SlideShare a Scribd company logo

BUSINESS CONTINUITY MANAGEMENT

TalkSahana
TalkSahana

The document discusses the 7 steps of business continuity management and contingency planning: 1) develop a policy statement, 2) conduct a business impact analysis, 3) identify preventive controls, 4) develop recovery strategies, 5) define recovery roles and responsibilities, 6) plan testing and training exercises, and 7) plan maintenance. It provides details on each step, emphasizing the importance of identifying critical resources, outage impacts, and recovery priorities in the business impact analysis in order to effectively develop recovery strategies, roles, and test procedures. Regular reviews and updates of the contingency plan are also highlighted.

1 of 19
Download to read offline
SAHANA CONFERENCE 2009 BUSINESS CONTINUITY MANAGEMENT SAHANA CONFERENCE MARCH 24-25, 2009 COLOMBO, SRI LANKA Brent H. Woodworth 1
Brent H. Woodworth 2
Business Continuity Management: Steps to Preparedness 1. GAP analysis 2. COOP (Continuity of Operations Planning) 3. BIA (Business Impact Analysis) 4. Emergency Response Plan 5. Education 6. Testing 7. Update 3
Brent H. Woodworth 4
Contingency Planning Process The seven steps of contingency planning Develop the contingency planning policy statement 1. Conduct the business impact analysis (BIA) 2. Identify preventive controls 3. Develop recovery strategies 4. Define recovery roles and responsibilities 5. Plan testing, training, & exercises 6. Plan maintenance 7. Develop Conduct Identify Develop Develop Plan Testing, Contingency Plan Business Impact Preventive Recovery Contingency Training, and Planning Maintenance Analysis Controls Strategies Plan* Exercises Policy • Identify statutory or • Identify critical IT • Identify methods • Document recovery • Develop test objectives • Review and update plan • Implement controls regulatory resources • Integrate into system strategy • Develop success criteria • Coordinate with • Maintain controls requirements for • Identify outage impacts architecture • Document lessons internal/external contingency plans and allowable outage learned organizations • Develop IT times • Incorporate into the plan • Control distribution contingency planning • Develop recovery • Train personnel • Document changes policy statement priorities • Obtain approval of policy • Publish policy *Discussed in Section 4 5
Brent H. Woodworth 6
Step 1: Develop the Contingency Planning Policy Statement Policy must be supported by senior management Key policy elements include : Roles and responsibilities Scope Resource requirements Training requirements Exercise and testing schedules Plan maintenance schedule Backup frequency and storage method (applies to IT) 7
Brent H. Woodworth 8
Step 2: Conduct a Business Impact Analysis The business impact analysis (BIA) characterizes system contingency requirements and priorities in the event of a disruption Step 1: Identify critical IT resources Step 2: Identify disruption impacts and allowable outage times Step 3: Develop recovery priorities Develop Recovery Identify Disruption Impacts and Identify Critical IT Resources Priorities Allowable Outage Times Input from users, PROCESS: 2. Time and Attendance Reporting Resource Recovery business process Critical Business Process Critical Resources Priority Max Allowable owners, application Critical Resource Impact Outage owners, and other 1. Payroll Processing associated groups • LAN Server High • LAN Server • LAN Server 8 hours • Delay in time 2. Time and Attendance Medium • WAN Access • WAN Access sheet processing Reporting • WAN Access Low • E-mail • Inability to • E-mail 3. Time and Attendance • Mainframe perform routine Verification High Access • Mainframe • Mainframe Access payroll Access 4. Time and Attendance • E-mail Server operations • E-mail Server Approval High . • E-mail Server . . . . • Delay in payroll . . . . . . . . . processing . . X . . Results are key to development of recovery strategy and should also be used for COOP, BCP, and BRP development 9
Step 3: Identify Preventive Controls Preventive controls should be selected and implemented to mitigate some of the impacts identified Controls include, but are not limited to – Uninterruptible Power Supplies (UPS) and power generators Fire suppression systems and detectors Offsite storage and system documentation Technical security controls 10
Brent H. Woodworth 11
Step 4: Develop Recovery Strategies Recovery strategies are a means to restore IT operations quickly and effectively following a disruption The strategies should: Address residual risks and impacts identified by the BIA Use a combination of methods to cover full spectrum of identified risks Integrate with the design and implementation phases of the system development life cycle Strategy should consider: Backup methods Alternate sites, Cost considerations Equipment replacement Roles and responsibilities 12
Brent H. Woodworth 13
Step 5: Recovery Roles & Responsibilities Specific teams should be staffed based on their skills, knowledge, and normal operating responsibilities Team members should be trained to be ready to deploy and implement the plan when necessary Inter-team training will facilitate coordination and ease staff shortages during a response Role-based teams should be developed; do not use actual names and titles 14
Step 5 (continued): Recovery Roles & Responsibjilities Senior management (e.g., CIO, CFO, CEO) should have authority over plan activation and execution; may be supported by a management team Line of succession should define delegation of authority All teams are lead by a team leader; team leaders should have alternatives designated 15
Brent H. Woodworth 16
Step 6: Plan Testing, Training, & Exercises Objectives, success criteria, schedule, scope, scenario, and logistics should be defined in the test plan Recovery staff should be trained on team procedures and responsibilities Plan deficiencies and ability to implement the plan should be evaluated through testing 2 basic types of tests Classroom (tabletop) Functional (simulation) 17
Step 7: Plan Maintenance Plan effectiveness relies on up-to-date system, organization, and procedural information Reviews, followed by updates, should be conducted: At least annually for technical, operational, and system requirements At least annually for alternative site/offsite requirements and vital records information All changes made to the plan should be communicated to the owners of associated plans and procedures All changes should be recorded in the Record of Changes (included in the plan) 18
Brent H. Woodworth 19

