Business Continuity Planning

John Wilson
John WilsonSelf Employed Consultant em your-local-website pty ltd
Business                                                   JW
                                                              JW
                                                              T
                                                              T
                                                                JW
  Disaster
                                                                T


         Continuity
         Recovery
            Planning (BCP)
                                               Planning (DRP)
                                             Fundamentals

                            Fundamentals
                          Fundamentals Wilson
                                   John

                                         John Wilson Wilson
                                               John
Copyright © 2004   T. John Wilson & Associates P/L
Copyright © 2004   T. John Wilson & Associates P/L
Business Continuity Planning –                 JW
                                                          T


                    What is it ?
In broad terms it is a plan to cater for continuing in
business, in the event of a major disaster, both from a
business process and ICT recovery perspective.
By definition, it is a Business Plan, which
encompasses similar terms such as:
  – Disaster Recovery Planning (usually IT
     environment)
  – Risk Assessment/Management
  – Contingency Planning
It is supported by two AS/NZS Standards:
  – AS/NZS 4360:1995 for Risk Management
  – AS/NZS 4444:1996 for Business Continuity
     Planning




Copyright © 2004   T. John Wilson & Associates P/L
Why do we need to Plan for Disasters                   JW
                                                           T


                    ?
   We need to assess the potential risks to the
   organisation, which could result in disasters or
   emergency situations
   We need to consider all the possible incident types,
   and the impact they may have on the organisation’s
   ability to continue in business
   We need to plan for resuming business (not just ICT),
   in the event of a disaster
   40% of major companies that experience a serious
   disaster go out of business within one year


                                     WHY ?

Copyright © 2004   T. John Wilson & Associates P/L
Answer                                         JW
                                                                  T

                                                     Earthquake
 The process of resuming
 normal business is:

       • Too Traumatic

       • Too Difficult

       • Too Expensive



There has been little or no Planning & Preparation
to minimise the impact of a Disaster
Copyright © 2004   T. John Wilson & Associates P/L
JW
                                                     T

                              What is a Disaster ?
Act of God:
   Earthquake
   e.g. Kobe, Turkey
   Cyclone/Hurricane
   e.g. Florida
   Floods
   e.g. Nyngan, Bangladesh
   Bushfires
   e.g. Australia, California
Act of Man:
   Accident e.g. Plane Crash, Train Crash
   Terrorism e.g. World Trade Centre, Bali
   Sabbotage e.g. Network Hacking, Staff Grievance
Copyright © 2004   T. John Wilson & Associates P/L
BCP in Perspective                     JW
                                                                  T


   For a business to continue/survive after a disaster,
   3 main preparatory disciplines are needed:
    –   Business Impact, Risk Assessment & Management (ongoing)
    –   Business Continuity Planning (non-IT & ongoing)
    –   Disaster Recovery Planning (IT only & ongoing)
   A business ignores
   these at its peril !!!




Copyright © 2004   T. John Wilson & Associates P/L
BCP/DRP Becoming Mandatory –                                        JW
                                                                             T



                                               WHY ?



     Other than Employees, Information/Data is a company’s most valuable asset –
     this may be computerised or on paper.
     Can the business continue operating manually, if computers
     are not available ?
     Business is becoming increasingly dependent on computerisation and technology
     Auditors are demanding it
     Insurers are demanding it
     Shareholders are holding management responsible for having it



Copyright © 2004   T. John Wilson & Associates P/L
Requirements for                                         JW
                                                                T

    Getting Something Done


The knowledge of how to do it
The skill to do it
The time in which to do it
The desire/motivation to do it
Problem: Requirements may be for Constructive or
Destructive reasons
Motivating Factor: The individual’s Attitude or Frame of Mind




Copyright © 2004   T. John Wilson & Associates P/L
Pyramid of Needs                                      JW
                                                                     T

                   (Abraham Maslow, in the 1920’s)


                                     I
                                   am
   Motivation                     making             Self-Actualisation
                                 the best
    Theory                      of myself
                              Respect of
                         family, friends etc.        Esteem
                             Acceptance by
                      family, friends & workmates    Love Needs
                        Safety (physical) and
                         Safety from Worry           Safety Needs
                     Food, Warmth, Shelter, Sex
                                                     Psychological
Theory: “Once needs have been met at                 Needs
                   one particular level, they
                   cease to be motivators”
Copyright © 2004   T. John Wilson & Associates P/L
Start with Management by:             JW
                                                                 T



