Business Continuity ManagementPHILIPPINES :: MALAYSIA :: VIETNAM :: INDONESIA :: INDIA :: CHINA
Learning Bites• Understand the context and relevance of BCM – A Philippine & Telco Perspective• Comprehend how an effective BCP will benefit the organization• Gain insights into the best practices for implementing an effective BCM• Know firsthand the key challenges and success factors involved to have a strong BCMS
Where Myth Meets Fact A Pint of Sweat will save a Gallon of Blood.
Introduction• BCM is a relatively new management discipline.• Increasingly getting importance due to competition (increased customer expectations) & turbulent environment (Terrorism, failure of utilities, disruption in supply chain, threat to human lives etc.).• Future poses greater challenges –Pandemic, Oil & Gas shortage, Extreme climatic changes, Terrorism with greater impact, etc.What is BCM? BCM is a structured approach to achieving operational resilience and ensures that an organisation: • Can continue to provide its customers with required services or products, within an agreed time frame • Has an appropriate level of competency to manage the organisation from disruption to business as usual‘ • Embeds appropriate practices into the cultural fabric of the organisation to ensure that Business Continuity capabilities always reflect the needs, technology and structure of the business.
Need for Business Continuity Management • Unplanned business interruptions account for $588 billion in revenue each year.* • In addition to life-safety, property, and environment, we have revenue and a reputation to protect. • Business Continuity Management is a decisive marketplace advantage. • Lessons from disaster show that even relatively short business interruptions can be expensive both in terms of real dollars and lost potential. Source: http://www.keepmedia.com
Major Drivers of BCM Regulators 8% Corporate Auditors Governance 11% 28% Corporate Governance Insurers Central Existing Customers Government 15% Central Government Auditors Regulators Insurers Existing Customers 21% 17% 6
BCM FrameworkThe BCM implementation processWhile NO one size fits all, the framework and basis for designing the BCMS is universal. The BS 25999(soon to be ISO 22301) is a standard accepted world-wide for design and implementation of anorganizational BCM framework.While there are several means to get to the answer, its best to start from the most critical reason formaking our business resilient and the pieces that can spell out its success or lack thereof.
BCM Programme Management• Programme Management is at the heart of BCM process.• Effective programme management simply establishes the approach to BCM• BCM programme management should involve the following 3 key steps 1 Set Governance 3 Ongoing 2 Implement Management BCM
Understanding the Organization Understanding the Organization can be carried out in the form of two major activities: BIA – Business Impact Analysis RA – Risk Assessment Documented Analysis of the impact This entails understanding the critical that a disruption could cause to the activities in an organization and the activities that support the delivery of level of risk associated with it by an organization’s products / services identifying the various threats Determination of criteria for the risk acceptance Critical Non-‐ Critical Activities Activities Identification of acceptable levels of risk Must be recovered Maximum rapidly Tolerable Period of Analysis of the risks 9 Disruption
Determining the BCM Strategy An organizations approach to determine the BCM strategy should: People • Implement appropriate measures to reduce the likelihood of incidents Stakeholders Premises • Take due account of the resilience and mitigation measures • Provide continuity for its critical activities during and following an incident Supplies Technology • Take account of the activities which were not identified as critical Information 10
Developing and Implementing BCM response Plans for BCM• There are a number of plans that can / must be created when implementing the BCM• Some of the common features that all these plans must possess include • Identified lines of communication • Defined purpose and scope • Defined roles, responsibilities with authority for people and teams • Guidelines and criteria defining to invoke plan • Method for invoking plan, and procedure describing system for invoking plan • Reference to contact details of key stakeholders
The business continuity plan Emergency A successful response plan outcome Crisis management/ communication plan A Business recovery plan Activity
Exercising, Maintaining & Reviewing BCM Arrangements Exercises should be: • realistic, • carefully planned, • agreed with stakeholders, BCM maintenance program, the organization should: • Review and challenge any assumptions made in any components of BCM throughout the organization, • Distribute updated, amended or changed BCM policy, strategies, solutions, processes and plans to key personnel under a formal change control process. The organizations top management should review the organizations BCM ccapability to ensure its;; • continuing suitability, • adequacy • effectiveness. 13
Outcomes of an effective BCM • Critical activities are identified and protected • An incident management capability is enabled Challenges… • The organization’s understanding of itself, and its • Plans are worthless unless they are rehearsed relationships with other organizations are properly developed, documented, and understood • Study shows (source : Chartered Management Institute UK –2007) • Staffs are properly trained to respond effectively to an incident or business interruption • Only 46 % of Organizations with plans test their plans annually • The organization remains legal and compliant and its reputation is protected • 21 % of Organizations have never tested their Plans • 89 % of Organizations that rehearsed their plans found errors in their plans • Have a regular exercise programmed approved by Top Management. • Maintain (and improve) plans via regular assessments / audits.
Thank you very much! facebook.com/eccinternational linkedin.com/company/ecc-‐international eccinternational.wordpress.com