Recommended

Be Solid & Trusted New Change Management (Ncm) En Linked In
Be Solid & Trusted New Change Management (Ncm) En Linked InBe Solid & Trusted New Change Management (Ncm) En Linked In
Be Solid & Trusted New Change Management (Ncm) En Linked In
fsw13169
 
Brantley.wayne
Brantley.wayneBrantley.wayne
Brantley.wayneNASAPMC
 
CMMI High Maturity Best Practices HMBP 2010: CMMI® FOR SERVICES: INSIGHTS AND...
CMMI High Maturity Best Practices HMBP 2010: CMMI® FOR SERVICES: INSIGHTS AND...CMMI High Maturity Best Practices HMBP 2010: CMMI® FOR SERVICES: INSIGHTS AND...
CMMI High Maturity Best Practices HMBP 2010: CMMI® FOR SERVICES: INSIGHTS AND...
QAI
 
Traffic-Light-Tool presentation 2010
Traffic-Light-Tool presentation 2010Traffic-Light-Tool presentation 2010
Traffic-Light-Tool presentation 2010michir
 
Rackley mike
Rackley mikeRackley mike
Rackley mikeNASAPMC
 
Cmmi svc july 2011
Cmmi svc july 2011Cmmi svc july 2011
Cmmi svc july 2011
Jorge Boria
 
King richardson
King richardsonKing richardson
King richardsonNASAPMC
 
Smalley sandra
Smalley sandraSmalley sandra
Smalley sandraNASAPMC
 

Recommended

Be Solid & Trusted New Change Management (Ncm) En Linked In
Be Solid & Trusted New Change Management (Ncm) En Linked InBe Solid & Trusted New Change Management (Ncm) En Linked In
Be Solid & Trusted New Change Management (Ncm) En Linked In
fsw13169
 
Brantley.wayne
Brantley.wayneBrantley.wayne
Brantley.wayneNASAPMC
 
CMMI High Maturity Best Practices HMBP 2010: CMMI® FOR SERVICES: INSIGHTS AND...
CMMI High Maturity Best Practices HMBP 2010: CMMI® FOR SERVICES: INSIGHTS AND...CMMI High Maturity Best Practices HMBP 2010: CMMI® FOR SERVICES: INSIGHTS AND...
CMMI High Maturity Best Practices HMBP 2010: CMMI® FOR SERVICES: INSIGHTS AND...
QAI
 
Traffic-Light-Tool presentation 2010
Traffic-Light-Tool presentation 2010Traffic-Light-Tool presentation 2010
Traffic-Light-Tool presentation 2010michir
 
Rackley mike
Rackley mikeRackley mike
Rackley mikeNASAPMC
 
Cmmi svc july 2011
Cmmi svc july 2011Cmmi svc july 2011
Cmmi svc july 2011
Jorge Boria
 
King richardson
King richardsonKing richardson
King richardsonNASAPMC
 
Smalley sandra
Smalley sandraSmalley sandra
Smalley sandraNASAPMC
 
Gary.humphreys
Gary.humphreysGary.humphreys
Gary.humphreysNASAPMC
 
Majerowicz
MajerowiczMajerowicz
MajerowiczNASAPMC
 
Eplc security approach_practices_guide
Eplc security approach_practices_guideEplc security approach_practices_guide
Eplc security approach_practices_guidedizainioras
 
