1) Barbro Thöyrä is the owner of CeBeLOT and has extensive experience and qualifications in business continuity management, ISO standards, disaster recovery, and risk management. 2) She has worked in various IT and management roles and has experience developing business continuity services and manuals. 3) She is an approved trainer for business continuity certification and provides training and consulting services internationally.

2. Barbo Thöyrä
Owner of CeBeLOT
Barbro Thöyrä, MBA, holds certificates in ISO 22301 Master and Lead Auditor, ICT Disaster
Recovery Manager, ISO 28000 Provisional Implementer, PECB Certified Outsourcing Manager and DRI
Risk Management. She is an approved PECB and DRI trainer and BCI Instructor. She has several years of
experience as an IT manager, product manager and subject matter expert in
BCMS. She has worked as senior consultant, project management, IT architect, wrote manuals and
developed services within BCMS and CRM. Furthermore, she is a trainer in IT and BCMS and carried out
several international BCMS and IT projects as an expert and project manager.
Contact Information
+46 (0)708794652
info@cebelot.se
www.cebelot.se
https://se.linkedin.com/in/barbro-thöyrä-119b0427

3. General information
- About me
- Content of this webinar
- Duration of the webinar
- Questions

4. Content of this webinar
• Why do we need to document
• What is included in the documentation
• How is the documentation used

5. Why do we need to document

6. Because:
A plan highlights the dependencies to :
a) Internal support functions
b) External vendors
c) Information that the critical operations depend on
Support at critical decision making
Support response and recovery
Reduce the risks of serious financial, operational and
other impacts

7. When dealing with a disruptive incident, there are number of actions that may need to be considered.
These should be included in documented procedures and include:
a) responding to and assessing the incident:
b) evaluating the incident assessment against activation criteria for each of the procedures; c)declaring an
incident and activating the procedures when activation criteria have been met;
c) stabilization, continuity, resumption and recovery activities;
d) establishing and running the incident management location;
e) prioritizing issues and activities to be undertaken in managing the incident and its impacts;
f) controlling and coordinating all activated procedures;
g) activating or establishing alternate sites for the restoration of IT or other infrastructure capability and for the
temporary operation of the activities;
h) monitoring the incident as it progresses;
i) reviewing and adapting plans in response to changing circumstances;
j) standing down of plans and return to routine management as sustainable capability is re-established;
k) conducting a debrief and identifying learning opportunities; and
l) ensuring good governance and collation and security of documentation generated during the management
and recovery from the incident.

8. What is included in the documentation

9. Major plan components
 Reduction and
Prevention
 Response
 Recovery
 Restoration and
Return
– Risk Analysis
– Controls
– Vulnerability Corrections
– Business Impact Analysis
– Testing/exercise and training
– Initial Shock and Personnel Evacuation/Safety
– Damage Assessment and Security
– Notification and Disaster Declaration
– Assembly & movement to holding areas
– Vital Records and Critical Functions Recovery
– Transportation of essential personnel
– Resumption of critical business functions
– Recovery of essential support systems/technology
– Grow to full operational capacities
– Salvage operations and damage assessment
– Facilities restoration or reconstruction
– Restoration of all support functions/systems/technology
– Return to “business-as-usual”
EVENT
TIME

10. BCMS should at least contain:
1. Incident response plan;
2. Emergency response plan;
3. Crisis management plan;
4. Recovery plan;
5. Restoration plan;
6. Communication plan;
7. Training and awareness plan.
8. The business continuity organization
9. Escalation procedures
10. Notification Groups
11. Command Centers
The different plans should follow the same guidelines on the plan
development process, format, structure, etc.

11. Other documented plans could be:
Incident plan
Interruption plan
Disaster Recovery plan
Evacuation plan
Media response plan
Supplier service plan

12. The planning process should minimally intent to:
1. Appoint a responsible for the plan;
2. Define the strategy, approach, scope and the objectives of the plan;
3. Decide the structure, format and components of the plan;
4. Gather information to populate the plan;
5. Draft the plan and circulate the draft of the plan for consultation, review and
challenge;
6. Gather feedback and review from consultation of the stakeholders;
7. Publish the plan after formal approbation;
8. Use the plan in the operations;
9. Ongoing exercising, review, testing and maintenance of the plan to keep it
effective, update plan as appropriate.

