᏔഢǵπǵբำׇᆶྎ೯БԄǴаԖਏֹԋ
࣬ᜢ্ؠ٣ࡺϐׯ๓ҞǶ
39. ෧ᇸȐMitigationȑ
ӧ܈্ؠᆙ࡚٣ҹวғ/วғࡕǴࣁ෧Ͽǵफ़ե٣ҹวғᐒǴ܈෧եᝄ
ख़ࡋ܌่݀܈௦ޑڗՉǶ
40. ࣬ϕ௱շڐȐMutual Aid Agreementȑ
٣Ӽ௨ӧΒঁ܈аޑᐒᄬ໔Ǵࣁ๏ϒڐ٣ΓڐշǴԶวр
ޑঁ٣Ӽ௨ڐޑǶ
41. ྗഢȐPreparednessȑ
ࣁЍජ܈ගଯ্ؠ/ᆙ࡚٣ҹޑ෧ᇸǴϸᔈکൺচǶԶӧ্ؠ/ᆙ࡚٣ҹว
ғǴࢲޑ܌ीฝس܈ޑวᆶՉǶ
42. ൺচȐRecoveryȑ
ࣁ٬ރᄊӣᙟډᐒᄬёаௗޑڙНѳǴ܌௦ҔޑՉکБਢǶ
43. ϸᔈȐResponseȑ
Ҕ্ؠܭϷᆙ࡚٣ҹᆅǴࣁ্ؠ/ᆙ࡚٣ҹрҥջکอයਏᔈޑՉǶ
44. ༈ϩȐSituation Analysisȑ
ຑཀѦ٣ҹޑᝄख़ࡋϷࡕ݀کၲ่݀ࢬޑำǶ
45. ൺচਔ໔Ҟ(Recovery Time Object)
Һ୍ᜢᗖࢲ܌ሡൺচޑਔ໔ҞǶ
46. ཀѦ٣ᡂ(Incident)
ࡰ٣ҹёૈԋҾय़ᖏᔼၮύᘐǴ܈٬Ҿుഐ॥ᓀნύǶ
47. Ьाᕮਏࡰ(Key Performance Indictor)
9
- 15. ಃΒകʳ Ҿᔼၮុᆅϟಏ
ӭޑӒᐒ٣ҹύǴӵ৮װ܀ᔐǵᏯځࢂޣ܈ݾдޑϺؠǴჹҾٰ
ᜤаᑃྐޑፂᔐǹӧҾϣࣗԿࢂٮᔈ೯ၡ܌य़ᖏϐወӧ॥ᓀǴஒჹҾ
ຝԖ࣮όޑـቹៜǴࣗԿჹܭҾҭวғᔼၮύᘐޑख़ε٣ҹǶ
Ҟᔼၮុᆅ(BCM)ςӧӄౚӭҾ܌ௗڙ٠௦ҔϐǴԶ BCM ځϣ
఼ࣁ॥ᓀᆅޑۺǴЪёගٮҾֹ๓ޑᔼၮǴ٠а҉ុวࣁҞǶ
2.1 ୯ሞ BCM ݩ
ШࣚሌՉीܭ 2001 ԃ 911 ϺӢଶЗᔼၮǵިѱೱុҶѱѤВǵ०ᐒଶ०
ࢃයǵҾኩଶΠൂǵԭԴ༊ϷᙍၮଶЗᄽрኧВǴᏤठऍ୯୯ϣғౢ
Лᚐ(GDP)෧Ͽ 250~350 ሹऍϡǹ1995 ԃВҁઓЊεӦǴࡌᑐނཞѨ 1,200 ሹ
ऍϡȐэ GDP ޑ 2.5%ȑ
ǴᔮࢲޑኩਔύᘐཞѨэ GDP ޑ 4%ǹ411 ѠႝคႣ
ଶႝԋԮࣽቷλਔཞѨၻ 15 ሹѠჾǶਥᏵीǴऍ୯Ҿӧय़ᖏόёႣ
යؠޑᜤϐࡕǴԖ 43%ޑҾவԜคݤख़ཥ໒ǴќѦޑ 29%ΨӧΒԃϣ่״
ᔼၮ
Ǵ
Զ೭٤ؠᜤᏤठޑႝတύᘐԃऍ୯Ҿ 40 ሹऍߎ
Ƕ
ќ٩Ᏽ Ontrack
Data Int’l, Inc. ϐϩᡉҢႝη୍ᔼၮύᘐཞѨࣁ 640 ऍߎ/λਔǵႝߞ೯ૻ
ᔼၮύᘐཞѨࣁ 32 ऍߎ/λਔǵҬ೯ၮᒡᔼၮύᘐཞѨࣁ 10 ऍߎ/λਔǶ
ԶਥᏵऍ୯ Gartner Group ޑፓวǴܭՋϡ 2005 ԃǴӄऍஒԖຬၸ 60%
ޑҾֹԋ BCM ࡌޑǴ٠ЪаӼፁ॥ᓀᆅࣁ୷ᘵǴՉҾύᘐ॥ᓀᆅǴ
ᙖԜڀᡏගܹౢᝡݾΚǹҾᔼၮុीฝ(Business Continuity Plan, BCP)ޑख़
ाǴёаவځวᐕำ࣮рᆄইǶ1960 ԃж҃යډ 1970 ԃж߃යǴҗܭႝတܺ
୍ᆶၗૻ(ೌמInformation Technology, IT)זޑೲԋߏǴᡣҾཀډ IT ύᘐёૈ
ჹܭҾᜢᗖၮբфૈԋᝄख़ፂᔐǴӢԜ IT ౢଞჹฯᡏǵ೬ᡏѳѠᆶᆛၡࢎ
ᄬՉ Single Points of Failure ϩǴයఈᆢᔼၮ҅தǶ1970 ԃж҃යǴٮᔈ
ࢂ׳ၸӝऊǴගٮႝတᔼၮύᘐൺচ୍ܺǶ1980 ԃжǴ׳ӭޣޑΕᜪ՟ IT
ᔼၮൺচ୍ܺ(Operational Recovery Services)Ǵځύനڀж߄ࢂޑ IBM ග܌ٮᒏ
ޑӄၩഢජ(Hot Site)Ǵڐշ࠼Њൺচख़ा(Major)ᆶᜢᗖ(Critical)ޑᔼၮфૈǶԿ
11
- 16. ϞǴ IT ᔼၮൺচ୍ܺςΕࣁ׳ቶޑݱҾᔼၮុीฝǶ
2000 ԃࡕ୯ሞ࣬ᜢྗхࡴǺम୯ᔼၮុ(ڐBusiness Continuity
Institute, BCI)ӧ 2002 ԃϦթȬᔼၮុᆅჴ୍Ћн(Business Continuity
ManagementǺGood Practice Guidelines)ȭ
ǵम୯ྗ(ڐBritish Standard Institute,
BSI) ӧ 2003 ԃϦթ PAS 56
ȬᔼၮុᆅࡰᏤᆜा(Guide to Business Continuity
Management)ȭᆶऍ୯୯ৎٛО(ڐNational Fire Protection Association, NFPA)ӧ
2000 ԃϦթ NFPA 1600Ȭ্ؠǵᆙ࡚٣ࡺᆅᆶᔼၮុीฝ(Standard for
Disaster/Emergency Management and Business Continuity Program)ȭ
ǶԶ୯ሞᔼၮ
ុᆅྗёϩࣁΟঁቫԛǴϩձࣁၗૻӼӄǵߎᑼӼӄᆶӄౢϐᔼၮӼӄǴ
ӄౚၮբൂޑՏϐ௶ॊӵΠǶ
1.ၗૻӼӄǺऍ୯ᖄ୍ٖݤ(USA Department of Justice)ϐٛጄѦઇᚯݤਢ
(Foreign Corrupt Practices Act)Ƕ
2.ߎᑼӼӄǺऍ୯ᖄٖ୯ิֽ(USA Internal Revenue Service)ϐऍ୯ᖄٖ୯ิֽբ
ำׇ 86-19 and IRS Procedure 86-19ǵऍ୯ᖄٖीᕴ(USA General
Accounting Office)ϐި౻ҬܰѱႝတӼӄڋೕۓ(GAO/IMTEC-91-56
Financial Markets: Computer Security Controls)ǵऍ୯ᖄٖߎᑼᇡہ
(USA Federal Financial Institutions Examination Council)ϐ FEIEC FILL-67-97
ǵ
ऍ