Canga.m.wood.j
Canga.m.wood.jCanga.m.wood.j
Canga.m.wood.jNASAPMC
 
Nichols.david
Nichols.davidNichols.david
Nichols.davidNASAPMC
 
Lengyel dave
Lengyel daveLengyel dave
Lengyel daveNASAPMC
 
Critical Success Factors for Contract Management Automation_IACCM
Critical Success Factors for Contract Management Automation_IACCMCritical Success Factors for Contract Management Automation_IACCM
Critical Success Factors for Contract Management Automation_IACCMZycus
 
CBS IM56 March 2011
CBS IM56 March 2011CBS IM56 March 2011
CBS IM56 March 2011mcschlichter
 
Dezfuli.homayoon
Dezfuli.homayoonDezfuli.homayoon
Dezfuli.homayoonNASAPMC
 
Front GRC Brochure
Front GRC BrochureFront GRC Brochure
Front GRC Brochure
aeltvedt
 
Junwoo Park
Junwoo ParkJunwoo Park
Junwoo Parkpjunwoo365
 
Symons
SymonsSymons
SymonsNASAPMC
 
IT GOVERNANCE CONSULTING
IT GOVERNANCE CONSULTINGIT GOVERNANCE CONSULTING
IT GOVERNANCE CONSULTING
Arul Nambi
 
Michael.bay
Michael.bayMichael.bay
Michael.bayNASAPMC
 
Control y seguimiento del proyecto herramientas
Control y seguimiento del proyecto herramientasControl y seguimiento del proyecto herramientas
Control y seguimiento del proyecto herramientasProColombia
 
Louis.cioletti
Louis.ciolettiLouis.cioletti
Louis.ciolettiNASAPMC
 
Service Support Quick Reference
Service Support Quick ReferenceService Support Quick Reference
Service Support Quick Referenceguest5f36a4
 
Improving Cm Programs (Melbourne, 2008)
Improving Cm Programs (Melbourne, 2008)Improving Cm Programs (Melbourne, 2008)
Improving Cm Programs (Melbourne, 2008)Chad Moffiet
 
Implementing Lean Six Sigma for IT
Implementing Lean Six Sigma for ITImplementing Lean Six Sigma for IT
Implementing Lean Six Sigma for ITprashanthi_ks
 
Baldwin.kristen
Baldwin.kristenBaldwin.kristen
Baldwin.kristenNASAPMC
 
What’s & Why’s of Business Continuity Planning (BCP)
What’s & Why’s of Business Continuity Planning (BCP) What’s & Why’s of Business Continuity Planning (BCP)
What’s & Why’s of Business Continuity Planning (BCP)
CBIZ, Inc.
 
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity ManagementECC International
 

More Related Content

What's hot

Gary.humphreys
Gary.humphreysGary.humphreys
Gary.humphreysNASAPMC
 
Majerowicz
MajerowiczMajerowicz
MajerowiczNASAPMC
 
Eplc security approach_practices_guide
Eplc security approach_practices_guideEplc security approach_practices_guide
Eplc security approach_practices_guidedizainioras
 
Canga.m.wood.j
Canga.m.wood.jCanga.m.wood.j
Canga.m.wood.jNASAPMC
 
Nichols.david
Nichols.davidNichols.david
Nichols.davidNASAPMC
 
Lengyel dave
Lengyel daveLengyel dave
Lengyel daveNASAPMC
 
Critical Success Factors for Contract Management Automation_IACCM
Critical Success Factors for Contract Management Automation_IACCMCritical Success Factors for Contract Management Automation_IACCM
Critical Success Factors for Contract Management Automation_IACCMZycus
 
CBS IM56 March 2011
CBS IM56 March 2011CBS IM56 March 2011
CBS IM56 March 2011mcschlichter
 
Dezfuli.homayoon
Dezfuli.homayoonDezfuli.homayoon
Dezfuli.homayoonNASAPMC
 
Front GRC Brochure
Front GRC BrochureFront GRC Brochure
Front GRC Brochure
aeltvedt
 
IT GOVERNANCE CONSULTING
IT GOVERNANCE CONSULTINGIT GOVERNANCE CONSULTING
IT GOVERNANCE CONSULTING
Arul Nambi
 
Michael.bay
Michael.bayMichael.bay
Michael.bayNASAPMC
 
Control y seguimiento del proyecto herramientas
Control y seguimiento del proyecto herramientasControl y seguimiento del proyecto herramientas
Control y seguimiento del proyecto herramientasProColombia
 
