1) Barbro Thöyrä is the owner of CeBeLOT and has extensive experience and qualifications in business continuity management, ISO standards, disaster recovery, and risk management.
2) She has worked in various IT and management roles and has experience developing business continuity services and manuals.
3) She is an approved trainer for business continuity certification and provides training and consulting services internationally.
2. Barbo Thöyrä
Owner of CeBeLOT
Barbro Thöyrä, MBA, holds certificates in ISO 22301 Master and Lead Auditor, ICT Disaster
Recovery Manager, ISO 28000 Provisional Implementer, PECB Certified Outsourcing Manager and DRI
Risk Management. She is an approved PECB and DRI trainer and BCI Instructor. She has several years of
experience as an IT manager, product manager and subject matter expert in
BCMS. She has worked as senior consultant, project management, IT architect, wrote manuals and
developed services within BCMS and CRM. Furthermore, she is a trainer in IT and BCMS and carried out
several international BCMS and IT projects as an expert and project manager.
Contact Information
+46 (0)708794652
info@cebelot.se
www.cebelot.se
https://se.linkedin.com/in/barbro-thöyrä-119b0427
6. Because:
A plan highlights the dependencies to :
a) Internal support functions
b) External vendors
c) Information that the critical operations depend on
Support at critical decision making
Support response and recovery
Reduce the risks of serious financial, operational and
other impacts
7. When dealing with a disruptive incident, there are number of actions that may need to be considered.
These should be included in documented procedures and include:
a) responding to and assessing the incident:
b) evaluating the incident assessment against activation criteria for each of the procedures; c)declaring an
incident and activating the procedures when activation criteria have been met;
c) stabilization, continuity, resumption and recovery activities;
d) establishing and running the incident management location;
e) prioritizing issues and activities to be undertaken in managing the incident and its impacts;
f) controlling and coordinating all activated procedures;
g) activating or establishing alternate sites for the restoration of IT or other infrastructure capability and for the
temporary operation of the activities;
h) monitoring the incident as it progresses;
i) reviewing and adapting plans in response to changing circumstances;
j) standing down of plans and return to routine management as sustainable capability is re-established;
k) conducting a debrief and identifying learning opportunities; and
l) ensuring good governance and collation and security of documentation generated during the management
and recovery from the incident.
9. Major plan components
Reduction and
Prevention
Response
Recovery
Restoration and
Return
– Risk Analysis
– Controls
– Vulnerability Corrections
– Business Impact Analysis
– Testing/exercise and training
– Initial Shock and Personnel Evacuation/Safety
– Damage Assessment and Security
– Notification and Disaster Declaration
– Assembly & movement to holding areas
– Vital Records and Critical Functions Recovery
– Transportation of essential personnel
– Resumption of critical business functions
– Recovery of essential support systems/technology
– Grow to full operational capacities
– Salvage operations and damage assessment
– Facilities restoration or reconstruction
– Restoration of all support functions/systems/technology
– Return to “business-as-usual”
EVENT
TIME
10. BCMS should at least contain:
1. Incident response plan;
2. Emergency response plan;
3. Crisis management plan;
4. Recovery plan;
5. Restoration plan;
6. Communication plan;
7. Training and awareness plan.
8. The business continuity organization
9. Escalation procedures
10. Notification Groups
11. Command Centers
The different plans should follow the same guidelines on the plan
development process, format, structure, etc.
11. Other documented plans could be:
Incident plan
Interruption plan
Disaster Recovery plan
Evacuation plan
Media response plan
Supplier service plan
12. The planning process should minimally intent to:
1. Appoint a responsible for the plan;
2. Define the strategy, approach, scope and the objectives of the plan;
3. Decide the structure, format and components of the plan;
4. Gather information to populate the plan;
5. Draft the plan and circulate the draft of the plan for consultation, review and
challenge;
6. Gather feedback and review from consultation of the stakeholders;
7. Publish the plan after formal approbation;
8. Use the plan in the operations;
9. Ongoing exercising, review, testing and maintenance of the plan to keep it
effective, update plan as appropriate.
13. 4.Gather information to populate the plan;
a) objectives and measures of success in terms of prioritized activities;
b) activation criteria and procedures;
c) implementation procedures;
d) roles, responsibilities, and authorities;
e) communication requirements and procedures;
f) internal and external interdependencies and interactions;
g) resource requirements; and
h) information flow and documentation processes.
14. » Plan scope and objectives
» Major plan components - format and structure
1. BCMS Organisation
2. The BCMS Plan Structure
3. Planning assumptions
4. Scenario to execute plan, Disaster Definition
5. Escalation/Notification Procedures
6. Command Centers
» Crisis Management plan elements
» Emergency response plan element
» Business recovery organisation and responsibilities (Recovery Team Concept)
» Business recovery plan elements
Design and develop the BCMS plan:
15. Not included in the plan:
• Results of risk analysis
• Result of BIA
• Result of strategy analysis
• Result of exercises
16. • Business Continuity Planning considerations
• Each organisation is unique
• Tailored plan
• Design flexibility
• Business Continuity Planning concerns
• Minimised dependency on specific individuals
• Ensure establishment of critical decisions
• Minimised dependency on outside entities
• Ensure completeness
Design and develop the BCMS plans:
17. Design and develop the BCMS plan:
Plan Elements - Required Preparations
People: Assignments, Responsibilities, & Training
Sites: Selection and environmental preparation
Data and Master Files: Inventory & Backup
Software Systems: Inventory & Backup
Application Systems: Inventory & Backup
Hardware: inventory, agreements, documentation
Communications: current, backup, & planned
18. Design and develop the BCMS plan:
Plan Elements - Required Preparations
Transportation: emergency requirements
Supplies: critical items - vendors
Documentation: inventory & off-site backup
Other equipment
Vendor contracts, etc...
Test plans
........
........
19. Design and develop the BCMS plan :
The teams concept
- Crisis Management
- Emergency Management Team
- Emergency Response Teams
o Damage assessment
o Real estate
- Recovery teams for critical business functions
o Facilities recovery teams
o Business functions recovery teams
o Supporting teams
- Teams formed by members from:
o Management
o Business unit personnel most familiar with critical business functions
to ensure effective recovery
21. Who will execute recovery actions
• Crisis Management Team
- Senior Management
- Plan Manager
- Public/Finance
• Emergency Management Team
• Response/Recovery teams
- Network operation teams
- Service operation teams
- Information system support teams
- Other teams
Recoveryteam,switch Recoveryteam,NMC Recoveryteam,IT RecovryTeam,CallCenter RecoveryTeam,NewServices
EmergencyManagement
CrisisManagement
23. “.....is the time between the point of disruption and the
point at which most critical functions must be
operational AND updated to current status.”
time
Recovery
of
Operations
Critical
Systems
Operational
with Current &
Accurate Data
Recovery Time Frame
The time within which Business Processes must be
restored at acceptable levels of operational capability to
minimize the impact of an outage
Point of
Disruption
When business functions and operations must recover
24. Where to go to recover business & operational functions
30. Implementing BCMS plans :
Disaster operations time line
Advance Warning
Crisis Occurs
Emergency Response
Recovery Effort
Restoration Effort
Resumption - Critical Functions
Return home
31. Personnel-oriented programs (evacuation and safety programs)
Escalation, notification, and plan activation
Vital records and off-site storage program
Data/information loss limitations
At response, recovery,
Exercising
Evidence of management preparedness for internal/external parties
Compliance with legal regulatory and governance requirements
How is the documentation used