3. BCM Institute Started in January 2005. Provide competency based BC-DR training to all levels. Certify BC-DR professionals globally. Started Certification programme in April 2007. More than 1500 professionals from 850 organizations and 40 countries.
5. Business Continuity Management or Risk Management? Aligning Expectations for Business Strategies Dr. Goh Moh Heng PhD BCCE DRCE BCCLAPresident, BCM Institute and Managing Director, GMH Continuity Architects
6. Agenda BC Planning Methodology Risk Analysis and Review Risk Assessment Process Step-by-stepAchieving Certification
7. BCM Planning Methodology Source: Goh, Moh Heng (2008): Analyzing and Review the Risk for Business Continuity Planning ISBN: 978-981-05-9215-8
11. Identify Threats Man-Made Toxic and radioactive contamination Sabotage (both external and internal) Riot, civil disorder and coup Fraud and embezzlement Accidental explosion (on and offsite) Water leak and plumbing failure Workplace violence Terrorism Aircraft crash Vandalism Arson Physical asset theft Misuse of resources Building and physical security weakness Fire Natural Tornado (wind storm) Thunderstorm and hail storm Lightning and electrical storm Snow and winter ice storm Typhoon and hurricane Flood and other water-based incident Earthquake Mudslide Volcanic eruption and ash fallout Tsunami Large natural fire Epidemic and pandemic
12. Identify Threats Business Power outage Labor dispute Employee turnover and single point of failure Unavailability of key personnel Human error Gas outage Water outage Loss of transportation Single source suppliers Information Technology Voice and data telecommunication failure IT equipment failure Human error from programmers and users Security vulnerability Data and software sabotage In-house developed application failure HVAC failure Defective software
13. Analyse Risks Estimate the risk likelihood of occurrence Identify risk impact of the threat materializing Determine risk (rating) level
16. Risk Analysis Process Controls What is cost for the Controls to be implemented? What Controls are in place? Risk Rating What is the potential loss exposures to business? How does the threat affect business operations? What is the likelihood that the threat will adversely affect business operations? Threats Risk Likelihood What is the effects on people, infrastructure, facilities, and systems? Risk Impact What are the adverse events that can occur?
21. Risk Treatment Explore Risk Treatment Strategies for risks deemed unacceptable Document reasons for selection of strategy for each risk treatment
22. Risk Analysis Process Controls What is cost for the Controls to be implemented? What Controls are in place? What risk treatment? Risk Rating What is the potential loss exposures to business? How does the threat affect business operations? What is the likelihood that the threat will adversely affect business operations? Threats Risk Likelihood What is the effects on people, infrastructure, facilities, and systems? Risk Impact What are the adverse events that can occur?
26. Risk Analysis and Business Continuity Planning Process Risk Treatment Strategies Treatment for risks that could potentially interrupt business operations
31. THANK YOU Dr Goh Moh Heng President Mobile: +65 96711022 Tel: +65 63231500 Fax: +65 63230933 Email: moh_heng@bcm-institute.org
Notas do Editor
BCM Institute Leading global Business Continuity (BC) & Disaster Recovery (D R) Institute. Established in 2005. Offers a wide range of quality BC and DR courses. Certified over 1,250 professionals from 36 countries.
This table is a guide on the severity of the impact caused by the threat that occurred.