Louis.cioletti
Louis.ciolettiLouis.cioletti
Louis.ciolettiNASAPMC
 
Service Support Quick Reference
Service Support Quick ReferenceService Support Quick Reference
Service Support Quick Referenceguest5f36a4
 
Improving Cm Programs (Melbourne, 2008)
Improving Cm Programs (Melbourne, 2008)Improving Cm Programs (Melbourne, 2008)
Improving Cm Programs (Melbourne, 2008)Chad Moffiet
 
Implementing Lean Six Sigma for IT
Implementing Lean Six Sigma for ITImplementing Lean Six Sigma for IT
Implementing Lean Six Sigma for ITprashanthi_ks
 
Baldwin.kristen
Baldwin.kristenBaldwin.kristen
Baldwin.kristenNASAPMC
 

What's hot (20)

Gary.humphreys
Gary.humphreysGary.humphreys
Gary.humphreys
 
Majerowicz
MajerowiczMajerowicz
Majerowicz
 
Eplc security approach_practices_guide
Eplc security approach_practices_guideEplc security approach_practices_guide
Eplc security approach_practices_guide
 
Canga.m.wood.j
Canga.m.wood.jCanga.m.wood.j
Canga.m.wood.j
 
Nichols.david
Nichols.davidNichols.david
Nichols.david
 
Lengyel dave
Lengyel daveLengyel dave
Lengyel dave
 
Critical Success Factors for Contract Management Automation_IACCM
Critical Success Factors for Contract Management Automation_IACCMCritical Success Factors for Contract Management Automation_IACCM
Critical Success Factors for Contract Management Automation_IACCM
 
CBS IM56 March 2011
CBS IM56 March 2011CBS IM56 March 2011
CBS IM56 March 2011
 
Dezfuli.homayoon
Dezfuli.homayoonDezfuli.homayoon
Dezfuli.homayoon
 
Front GRC Brochure
Front GRC BrochureFront GRC Brochure
Front GRC Brochure
 
Junwoo Park
Junwoo ParkJunwoo Park
Junwoo Park
 
Symons
SymonsSymons
Symons
 
IT GOVERNANCE CONSULTING
IT GOVERNANCE CONSULTINGIT GOVERNANCE CONSULTING
IT GOVERNANCE CONSULTING
 
Michael.bay
Michael.bayMichael.bay
Michael.bay
 
Control y seguimiento del proyecto herramientas
Control y seguimiento del proyecto herramientasControl y seguimiento del proyecto herramientas
Control y seguimiento del proyecto herramientas
 
Louis.cioletti
Louis.ciolettiLouis.cioletti
Louis.cioletti
 
Service Support Quick Reference
Service Support Quick ReferenceService Support Quick Reference
Service Support Quick Reference
 
Improving Cm Programs (Melbourne, 2008)
Improving Cm Programs (Melbourne, 2008)Improving Cm Programs (Melbourne, 2008)
Improving Cm Programs (Melbourne, 2008)
 
Implementing Lean Six Sigma for IT
Implementing Lean Six Sigma for ITImplementing Lean Six Sigma for IT
Implementing Lean Six Sigma for IT
 
Baldwin.kristen
Baldwin.kristenBaldwin.kristen
Baldwin.kristen
 

Similar to BUSINESS CONTINUITY MANAGEMENT

What’s & Why’s of Business Continuity Planning (BCP)
What’s & Why’s of Business Continuity Planning (BCP) What’s & Why’s of Business Continuity Planning (BCP)
What’s & Why’s of Business Continuity Planning (BCP)
CBIZ, Inc.
 
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity ManagementECC International
 
Business Continuity Presentation
Business Continuity PresentationBusiness Continuity Presentation
Business Continuity Presentation
Jack_Gabriel
 
Solvency II - Programme Assurance
Solvency II - Programme AssuranceSolvency II - Programme Assurance
Solvency II - Programme Assurancegainline
 
Solvency - II Programme Setup
Solvency - II Programme SetupSolvency - II Programme Setup
Solvency - II Programme Setupgainline
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
alanlund
 
Process Documentation
Process DocumentationProcess Documentation
Process Documentation
Jobaq
 
Bci gpg2011-kwt-111214121300-phpapp02
Bci gpg2011-kwt-111214121300-phpapp02Bci gpg2011-kwt-111214121300-phpapp02
Bci gpg2011-kwt-111214121300-phpapp02aqarooni
 
