Uploaded byAstalapulosListestos
PPTX, PDF81 views

Business continuity planning guide

The document provides an overview of business continuity planning (BCP) by outlining key concepts such as objectives, approaches, dimensions of scope, and entry points. It discusses satisfying audit requirements, rebuilding infrastructure, resuming business activities, and ensuring customer service as potential objectives. The document also describes infrastructure, business, and business risk-based approaches and entry points. Finally, it provides examples of identifying business processes, information flows, infrastructure dependencies, and assessing risks.

Embed presentation

Download to read offline
BUSINESS CONTINUITY GUIDE PLANNING
AGENDA • Introduction • Objectives of BCP • Approaches to BCP • Dimensions of Scope • Entry Points 2 • Q&A
INTRODUCTION So…you’ve decided to embark on a business continuity planning (BCP) project …but where do you start? • Define the objectives • Determine the dimensions of scope • Select an appropriate approach • Proceed from an entry point 3
OBJECTIVES (1/2) Satisfy audit or regulatory requirements 1 Rebuild the infrastructure 2 Resumption of business activities 3 Continuity in customer service 4 Four possible objectives of BCP: 4
OBJECTIVES (2/2) 5 Audit or Regulatory Requirements • If your focus is on: – Passing an audit or getting points cleared – Minimizing costs • Then your objective is to satisfy audit or regulatory requirements. Rebuild the Infrastructure • If your focus is on: – Alternative facilities and sites – Solutions to minimize downtime of key infrastructure and systems • Then your objective is to rebuild the infrastructure. Resumption of Business Activities • If your focus is on: – Setting up an organization and the required facilities to enable key staff to resume their activities • Then your objective is the resumption of business activities. Continuity in Customer Service • If your focus is on: – Defining what level of customer service must be maintained throughout a disaster – What is required to achieve that level of customer service • Then your objective is to ensure continuity in customer service at an acceptable level.
APPROACHES TO BCP 6 Approaches to BCP based on the objectives: Objective Approach Satisfy audit or regulatory requirements Tick-box approach Rebuild the infrastructure Infrastructure approach Resumption of business activities Gradual/subplans approach Continuity in customer service Business approach (holistic)
SCOPE 7 • Event Interrupting Operations – Asset protection Protection of assets (e.g., people, building, etc.) – BCP Preparation of critical elements for business continuity • Enterprise-wide versus IT… ...be clear on the scope of your BCP project
8 DIMENSIONS OF SCOPE Business Network Control Room IT DRP Network Resilience Server Mirroring Dealing Room Office Relocation Equipment Failures Infrastructure Business Interruption Risks (BIR) Infrastructure Risk Long-Term Business Viability Brand Image Client Satisfaction Capacity Regulatory
INFRASTRUCTURE 9 • …the identification and protection of critical (IT) infrastructure required to maintain an acceptable level of business, • ...to ensure the survival of the organization in times of business disruption. • Critical infrastructure can include: – Mainframe – Networks – Applications – PCs and desktops – Manufacturing infrastructure – Logistical infrastructure – Office locations
BUSINESS 10 • …the identification and protection of critical business processes required to maintain an acceptable level of business, • ...to ensure the survival of the organization in times of business disruption. • Critical business processes can include – Manufacturing – Sales/order entry – Payroll – Dealing room activities – Delivery – Client communication – Accounting and finance
BUSINESS INTERRUPTION RISK 11 • …the identification and protection against business risks resulting from a business interruption jeopardizing • ... the survival of the organization in times of business disruption.
ENTRY POINTS 12 There are four possible entry points depending on the drivers of the approach. If your approach is… Then your entry point is... Event driven Evaluate threats Business risk driven Assess risks from interruptions Business driven Analyze critical processes Applications or systems driven Dependency on (IT) infrastructure
THREATS 13 Classification of threats according to the type of event: • Acts of nature – hurricane, flood, earthquake, etc. • External man-made events – terrorism, evacuation, security intrusion, etc. • Internal unintentional events – accidental loss of files, computer failure, etc. • Internal intentional events – strike, sabotage, data deletion, etc.