     Getting their commitment & support by:
          Educating them on the changing/increasing role of IT
          Explaining the risks & implications to them
          Identifying the cost of not having a BCP/DRP
          Getting them involved in initial planning
          Getting their commitment – both financial & People
     Making BCP/DRP a Corporate Policy




Copyright © 2004   T. John Wilson & Associates P/L
Corporate Policy Guidelines should:                     JW
                                                                T



     Demonstrate that management is serious about BCP/DRP
     Involve Legal, Financial and Audit departments to reinforce it
     Emphasise the importance of corporate procedures and data and the
     need to protect it
     Define the minimum requirements to allow the business to recover
     after a disaster
     Be delivered to all employees concerned in an authorative manner




Copyright © 2004   T. John Wilson & Associates P/L
AS/NZS 4444:1996 (Section 9) states that                    JW
                                                                     T
                  a BCP should cover:
Identification/Prioritisation of critical business processes
Identification of potential impact of various types of disaster on
business activities
Identification & Agreement of responsibilities and emergency
arrangements
Documentation of agreed processes and procedures
Education of staff in the execution of these procedures
Testing of the BCP
Ongoing updating of the BCP




Copyright © 2004   T. John Wilson & Associates P/L
Perspectives of Business               JW
                                                     T



                Continuity Planning:

   The following perspectives should be
   central to creating a BCP:
   Prevention: What can be done to
   minimize the likelihood of a crisis ?
   Detection: What can be done to ensure
   timely detection of a crisis ?
   Correction: What can be done to ensure
   optimum response to recovering from a
   crisis ?


Copyright © 2004   T. John Wilson & Associates P/L
Phases of                                 JW
                                                               T

             Business Continuity Planning
To begin with, it is imperative to focus on the “Minimum”
 requirements to allow the business to continue – avoid a   Rolls
Royce solution which becomes too costly and impractical to implement
and maintain. Then focus on:

Risk Assessment

Business Impact Analysis

Strategy Planning
 & Agreement

Plan Development

Testing/Maintenance

Copyright © 2004   T. John Wilson & Associates P/L
Risk Assessment                          JW
                                                                  T




   This is the first step towards a Business Continuity Plan
   (BCP)
   Ideally it should be a Management Workshop which
   identifies the Critical Business Processes & Risks which
   the business faces (both IT & non-IT), and the likelihood of
   them happening
   These risks should then be placed in descending order of
   priority/seriousness
   These should be documented
    for later input to the BCP and
    be part of Risk Management
    Policy
    …..see next slide
Copyright © 2004   T. John Wilson & Associates P/L
Risk Assessment Table                                           JW
                                                                             T



  A Risk Assessment Table, including Target Recovery Timescales, should be prepared,
  containing the following headings:
   – Risk Ref No (in descending order of priority)
   – Description
   – Extent (of loss to the business)
   – ODDS (of occurring) – Low, Medium, High or Extreme
   – Impact (on the business) - L, M, H or E
   – Risk (of it happening) - L, M, H or E
   – Maximum Allowable Outage (Days)
   – BCP Action (Xref to appropriate section)

  Business Processes rated H or E should
  be given highest priority




   Note: This table should logically follow the Overview in the BCP itself
Copyright © 2004 T. John Wilson & Associates P/L
Risk Management                                      JW
                                                                              T




       AS/NZS 4360:1999 Standard definition:

       “ The systematic application of management policies, procedures and
       practices to the tasks of identifying, analyzing, assessing, treating and
       monitoring risk”
       The standard also recommends the scope to cover an interruption
       period of 0 - 14 days. A period longer than that is significantly less
       probable




Copyright © 2004   T. John Wilson & Associates P/L
Business Impact Analysis                          JW
                                                               T



     Management need to have structured analythical
     information on:
      – Critical business activities & associated computer
        systems
      – Critical timeframes for each activity
      – Consequences (Direct & Indirect) of these activities
        being unavailable
      – Mimimum resources required for each activity




Copyright © 2004   T. John Wilson & Associates P/L
Strategy Planning & Agreement                 JW
                                                            T




   Management should workshop, identify & agree the strategies for
   Business Continuity in the event of a disaster
   Multiple strategies may be needed depending on size and
   business nature of the organisation
   Alternative manual processes may be needed if IT environment is
   not available
   Minimum requirement is to
   enable business to continue
   operating