Process Improvement Framework
Process Improvement FrameworkProcess Improvement Framework
Process Improvement Frameworktimpco
 
Meeting the Challenge of Vivek Kundra's 25 Point Plan
Meeting the Challenge of Vivek Kundra's 25 Point PlanMeeting the Challenge of Vivek Kundra's 25 Point Plan
Meeting the Challenge of Vivek Kundra's 25 Point PlanPlanet Technologies
 
Understanding The Business Continuity Management Expectations And Good Practices
Understanding The Business Continuity Management Expectations And Good PracticesUnderstanding The Business Continuity Management Expectations And Good Practices
Understanding The Business Continuity Management Expectations And Good PracticesEnterprise Security Risk Management
 
Enhancing learning transfer in the workplace
Enhancing learning transfer in the workplaceEnhancing learning transfer in the workplace
Enhancing learning transfer in the workplace
Ed Holton
 
9 Bcp+Drp
9 Bcp+Drp9 Bcp+Drp
9 Bcp+Drp
Alfred Ouyang
 
Project Portfolio Management
Project Portfolio ManagementProject Portfolio Management
Project Portfolio Management
Anand Subramaniam
 
Measures CGBI For KM
Measures CGBI For KMMeasures CGBI For KM
Measures CGBI For KM
Peter Stinson
 
Day In the Life of a Proactive Maintenance Manager (DILO)
Day In the Life of a Proactive Maintenance Manager (DILO)Day In the Life of a Proactive Maintenance Manager (DILO)
Day In the Life of a Proactive Maintenance Manager (DILO)
Ricky Smith CMRP, CMRT
 
Project management best practices
Project management best practicesProject management best practices
Project management best practices
walkerswu
 
Performance improvement methodology
Performance improvement methodologyPerformance improvement methodology
Performance improvement methodology
Maher Salam
 

Similar to BUSINESS CONTINUITY MANAGEMENT (20)

What’s & Why’s of Business Continuity Planning (BCP)
What’s & Why’s of Business Continuity Planning (BCP) What’s & Why’s of Business Continuity Planning (BCP)
What’s & Why’s of Business Continuity Planning (BCP)
 
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity Management
 
Business Continuity Presentation
Business Continuity PresentationBusiness Continuity Presentation
Business Continuity Presentation
 
Solvency II - Programme Assurance
Solvency II - Programme AssuranceSolvency II - Programme Assurance
Solvency II - Programme Assurance
 
Solvency - II Programme Setup
Solvency - II Programme SetupSolvency - II Programme Setup
Solvency - II Programme Setup
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
Process Documentation
Process DocumentationProcess Documentation
Process Documentation
 
The BCI GPG Presentation @ The BCI
The BCI GPG Presentation @ The BCI The BCI GPG Presentation @ The BCI
The BCI GPG Presentation @ The BCI
 
Bci gpg2011-kwt-111214121300-phpapp02
Bci gpg2011-kwt-111214121300-phpapp02Bci gpg2011-kwt-111214121300-phpapp02
Bci gpg2011-kwt-111214121300-phpapp02
 
Process Improvement Framework
Process Improvement FrameworkProcess Improvement Framework
Process Improvement Framework
 
Meeting the Challenge of Vivek Kundra's 25 Point Plan
Meeting the Challenge of Vivek Kundra's 25 Point PlanMeeting the Challenge of Vivek Kundra's 25 Point Plan
Meeting the Challenge of Vivek Kundra's 25 Point Plan
 
Understanding The Business Continuity Management Expectations And Good Practices
Understanding The Business Continuity Management Expectations And Good PracticesUnderstanding The Business Continuity Management Expectations And Good Practices
Understanding The Business Continuity Management Expectations And Good Practices
 
Strategic management ppt
Strategic management pptStrategic management ppt
Strategic management ppt
 
Enhancing learning transfer in the workplace
Enhancing learning transfer in the workplaceEnhancing learning transfer in the workplace
Enhancing learning transfer in the workplace
 
9 Bcp+Drp
9 Bcp+Drp9 Bcp+Drp
9 Bcp+Drp
 
Project Portfolio Management
Project Portfolio ManagementProject Portfolio Management
Project Portfolio Management
 
Measures CGBI For KM
Measures CGBI For KMMeasures CGBI For KM
Measures CGBI For KM
 
Day In the Life of a Proactive Maintenance Manager (DILO)
Day In the Life of a Proactive Maintenance Manager (DILO)Day In the Life of a Proactive Maintenance Manager (DILO)
Day In the Life of a Proactive Maintenance Manager (DILO)
 