RISKS 14 Competitor Catastrophic Loss Sensitivity Sovereign/Political Shareholder Relations Legal Capital Availability Industry Financial Markets Information For Decision Making Risk Operational Pricing Contract Commitment Measurement Alignment Completeness and Accuracy Regulatory Reporting Financial Budget and Planning Completeness and Accuracy Accounting Information Financial Reporting Evaluation Taxation Pension Fund Investment Evaluation Regulatory Reporting Strategic Environmental Scan Business Portfolio Valuation Measurement Organization Structure Resource Allocation Planning Life Cycle Operations Risk Customer Satisfaction Human Resources Product Development Efficiency Capacity Performance Gap Cycle Time Sourcing Commodity Pricing Obsolescence Shrinkage Compliance Business Interruption Product Service Failure Environmental Health & Safety Trademark/Brand Name Erosion Empowerment Risk Leadership Authority Limit Performance Incentives Communications Information Processing/Technology Risk Access Integrity Relevance Availability Integrity Risk Management Fraud Employee Fraud Illegal Acts Unauthorized Use Reputation Financial Risk Currency Interest Rate Liquidity Cash Transfer/Velocity Derivative Settlement Reinvestment/Rollover Credit Collateral Counterparty Process Risk Environment Risk Business Risk Model
15 ENTRY POINT: INFRASTRUCTURE Business Network Control Room IT DRP Network Resilience Server Mirroring Dealing Room Office Relocation Equipment Failures Infrastructure Business Interruption Risks (BIR) • Traditional approach. • Very often limited to IT, then extended to "departmental" infrastructure or office infrastructure. • Very often the business perspective is used to assess criticality of infrastructure elements, and to justify the cost (business impact analysis). • The risk scope is limited to infrastructure risks through analysis of threats (potential events). Infrastructure Risk Long-Term Business Viability Brand Image Client Satisfaction Capacity Regulatory
16 ENTRY POINT: BUSINESS Business Infrastructure Business Interruption Risks (BIR) Network Control Room IT DRP Network Resilience Server Mirroring Dealing Room Office Relocation Equipment Failures • Top-down approach. • Starting from a top-down analysis of the critical business domains or processes. • For the critical business processes, assess the dependencies and criticality. • Often, the business interruption risk dimension is included into the business impact assessment, although not always made explicit or limited to the obvious business interruption risks. Infrastructure Risk Long-Term Business Viability Brand Image Client Satisfaction Capacity Regulatory
17 ENTRY POINT: BUSINESS RISKS Business Infrastructure Business Interruption Risks (BIR) 1. 2. Network Control Room IT DRP Network Resilience Server Mirroring Dealing Room Office Relocation Equipment Failures • Entering from looking at the business risks created by a business interruption. • Allows to include more than only the operational impact, e.g., product quality, brand image, health & safety, cash flow, etc. • To manage these risks, next to BCP, other actions may be included, e.g., asset protection, supply chain management, crisis management, media management, etc. • Here we can provide the best added value. Infrastructure Risk Long-Term Business Viability Brand Image Client Satisfaction Capacity Regulatory
RISKS The “five As” of risk management : Assess Risk 1 Accept or reject risk 2 Avoid risk, transfer risk or reduce risk to an acceptable level 3 Analyze performance gaps 4 Act to improve 5 18
Business Processes Information Flows Infrastructure & Resources 19 Identify key dependencies and vulnerabilities within the business organization, top-down: • What does the company depend on to be successful? • What are the key business processes driving the business? • What are the flows within these business processes? • What are the vulnerabilities and dependencies within these flows and business operations? BUSINESS PROCESSES Key Business Drivers
(IT) INFRASTRUCTURE 20 Identifying recovery solutions Assessing the possible threats Selecting the critical infrastructure Analyzing the potential business impact Obtaining an inventory of (IT) infrastructure Achieved by
BCP METHODOLOGIES 21 Two main BCP methodologies: Entry Points BCP Methodology Infrastructure Infrastructure-oriented, threat-based Threat Business Business-oriented, risk-based Risk