୯ ߎ ᑼ ܺ ୍ ж ϯ ݤ ਢ (Financial Services Modernization Act of 1999,
Gramm-Leach-Bliley Act) ǵम୯ࡹ(UK Financial Service Agency)ϐम୯ϣ
ᆅݤೕ(Turnbull Report: Combined Code on Internal Controls in the UK)ǵ३
ෝߎᑼᆅֽ(Hong Kong Monetary Authority)ϐᔼၮុीฝ(TM-G-2)ǵम୯
ࡹ (UK Financial Service Agency) ϐ ᔼ ၮ ॥ ᓀ س Ϸ ᆅ ࡌ ൔ
(Consultation paper: 142 Operational Risk Systems and Controls) ǵཥуߎڵᑼᆅ
ֽ(Singapore Monetary Authority of Singapore) ϐᔼၮុᆅࡰᏤᆜा
(Business Continuity Management Guidelines)Ƕ
3.ӄౢϐᔼၮӼӄǺу৾εࡹ(Treasury Board of Canada)ϐߥӄϷᔼၮុ
ᆅྗ(Security and Contingency Management Standard) ǵऍ୯ᖄٖᆙ࡚ᔈᡂ
ᆅᕴ(USA FEMA)ϐ(FEMA FRPG 01-94 1994) ǵऍ୯୯ৎٛОᏢ(USA
12
- 17. National Fire Protection Association)ϐ্ؠ٣ࡺ/ᆙ࡚ᔈᡂᆅϷᔼၮុीฝ
ྗ (Standard on Disaster/Emergency Management and Business Continuity
Programs) ǵу৾εख़ε୷ᘵࡼٛៈϷᆙ࡚ᔈᡂྗഢہ(Canada Office of
Critical Infrastructure Protection and Emergency Preparedness)ϐᔼၮុीฝࡰ
Ꮴᆜा(A Guide to Business Continuity Planning) ǵम୯ྗڐ(British
Standard Institute, BSI)ϐ PAS 56 Guide to Business Continuity Management)Ƕ
य़ჹᝄޑᕉნǴӃ୯ৎࣴᔕᔼၮុᆅྗǴவၗૻӼӄǵߎ
ᑼӼӄวԿӄౢϐᔼၮӼӄǶҞѠჹܭᔼၮុᆅسϐวၨࣁ
ୁख़ܭၗૻӼӄǴԜᆶ ISO 17799 ϐϷၗૻౢ܌ගٮϐഢජسᕉნԖ
ᜢǶନԜϐѦǴߎᑼӼӄᆶӄౢϐᔼၮӼӄۘคှ،БਢǶ୷ܭаϐԵ
ໆǴѠᔈᑈཱུࡌҥᔼၮុᆅسǴߦ୯ሞᝡݾᓬ༈ᆶӄౢୖᆶϐচ
߾ǴаၲԋബཥҾਏǵଯߕуሽॶᆶଯԋߏወΚϐҞǶ
߈ٰǴ୯ѦҾჹܭҁ୯ҾϐᔼၮᆅाҭВቚуǴځҞޑӧܭዴ
ߥٮځᔈϐ࣬ᜢౢࠔૈᛙۓၲԋࠔ፦୍ܺ܈НѳǹനதـΏ୯Ѧ࠼Њϐዽਡ
ाхࡴٮᔈࢂցࡌҥҾᔼၮុीฝȐBusiness Continuity Plan, BCPȑ
Ǵϩ୯ѦҾࣗԿܭዽਡൔύܴዴुрׯ๓යज़Ǵऩ҂ૈ಄ӝׯ๓ाǴ
߾ӈΕόӝٮᔈӜൂǶԶ୯ሞεࠠӆߥϦљΨВख़ຎ࠼ЊӧѮؠځࡕؠ
ࡕൺচૈΚǴԶຑ၀࠼Њӧᔼၮύᘐߥϐ࣬ჹ॥ᓀǴ٠၂ӝϸࢀܭ
ߥǶ
Ӛ୯ჹܭ BCM วϷՉཱུࣁՉЪ҅य़ǴЪ୯ሞԖᜢᔼၮុᆅ
ϐྗҭВᖿֹǴϩӃ୯ৎӵऍ୯ǵу৾εࣗԿஒ BCM ुࣁ୯ৎྗǴ
Զ࣬ၨа۳ଞჹၗૻౢϐ BCM วǴӚ୯֡ཀځۓကόىЪ႕Ǵ
ࡺჹౢϐ BCM Ԗܴ׳ዴЪֹϐᖿ༈Ǵӵ߄ 1 ܌ҢǴࣁӄౚ্ؠൺচᆶᔼ
ၮុೕჄ࣬ᜢݤೕ༼߄Ƕ
13
- 18. ߄ 1 ӄౚ্ؠൺচᆶᔼၮុೕჄ࣬ᜢݤೕ༼߄
ԃҽ ୯ৎ/ߐ ݤзೕക⁄ྗ Ҟޑ
1977 ऍ୯ᖄ୍ٖݤ
USA Department of
Justice
ٛጄѦઇᚯݤਢ
(Foreign Corrupt Practices Act )
„ ाϦҔ٣ᐒᜢޑᆅ໘
ቫሡॄೢჹႝတၗسග
ٮۓำࡋޑٛៈǶ
1986 ऍ୯ᖄٖ୯ิֽ
USA Internal
Revenue Service
ऍ୯ᖄٖ୯ิֽբำׇ
86-19
IRS Procedure 86-19
„ ҁݤೕҔ܌ԖҾǴ܌Ԗ
ႝတ࣬ᜢ୍ิޑၗሡڋ
ۓഢҽϷൺচิ୍ၗЎҹ
ޑाǶ
1991 ऍ୯ᖄٖीᕴ
USA General
Accounting Office
ި౻ҬܰѱႝတӼӄڋೕ
ۓ
(GAO/IMTEC-91-56 Financial
Markets: Computer Security
Controls)
„ ҁݤೕҔߎᑼ୍ܺǴा
ިۓڋ౻ѱޑႝတӼӄ
ࡰڋᏤᆜाǶ
1993 у৾εࡹ
Treasury Board of
Canada
ߥӄϷᔼၮុᆅྗ
(Security and Contingency
Management Standard)
„
„
ዴߥ୍ܺǵीฝϷᔼၮޑё
ڗҔ܄ǴхࡴߐᔼၮѸा
ϐၗૻǵނǵၗૻࣽמ
ഢǵΓϷࡼǶ
ྗѸाҞǺวϷෳ၂
ᔼၮൺচीฝǵՉ࠶ુϷ
॥ᓀຑǵϩߥӄૈໆǶ
1994 ऍ୯ᖄٖᆙ࡚ᔈᡂ
ᆅᕴ USA
FEMA
(FEMA FRPG 01-94 1994) „ ܌Ԗࡹ۬ߐϷᐒᄬॄޑೢ
ΓѸ҅ԄೕჄᆢځ
ߐѸाޑᔼၮբǶ
1997 ऍ୯ᖄٖߎᑼᇡ
ہUSA
Federal Financial
Institutions
Examination
Council
FEIEC FILL-67-97
Comptroller of Currency
BC-177 (1983, 1987)
superceded by EFIEC and
Federal Home Loan Bank
Bulletin R-67 (1986)
superceded by FEIEC