Project management best practices
Project management best practicesProject management best practices
Project management best practices
 
Performance improvement methodology
Performance improvement methodologyPerformance improvement methodology
Performance improvement methodology
 

More from TalkSahana

Real Time Biosurveillance Program
Real Time Biosurveillance ProgramReal Time Biosurveillance Program
Real Time Biosurveillance Program
TalkSahana
 
Public Warning: Roles of policymakers, regulators, private sector & civil s...
Public Warning: Roles of policymakers, regulators, private sector & civil s...Public Warning: Roles of policymakers, regulators, private sector & civil s...
Public Warning: Roles of policymakers, regulators, private sector & civil s...
TalkSahana
 
Common Alerting Protocol
Common Alerting ProtocolCommon Alerting Protocol
Common Alerting Protocol
TalkSahana
 
Keynote: INTERNATIONAL HUMANITARIAN SERVICES: COLLABORATION, PARTNERSHIPS AN...
Keynote: INTERNATIONAL HUMANITARIAN SERVICES: COLLABORATION, PARTNERSHIPS AN...Keynote: INTERNATIONAL HUMANITARIAN SERVICES: COLLABORATION, PARTNERSHIPS AN...
Keynote: INTERNATIONAL HUMANITARIAN SERVICES: COLLABORATION, PARTNERSHIPS AN...
TalkSahana
 
Sahana & Disaster Management Software: Past, Present & Future
Sahana & Disaster Management Software: Past, Present & FutureSahana & Disaster Management Software: Past, Present & Future
Sahana & Disaster Management Software: Past, Present & Future
TalkSahana
 
Remarks: Sahana Internationalisation Languages and beyond
Remarks: Sahana Internationalisation Languages and beyondRemarks: Sahana Internationalisation Languages and beyond
Remarks: Sahana Internationalisation Languages and beyond
TalkSahana
 
Sahana Internationalisation Languages and beyond
Sahana Internationalisation Languages and beyondSahana Internationalisation Languages and beyond
Sahana Internationalisation Languages and beyond
TalkSahana
 
Sahana Community Building in India
Sahana Community Building in IndiaSahana Community Building in India
Sahana Community Building in India
TalkSahana
 
Sahana Booklet
Sahana BookletSahana Booklet
Sahana Booklet
TalkSahana
 
Sahana General 2009 Community And System
Sahana General 2009 Community And SystemSahana General 2009 Community And System
Sahana General 2009 Community And System
TalkSahana
 

More from TalkSahana (10)

Real Time Biosurveillance Program
Real Time Biosurveillance ProgramReal Time Biosurveillance Program
Real Time Biosurveillance Program
 
Public Warning: Roles of policymakers, regulators, private sector & civil s...
Public Warning: Roles of policymakers, regulators, private sector & civil s...Public Warning: Roles of policymakers, regulators, private sector & civil s...
Public Warning: Roles of policymakers, regulators, private sector & civil s...
 
Common Alerting Protocol
Common Alerting ProtocolCommon Alerting Protocol
Common Alerting Protocol
 
Keynote: INTERNATIONAL HUMANITARIAN SERVICES: COLLABORATION, PARTNERSHIPS AN...
Keynote: INTERNATIONAL HUMANITARIAN SERVICES: COLLABORATION, PARTNERSHIPS AN...Keynote: INTERNATIONAL HUMANITARIAN SERVICES: COLLABORATION, PARTNERSHIPS AN...
Keynote: INTERNATIONAL HUMANITARIAN SERVICES: COLLABORATION, PARTNERSHIPS AN...
 
Sahana & Disaster Management Software: Past, Present & Future
Sahana & Disaster Management Software: Past, Present & FutureSahana & Disaster Management Software: Past, Present & Future
Sahana & Disaster Management Software: Past, Present & Future
 
Remarks: Sahana Internationalisation Languages and beyond
Remarks: Sahana Internationalisation Languages and beyondRemarks: Sahana Internationalisation Languages and beyond
Remarks: Sahana Internationalisation Languages and beyond
 
Sahana Internationalisation Languages and beyond
Sahana Internationalisation Languages and beyondSahana Internationalisation Languages and beyond
Sahana Internationalisation Languages and beyond
 
Sahana Community Building in India
Sahana Community Building in IndiaSahana Community Building in India
Sahana Community Building in India
 
Sahana Booklet
Sahana BookletSahana Booklet
Sahana Booklet
 
Sahana General 2009 Community And System
Sahana General 2009 Community And SystemSahana General 2009 Community And System
Sahana General 2009 Community And System
 