More Related Content

PDF
Data analytics and audit coverage guide
byCenapSerdarolu
 
PPTX
Auditing corporate governance guide
byAstalapulosListestos
 
PPTX
Data analytics and audit coverage guide
byAstalapulosListestos
 
PPTX
Social media risks guide
byAstalapulosListestos
 
PPTX
It and business risk alignment guide
byAstalapulosListestos
 
PPTX
Risk assessment facilitation guide
byAstalapulosListestos
 
PPTX
Root cause analysis questionnaire
byAstalapulosListestos
 
PDF
It alignment-who-is-in-charge
byTapas Bhattacharya
 
Data analytics and audit coverage guide
byCenapSerdarolu
 
Auditing corporate governance guide
byAstalapulosListestos
 
Data analytics and audit coverage guide
byAstalapulosListestos
 
Social media risks guide
byAstalapulosListestos
 
It and business risk alignment guide
byAstalapulosListestos
 
Risk assessment facilitation guide
byAstalapulosListestos
 
Root cause analysis questionnaire
byAstalapulosListestos
 
It alignment-who-is-in-charge
byTapas Bhattacharya
 

What's hot

PPTX
Aligning IT and Business for Better Results
byGlobal Knowledge Training
 
PDF
Business continuity planning guide
byCenapSerdarolu
 
PPTX
Data governance guide
byAstalapulosListestos
 
PDF
Auditing application controls
byCenapSerdarolu
 
PDF
Audit ratings guide
byCenapSerdarolu
 
PPT
Understanding IT Governance and Risk Management
byjiricejka
 
PPTX
Control and Audit Information System
byarif prasetyo
 
PDF
Information technology risks
bysalman butt
 
PPT
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
byIBM Sverige
 
PPT
Sap security compliance tools_PennonSoft
byPennonSoft
 
PPT
Sudarsan Jayaraman - Open information security management maturity model
bynooralmousa
 
PPTX
it grc
by9535814851
 
PPTX
Fix nix, inc
byFixNix Inc.,
 
PDF
Operational Risk Management for practitioners v1.0
byIgnacio Reclusa
 
PPTX
Third Party Risk Management
byEC-Council
 
PPTX
Simplifying IT GRC
byanand choudhary
 
PPT
Ais Romney 2006 Slides 09 Auditing Computer Based Is
bySharing Slides Training
 
PDF
2015 Tackling This Year's Audit Hot Spots
byRon Steinkamp
 
PDF
Fraud detection guide
byCenapSerdarolu
 
PPTX
OPERATIONAL RISK MANAGEMENT
byIntan Noona
 
Aligning IT and Business for Better Results
byGlobal Knowledge Training
 
Business continuity planning guide
byCenapSerdarolu
 
Data governance guide
byAstalapulosListestos
 
Auditing application controls
byCenapSerdarolu
 
Audit ratings guide
byCenapSerdarolu
 
Understanding IT Governance and Risk Management
byjiricejka
 
Control and Audit Information System
byarif prasetyo
 
Information technology risks
bysalman butt
 
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
byIBM Sverige
 
Sap security compliance tools_PennonSoft
byPennonSoft
 
Sudarsan Jayaraman - Open information security management maturity model
bynooralmousa
 
it grc
by9535814851
 
Fix nix, inc
byFixNix Inc.,
 
Operational Risk Management for practitioners v1.0
byIgnacio Reclusa
 
Third Party Risk Management
byEC-Council
 
Simplifying IT GRC
byanand choudhary
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
bySharing Slides Training
 
