Understanding Business Continuity Management System - Satya Yadav

1. From Crisis To Opportunity
Business Continuity Management
Satya Yadav
Recon Business Advisory (P) Ltd
www.reconglobal.in

2. OBJECTIVE
To provide a basic appreciation on the importance of
Business Continuity Management.
To provide an overview on implementing BCM.

3. BUSINESS CONTINUITY MANAGEMENT
A holistic management process which:
Identifies threats to an organization and their
impacts on business operations
Provides a framework for building organisational
resilience
Develops capability for an effective response
Safeguards interests of key stakeholders,
reputation, brand and value creating activities

4. NEED FOR BCM
Regulatory requirement:
Guidelines by regulators make it mandatory for organisations to develop & maintain a
business continuity plan
Strategic requirement:
A fundamental but differentiating parameter for clients while choosing a service provider
Compliance requirement:
Forms an important and integral part of Enterprise risk management
Branding requirement:
Improves customer confidence in an organisation
Certification requirement:
ISO 22301 allows an organizations to be certified in Business Continuity

5. HISTORY OF BCM
Holistic
Contingency Plans
Organisation wide
Contingency Plans
IT or Technical
Contingency Plans
3
2
Alternative
Planning/Plan B
1
4
Business Continuity
Planning
Disaster recovery
Planning
Fallback Plans,
Contingency
Plans
Business Continuity
Management

6. BCM LIFECYCLE
Awareness & Training
Exercising & Testing
Audits
BCM Maintenance
Continual improvement
Exercising &
Testing
Business Continuity
Procedures for :
Response, Resumption,
Recovery, Restoration
Understanding
the
Organisation
BCM
PROGRAM
MANAGEMENT
Developing &
Implementing
BCM
Response
BCM Terms of
Reference
Determining
BCM
Strategies
BIA
Risk Assessment
BCM Policy
BCM Handbook

7. PHASES OF BCMS
Monitor
&
Response
Recover
&
Resume
Rectify
&
Restore
Migrate
&
Normalize
PHASES
Prevention
Response
Recovery &
Resumption
Restoration
Normalisation
Emergency
Response,
Crisis
Management,
Public Relations
Business
Resumption
Plans, Disaster
Recovery Plan
Damage
Restoration,
Includes
installation &
commissioning
Migration, Restart
of all business
functions, Stand
Down
ACTIONS
Risk Management
Pre - Incident
Incident
Post - Incident

8. WHY WE NEED BCM STANDARDS?
Suppliers
Customer
Regulators
Your
Organisation
Business
Partners
Vendors
System Up Time (computing, data,networks, etc.)
Environment
Legal & Regulatory Duties
Infrastructure Dependence (power, voice, data,
logistics, food)

9. INCİDENT TİMELİNE

10. BCMS ISO 22301 METHODOLOGY
1.
Project
Initiation
4.
Develop BCM
Strategies
7.
Awareness &
Training
2.
BIA
5.
Develop BC
Plans
8.
Exercising &
Testing
3.
Risk
Assessment
6.
Implement
BCMS
9.
Evaluation &
Improvement
PROJECT MANAGEMENT & REPORTING

11. Management
Commitment
Develop
BCM Policy
BIA & RA
BCM
Strategies
and Plans
Implement
BCMS
Exercise
& Test
Evaluate &
Improve
Forming a BCM Steering Committee.
Identify Key/Critical Services.
Determine exclusions from the BCM scope.
Deciding on implementation timelines.
Function Heads to nominate SPoCs from their respective business
functions.