Inter-Agency Policy from
Federal Financial Institutions
Examination Council (FEIEC -
1989, revised and made stronger
1997)
„ ߎᑼ୍ܺޑϦљဠ٣ሡ
ॄೢዴᇡځϦљϷӚঁϩϦ
љࣣԖՉֹޑᔼၮൺচ
ीฝϷᔼၮᆢीฝǴ࣬ᜢ
Ѧх୍ޑቷΨሡुۓ
ՉֹޑᔼၮൺচϷᆢी
ฝǶ
14
- 19. ԃҽ ୯ৎ/ߐ ݤзೕക⁄ྗ Ҟޑ
1999 ऍ୯ ߎᑼ୍ܺжϯݤਢ
(Financial Services
Modernization Act of 1999,
Gramm-Leach-Bliley Act)
„ ҁݤਢाሌՉǵߥᓀ
ǵຓچᆢޑӼӄ
аִ๓ߥៈ࠼ЊޑӚၗ
ૻǴঁϦљ٩ځᔼၮೕ
ኳϷፄᚇࡋՉਜय़Ўҹၗ
ӼӄीฝǴхࡴᆅǵמ
ೌϷߥӄࡼҞǶ
1999 म୯ࡹ
UK Financial
Service Agency
म୯ϣᆅݤೕ
(Turnbull Report: Combined
Code on Internal Controls in the
UK)
„
„
ҁݤೕҔܭউඩچҬ
ܰ܌ວ፤ި౻ϐҾ
म୯ϣᆅݤೕೕۓी
ৣाԃۓයՉ॥ᓀᆅ
ϷࢬำޑڋЎҹϷᆅ
ቩǶ
2000 ऍ୯୯ৎٛОᏢ
USA National Fire
Protection
Association
্ؠ٣ࡺ/ᆙ࡚ᔈᡂᆅϷᔼ
ၮុीฝྗ
(Standard on
Disaster/Emergency
Management and Business
Continuity Programs)
„ ೭ྗࡌҥΑวǵՉǵ
ᆢ্ؠ٣ࡺᆅǵᆙ࡚ᔈ
ᡂᆅǵᔼၮុीฝޑӅ
ӕຑ୷ᘵǴа෧ǵೀ
্ؠ٣Ϸᆙ࡚٣ҹǶ
2001 у৾εख़ε୷ᘵ
ࡼٛៈϷᆙ࡚ᔈᡂ
ྗഢہ
Canada Office of
Critical
Infrastructure
Protection and
Emergency
Preparedness
ᔼၮុीฝࡰᏤᆜा
(A Guide to Business Continuity
Planning)
„ ගٮϦҔ٣ϷدΓҾ࣬
ᜢޑ၁ಒೕჄำׇϷЎҹၗ
ٰวᔼၮុीฝǴа
ዴߥӧᔼၮύᘐ্ؠ܈٣ࡺ
ਔǴᜢᗖޑᔼၮҞૈុ
ᆢၮբǶ
2002 ३ෝߎᑼᆅֽ
Hong Kong
Monetary Authority
ᔼၮុीฝ
(TM-G-2 Business Continuity
Planning)
„
„
ዴᇡߎᑼ୍ܺᇡёᐒᄬᔈ
ۓڋೕჄֹЪڀᡏёՉޑ
ᔼၮុीฝǴٰߥៈ܌Ԗ
ޑᜢᗖᔼၮ܌Ϸёૈߏޑ
ਔ໔ᔼၮύᘐნǶ
ߎ ᑼ ܺ ୍ ᇡ ё ᐒ ᄬ
(Authorized Institutions)ว
ϷՉᔼၮុीฝǴЪ
ሡԵໆёૈวғޑനᝄख़ؠ
15
- 20. ԃҽ ୯ৎ/ߐ ݤзೕക⁄ྗ Ҟޑ
্٣ࡺნǴٯӵǺࡌ
ᑐނϷຼᎁ୷ᘵࡼֹӄᄛ
྄ǵѨѐख़ाΓǵߏਔ໔
٬ҔഢජπբӦᗺǶ
2002 म୯ࡹ
UK Financial
Service Agency
ᔼၮ॥ᓀسϷᆅࡌൔ
(Consultation paper: 142
Operational risk systems and
controls)
„
„
ߎᑼ୍ܺѿԖคݤᗉխ
ޑᔼၮύᘐਔǴᔈԖೀؠ
্٣ࡺԋޑӚፂᔐϐྗ
ഢǴዴߥૈځᝩុᆢၮբ
а಄ӝݤೕޑाǴ೭٤ྗ
ഢᔈԵໆҾᔼၮޑឦ܄ǵ
ೕኳϷፄᚇࡋǴۓයՉෳ
၂Ϸ׳ཥځԖਏ܄Ƕ
ᔼၮ॥ᓀسϷᆅࡌख़
ᗺπբҞǺຑᔼၮύᘐ
ޑёૈ܄ϷፂᔐǵՉ࣬ᜢ
ྗޑഢ٣Ϸۓڋౣаᆢ
҅தᔼၮǵຑഢජӦᗺ
ޑ܄Ƕ
2003 म୯୯ৎྗڐ
UK British
Standard Institute
PAS 56 ᔼၮុᆅࡰᏤᆜ
ा
(PAS 56 Guide to Business
Continuity Management)
„
„
ࡌҥౣϷၮբࢎޑᄬǴᑈཱུ
ӦமϯҾᡏ፦Ǵ٬Ҿӧ
ၶډᔼၮύᘐ܈ཞѨ୍ܺϷ
ౢࠔਔǴΨૈᝩុᆢҾ
ᔼၮǶ
ҁࡰᏤᆜाҔ܌ԖಔᙃϷ
ౢǴЬाϣхࡴुۓᔼ
ၮុᆅࢬޑำǵচ߾ǵ
ߐҔᇟǴගٮᓬؼჴ୍ǵ
܌ሡՉޑӚբϷၮբ
ࡌǵຑ୷ᘵǶ
2003 ཥуߎڵᑼᆅֽ
Singapore
Monetary Authority
of Singapore
ᔼၮុᆅࡰᏤᆜा
(Business Continuity
Management Guidelines)
„ ܌Ԗߎޑᑼ୍ܺᐒᄬሡ
ՉϷᆢа॥ᓀࣁЬືޑ
ᔼၮុीฝࢎᄬǴ٠Եໆ
ࡕؠځൺচϷҾᔼၮុ
ޑૈໆᆶځҾᔼၮޑឦ
܄ǵೕኳϷፄᚇࡋǶ
16
- 21. аΠ൩ჹ୯ѦൂՏǴჹܭᔼၮុۓޑကᆶεཀՉϟಏǴхࡴǺ
1.ᐞࢪ/ફՋើ॥ᓀᆅྗ AS/NZS4360:1999
2.म୯ྗڐϐ PAS 56 ᔼၮុᆅࡰᏤᆜा
3.ऍ୯ٛО্ؠڐ٣ࡺ/ᆙ࡚ᔈᡂᆅϷᔼၮុीฝྗ(NFPA1600)
4.ISO 17799 ၗૻӼӄྗ
5.DRII BCP Professional Practices
6.ཥуڵᔼុᆅࢎᄬϷྗ
2.1.1 ᐞࢪʏફՋើ॥ᓀᆅྗ Australian Standard AS/NZS
4360:1999
AS/NZS 4360ࢂЬाࢂа॥ᓀႣٛۺཷޑբࣁҾុޑ٩ᏵǴ٠ගрᇡࣁؼ
ӳޑϦљݯᄊࡋёаࣁҾٰ҉ុᔼࠨޑᐒ
ǹ
ӧAS/NZS 4360ᇡࣁࡌBCM
ёаࣁၠ୯ޑ܄Ҿԋфၲډ॥ᓀᆅޑҞޑǵ٬ҾᗌӛԋфϷ҉ុҞޑబ
у׳εޑ០ΚǴკ1ࣁAS/NZS 4360ޑीฝࢬำǴӢԜAS/NZS 4360ჹܭBCM๏
ΑঁܴዴЪᙁाۓޑကǴۓځကࣁǺBCMёаගٮҾԖਏޑၗྍϷำׇаၲ
ډҾुޑۓЬाҞǶ
AS/NZS 4360:1999ځЬाࢎᄬӵΠǺ
