The document discusses business continuity management (BCM) and the importance of metrics, audits, and testing. It states that metrics are needed to measure maturity, audits internally and externally help increase awareness and oversight, and testing plans according to success criteria finds areas for improvement. All BCM should follow the Plan-Do-Check-Act model for continuous growth and be assessed based on objectives, context, and best practices/standards.

1. Parag Deodhar
Chief Risk Officer
Bharti AXA General Insurance

2.  People, their contact details, their roles,
 Partners, service providers
, p
 Regulations
B i
Business processes
 IT systems
y
 Passwords
 Levels of risk and appetite acceptance
appetite,
levels
27-09-2012 PARAG DEODHAR 2

3.  We cannot improve what we
cannot measure
 Metrics are important to
assess the level of maturity
 Performance evaluation is
important – thr testing and
thru
audit
27-09-2012 PARAG DEODHAR 3

4.  All ISO Standards follow P D C A for
P.D.C.A.
continuous improvement
27-09-2012 PARAG DEODHAR 4

5.  Audit should be taken positively
 Self
 Internal
 External – ISO Regulatory
ISO,
 Helps instill rigor in the BCM program
 Increases employee awareness and management
oversight
 Provides unbiased and a birds eye view of the program
maturity
 Sh ld b assessed against
Should be d i t
 Objectives of the BCM program
 In the business context
 B t practices and standards
Best ti d t d d
○ ISO 22301, 27000,
○ ISACA – COBIT
27-09-2012 PARAG DEODHAR 5

6.  Business objectives
B i bj ti
 Business Impact Analysis
 RPO/RTO
 Regulatory Requirements
 Integration with Security Risk Management
Security,
 BCM Organization, roles and responsibilities
 Plan coverage
 Plan Testing
 Test coverage
 Success Criteria
 Plan improvement based on test results!!!
27-09-2012 PARAG DEODHAR 6