2015 Tackling This Year's Audit Hot Spots
byRon Steinkamp
 
Fraud detection guide
byCenapSerdarolu
 
OPERATIONAL RISK MANAGEMENT
byIntan Noona
 

Similar to Business continuity planning guide

PPT
businesscontinuityworkshop-final-090525141447-phpapp01 (1).ppt
byLara323614
 
PPT
Business Continuity Workshop Final
byBill Lisse
 
DOCX
11152018 Strayer University Online Libraryhttpseds.b..docx
bydrennanmicah
 
DOCX
contributed articlesm a r c h 2 0 1 0 v o l . 5 3 .docx
bydickonsondorris
 
DOCX
contributed articlesm a r c h 2 0 1 0 v o l . 5 3
byDioneWang844
 
PDF
2009_NYC_OpRiskUSA_Conf
byPeter Poulos
 
PDF
Strategic infrastructure
byLarry Levine
 
PPTX
sdfdsfsfsdfsdfsdfsdfssefsdfsdfsdfwteesfgrtertwetetwewetwetwerwerewrdfsds
bysrizvi9
 
PDF
CHAPTER 1.pdf Business Continuity SLIDE for WEEk 1
bychauquach17
 
PPTX
Future Focus for Business Continuity
byContinuity and Resilience
 
PPTX
Business-Continuity-Management-Ensuring-Organizational-Resilience1.pptx
byMahmoudElmahdy32
 
PPTX
CONTEXTUAL ARCHITECTURE.pptx
byPandiya Rajan
 
PDF
Fundamental Concepts of Data Security _Business Continuity
bySibtainHaider13
 
PPTX
模版-车企数字化转型数字转型-后疫情时代数字化转型新视角Digital Transformation.pptx
byblackangel52
 
PDF
Business Continuity Strategy Benchmarking April 8th, 2009
byMauro Giorgi
 
PDF
It infrastructure management
byShoaib Patel
 
PPSX
The Revere Group - Making A Case For Disaster Recovery
bycadavis22
 
PDF
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...
bySilverStormSolutions
 
PDF
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...
byCitrix Online
 
PDF
ITSM in an uncertain economy
bywdpowel
 
businesscontinuityworkshop-final-090525141447-phpapp01 (1).ppt
byLara323614
 
Business Continuity Workshop Final
byBill Lisse
 
11152018 Strayer University Online Libraryhttpseds.b..docx
bydrennanmicah
 
contributed articlesm a r c h 2 0 1 0 v o l . 5 3 .docx
bydickonsondorris
 
contributed articlesm a r c h 2 0 1 0 v o l . 5 3
byDioneWang844
 
2009_NYC_OpRiskUSA_Conf
byPeter Poulos
 
Strategic infrastructure
byLarry Levine
 
sdfdsfsfsdfsdfsdfsdfssefsdfsdfsdfwteesfgrtertwetetwewetwetwerwerewrdfsds
bysrizvi9
 
CHAPTER 1.pdf Business Continuity SLIDE for WEEk 1
bychauquach17
 
Future Focus for Business Continuity
byContinuity and Resilience
 
Business-Continuity-Management-Ensuring-Organizational-Resilience1.pptx
byMahmoudElmahdy32
 
CONTEXTUAL ARCHITECTURE.pptx
byPandiya Rajan
 
Fundamental Concepts of Data Security _Business Continuity
bySibtainHaider13
 
模版-车企数字化转型数字转型-后疫情时代数字化转型新视角Digital Transformation.pptx
byblackangel52
 
Business Continuity Strategy Benchmarking April 8th, 2009
byMauro Giorgi
 
It infrastructure management
byShoaib Patel
 
The Revere Group - Making A Case For Disaster Recovery
bycadavis22
 
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...
bySilverStormSolutions
 
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...
byCitrix Online
 
ITSM in an uncertain economy
bywdpowel
 

Recently uploaded

PDF
Books on display in our Library January-February 2026
byNZSG
 
PDF
Daily-Ads Review: Top Affiliates Are SCARED to Tell You This.pdf
bysimplefreedomwarrior
 
