BCM Benchmarking :
Bridging Your Business
Continuity Programme
to International
Standards and Best
Practices
Dr Goh Moh He...
Dr Goh Moh Heng
• President
– Business Continuity Management (BCM)
Institute
– www.bcm-institute.org
• Managing Director
–...
Dr Goh Moh Heng
Prior Appointments
• Government of Singapore Investment
Corporation (GIC)
• Standard Chartered Bank
– Glob...
BCM Institute
• Started in January 2005.
• Provide competency based BC-DR
training to all levels.
• Certify BC-DR professi...
Professional Certification
Business Continuity
IT Disaster
Recovery BCM Audit
Membership
5
Maintaining Competency To
Implement Your BCM
Programme to Meet
International BCM Best
Practices And Standards
Dr Goh Moh H...
Agenda
• BCM Planning Methodology
• International Standards
• Body of Knowledge
• Organization Competency
• Personnel Comp...
BCM Planning Methodology
8
Source:
Goh, Moh Heng (2008): Managing Your Business Continuity
Planning Project 2nd Edition IS...
BS 25999
NFPA 1600
ANZ 5050
SS 540
BCM Planning Methodology with
BCM Standards
9
BCM Body of Knowledge (BoK)
10
The training curriculum for all BCM Institute’s
courses is based on this BCM Body of Knowle...
Organisational
and
Personnel
Competency
Certification
BCM Internal
Auditor
Business Unit
Coordinator/
Representative
BU Technology/
Support Coordinator/
Representative
Organiza...
BCM Internal
Auditor
Business Unit
Coordinator/
Representative
BU Technology/
Support Coordinator/
Representative
Organiza...
BCM-5000 – Implementing and
Managing BCM
• Advance BCM course for BCM Project Managers or
Business Unit Coordinators
• 4 f...
DRP 5000 – Implementing and
Managing IT Disaster Recovery
• Advance BCM course for BCM IT Project
Managers
• 4 full day tr...
BCM 8590 – BCM Lead Auditor
• Advance BCM Lead Auditor course for
experienced financial auditors, standards/QMS
auditors a...
BCM 820 – Implementing
Business Continuity Management
• Intermediate BCM Training for organisations to
implement Business ...
Competency Built-
in Implementation
Business Continuity Reports – BC Plan
Business
Impact
Analysis
Recovery
Strategy
Plan
...
Organization
Certification
Conclusion
Summary
• Implement BCM Framework and Planning Methodology to
meet international BCM standards
• Build key benchmarking co...
THANK YOU
Dr Goh Moh Heng
President
Mobile: +65 96711022
Tel: +65 63231500
Fax: +65 63230933
Email: moh_heng@bcm-institute...
Upcoming SlideShare
Loading in …5
×

BCM Institute MTE Dr. Goh Moh Heng - BCM Benchmarking : Bridging Your Business Continuity Programme to International Standards and Best Practices

1,789 views

Published on

BCM Institute MTE Series: http://www.worldcontinuitycongress.com/wcc08/mte.html

Maintaining competency to implement your BCM programme to meet international BCM best practices and standards. By Dr Goh Moh Heng, President, BCM Institute

• Implementing BCM Framework and Planning Methodology to meet international BCM standards
• Building key benchmarking competency within the organization
• Developing a structure to embed BCM as part of due diligence, risk management and corporate governance
• Seeking management support through the understanding of the importance of organizational BCM maturity level
• Raising the BCM “readiness” bar and meet the emphasis as laid by your executive management

Published in: Business, Economy & Finance
1 Comment
2 Likes
Statistics
Notes
No Downloads
Views
Total views
1,789
On SlideShare
0
From Embeds
0
Number of Embeds
164
Actions
Shares
0
Downloads
2
Comments
1
Likes
2
Embeds 0
No embeds

No notes for slide
  • BCM Institute

    Leading global Business Continuity (BC) & Disaster Recovery (D R) Institute.

    Established in 2005.

    Offers a wide range of quality BC and DR courses.

    Certified over 1,250 professionals from 36 countries.
  • MAJOR BCM AREAS
     
    This framework divides into 6 broad BCM areas:
     
    Risk Analysis and Review (This terms are similar for SS540 and BCM Planning Methodology)
     
    The potential threats and risks to an organization can be uncovered via a risk analysis and review of its internal operations and external operating environment. Examples of risks due to internal operations include malfunction of critical manufacturing processes, failure of Information Technology (IT) systems and fire which destroys plant facilities. Examples of risks due to external operating environment include terrorist attacks, floods, political turmoil and disruption of supply chain.
     