12. Management
Commitment
Develop
BCM Policy
BIA & RA
BCM
Strategies
and Plans
Implement
BCMS
Exercise
& Test
Identify Business Continuity Objectives of the organisation.
Define acceptable levels of risk.
(Finance, Delivery, Legal/Regulatory, Reputation, etc.)
Identify Statutory, Regulatory, and Contractual obligations.
Identify interested parties and their interests.
(Customers, Employees, Environment, Regulatory Bodies, Shareholders, Public Bodies, etc.)
Define BCM policy around the BC scope and objectives.
Take approval of the Policy and communicate to all.
Evaluate &
Improve

13. Management
Commitment
Develop
BCM Policy
BIA & RA
BCM
Strategies
and Plans
Implement
BCMS
Exercise
& Test
Evaluate &
Improve
Identify business impact, MAO, RTO, MBCO, and process criticality for
various Processes.
Identify resource dependencies for all processes.
Employees, IT, Non IT, and Third party
Identify threats to high/medium criticality processes. Evaluate Present
controls and calculate risk exposure .
Devise treatment plan for various risks
Treat, Tolerate, Transfer, Terminate
Functional leaders to approve and sign off their respective BIA

14. Management
Commitment
Develop
BCM Policy
BIA & RA
BCM
Strategies
and Plans
Implement
BCMS
Exercise
& Test
Determine number of processes with critical RTO
Determine the resource requirements for these Processes
Determine backup options for resuming these processes after an
incident
Cost Benefit Analysis and finalise continuity strategies
Devise BCM Plans
Incident Response, IT DR, Work-area recovery, BCP, Crisis Communication, etc.
Evaluate &
Improve

15. Management
Commitment
Develop
BCM Policy
BIA & RA
BCM
Strategies
and Plans
Implement
BCMS
Exercise
& Test
Evaluate &
Improve
Function leaders are owners of their respective BC Plans.
All BC plans will be validated and implemented in the various functions.
Preparation for BCM strategies and various BC plans to be
implemented at Function level.
BCM Program Manager to Co-ordinate implementation.
Training and awareness of all stakeholders on the various BC plans.

16. Management
Commitment
Develop
BCM Policy
BIA & RA
BCM
Strategies
and Plans
Implement
BCMS
Exercise
& Test
Evaluate &
Improve
Design procedure for BCM tests.
Determine and communicate test schedule
Conduct BCM test – Business Functions to participate in coordination
with BCM program Manager.
Carry out a post test analysis – identify lessons learnt.
Plug identified gaps through corrective actions.

17. Management
Commitment
Develop
BCM Policy
BIA & RA
BCM
Strategies
and Plans
Implement
BCMS
Exercise
& Test
Evaluate &
Improve
Carry out Corrections/Corrective actions on the occurrence of any
incident/audits/tests, etc.
Function Heads to assign SPoCs to carry out corrective actions,
periodic review, and maintenance of BC Plans.
Need based or scheduled review of BC Policy, BCM objectives, BIA,
RA, BC plans, etc.
Incorporate changes after review, if required.
Continual improvement of BCMS – All business functions to proactively
participate.

18. TAKE AWAYS
BCM is a program and not a project.
The initial development of a BC Plan is a tedious and time consuming activity.
It needs to be given adequate attention to be successful (i.e. workable)
The responsibility and success of BCM rests on every business Function’s
shoulder.
All Functions have to earmark BCM SPoCs and spare them for BCM
participation for a minimum no. of man-hours each month.
All Head of Functions are owners of their Function’s Business Continuity.
There participation is absolutely necessary.
Top Management support and participation is absolutely necessary.
An annual budget should be allocated for the running & maintenance of the
BCM program

19. Recon Business Advisory
Recon is a premium business risk consultancy committed to the Growth, Security, and
Continuity objectives of its clients. Through the breadth of our service offerings and the depth
of our domain expertise we ensure that you enjoy the highest standards of service delivery on
time, every time. We are a passionate lot, enjoy what we do, and excited at opportunities to
delight our clients with our industry leading delivery.
Our Continuity Practice provides the following services:
1. Current state assessments of your organisation’s BCMS
2. Planning, Implementing, and Testing your BCMS
3. Preparing your organisation for ISO 22301 Certification
4. Training programs on – Business impact analysis, Risk Assessment, BCM, etc.
5. BCM Awareness Tools - Off the shelf / Custom designed Posters, Wallpapers,
Screensavers, Games, Audio/Video awareness tools, etc.

20. Plans Are Nothing,
Planning Is Everything!
Recon Business Advisory (P) Ltd
www.reconglobal.in | info@reconglobal.in
New Delhi - +91 813098 6963 | 011-6464 6963