1.ጄൎǵᔈҔᆶۓက
1.1 ጄൎ 1.2 ᔈҔ 1.3 ۓက
2.॥ᓀᆅޑѸഢచҹ
2.1 Ҟޑ 2.2 ॥ᓀᆅࡹ 2.3 ुۓीฝϷᝢഢၗྍ 2.4 Չीฝ
2.5 ᆅޑᔠ
3.॥ᓀᆅཷፕ
3.1 εᆜ 3.2 Ьाޑᡯ
4.॥ᓀᆅᡯ
17
- 22. 4.1 ࡌ ҥ ࢎ ᄬ 4.2 ॥ ᓀ ว 4.3 ॥ ᓀ ϩ 4.4 ॥ ᓀ ຑ ໆ
4.5 ॥ᓀჹ 4.6 ᅱ࿎Ϸᔠ 4.7 ྎ೯ڐک
5.इᒵ
5.1 εᆜ 5.2 इᒵޑচӢ
ᡯ> ࣴᔕ໒ۈ
ሡᕇளଯ໘ЬᆅޑЍ
ࡌҥҞہ
วᔼၮុࡹϷౣ
ᡯΒ> ॥ᓀϷલѨϩ
،ۓಔᙃԋфϐᜢᗖӢન
ղձᜢᗖำׇϷၗౢ
ᡯΟ> ่ӝᔼၮፂᔐϩ่݀
،ۓಔᙃӧคᜢᗖၗྍΠǴനε
ёᔼၮਔ໔
ᡯѤ> ۓကᔈᡂౣ
ᆙ࡚ᔈᡂ
ុᔈᡂ
ൺচၸำ
ᡯϖ> ၗྍᆶᜢೱ܄ഢޑว
ਥᏵၗྍഢϷځд࣬ᜢᖄޑ܄
ำׇǴٰ̉˿˾ۓڋ
ᡯϤ> ٩Ᏽᒧޑڗౣٰۓڋ
ុीჄ
хࡴسӈޑЍජЎҹϷഢٰ
ว˾˿̉
ᡯΎ> วᖄ่ౣ
ҔܭπǴѦቷϷٮᔈ
ᡯΖ> ᄽግ ᆢϷीჄෳ၂
ගݤٮೕϷीჄำޑׇᄽግǴ٬
ीฝֹ
ᡯΐ> ՉϷीჄว
ໆ
ෳ
Ϸ
ӣ
៝
ՖޣჹҾಔᙃࢂख़ाޑ
ՖޣӧᔼၮၸำύǴࢂ܌ሡ٩ᒘޑ
ϙሶࢂҾޑᜢᗖᔼၮၗྍ
ϙሶݩΠǴቹៜಔᙃޑԖਏᔼၮ
ϙሶݩΠǴፂᔐಔᙃޑԖਏᔼၮ
࡛ኬޑౣёаೀᅿნ
ा࡛ኬωૈԋфޑวϷၮҔBCP
კ1! AS/NZS 4360 BCMࣴᔕำׇ
18
- 23. ࡌBCMሡाԵໆӭӢનǴхࡴǺ
1. ᕕှಔᙃ܌ѸၲޑډᜢᗖҞ
2. ᠘ձಔᙃၶډᔼၮύᘐޑӢન
3. ෳ၂Ϸໆෳځд॥ᓀڋϷ॥ᓀߺ෧ޑౣǴځౣ่݀ޑሡाమཱΑှǶ
4. ᕕှҾाၲډᜢᗖޑҞ܌य़ᖏߔޑډᛖǶ
ඓඝΑॊޑచҹǴӧ٩ᏵҾಔᙃޑೕኳՉԖਏޑBCPࢬำޑวǴඤѡ
၉ᇥǴѝाඓඝΑচ߾ϐࡕǴѝाՉ٤ޑঅׯբǴ٠ុᆢᆶዽਡޑ
բǴ߾BCMёࣁҾಔᙃٰԋфᆶ҉ុᔼޑ០ΚǶ
ᐞࢪቩीමՉीǴीܭ2000ԃਔǴӧᐞࢪ܌ᖐᒤکҾᔼၮԖᜢ
ࣴޑǴ༼раΠჹܭҾᔼၮុԖቹៜޑӢનǺ
1. ൺচਔ໔ǺεӭኧޑҾಔᙃᇡࣁǴൺচਔ໔ऩຬၸ24λਔǴஒჹҾಔᙃ
ԖόёᑃྐޑቹៜǴ٠Ъᡏޑൺচीฝஒख़ཥՉෳਔǴаዴߥځёՉ
܄ǹѿൺচਔ໔Ͽܭ8λਔǴёჴൺচीฝޑёՉ܄Ƕ
2. ڐፓीฝǺхࡴीฝڐፓΓᆶڐፓہޑԋҥǴځЬाҞڐࣁޑፓӚߐӧ
ՉBCMਔᔈݙཀޑ٣Ǵ٠ЪჹBCMՉЎҹϯǶ
3. ᔼၮीฝǺӧᐞࢪԖ13.6%ޑҾಔᙃځᔼၮीฝԖՉЎҹϯϷीฝ
ǹԶ36%ޑҾಔᙃ٠ؒԖՉीฝޑෳ၂ǴԶॊࣣޣٿԖՉޑҾಔ
ᙃ9%Ǵ
ӢԜᐞࢪቩीाҾಔᙃՉीฝޑЎҹϯϷीฝෳ၂ٿ
πբǶ
4. ITុीฝޑႣᆉǺᐞࢪቩीමՉीǴҾಔᙃ2%ޑႣᆉ
ՉITុǴ܌аሡගଯԜБय़ޑႣᆉǶ
19
- 25. BCM)
(
Ҿᔼၮុᆅ
Θ Θ Θ Θ Θ
Θ Θ Θ Θ Θ
ؠ
ࡕ
ൺ
চ
!
୍
ᆅ
!
ٮ
ᔈ
ᆅ
ࠔ
፦
ᆅ
!
଼
ந
Ϸ
Ӽ
ӄ
ၗ
ૻ
ᆅ
!
ᆙ
࡚
ރ
ݩ
ᆅ
ߥ
ӄ
!
Ӓ
ᐒ
ૻ
৲
ޑ
ၲ
॥
ᓀ
ᆅ
!
კ2! PAS56ගрBCMޑำׇ
BCM ଞჹҾӧय़ჹౢࠔٮޑሡϷ୍ܺวғυᘋǵύᘐ܈ཞѨޑݩ
ਔϐِೲൺচૈΚǴࡌҥౣϷᏹբࢎޑᄬǶBCM όѝࢂӧ٣ࡺวғࡕ
ޑঁᔈᡂБݤǶBCM ѸΜჹঁҾӚБय़ޑୢᚒٰीฝ(ӵკ 3 ܌Ң)ǶҾ
ӧཀѦ٣ҹࡕޑൺচૈΚڗ،ܭҁޑيᆅϷᏹբߐǹ൩ӵӕೌמǴӧ
ࡌҥ BCM ीฝਔѸԖֹޑБݤǶ
ሦᏤ໘ቫ
BCM
ӒᐒᆅीჄ
ೌמൺচीჄ
ΓΚၗྍीჄ
܌ൺচीჄ
Ҿ҉ុᔼीჄ
πբୱൺচीჄ
ӒᐒᆅीჄ
ᜢᗖπ
ӵ۳தᔼၮ
ख़ཥଛπ
୍ཟ௱Ϸ
܌ൺচ
კ3! BCMᆶځдᆅीฝϐᜢ߯
21
- 27. კ 4 BCM ϐൻᕉᆢៈკ
ӢԜ٩ᏵॊޑϤঁᡯǴՉҾBCMࡌޑǴஒёࣁҾٰനӝᆶ
ന٫ޑ܄BCMǴ෧ϿҾय़ᖏ॥ᓀޑᐒǶ
ԜࡌᄬBCMϐำׇǵচ߾ϷҔೌᇟǴඔॊ࣬ᜢޑπբϷ่݀Ǵගٮჴࡼϐ
ࡌϷຑϐྗǶόᆅҾޑελ܈ߐޑӭჲǴPASҔ܌ܭԖޑҾǶ
2.1.3 ऍ୯ٛО্ؠڐ٣ࡺ/ᆙ࡚ᔈᡂᆅϷᔼၮុीฝྗ
(NFPA1600)
ԜЎҹ߯җऍ୯୯ৎٛ(ڐNational Fire Protection Association, NFPA)ڋ܌
ۓǹځೕጄ߯ӧࡌҥ্ؠᆅǵᆙ࡚٣ҹᆅکҾុБਢޑ೯߾Ǵ٠ග
ٮჹ্ؠǵᆙ࡚٣ҹᆅϷҾᔼၮុБਢޑྗǴёᙖаຑԖޑी
ฝϣ܈բࣁวǵჴࡼکᆢៈёႣٛǵᔈᡂǵ෧ᇸǵൺচ্ؠᆶᆙ࡚٣ҹ
ޑीฝǶ
ǵᔼၮុᆅϐۓက
্ؠ/ᆙ࡚٣ҹᆅϷҾᔼၮុი໗ࢂҗӭᐒᄬಔԋǴхࡴόӕቫભޑ
23
- 29. ڐ܈շБਢྗޑഢǴՉǴຑǴঅ҅ޑӝǶ
4. ҁہᔈхࡴБਢڐፓΓڀکഢаΠచҹޑΓǺڀԖӝکҁᐒᄬޕ
ǴϷԖૈΚᒣᐒᄬύЬाфૈୱၗྍޑΓǶЪҁہᔈቻޑჹ
ѦวقǶ
5. Бਢຑ ᐒᄬᔈჹБਢाનࡌҥᕮਏҞǴ٠ۓයຑǶ
6. ၀ᐒᄬᔈᙖҗۓයᔠຎǴෳ၂Ǵ٣ࡺࡕᔠൔǴᒱᇤᏢಞǴᕮਏᑽໆǴکᄽ
ግٰຑБਢޑीฝǴำׇǴфૈǶ
(1)ᄽግᔈࣁෳ၂ঁձѸााનǴԖ࣬ϕᜢ߯ޑाન܈ঁीฝԶीǶ
(2)ำׇᔈࡌҥǴаዴߥຑБਢᒣрόىϩޑঅ҅ՉǴ௦ڗЪঅ҅
࣬ᜢБਢीฝǶ
Οǵ॥ᓀຑ
ֹޑ॥ᓀຑǴёᒣወӧፂᔐᐒᄬǴᎃ߈ୱǴ܈Ѝᐒᄬ߈ߕޑख़
ाࡌޑӒ্Ǵ࠶ુ܈Ӓᓀ٣ࡺǶӒ্ǵ࠶ુ܈Ӓᓀ٣ࡺޑወӧፂᔐǴڗ،ঁܭ
ձᝄख़ࡋϷΓǵౢǵᔼၮϷᕉნǴჹܭय़ᖏӒ্ǵ࠶ુ܈Ӓᓀ٣ࡺޑ১ᗺǶ
॥ᓀຑਥᏵӒ্Ǵ࠶ુ܈Ӓᓀ٣ࡺдॺ࣬ჹޑᓎϷᝄख़ࡋуаϩᜪǶाݙ
ཀࢂޑǴԖёૈӸӧӭჹঁܭձҞԶقǴᓎϷᝄख़ࡋޑወӧಔӝǶᐒᄬ
Ҿკ෧ϿǴྗഢǴೕჄуаϸᔈǴவٗ٤ёૈᝄख़ፂᔐΓǴౢǴᔼၮǴᕉნ
ϷᐒᄬҁޑيӒ্Ǵ࠶ુ܈Ӓᓀ٣ࡺࡠൺǶ
1. Ԗ٤ᙁܰ܈ፄᚇޑ॥ᓀᑽໆޑБೌמکݤǶ೭٤࣬کೌמᜢޑှញЎҹхࡴ