PDF
Keppel Ltd. 2H & FY 2025 Results Presentation Slides
byKeppelCorporation
 
PDF
Mike Palladino: Surprising Ways that Innovation is a Challenge with AI (EN)
byLviv Startup Club
 
DOCX
Buy Old Gmail Accounts – Academic & Professional Guide 2026.docx
byBuy iCloud Email Accounts
 
PDF
Carol Gauvreau - Focus Is On Wellness And Spending Time With Her Sons
byCarol Gauvreau
 
PDF
How to Buy EDU Email Accounts_ A Comprehensive Guide in 2026.pdf
byonline marketing by pvaisback
 
PDF
A Brief Introduction About Zaid Alsikafi
byZaid Alsikafi
 
PPTX
STP Plant Construction in Chennai | Hyderabad | Vijayawada | Bangalore | Myso...
byKemproPumps
 
PDF
Top 4.4 Sites To Buy Edu Emails Accounts in 2026.pdf
by8rn3l6efpnommwzc7r29
 
PDF
Contract_Costing_Introduction and Basics
byANEESHA252224
 
PDF
Laura Sergio - Specializing In Helping Small Businesses
byLaura Sergio
 
PDF
DaVinci Commerce January New Year Edition: Our Big Resolution
byCorina Manea
 
PDF
IFS state pension.pdf From IFS and Oxford
byHenry Tapper
 
PDF
Exhibitor Manual (IAIIExpo'26 V1 FW).pdf
bykumaraditya210
 
PDF
How to Buy Verified Cash App Accounts A Step-by-Step Guide.pdf
byUsaservicepoint
 
PDF
Dr. Michael T. Conner - Serves As CEO
byDr. Michael T. Conner
 
DOCX
Why Should I Buy Old Gmail Accounts_losangeless _______________.docx
byjoshuabellc7
 
PDF
solulab.com-Top Stablecoin Development Company.
bymeerasingh12189
 
PPTX
PUC_Centre_Machines_Presentation.pptxknjn
bysaksham9021187243
 
Books on display in our Library January-February 2026
byNZSG
 
Daily-Ads Review: Top Affiliates Are SCARED to Tell You This.pdf
bysimplefreedomwarrior
 
Keppel Ltd. 2H & FY 2025 Results Presentation Slides
byKeppelCorporation
 
Mike Palladino: Surprising Ways that Innovation is a Challenge with AI (EN)
byLviv Startup Club
 
Buy Old Gmail Accounts – Academic & Professional Guide 2026.docx
byBuy iCloud Email Accounts
 
Carol Gauvreau - Focus Is On Wellness And Spending Time With Her Sons
byCarol Gauvreau
 
How to Buy EDU Email Accounts_ A Comprehensive Guide in 2026.pdf
byonline marketing by pvaisback
 
A Brief Introduction About Zaid Alsikafi
byZaid Alsikafi
 
STP Plant Construction in Chennai | Hyderabad | Vijayawada | Bangalore | Myso...
byKemproPumps
 
Top 4.4 Sites To Buy Edu Emails Accounts in 2026.pdf
by8rn3l6efpnommwzc7r29
 
Contract_Costing_Introduction and Basics
byANEESHA252224
 
Laura Sergio - Specializing In Helping Small Businesses
byLaura Sergio
 
DaVinci Commerce January New Year Edition: Our Big Resolution
byCorina Manea
 
IFS state pension.pdf From IFS and Oxford
byHenry Tapper
 
Exhibitor Manual (IAIIExpo'26 V1 FW).pdf
bykumaraditya210
 
How to Buy Verified Cash App Accounts A Step-by-Step Guide.pdf
byUsaservicepoint
 
Dr. Michael T. Conner - Serves As CEO
byDr. Michael T. Conner
 
Why Should I Buy Old Gmail Accounts_losangeless _______________.docx
byjoshuabellc7
 