13. 4.Gather information to populate the plan;
a) objectives and measures of success in terms of prioritized activities;
b) activation criteria and procedures;
c) implementation procedures;
d) roles, responsibilities, and authorities;
e) communication requirements and procedures;
f) internal and external interdependencies and interactions;
g) resource requirements; and
h) information flow and documentation processes.

14. » Plan scope and objectives
» Major plan components - format and structure
1. BCMS Organisation
2. The BCMS Plan Structure
3. Planning assumptions
4. Scenario to execute plan, Disaster Definition
5. Escalation/Notification Procedures
6. Command Centers
» Crisis Management plan elements
» Emergency response plan element
» Business recovery organisation and responsibilities (Recovery Team Concept)
» Business recovery plan elements
Design and develop the BCMS plan:

15. Not included in the plan:
• Results of risk analysis
• Result of BIA
• Result of strategy analysis
• Result of exercises

16. • Business Continuity Planning considerations
• Each organisation is unique
• Tailored plan
• Design flexibility
• Business Continuity Planning concerns
• Minimised dependency on specific individuals
• Ensure establishment of critical decisions
• Minimised dependency on outside entities
• Ensure completeness
Design and develop the BCMS plans:

17. Design and develop the BCMS plan:
Plan Elements - Required Preparations
 People: Assignments, Responsibilities, & Training
 Sites: Selection and environmental preparation
 Data and Master Files: Inventory & Backup
 Software Systems: Inventory & Backup
 Application Systems: Inventory & Backup
 Hardware: inventory, agreements, documentation
 Communications: current, backup, & planned

18. Design and develop the BCMS plan:
Plan Elements - Required Preparations
 Transportation: emergency requirements
 Supplies: critical items - vendors
 Documentation: inventory & off-site backup
 Other equipment
 Vendor contracts, etc...
 Test plans
 ........
 ........

19. Design and develop the BCMS plan :
The teams concept
- Crisis Management
- Emergency Management Team
- Emergency Response Teams
o Damage assessment
o Real estate
- Recovery teams for critical business functions
o Facilities recovery teams
o Business functions recovery teams
o Supporting teams
- Teams formed by members from:
o Management
o Business unit personnel most familiar with critical business functions
to ensure effective recovery

20. The BCMS Plan
CLASSIC:
WHO - WHAT - WHEN - WHERE - HOW

21. Who will execute recovery actions
• Crisis Management Team
- Senior Management
- Plan Manager
- Public/Finance
• Emergency Management Team
• Response/Recovery teams
- Network operation teams
- Service operation teams
- Information system support teams
- Other teams
Recoveryteam,switch Recoveryteam,NMC Recoveryteam,IT RecovryTeam,CallCenter RecoveryTeam,NewServices
EmergencyManagement
CrisisManagement

22. What is needed to respond, recover business functions

23. “.....is the time between the point of disruption and the
point at which most critical functions must be
operational AND updated to current status.”
time
Recovery
of
Operations
Critical
Systems
Operational
with Current &
Accurate Data
Recovery Time Frame
The time within which Business Processes must be
restored at acceptable levels of operational capability to
minimize the impact of an outage
Point of
Disruption
When business functions and operations must recover

24. Where to go to recover business & operational functions

25. Detailed procedures for response and recovery
- how

26. Crisis
Management
Respons
team
Recovery
teams
Supporting
team
Emergency
management
Business continuity organization

27. Crisis
Management plan
Respons plan Recovery plan Supporting plan
Emergency
Management plan
Plan structure

28. How is the documentation used

29. Normal business
Incident
Crisis
Normal
org.
Crisis
org.

30. Implementing BCMS plans :
Disaster operations time line
Advance Warning
Crisis Occurs
Emergency Response
Recovery Effort
Restoration Effort
Resumption - Critical Functions
Return home

31. Personnel-oriented programs (evacuation and safety programs)
Escalation, notification, and plan activation
Vital records and off-site storage program
Data/information loss limitations
At response, recovery,
Exercising
Evidence of management preparedness for internal/external parties
Compliance with legal regulatory and governance requirements
How is the documentation used

32. Review
Organization changes
Major business process change
Changes of personal
IT services changes
Plan administration

33. THANK YOU
?
46 (0)708794652
info@cebelot.se
www.cebelot.se
https://se.linkedin.com/in/barbro-thöyrä-119b0427