    Business Impact Analysis (This terms are similar for SS540 and BCM Planning Methodology)
     
    The potential impacts of risks actually occurring to an organization and affecting its ability to achieve its business operation and service can be obtained by conducting a business impact analysis. The later would include, where possible, quantifying the loss impact from both a number of days of business disruption and a financial standpoint. For example, a fire which destroys the finished inventory at the warehouse can result in delay of shipment to key customers for a few days and incurring impact such as contractual penalty.
     
    Strategy (Recovery Strategy)
     
    Based on these potential loss impacts the organization would deliberate and select the appropriate strategy or strategies to safeguards its interests. These strategies can be preventive or pre-emptive in nature. For example, outsourcing the risks to third parties or setting up of alternate facilities at another location would be efforts towards preventing and pre-empting potential loss impact. The rationale behind these strategies is to build resilience for the organization against impact of loss.
     
    Business Continuity Plan (Plan Development)
     
    From the selected strategies a detail business continuity plan (BC Plan) should be instituted in place to respond to risks which can occur and impact its business operation and service. The BC Plan would specify and allocate the resources and thereby building up the capability of the organization to respond to risk occurrences. For example, by specifying the BC roles and responsibilities of staff in the BC Plan the organization is better adapt to respond to occurrence of risks.
     
    Tests and Exercises (Testing and Exercising)
     
    An established BC Plan should be subject to verification via Tests and exercises. Tests and exercises expose probable errors and omissions in carrying out the established plan. It examines if the resources committed are accessible, available and adequate for undertaking the recovery efficiently and effectively. It checks if staff in the organization are familiar with recovery procedures. Overall Tests and exercises validate if the BC Plan indeed meet its recovery objectives.
     
    Programme Management (This terms are similar for SS540 and BCM Planning Methodology)
     
    Besides an established and thoroughly tested BC Plan the organization should demonstrate commitment in maintaining the currency of its plan through regular and systematic review of its risks and business impacts, realigning of its BCM strategies and revalidating of its BC Plan on a continuous basis. BCM should become an integral part of the organization’s operations, audit, testing, quality assurance, change management and culture. Ownership of BCM becomes embedded in individual business units where BCM risks reside.
    BCM is an ongoing management process and can be examined from 2 standpoints. Firstly, the impacts of issues and concerns arising from each of the 7 BCM areas identified above need to be examined. For example, the risk impacts upon people and physical infrastructure. Secondly, the direction and support needed to ensure that BCM efforts can be implemented and sustained. For example, organizational policies direct BCM processes to support BCM on an ongoing basis.
  • BCM Institute’s BCM Body of Knowledge

    Project Management.

    Risk Analysis and Review.

    Business Impact Analysis.

    Recovery Strategy.

    Plan Development.

    Testing and Exercising.

    Program Management.
  • BCM Institute MTE Dr. Goh Moh Heng - BCM Benchmarking : Bridging Your Business Continuity Programme to International Standards and Best Practices