solulab.com-Top Stablecoin Development Company.
bymeerasingh12189
 
PUC_Centre_Machines_Presentation.pptxknjn
bysaksham9021187243
 

Business continuity planning guide

  • 1.
  • 2.
    AGENDA • Introduction • Objectivesof BCP • Approaches to BCP • Dimensions of Scope • Entry Points 2 • Q&A
  • 3.
    INTRODUCTION So…you’ve decided toembark on a business continuity planning (BCP) project …but where do you start? • Define the objectives • Determine the dimensions of scope • Select an appropriate approach • Proceed from an entry point 3
  • 4.
    OBJECTIVES (1/2) Satisfy auditor regulatory requirements 1 Rebuild the infrastructure 2 Resumption of business activities 3 Continuity in customer service 4 Four possible objectives of BCP: 4
  • 5.
    OBJECTIVES (2/2) 5 Audit orRegulatory Requirements • If your focus is on: – Passing an audit or getting points cleared – Minimizing costs • Then your objective is to satisfy audit or regulatory requirements. Rebuild the Infrastructure • If your focus is on: – Alternative facilities and sites – Solutions to minimize downtime of key infrastructure and systems • Then your objective is to rebuild the infrastructure. Resumption of Business Activities • If your focus is on: – Setting up an organization and the required facilities to enable key staff to resume their activities • Then your objective is the resumption of business activities. Continuity in Customer Service • If your focus is on: – Defining what level of customer service must be maintained throughout a disaster – What is required to achieve that level of customer service • Then your objective is to ensure continuity in customer service at an acceptable level.
  • 6.
    APPROACHES TO BCP 6 Approachesto BCP based on the objectives: Objective Approach Satisfy audit or regulatory requirements Tick-box approach Rebuild the infrastructure Infrastructure approach Resumption of business activities Gradual/subplans approach Continuity in customer service Business approach (holistic)
  • 7.
    SCOPE 7 • Event InterruptingOperations – Asset protection Protection of assets (e.g., people, building, etc.) – BCP Preparation of critical elements for business continuity • Enterprise-wide versus IT… ...be clear on the scope of your BCP project
  • 8.
    8 DIMENSIONS OF SCOPE Business Network ControlRoom IT DRP Network Resilience Server Mirroring Dealing Room Office Relocation Equipment Failures Infrastructure Business Interruption Risks (BIR) Infrastructure Risk Long-Term Business Viability Brand Image Client Satisfaction Capacity Regulatory
  • 9.
    INFRASTRUCTURE 9 • …the identificationand protection of critical (IT) infrastructure required to maintain an acceptable level of business, • ...to ensure the survival of the organization in times of business disruption. • Critical infrastructure can include: – Mainframe – Networks – Applications – PCs and desktops – Manufacturing infrastructure – Logistical infrastructure – Office locations
  • 10.
    BUSINESS 10 • …the identificationand protection of critical business processes required to maintain an acceptable level of business, • ...to ensure the survival of the organization in times of business disruption. • Critical business processes can include – Manufacturing – Sales/order entry – Payroll – Dealing room activities – Delivery – Client communication – Accounting and finance
  • 11.
    BUSINESS INTERRUPTION RISK 11 •…the identification and protection against business risks resulting from a business interruption jeopardizing • ... the survival of the organization in times of business disruption.
  • 12.
    ENTRY POINTS 12 There arefour possible entry points depending on the drivers of the approach. If your approach is… Then your entry point is... Event driven Evaluate threats Business risk driven Assess risks from interruptions Business driven Analyze critical processes Applications or systems driven Dependency on (IT) infrastructure
  • 13.
    THREATS 13 Classification of threatsaccording to the type of event: • Acts of nature – hurricane, flood, earthquake, etc. • External man-made events – terrorism, evacuation, security intrusion, etc. • Internal unintentional events – accidental loss of files, computer failure, etc. • Internal intentional events – strike, sabotage, data deletion, etc.
  • 14.