ՠόज़ܭаΠǺ
(1) ଷݩރ
(2) ᔠ߄
(3) ଷݩރᔠ߄
(4) Ӓ্Ϸёᏹբ܄ᔠ߄(HAZOP)
(5) ѨਏኳԄϷਏᔈϩ(FEMA)
25
- 31. 2.1.5 DRII Professional Practices
ҁЎҹࢂҗϖεക܌ಔԋǴхࡴBCMཷޑाǵЬाᔼၮុीฝޑၗૻǵ
ीฝޑᆅᆶᆢǵीฝෳ၂ᆶෳ၂ൔǴϷߕᒵǶ
ǵBCMཷा
ҾటࡌֹޑBCMǴ߯ၸӭᡯǴൻׇᅌӦՉࡌǴ୷ځҁ
ᡯхࡴǺ
1. ीฝޑബۈᆶڋ
2. ॥ᓀຑᆶڋ
3. ᔼၮፂᔐϩ
4. วൺচౣ
5. ᆙ࡚ᔈᡂϷڋБݤ
6. ᆶࡹ۬ൂՏϷϣҾ໔ڐޑፓπբ
ਥᏵDRIIϐBCPࡰࠄࡰрǴҾޑBCPሡाΠॊޑϡનޑЍǴٰᆢ
ᡏBCMֹޑϷҔ܄ǴϡનхࡴǺ
1. ीฝޑᇡޕᆶෳ၂ࢬำ
2. ीฝޑᆢϷᄽግࢬำ
3. Ϧ໒ޑӒᐒڐፓہ
ΒǵЬाᔼၮុीฝޑၗૻ
ᔼၮុᆅБਢ೯தёаவಔᙃౣय़ǵբࢬำय़ᆶၗྍڗளय़ԵໆǶ
ಔᙃౣय़ЬाԵໆᔼၮኳԄǴԖᔼၮ/ഢජኳԄ(Active/Backup Model)ǵϩ໒ᔼ
ၮኳԄ(Split Operation , Active/Active Model)ᆶ፺ࢬ٬ҔኳԄ(Alternate Site Model)
27
- 32. ΟᅿǶ
բࢬำय़ᆶಔᙃӚ୍ൂՏޑфૈکҾᜢᗖೀࢬำԖᜢǴٯӵ౻ᏵҬ
ඤԾϯЍбೀس(Clearing House Automated Payments System, CHAPS)ёૈ
ۓڋȨज़ܭගߎٮᑼӕϺϣϐεᚐЍбࡰз୍ܺȩࣁځբࢬำय़ౣǶ
ၗྍڗளय़୷ҁᆶ୍ፂᔐϩԖᜢǴٯӵӧᔼ܌ൺচԵໆǴಔᙃ
ᔈԵໆѳਔϩ໒բޑӚ୍ൂՏؠܭᡂਔࢂցёаӝٳӧӕӦբǴӆᒧ
ឦԄ(ޜ໔ελǵӦᗺǵԾࡌ܍܈ચ)ǵϕඁӅ٦/ᛝऊߥৢԛБԄǵӅ٦/ᛝ
ऊҙፎБԄ(հԄǴග୍ܺٮቷၗྍϩଛֹࡕǴѝૈࣹᛗΑ)ᆶՉԄൺচБਢ
ӦڗளБԄǶฅǴ٩ྣ୍ፂᔐϩ܌ሡၗྍۘхࡴΓΚၗྍǵߎࢬໆǵ
೯ૻǵᒤϦࡼǵႝတഢځکдၗྍǴ่ӝӚᅿૼہೀ(Sourcing)Ǵคፕࢂ
ہѦೀ(Out-Sourcing)ہ܈ϣೀ(In-Sourcing)ࢂԵቾޑӢનǶ
Οǵीฝᆅǵෳ၂ᆶᆢ
ᔼၮុᆅᔈӢᔈѦӧ܈ϣբᕉნϐᡂϯǴۓයՉᔠϷෳ၂Ǵ٠
җ٩Ᏽෳ၂่݀ՉѸाϐঅुǴஒෳ၂่݀ϷঅुϣևൔഢǶ
ෳ၂ҞޑӧܭᎡុ୍ڰၮբीฝុޑԖਏ܄ǴዴߥՏୖᆶӣൺբ
ޑԋ֡ૈֹӄᕕှҞុ୍ޑౣǵीฝᆶำׇǴዴᇡёၲԋुޑۓӣ
ൺҞǴפрӣൺำׇύӸӧѸှ،ޑޑୢᚒǶ
ෳ၂ޑᅿᜪԖೌמӣൺำޑׇરኳᔕբǵჹؠᡂ٣ҹޑϸᔈำޑׇ
ኳᔕෳ၂ǴΓϐҬ೯ीฝǴᆛၡೱጕޑᙯௗෳ၂Ǵᆅำޑׇኳᔕરෳ၂Ƕ
ෳ၂ޑБݤԖଞჹӚᅿёૈݩރՉዬᄽȐճҔύᘐ٣ҹፕӵՖӼ௨
ࡠൺᔼၮǴዽਡǵᡍᆶዴᇡȑǵኳᔕෳ၂Ȑձଞჹ٣ࡺ܈Ӓᐒวғࡕϐ࣬ᜢ
ॄೢΓՉ૽ȑ
ǵ܄ೌמൺচϐෳ၂
ȐዴߥၗૻسૈԖਏࡠൺȑ
ǵჴሞ(Live)
ൺচᄽግෳ၂ǵٮᔈࡼϷ୍ܺϐෳ၂ȐዴߥѦٮᔈቷ܌ගٮϐ୍ܺکౢ
ࠔ಄ӝӝऊύϐೕۓȑǵჴሞኳᔕϐคႣ(Unannounced)ෳ၂ȐаჴӦᄽግෳ၂
ಔᙃǵΓǵഢکำࢂׇցૈᔈбჴύᘐݩȑǶ
ฅǴෳ၂܌ሡϐෳ၂ीฝᆶ่݀ᔠѸЎҹᒵǴុ໒วׯ๓ࡼǴ
28
- 34. ¾ ႴᓰՠόமڋӚߎᑼᐒᄬ௦ҔᔼၮុᆅࡰᏤᆜा
ཥуڵࡹஒࡌҥᔼၮុᆅՉЋн٠ۓයዽਡӚߎᑼᐒᄬǶ
ΒǵཥуڵྗғౢΚϷബཥวֽ(Standards, Productivity, and Innovation
Board, SPRING)Ǻ
ܭ 2004 ԃϦթҾᔼၮុᆅᇡᐒ(ڋBusiness Continuity Management
Certification)ǴаமϯཥуڵϦ୍ᐒᜢϷدΓҾӧᆢځᔼၮόύᘐૈޑໆǴԜ
ᇡᐒࢂڋਥᏵ SPRING ܌Ϧޑᔼၮុᆅྗ(Standard on Business
Continuity Management)ࣁ୷ҡǶ
ԜᇡᐒޑڋᆒᡎӧܭҗҙፎൂՏޑՉߏ(Chief Executive Officer)ዴᇡځ
ൂՏՉᔼၮុᆅޑԋਏǴᝤҗҙፎൂՏԾՉᔈҔᔼၮុᆅᇡᔠਡ߄
ӃՉਡځပჴำࡋǴӆஒ܌Ԗ࣬ᜢᇡҙፎ߄ϷЎҹډ SPRINGǴҙፎൂՏ
಄ӝϷֹԋਜय़ቩำࡕׇǴҗ SPRING ࢴрᔼၮុᆅຑλಔՉዽ
ਡǴऩ၀ൂՏ೯ၸᔼၮុᆅዽਡǴ߾җ SPRING ሦวཥу۬ࡹڵᇡϐ
ᔼၮុᆅၗǴԖᜢᇡҙፎፎୖ᎙ΠЎǺ
1.ҙፎᔼၮុᆅᇡၗǺ܌ԖϦ୍ᐒᜢϷدΓҾ֡ёගрҙፎǴՠ௨ନ
рαຩܰϦљǴدΓҾҙፎਔځҾӧཥуڵԖᔼၮ٣ᕮϷᒵǶ
2.ၗज़ڋǺҾი܌ឦηϦљӧҙፎ SPRING ᇡਔѸ಄ӝΠӈाǺ
(1) ηϦљѸࣁჴሞᔼϐҾǴϦљѸԖܴዴޑಔᙃࢎᄬɡϦљೕകϷԃ
ൔǶ
(2) ηϦљሡڀԖԾݯᆅϷҺᔼ໘ቫǴٰՉҾٯՉ܄ᆅǶ
(3) ηϦљѝॄೢՉЍජҾი୍ۓǴӵՉᎍǵҾჄǵ࠼ܺǵࣴวǵݤ
୍ǵ௦ᖼǵ୍ϷΓΚၗྍᆅǴ߾ό಄ӝҙፎၗǶ
3.ҙፎᇡЎҹǺ܌ԖҙፎЎҹ֡ሡҗҾՉߏᛝӜаҢॄೢǴҙፎЎҹሡྗ
ഢԄΟҽǴ܌ሡЎҹхࡴǺ
(1)ֹޑᔼၮុᆅᇡҙፎਜ
30
- 36. 7.ྗഢᔼၮុᆅЋн
Ǻ
ගٮ BCM ЋнޑҞޑӧܭ٬ዽਡΓᕕှҙፎൂՏޑ
ᔼၮុᆅᆅسǴࢂࡺᔼၮុᆅЋнᔈԖΠӈΎεҞၗЪόᔈ
ຬၸ 50 ।Ƕ
(1)ᜫඳ/Һ୍ᇥܴ
(2)ᔼၮុᆅࡹϷҞ
(3)ख़ाᔼၮൂՏ܈фૈޑಔᙃࢎᄬ
(4)ख़ाᔼၮࢬำკ
(5)ҙፎᇡൂՏӵՖமፓᔼၮុᆅޑϖε໘ࢤϐख़ाҞ
(6)ᔼၮុᆅسޑीฝǵำࢬ܈ׇำϐϕϷᜢ߯კ
(7)׳ཥϷᆅᔼၮុᆅЋнǵीฝǵำׇϷЎҹၗϐᇥܴ
8. ᔼၮុᆅᇡᔠਡ߄Ǻځख़ाҞӅԖ 12 εǴϩձࢂǺ
(1)ᆅᐒڋ
(2)ᅱᐒڋ
(3)॥ᓀຑ
(4)ᔼၮፂᔐϩ
(5)ᔼၮុౣᒧҔ