    1. 1. BCM Benchmarking : Bridging Your Business Continuity Programme to International Standards and Best Practices Dr Goh Moh Heng President moh_heng@bcm-institute.org 25 November 2010 Cititel Hotel Mid Valley Kuala Lumpur Malaysia
    2. 2. Dr Goh Moh Heng • President – Business Continuity Management (BCM) Institute – www.bcm-institute.org • Managing Director – GMH Continuity Architects – Asia Pacific BCM Consulting Firm – www.GMHasia.com • Professional BCM Appointments – Technical Advisor for TR19:2005 & SS540:2008 BCM Standard (Management Council and Technical Committee) www.ss540.org – Project Director, Technical Working Group for SS507:2004 • ISO/IEC 24762 Guidelines for BC-DR Services http://www.bcmpedia.org/wiki/Dr_Goh_Moh_Heng 2
    3. 3. Dr Goh Moh Heng Prior Appointments • Government of Singapore Investment Corporation (GIC) • Standard Chartered Bank – Global Head for BCM • PriceWaterhouse (Coopers) • Past Certification Broad Member for DRI International’s Certification Board • Past Executive Director for DRI Asia • Senior Technical Advisor, China Business Continuity Management Forum http://www.bcmpedia.org/wiki/Dr_Goh_Moh_Heng 3
    4. 4. BCM Institute • Started in January 2005. • Provide competency based BC-DR training to all levels. • Certify BC-DR professionals globally. • Started Certification programme in April 2007. • More than 1500 professionals from 850 organizations and 40 countries. 4
    5. 5. Professional Certification Business Continuity IT Disaster Recovery BCM Audit Membership 5
    6. 6. Maintaining Competency To Implement Your BCM Programme to Meet International BCM Best Practices And Standards Dr Goh Moh Heng President moh_heng@bcm-institute.org
    7. 7. Agenda • BCM Planning Methodology • International Standards • Body of Knowledge • Organization Competency • Personnel Competency • Training-led implementation
    8. 8. BCM Planning Methodology 8 Source: Goh, Moh Heng (2008): Managing Your Business Continuity Planning Project 2nd Edition ISBN: 978-981-05-9767-2
    9. 9. BS 25999 NFPA 1600 ANZ 5050 SS 540 BCM Planning Methodology with BCM Standards 9
    10. 10. BCM Body of Knowledge (BoK) 10 The training curriculum for all BCM Institute’s courses is based on this BCM Body of Knowledge (BCM BoK). BCM Body of Knowledge (BCM BoK) consists of 7 Subject Areas. 2. Risk Analysis and Review http://www.bcmpedia.org/wiki/BCM_Body_of_Knowledge_BCMBoK BoK 1 •Project Manage- ment Bok 2 •Risk Analysis and Review Bok 3 •Business Impact Analysis Bok 4 •Recovery Strategy Bok 5 •Plan Development Bok 6 •Testing and Exercising Bok 7 •Program Management
    11. 11. Organisational and Personnel Competency Certification
    12. 12. BCM Internal Auditor Business Unit Coordinator/ Representative BU Technology/ Support Coordinator/ Representative Organization BC Manager BCM Steering Committee • Chairperson • Project Sponsor • Head of Business Units Personnel Competency Certification
    13. 13. BCM Internal Auditor Business Unit Coordinator/ Representative BU Technology/ Support Coordinator/ Representative Organization BC Manager BCM Steering Committee • Chairperson • Project Sponsor • Head of Business Units BCM 8590 BCM 820 DRP 5000 BCM 5000 BCM 100 Personnel Competency Certification
    14. 14. BCM-5000 – Implementing and Managing BCM • Advance BCM course for BCM Project Managers or Business Unit Coordinators • 4 full day training • 1 half day 150 MCQ Examination • Leads up: 14
    15. 15. DRP 5000 – Implementing and Managing IT Disaster Recovery • Advance BCM course for BCM IT Project Managers • 4 full day training • 1 half day 150 MCQ Examination • Leads up:
    16. 16. BCM 8590 – BCM Lead Auditor • Advance BCM Lead Auditor course for experienced financial auditors, standards/QMS auditors and experienced advanced BCM Professionals • 4 full day training • 1 half day 150 MCQ Examination • Leads up to:
    17. 17. BCM 820 – Implementing Business Continuity Management • Intermediate BCM Training for organisations to implement Business Continuity Management. • Option to integrate consulting as a Training Led Consultancy to implement BCM. • 1 full day training • 4 half day modulated workshops • 50 MCQ Examination • Leads up to:
    18. 18. Competency Built- in Implementation Business Continuity Reports – BC Plan Business Impact Analysis Recovery Strategy Plan Develop- ment Risk Analysis & Review Session 3 Session 4 Session 5 Session 6 Each Session-Day is a minimum of 2 weeks apart Session 2 Policy and Framework Risk Assessment Report Business Impact Report Recovery Strategy Report Business Continuity Plans Test Plan Testing & Exercising Program Management Fundamentals of BCM Session 1
    19. 19. Organization Certification
    20. 20. Conclusion
    21. 21. Summary • Implement BCM Framework and Planning Methodology to meet international BCM standards • Build key benchmarking competency within the organization • Develop a structure to embed BCM as part of due diligence, risk management and corporate governance • Seek management support through the understanding of the importance of organizational BCM maturity level • Raise the BCM “readiness” bar and meet the emphasis as laid by your executive management
    22. 22. THANK YOU Dr Goh Moh Heng President Mobile: +65 96711022 Tel: +65 63231500 Fax: +65 63230933 Email: moh_heng@bcm-institute.org

    ×