Recently uploaded

Lookback Analysis
Lookback AnalysisLookback Analysis
Lookback Analysis
Safe PaaS
 
Premium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern BusinessesPremium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern Businesses
SynapseIndia
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
tanyjahb
 
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
Kumar Satyam
 
Role of Remote Sensing and Monitoring in Mining
Role of Remote Sensing and Monitoring in MiningRole of Remote Sensing and Monitoring in Mining
Role of Remote Sensing and Monitoring in Mining
Naaraayani Minerals Pvt.Ltd
 
5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer
ofm712785
 
Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111
zoyaansari11365
 
Cracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxCracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptx
Workforce Group
 
What are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdfWhat are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdf
HumanResourceDimensi1
 
Improving profitability for small business
Improving profitability for small businessImproving profitability for small business
Improving profitability for small business
Ben Wann
 
Global Interconnection Group Joint Venture[960] (1).pdf
Global Interconnection Group Joint Venture[960] (1).pdfGlobal Interconnection Group Joint Venture[960] (1).pdf
Global Interconnection Group Joint Venture[960] (1).pdf
Henry Tapper
 
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Navpack & Print
 
Enterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdfEnterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdf
KaiNexus
 
Set off and carry forward of losses and assessment of individuals.pptx
Set off and carry forward of losses and assessment of individuals.pptxSet off and carry forward of losses and assessment of individuals.pptx
Set off and carry forward of losses and assessment of individuals.pptx
HARSHITHV26
 
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdfSearch Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Arihant Webtech Pvt. Ltd
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
anasabutalha2013
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
LR1709MUSIC
 
Accpac to QuickBooks Conversion Navigating the Transition with Online Account...
Accpac to QuickBooks Conversion Navigating the Transition with Online Account...Accpac to QuickBooks Conversion Navigating the Transition with Online Account...
Accpac to QuickBooks Conversion Navigating the Transition with Online Account...
PaulBryant58
 
chapter 10 - excise tax of transfer and business taxation
chapter 10 - excise tax of transfer and business taxationchapter 10 - excise tax of transfer and business taxation
chapter 10 - excise tax of transfer and business taxation
AUDIJEAngelo
 
Skye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto AirportSkye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto Airport
marketingjdass
 

Recently uploaded (20)

Lookback Analysis
Lookback AnalysisLookback Analysis
Lookback Analysis
 
Premium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern BusinessesPremium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern Businesses
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
 
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
 
Role of Remote Sensing and Monitoring in Mining
Role of Remote Sensing and Monitoring in MiningRole of Remote Sensing and Monitoring in Mining
Role of Remote Sensing and Monitoring in Mining
 
5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer
 
Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111
 
Cracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxCracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptx
 
What are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdfWhat are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdf
 
Improving profitability for small business
Improving profitability for small businessImproving profitability for small business
Improving profitability for small business
 
Global Interconnection Group Joint Venture[960] (1).pdf
Global Interconnection Group Joint Venture[960] (1).pdfGlobal Interconnection Group Joint Venture[960] (1).pdf
Global Interconnection Group Joint Venture[960] (1).pdf
 
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
 
Enterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdfEnterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdf
 
Set off and carry forward of losses and assessment of individuals.pptx
Set off and carry forward of losses and assessment of individuals.pptxSet off and carry forward of losses and assessment of individuals.pptx
Set off and carry forward of losses and assessment of individuals.pptx
 
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdfSearch Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
 
Accpac to QuickBooks Conversion Navigating the Transition with Online Account...
Accpac to QuickBooks Conversion Navigating the Transition with Online Account...Accpac to QuickBooks Conversion Navigating the Transition with Online Account...
Accpac to QuickBooks Conversion Navigating the Transition with Online Account...
 
chapter 10 - excise tax of transfer and business taxation
chapter 10 - excise tax of transfer and business taxationchapter 10 - excise tax of transfer and business taxation
chapter 10 - excise tax of transfer and business taxation
 
Skye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto AirportSkye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto Airport
 