(6)ҥջᔈᡂीฝ
(7)ᔼၮុीฝ
(8)ᕕှᔼၮុᆅ
(9)ᔼၮុᆅ܍ᒍ
(10)ෳ၂Ϸᄽግ
(11)ᆢៈ
(12)ዽਡ
Ο ǵ ཥ у ڵ ၗ ૻ ႝ ߞ ว (Info-communications Development Authority of
32
- 37. Sinagpore, IDA)Ǻ
Ϧթϐཥуڵᔼၮុʏ্ؠൺচ୍ܺٮᔈྗ(Singapore Standard
for Business Continuity/Disaster Recovery Service Providers)
1. ҞޑǺࠆॶཥуڵᔼၮុʏ্ؠൺচ୍ܺౢǴࡌҥྗٰೕጄٮᔈ
୍ܺޑભϷനեഢሡǴၸᇡϷዽਡٰࡋڋᆢ୍ܺࠔ፦Ǵаڐ
շҾᒧന಄ӝԋҁԵໆޑБਢǴफ़եہѦޑ॥ᓀǴаߥምҾၗౢϷ
ዴߥҾᔼၮϐុǴᔼၮុʏ্ؠൺচ୍ܺٮᔈྗࢎᄬӵკ 6 ܌
ҢǶ
კ 6 ཥуڵᔼၮុʏ্ؠൺচ୍ܺٮᔈྗࢎᄬ
2. ࢎᄬ
¾ ᔼុʏ্ؠൺচೕጄǺၗౢᆅǵᕉნᛙ܄ۓǵ্ؠൺচ୍ܺ
܍ચКٯǵफ़ե࠼Њ॥ᓀǶ
¾ ᔼុʏ্ؠൺচٮᔈϐ୍ܺϷೌמाǺޕϷᡍǵഢ
Ϸᔼၮྗഢǵ্ؠൺচЍජǵᆙ࡚ᔈᡂीฝǵ্ؠൺচλಔ૽ግෳ၂Ƕ
¾ ্ؠൺচ֟ाǺႝߞسǵႝΚٮᔈسǵٛسǵߥӄس
Ƕ
3. ଛࡼ
33
- 38. ¾ ᗎፎࣚୖᆶྗวၸำǺԋҥྗπբλಔǴᗎፎӚᜪٮᔈǵ៝
ୢϦљǵߚࣦճಔᙃǵࡹ۬ߐуΕǴӅӕࣴᔕྗǶ
¾ ྗϦթਔำ 2004 ԃ 3 ДֹԋਢǴ2004 ԃ 10 ДϦթ҅Ԅྗ
ஒFEMA CARǵNFPA 1600ǵBSI PAS56ϷDRIIȐDisaster Recovery Institute
International ,୯ሞ্ؠൺচڐȑϐྗϣ఼ᆶৡ౦༼ӵ߄2܌ҢǴ٠ஒ೭Ѥ
ྗՉϣೕጄޑКၨǴ༼ӵ߄3Ƕ
߄2 FEMA CAR / NFPA 1600 / BSI PAS56 / DRII Professional Practicesཷॊ
ൂՏ~ ϣ఼
ऍ୯ᖄٖᆙ࡚ᔈᡂᆅᕴ
ϐFEMA FRPG01-94 1994
ҁೕ߾ࢂӧࡌҥᆙ࡚ᔈᡂسǴа॥ᓀᆅࣁ୷ᘵǴࣁҾӧय़ᖏ
॥ᓀਔǴᗉխᔼၮڙၸεޑፂᔐࣗԿύᘐǶ
ऍ୯୯ৎٛОڐϐ্ؠ٣
ࡺ/ ᆙ࡚ᔈᡂᆅϷᔼၮ
ុीฝྗ
ҁྗೕጄ߯ӧࡌҥ্ؠᆅǵᆙ࡚٣ҹᆅکҾុБ
ਢޑ೯߾Ƕ
ҁྗೕጄҞޑӧගٮჹ্ؠǵᆙ࡚٣ҹᆅǵҾុБਢॄ
ԖೢҺޑΓྗǴ٠ᙖаຑԖޑीฝϣǴ܈բࣁวǴჴ
ࡼکᆢៈёаႣٛǵᔈᡂǵ෧ᇸǵൺচک্ؠᆙ࡚٣ҹޑीฝǹ
ҁೕጄᔈҔܭϦӅϷ҇໔ޑीฝǶ
म୯ྗڐϐPAS 56 ᔼ
ၮុᆅࡰᏤᆜा
Ԝ PAS ࢂҔܭ BCM ᆅޣǴΨ൩ࢂӧҾύૈஒዴჴӦѐ
Չ BCM ЪᆅޑΓǹঁ BCM ᆅޣѸຑԜ PAS ܌ගٮ
ࡰޑᏤБଞᔈҔܭҁ܌يᏱԖਔϐሽॶǶ
܌ԖޑҾҭڗ،ځܭдӢનٰᆢٮᔈ(ගٮౢࠔ୍ܺ܈๏࠼
Њ)ǶBCMҔܭᐉၠҾӚߐϷ࠼Њϐ໔ޑϩНᔂǶाၲډঁԖ
ਏёՉޑBCMीฝǴ߾PASޑวࢂᇡࣁࢂѸഢޑǶӢࣁPASޑҞޑ
ӧܭගٮঁֹࢎޑᄬϷࡰᏤচ߾
Ƕ
ԜPASख़ӧBCM life-ᐞύϷำ
ޑׇϤঁ໘ࢤǶ
୯ሞ্ؠൺচڐϐᔼၮ
ុीฝϐࡰࠄ
(A Professional’s Guide to
the Contents of a BCP)
DRIIගрֹ๓ޑBCPǴࡪ൩ӦՉೕჄǴځᡯӵΠॊǺ
1. ߃යҞޑዴۓ
2. ॥ᓀຑϷڋ
3. ᔼၮፂᔐϩ
4. วൺচౣ
5. ᆙ࡚ᔈᡂᐒڋ
6. ϦΚՉڐፓ
7. วϷࡌᔼၮុीฝ
8. ำޑׇᇡޕϷෳ၂
9. BCPޑᆢϷᄽግ
10. ಔᙃᆶϦӅᜢ߯ϷӒᐒڐፓ
34
- 39. ߄3 FEMA CAR / NFPA 1600 / BSI PAS56 / DRII Professional PracticesКၨ߄
ᆙ࡚٣ҹᆅфૈ
(CAR Emergency
Management Functions,
EMF)
NFPA 1600 Standard
্ؠ/ᆙ࡚٣ҹᆅϷҾ
ᔼၮុБਢ
(Disaster/Emergency
Management and Business
Continuity Programs)
BSI PAS 56:2003Ҿ
҉ុᔼࡰࠄ
(Guide to Business
Continuity
Management)
DRII BCP Professional
Practices
ɡ
Бਢᆅ(Program
Management)
BCMीฝᆅ
(BCM Program
Management)
Бਢଆۈᆶᆅ(Project
Initiation and
Management)
ɡ ٣(General) ཷፕ(Overview) ɡ
ࡓݤϷЬᆅᐒᜢा
(Law and Authorities)
ࡓݤϷЬᆅᐒᜢा(Laws
and Authorities)
ᕕှாޑᔼၮ
(Understanding your
Business)
ϦӅᜢ߯(Public
Relation)
Ӓᐒڐፓ(Crisis
Coordination)
ᆶࡹ۬ᐒᜢڐፓ
(Coordination with
Public Authorities)
Ӓ্ᒣǴ॥ᓀຑ
(Hazard Identification
and Risk assessment)
Ӓ্ᒣǵ॥ᓀຑکፂᔐ
ϩ(Hazard Identification,
Risk Assessment and Impact
analysis)
ᕕှாޑᔼၮ
(Understanding your
Business)
॥ᓀຑໆᆶ(ڋRisk
Evaluation and Control)
Ӓ্ߺ෧(Hazard
Mitigation)
Ӓ্ߺ෧(Hazard
Mitigation)
