2. What is Business Continuity ?
Business contingency is the practice of formally preparing for
variations in the business environment.
These variations can be of any kind, but the primary aim of
business contingency planning is to ensure the survival of an
organization by preparing for, reacting to, and adjusting to
those variations.
Business continuity(BC) refers to the ability of a business to
maintain continuous operations in the face of disaster
3. Continuous availability of IT
continuous availability to be ensured since
organisations have become dependent on
technology and if information technology
(IT) resources suddenly become unavailable,
all supporting business processes of that
organization generally cannot continue, and
this threatens the survival of an
organization
4. What can disrupt your business ?
Fire Flood Terrorism
Hackers Power Network Troubles
5. Success, recovery or failure?
Fully tested
effective BCM
A
B
Level of business
No BCM – lucky
escape
C No BCM –
usual outcome
Critical
recovery point
Time
6. THE BUSINESS CONTINUITY MANAGEMENT CYCLE
Understanding
Your Business
1
Exercising, Business
Maintenance 5 BCM 2 Continuity
and Audit Strategies
Managem
P
Programme
Management
4 3
Develop and
Building & Implement BCM
Embedding a Plans & Solution(s)
BCM Culture
7. Building Business Continuity Plan
form a core team from all segments of the business or
organization
review all of the existing BC plans (if available).
understand the benefits of developing a BCP policy
statement
Establish Project Objectives and Deliverables
8. Step 1. Project Initiation
Identify customer and business requirements
Identify external dependencies (i.e., government, industry, and
legal)
Perform a business risk assessment
Obtain management support
Implement project planning and control process
9. Step 2. Business Impact Analysis
Define criticality criteria
Identify vital business processes, applications, data, equipment,
etc.
Determine impact on business processes
Identify interdependencies
Define recovery time objectives
10. Step 3. Recovery Strategies
Identify process and processing alternatives and offsite data
backup alternatives
Identify communications backup alternatives
Identify recovery strategy alternatives (replace, outsource,
manual, etc.)
Formulate strategy based on optimum cost-benefit and risk
Review strategy with recovery teams, management, and
customers
11. Step 4. Plan Development
Define disaster recovery teams, authority, roles, and
responsibilities
Develop notification and plan activation procedures
Create emergency response procedures
Create detailed recovery procedures
Develop plan distribution and control procedures
12. Step 5. Plan Validation/Testing
Develop test plans and objectives
Conduct simulations
Perform tests
Evaluate test results
Perform plan process improvements based on test results
13. Step 6. Maintenance and Training
Develop BCP maintenance process
Consolidate revision information
Develop revised BCP, as required
Create corporate awareness program
Develop BCP-specific training program
15. Needs Analysis and Initiation Phase
Match system requirements to their related operational
processes
Identify Very high system availability requirements –
redundant, real-time mirroring at an alternate site and fail-over
capabilities to be built into the design
Evaluate IT system to determine recovery priority
16. Development/Acquisition Phase
Incorporate redundancy and robustness directly into the system
architecture to optimize reliability, maintainability, and availability
during the Operation/Maintenance Phase
Set priorities of recovery if multiple applications are set as contingent
measures.
• Consider redundant communications paths;
• lack of single points of failure;
• enhanced fault tolerance of network components and interfaces;
• power management systems with appropriately sized backup power sources; load
balancing; and data mirroring and replication to ensure a uniformly robust system.
Address requirements for the alternate site
17. Implementation Phase
Develop a test plan
Test accuracy and effectiveness of technical features
and recovery procedures of contingency strategies
Clearly document the contingency measures in the
contingency plan
18. Operation and Maintenance Phase
Conduct training and awareness programme on contingency
plan procedures to users, administrators, and managers
Ensure Exercises and tests and make it continue to be
effective
Regular backups should be conducted and stored offsite
Update plans to reflect changes to procedures based on
lessons learned
19. Disposal Phase
Current system (Legacy) is replaced with a new system
Do not neglect contingency considerations until the new
system is operational & fully tested
The legacy system itself can become a backup system.
The legacy system can be used as a test system for the new
system to identify its potentially disruptive system flaws.