    RISKS 14 Competitor Catastrophic Loss Sensitivity Sovereign/Political Shareholder Relations Legal CapitalAvailability Industry Financial Markets Information For Decision Making Risk Operational Pricing Contract Commitment Measurement Alignment Completeness and Accuracy Regulatory Reporting Financial Budget and Planning Completeness and Accuracy Accounting Information Financial Reporting Evaluation Taxation Pension Fund Investment Evaluation Regulatory Reporting Strategic Environmental Scan Business Portfolio Valuation Measurement Organization Structure Resource Allocation Planning Life Cycle Operations Risk Customer Satisfaction Human Resources Product Development Efficiency Capacity Performance Gap Cycle Time Sourcing Commodity Pricing Obsolescence Shrinkage Compliance Business Interruption Product Service Failure Environmental Health & Safety Trademark/Brand Name Erosion Empowerment Risk Leadership Authority Limit Performance Incentives Communications Information Processing/Technology Risk Access Integrity Relevance Availability Integrity Risk Management Fraud Employee Fraud Illegal Acts Unauthorized Use Reputation Financial Risk Currency Interest Rate Liquidity Cash Transfer/Velocity Derivative Settlement Reinvestment/Rollover Credit Collateral Counterparty Process Risk Environment Risk Business Risk Model
  • 15.
    15 ENTRY POINT: INFRASTRUCTURE Business Network ControlRoom IT DRP Network Resilience Server Mirroring Dealing Room Office Relocation Equipment Failures Infrastructure Business Interruption Risks (BIR) • Traditional approach. • Very often limited to IT, then extended to "departmental" infrastructure or office infrastructure. • Very often the business perspective is used to assess criticality of infrastructure elements, and to justify the cost (business impact analysis). • The risk scope is limited to infrastructure risks through analysis of threats (potential events). Infrastructure Risk Long-Term Business Viability Brand Image Client Satisfaction Capacity Regulatory
  • 16.
    16 ENTRY POINT: BUSINESS Business Infrastructure Business InterruptionRisks (BIR) Network Control Room IT DRP Network Resilience Server Mirroring Dealing Room Office Relocation Equipment Failures • Top-down approach. • Starting from a top-down analysis of the critical business domains or processes. • For the critical business processes, assess the dependencies and criticality. • Often, the business interruption risk dimension is included into the business impact assessment, although not always made explicit or limited to the obvious business interruption risks. Infrastructure Risk Long-Term Business Viability Brand Image Client Satisfaction Capacity Regulatory
  • 17.
    17 ENTRY POINT: BUSINESSRISKS Business Infrastructure Business Interruption Risks (BIR) 1. 2. Network Control Room IT DRP Network Resilience Server Mirroring Dealing Room Office Relocation Equipment Failures • Entering from looking at the business risks created by a business interruption. • Allows to include more than only the operational impact, e.g., product quality, brand image, health & safety, cash flow, etc. • To manage these risks, next to BCP, other actions may be included, e.g., asset protection, supply chain management, crisis management, media management, etc. • Here we can provide the best added value. Infrastructure Risk Long-Term Business Viability Brand Image Client Satisfaction Capacity Regulatory
  • 18.
    RISKS The “five As”of risk management : Assess Risk 1 Accept or reject risk 2 Avoid risk, transfer risk or reduce risk to an acceptable level 3 Analyze performance gaps 4 Act to improve 5 18
  • 19.
    Business Processes Information Flows Infrastructure& Resources 19 Identify key dependencies and vulnerabilities within the business organization, top-down: • What does the company depend on to be successful? • What are the key business processes driving the business? • What are the flows within these business processes? • What are the vulnerabilities and dependencies within these flows and business operations? BUSINESS PROCESSES Key Business Drivers
  • 20.
    (IT) INFRASTRUCTURE 20 Identifying recoverysolutions Assessing the possible threats Selecting the critical infrastructure Analyzing the potential business impact Obtaining an inventory of (IT) infrastructure Achieved by
  • 21.
    BCP METHODOLOGIES 21 Two mainBCP methodologies: Entry Points BCP Methodology Infrastructure Infrastructure-oriented, threat-based Threat Business Business-oriented, risk-based Risk