ၗྍᆅ(Resource
Management)
ᖄٛϕշ(Mutual Aid)
ᕕှாޑᔼၮ
(Understanding your
Business)
॥ᓀຑໆᆶ(ڋRisk
Evaluation and Control)
ᔼၮፂᔐϩ(Business
Impact Analysis)
วBCPౣ
(Developing Business
Continuity Strategies)
ೕჄ(Planning) ೕჄ(Planning) ᕕှாޑᔼၮ
(Understanding your
Business)
BCMϐౣ
(Business Continuity
Strategies)
Бਢଆۈᆶᆅ(Project
Initiation and
Management)
॥ᓀຑໆᆶ(ڋRisk
Evaluation and Control)
ᔼၮፂᔐϩ(Business
Impact Analysis)
วBCPౣ
(Developing Business
Continuity Strategies)
วᆙ࡚ᔈᡂᆅᆶၮ
բ(Emergency Response
and operation)
วᆶࡌ(Developing
and Implementing BCP)
ࡰචǵڋϷڐፓ
(Direction, Control and
Coordination)
ࡰචǵڋϷڐፓ
(Direction, Control and
Coordination)
BCMीฝޑวᆶ
ჴࡼ(Development
and Implementing
BCM Plan)
ᆙ࡚ᔈᡂᆅᆶၮբ
วᆶࡌBCP
ྎ೯Ϸൔ
(Communication and
Warning)
ྎ೯Ϸൔ
(Communication and
Warning)
BCMीฝޑวᆶ
ჴࡼ(Development
and Implementing
BCM Plan)
ᆙ࡚ᔈᡂᆅᆶၮբ
วᆶࡌBCP
բϷำ(ׇOperation
and procedure)
բϷำ(ׇOperation and
procedure)
BCMीฝޑวᆶ
ჴࡼ(Development
and Implementing
ᆙ࡚ᔈᡂᆅᆶၮբ
วᆶࡌBCP
35
- 40. ᆙ࡚٣ҹᆅфૈ
(CAR Emergency
Management Functions,
EMF)
NFPA 1600 Standard
্ؠ/ᆙ࡚٣ҹᆅϷҾ
ᔼၮុБਢ
(Disaster/Emergency
Management and Business
Continuity Programs)
BSI PAS 56:2003Ҿ
҉ុᔼࡰࠄ
(Guide to Business
Continuity
Management)
DRII BCP Professional
Practices
BCM Plan)
ࡕ༇ЍජϷࡼ
(Logistics and Facilities)
ࡕ༇ЍජϷࡼ(Logistics
and Facilities)
BCMϐౣ
(Business Continuity
Strategies)
วBCPౣ
วᆶࡌBCP
ᇡޕᆶ૽ግ(Awareness
and Training)
૽ግ(Training) ૽ግ(Training) BCMЎϯࡌޑҥᆶ
ుϯ(Building &
Embedding a
Continuity Culture)
ᇡޕᆶ૽ግ(Awareness
and Training)
ᄽግǵຑໆکᕖ҅Չ
(Exercises, Evaluation
and Corrective Actions)
ᄽግǵຑໆکᕖ҅Չ
(Exercises, Evaluation and
Corrective Actions)
BCMϐᄽግǵᆢៈᆶ
ዽਡ(Exercising,
Maintenance &
Audit)
ᆢៈϷᄽግBCP
Ӓᐒྎ೯ϷၗૻϦ໒
(Crisis Communications,
Public Education and
Information)
Ӓᐒྎ೯ϷၗૻϦ໒(Crisis
Communications, Public
Education and Information)
BCMޑीฝวᆶ
ჴࡼ()
ᆶࡹ۬ᐒᜢڐፓ
୍کՉࡹᆅ
(Finance and
Administration)
୍کՉࡹᆅ(Finance
and Administration) ɡ
Бਢଆۈᆶᆅ
CAR: Capability Assessment of Readiness, BSI: British Standards Institution, DRII: Disaster Recovery
Institute International, NFPA: National Fire Protection Association
2.2 BCM ࢎᄬϷࢬำ
BCM ࢎᄬϷࢬำЬाჴࡼᡯᇥܴӵΠǺ
ǵीฝྗഢයǺ
ीฝྗഢ໘ࢤѸӃՉࣴᔕᆶࡌҥࡹ(Policy)
Ǵ
٠ᇥܴीฝᔕ఼
ᇂϐጄൎ(Scope)ελ
ǵ
ϐಔᙃ(Organization)ೕኳᆶၗྍ(Resources)
ӭჲǶीฝྗഢ໘ࢤЬाπբхࡴǺ
ଆۈ(Kick-off Meeting)ǺำೕჄхࡴҾଯቫۓကՉጄ
ൎϷዴᇡπբਔำǵीฝՉཷݩᇥܴǴаϷ࠹ҢϷ߄ၲȨҾᔼၮ
ុीฝȩޑՉ،ЈǶ
୷ҁၗԏǺ୷ҁၗԏϣхࡴǺᇙำׇǵғౢ௨ำǵ
ౢࠔሽॶஏࡋǵٮᔈᗗᆅǵ॥ᓀၗૻǵҾၗߎ୍ᆅǵಔᙃࢎ
ᄬᆶӚߐфૈǵ࠼Њϐा……࣬ᜢၗǶ
36
- 41. ࢎᄬҾᔼၮុᆅ(BCM)λಔхࡴ: (1)ࡰۓᔼၮុी
ฝᕴєΓǴаჹϣϷჹѦϐᖄᛠྎ೯ᆅၰǴϷᆅीฝࡋϷ
ԋҁǶ(2)ዴᇡӚߐೢᅿηΓǴёࡰࢴߐၗుΓ܈ߐЬᆅǴ