BUSINESS CONTINUITY MANAGEMENT

  • 1. SAHANA CONFERENCE 2009 BUSINESS CONTINUITY MANAGEMENT SAHANA CONFERENCE MARCH 24-25, 2009 COLOMBO, SRI LANKA Brent H. Woodworth 1
  • 3. Business Continuity Management: Steps to Preparedness 1. GAP analysis 2. COOP (Continuity of Operations Planning) 3. BIA (Business Impact Analysis) 4. Emergency Response Plan 5. Education 6. Testing 7. Update 3
  • 5. Contingency Planning Process The seven steps of contingency planning Develop the contingency planning policy statement 1. Conduct the business impact analysis (BIA) 2. Identify preventive controls 3. Develop recovery strategies 4. Define recovery roles and responsibilities 5. Plan testing, training, & exercises 6. Plan maintenance 7. Develop Conduct Identify Develop Develop Plan Testing, Contingency Plan Business Impact Preventive Recovery Contingency Training, and Planning Maintenance Analysis Controls Strategies Plan* Exercises Policy • Identify statutory or • Identify critical IT • Identify methods • Document recovery • Develop test objectives • Review and update plan • Implement controls regulatory resources • Integrate into system strategy • Develop success criteria • Coordinate with • Maintain controls requirements for • Identify outage impacts architecture • Document lessons internal/external contingency plans and allowable outage learned organizations • Develop IT times • Incorporate into the plan • Control distribution contingency planning • Develop recovery • Train personnel • Document changes policy statement priorities • Obtain approval of policy • Publish policy *Discussed in Section 4 5
  • 7. Step 1: Develop the Contingency Planning Policy Statement Policy must be supported by senior management Key policy elements include : Roles and responsibilities Scope Resource requirements Training requirements Exercise and testing schedules Plan maintenance schedule Backup frequency and storage method (applies to IT) 7
  • 9. Step 2: Conduct a Business Impact Analysis The business impact analysis (BIA) characterizes system contingency requirements and priorities in the event of a disruption Step 1: Identify critical IT resources Step 2: Identify disruption impacts and allowable outage times Step 3: Develop recovery priorities Develop Recovery Identify Disruption Impacts and Identify Critical IT Resources Priorities Allowable Outage Times Input from users, PROCESS: 2. Time and Attendance Reporting Resource Recovery business process Critical Business Process Critical Resources Priority Max Allowable owners, application Critical Resource Impact Outage owners, and other 1. Payroll Processing associated groups • LAN Server High • LAN Server • LAN Server 8 hours • Delay in time 2. Time and Attendance Medium • WAN Access • WAN Access sheet processing Reporting • WAN Access Low • E-mail • Inability to • E-mail 3. Time and Attendance • Mainframe perform routine Verification High Access • Mainframe • Mainframe Access payroll Access 4. Time and Attendance • E-mail Server operations • E-mail Server Approval High . • E-mail Server . . . . • Delay in payroll . . . . . . . . . processing . . X . . Results are key to development of recovery strategy and should also be used for COOP, BCP, and BRP development 9
  • 10. Step 3: Identify Preventive Controls Preventive controls should be selected and implemented to mitigate some of the impacts identified Controls include, but are not limited to – Uninterruptible Power Supplies (UPS) and power generators Fire suppression systems and detectors Offsite storage and system documentation Technical security controls 10
  • 12. Step 4: Develop Recovery Strategies Recovery strategies are a means to restore IT operations quickly and effectively following a disruption The strategies should: Address residual risks and impacts identified by the BIA Use a combination of methods to cover full spectrum of identified risks Integrate with the design and implementation phases of the system development life cycle Strategy should consider: Backup methods Alternate sites, Cost considerations Equipment replacement Roles and responsibilities 12
  • 14. Step 5: Recovery Roles & Responsibilities Specific teams should be staffed based on their skills, knowledge, and normal operating responsibilities Team members should be trained to be ready to deploy and implement the plan when necessary Inter-team training will facilitate coordination and ease staff shortages during a response Role-based teams should be developed; do not use actual names and titles 14
  • 15. Step 5 (continued): Recovery Roles & Responsibjilities Senior management (e.g., CIO, CFO, CEO) should have authority over plan activation and execution; may be supported by a management team Line of succession should define delegation of authority All teams are lead by a team leader; team leaders should have alternatives designated 15
  • 17. Step 6: Plan Testing, Training, & Exercises Objectives, success criteria, schedule, scope, scenario, and logistics should be defined in the test plan Recovery staff should be trained on team procedures and responsibilities Plan deficiencies and ability to implement the plan should be evaluated through testing 2 basic types of tests Classroom (tabletop) Functional (simulation) 17
  • 18. Step 7: Plan Maintenance Plan effectiveness relies on up-to-date system, organization, and procedural information Reviews, followed by updates, should be conducted: At least annually for technical, operational, and system requirements At least annually for alternative site/offsite requirements and vital records information All changes made to the plan should be communicated to the owners of associated plans and procedures All changes should be recorded in the Record of Changes (included in the plan) 18