ᏼҺᔼၮុीฝೢΓǴаڐշϦљ BCM ीฝǶ
ΒǵࢎᄬೕჄයǺ
२Ӄၸଯ໘Ьᆅޑჹ၉ǴΑှҾᔼၮޑᇻඳǵࡹǵҺ୍Ǵ
аճܭᔑჄࡕុ BCM ࢎᄬǴх֖॥ᓀຑǵᔼၮፂᔐϩϷ BCM
ნᒧҔǴ٠ࡌҥ࣬ᜢᇶᏤ߄ൂǶ
1.॥ᓀຑ(Risk Assessment, RA)໘ࢤǺ
॥ᓀຑޑҞࢂޑଞჹҾύޑނၗౢǵҾຝǵ៉ǵΓ
ΚၗྍϷኪ៛(ϣᆶѦ)॥ᓀǴၸӒ্᠘ࢬޑำǴϩ॥ᓀ
܌ӧՏϐӒ্ރᄊǴ٠ຑԏҾ໘ࢤϐӚᅿႣٛᐒڋϷफ़ե
܈෧(Mitigation)Ӓ্॥ᓀჹҾϐፂᔐ܌ՉޑϩၸำǶ၀ϩ
ࢬำхࡴว॥ᓀຑБݤǵղۓᐒྗǵຑϷ༼Ҿᔼၮወӧ॥
ᓀᆶ࠶ુǵᒣࡽԖٛៈᐒڋǵ॥ᓀ෧ᐒڋᆶԋҁϩǶ
2.ᔼၮፂᔐϩ(Business Impact Analysis, BIA)໘ࢤǺ
BIA ޑҞࢂޑයఈפрಔᙃኪ៛ܭુ࠶ۓ٣ҹޑำׇǴ٠ϩ
೭ᜪኪ៛ჹᜢᗖᔼၮфૈ(Critical Business Function, CBF)ϐወӧઇᚯ
܄ፂᔐǶᔼၮፂᔐϩЬाπբхࡴᒣᜢᗖ܄ᔼၮфૈ(Critical
Business Function)ǵᜢᗖ܄ᔼၮфૈ௨ׇǵᜢᗖ܄ᔼၮፂᔐ॥ᓀϩǵ
ᜢᗖ܄ၗྍᆶൺচਔ໔(Recovery Time Objective, RTO)ϩǶᔼၮፂ
ᔐϩନёᒣᇡอයǵύයϷߏයᔼၮύᘐਔǴჹϦљᔼၮϷ୍ޑ
ፂᔐکёૈޑᚳεᚐѦҔǴΨёа٬ଯ໘ЬᆅᕕှᔼၮύᘐਔǴჹ
Ϧљޑፂᔐ٠ගଯځӒᐒཀǴ׳ёமϯϦљೀ্ؠ٣ࡺྗޑഢϷ
ૈΚǶՉᔼၮፂᔐϩਔǴሡाԏޑၗ࣬ӭǴхࡴᜢᗖᔼၮ
ҞޑୱǵሽॶϷ٩ᒘำࡋǵᔼၮ܌ሡၗྍǵ୍Ϸߚ୍य़ፂᔐǵ
ёௗڙύᘐਔ໔ၗǴӢԜଯਏޑՉำᆅჹඓඝᔼၮፂᔐϩ
37
- 46. ಃΟക Ҿ॥ᓀຑϷౣೕჄ
3.1 Ҿ॥ᓀϩϷਢٯᇥܴ
ӣ៝॥ᓀᆅ࣬ᜢЎᆶၗǴӭቹៜಔᙃ॥ᓀ፺ᄂޑӢનǴ҅ࢂ॥ᓀᆅ
ᄽޑচΚǶεठԶقǴ೭٤ӢનёϩࣁѦӢનᆶϣӢનǶ
ѦӢનхࡴǺ
1. ᔮᕉნׯޑᡂǴջ٬ᐒᄬҁي٠คҺՖׯᡂǴՠᔮᕉნׯޑᡂஒׯᡂᐒ
ᄬޑ॥ᓀ፺ᄂǶ
2. ᝡݾӢન ჹࣦܭճԋᓸΚ٠ёૈׯᡂ࠼ЊޑᒧᆶႣයǶ
3. ࡓݤ/ᅱׯޑᡂ ࢌ٤ݩΠԋཥ୍ޑౢғǴӵ Gramm-Leach-Bliley
ݤਢ೯ၸࡕǴߎᑼᐒᄬளၠᔼǹځдݩёૈౢғჹ୍ޑཥज़ڋǴӵ
ॊݤਢύԖᜢدஏݤೕϩǴ٬ளᐒᄬӧᔼ୍ǴሡᚐѦԵໆঁΓၗ
ᗦߥدምޑୢᚒǶ
ϣӢન߾хࡴǺ
1. җಔᙃӆ(reengineering)܈ౢ໔(inter-)ᆶౢϣ(intra-)ٳᖼ(M&A)܌Ї
ଆޑಔᙃ܈ሦᏤׯޑᡂǶ
2. ߥϦљԖѱӦՏᆶวװ༈ΕཥѱޑཥౣǶ
3. ཥౢࠔ܈ᙑౢࠔׯᡂǶ
4. ཥೌמǵཥଛᎍᆅၰǴаϷཥำޑׇ٬ҔǶ
ፕǴ೭٤Ӣનค܌όӧǴோӢᕉნǵಔᙃޑᄽᡂǴӧόӕਔයǴࢌӢ
નႥਔวਔ॥ᓀᆅޑཥขᗺǴ٠ЪᔼޣᕴࢂӧᐒᄬᎁѮεཞѨࡕǴ໒
ۈᡏᇡᔈ၀׳ᑈཱུӦᆅ॥ᓀǴԶ௦ڗჴሞՉуаׯ๓ǶᕴᘜٰᇥǴ೭٤Չ
хࡴǺ
1. ᅱޣቚुཥೕۓņёૈ఼ᇂᑽໆǵൔᏤǴ܈ගӈၗҁņڐշځᅱᆶ෧ᇸ॥
ᓀፂᔐǶ
42
- 47. 2. ѱୖᆶޣჹܭ॥ᓀӵՖᆅౢғཥޑႣයǶ
3. ᐒᄬѸڋ॥ᓀаᆢᕮਏǶ
4. ၗૻᆶޑೌמ൩ࣁ׳ᆒஏޑᆅמѯǶ
೭٤ჴࣁ॥ᓀᆅБݤᆶπޑڀޑচΚǶٯӵǴऍ୯ӧ 1980 ԃжԐය
ޑᓯᆽᆶສීӒᐒǴԋਔεৎჹճ॥ᓀޑख़ຎǹ1980 ԃжύයቺԀሌՉॹ
ഈᆶҡݨӒᐒǴ٬ளສීύࡋୢᚒډڙख़ຎǹ߈ٰǴҗܭᗖҡಃ୯ৎሌՉ(First
National Bank of Keystone)ᆶ៙ሌՉ(Barings)ॹഈ٣ҹǴ٬ளޣ໒ݙۈཀբ
॥ᓀኪ៛ޑୢᚒǹќѦǴЬᆅֽᜢЈౢࠔВᖿӭኬᆶፄᚇޑΠǴᐒᄬӵ
ՖՉᕴӝ॥ᓀᆅǴٛጄ҂ฅǶ
ฅԶǴཥࠠπڀᆶБݤǴςᚐѦӦஒ॥ᓀᆅޑขᗺǴҗঁձҬܰ॥ᓀ(ӵ
ສී܈Ҭܰ)ᙯ౽Կಔӝ॥ᓀ(ӵၗಔӝޑ॥ᓀॶ(value at risk))ᆶӄय़܄ᆅ॥
ᓀǶᒿ॥ᓀᆅරࣁ׳ቶޑݱБӛǴၗྍᆶᔮၗҁଛஒᡂள׳ԖਏǴ
ӧ॥ᓀޑ෧ᇸᆶൾϯёӕਔԵໆΠǴᡏϦљޑၗྍനଛஒࣁ׳ᆒዴǶ
BCM ϐЬाϩ൩ࢂዴߥҾ্ؠܭวғࡕૈफ़եᜢᗖ(ࢲ܄Mission
Critical Activities, MCAs)Ǵ෧ϿᎁڙཀѦ٣ࡺፂᔐวғޑёૈ܄ǴаϷ٤
ޑૈڋమཱӦᇥܴǵՉЪϪӦᆅǶ
୯ሞϯᆶӄౚϯჹܭӭၠ୯εҾǴࢂ܈ύλҾஒࢂᅿࡷᏯǴ܌ሡ
Եໆޑ॥ᓀय़ҭ׳ቶǴӢԜҾ॥ᓀନΑ఼ᇂΑޑ॥ᓀҞѦǴ׳хࡴΑ
୍ǵຝǵᔼၮǵᕉნǵࡓݤǵΓΚǵ୍…ӭБय़ޑ॥ᓀӸӧӢηǴԶਥᏵ
୯ሞཞѨ(ڐڋInternational Loss Control Institute, ILCI) ჹܭऍ୯Ҿ 18,000
ҹޑѮؠीǴځύ 70ʘ҂॥ᓀᆅسϐҾǴӧᎁڙѮࡕؠϖԃϣ่
״ᔼǶ
॥ᓀᆅۺཷޑԐςՉܭኻऍǴ߈ԃٰঀ׳Ꮴӝ܄॥ᓀᆅ܈жϯ॥
ᓀᆅۺǴԶ୯ϣق܌ϐ॥ᓀᆅЬाࢂࡰ୍य़ϐᆅౣǴԶߚ୯Ѧق܌
ϐҾ॥ᓀᆅཷۺǶᡏԶقǴҾ॥ᓀхࡴԖ،॥ᓀ(Strategic Risk)ǵ୍
॥ᓀ(Financial Risk)ǵᔼၮ॥ᓀ(Operational Risk)ᆶӒ্॥ᓀ(Hazard Risk)…Ǵ
ځύ،॥ᓀᆶ୍॥ᓀӧᡏҾ॥ᓀύ܌՞Кख़εܭᔼၮ॥ᓀᆶӒ্॥ᓀǴ
43
- 54. კ 11 ॥ᓀᆅᆶ BCM ޑᜢ߯(ᐞࢪ AS/NZS 4360 ॥ᓀᆅࢎᄬ)
ϐҾа॥ᓀᆅޑБԄբࣁҾ॥ᓀೕᗉޑБݤǴаයૈ٬Ҿᗌӛ҉
ុᔼǴ܌ϩБԄࣁ॥ᓀวғ܈ޑฅᆶᝄख़ࡋϐ४ᑈǴջࣁ॥ᓀǹԶᔼၮ
ុᆅࠅஒ॥ᓀᆅۺཷޑયΕǴ٠аᔼၮፂᔐϩ(BIA)ϐ่݀ࣁᔼၮុᆅ
୷ޑᘵǴЪޔௗԵໆ॥ᓀԋޑፂᔐᆶቹៜਔ໔ǴനِೲࡕؠޑൺচԵໆǴ
നख़ाޑᗺࣁǴᔼၮុᆅёբࣁҾϣ܌ԖᆅБԄޑќӝѳѠǴ
٩Ᏽ PDCA ᆅ߾ݤǴӝрനӝҾޑᆅᕉნǶ
50