Copyright © 2004   T. John Wilson & Associates P/L
Plan Development                                                           JW
                                                                             T



  (Typical Contents)


       Action Plans: Basic instructions for incident containment, communications
     policies, notification guidelines
     General Supporting Policies: Operation, Maintenance, Testing, Training &
     Distribution of the plan
     Background Information: Decisions on which BCP is based – agreed definitions,
     scope, scenarios considered and relationship to IT DRP
     Checklists and Forms
     Recovery Strategies: Documentation for recovery and resumption of critical
     business processes, including personnel involved
     Contact Details: of all key personnel who would be involved in the execution of
     the BCP.
Copyright © 2004 T. John Wilson & Associates P/L
JW
                                                                         T

                           BCP Essentials
   BCP outputs can vary depending on the size and complexity of the
   business, however….
   To be effective any BCP must be kept as simple as possible and must
   still address two major areas:
   1. Logistics: High level information on:- Where to recover to; business
   priorities; plan activation; checklists
   2. Operational: Pre-existing procedures/processes which may require
   manual operation to address the needs of Business Continuity Planning




Copyright © 2004   T. John Wilson & Associates P/L
JW
                                                                T

              BCP Minimum Essentials

       Every BCP must address at a minimum:
        – Initial recovery and/or continuity of business operations
        – Activities necessary to maintain operations in crisis mode
        – Return of the business operations to the original
          locations/state (resumption procedures)




Copyright © 2004   T. John Wilson & Associates P/L
Putting it into Action                        JW
                                                                 T


      Testing the plan is essential – otherwise it is hypothetical
      A role-playing workshop involving key personnel is a good
      approach to testing
      Focus on the manual requirements for Business Continuity
      e.g. ensure key suppliers are involved:
       – Spare cheque books at bank
       – Stock of company letterhead, order books, invoices at
         print supplier




Copyright © 2004   T. John Wilson & Associates P/L
JW
                                                              T

                                    Summary
BCP Focus needs to be on Minimum Requirements to keep
business operating
Remember it is an interim arrangement – not permanent
Apply the KISS principle - keep it basic and simple, otherwise it
will be unworkable
Keep the planning at management level, otherwise interest
groups get involved, making it unworkable
Ensure the BCP gets updated to reflect changes in the business




Copyright © 2004   T. John Wilson & Associates P/L
JW
                                                                           T



  Q                               st i on
                                  ?    p pens
                                                 ! ….
                                                          just in
                                                                  case
                                                                       !
                              v er ha             pared
                                                        –
                      e it ne             be pr
                                                e
            Let’ s hop     …. Bu
                                  t let’s




Copyright © 2004   T. John Wilson & Associates P/L
1 de 25

Recomendados

Business Continuity Workshop Final por
Business Continuity Workshop   FinalBusiness Continuity Workshop   Final
Business Continuity Workshop FinalBill Lisse
3.7K visualizações51 slides
Business Continuity Planning por
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planninggcleary
2K visualizações30 slides
Business Continuity Planning por
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planningalanlund
9.4K visualizações18 slides
Business Continuity Management por
Business Continuity ManagementBusiness Continuity Management
Business Continuity ManagementDiane Christina
6K visualizações19 slides
What is business continuity planning-bcp por
What is business continuity planning-bcpWhat is business continuity planning-bcp
What is business continuity planning-bcpAdv Prashant Mali
5.5K visualizações79 slides
Business Continuity Management por
Business Continuity ManagementBusiness Continuity Management
Business Continuity ManagementECC International
3.7K visualizações16 slides

Mais conteúdo relacionado

Mais procurados

Business continuity for SMEs por
Business continuity for SMEsBusiness continuity for SMEs
Business continuity for SMEsreedgrace1
458 visualizações17 slides
Business Continuity Planning Presentation Overview por
Business Continuity Planning Presentation OverviewBusiness Continuity Planning Presentation Overview
Business Continuity Planning Presentation OverviewBob Winkler
7.3K visualizações32 slides
Business Continuity Management PowerPoint Presentation Slides por
Business Continuity Management PowerPoint Presentation SlidesBusiness Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation SlidesSlideTeam
6.4K visualizações52 slides
business-continuity-management-awareness-presentation-for-mampu2929 por
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929Andy Willams
871 visualizações49 slides
Business Continuity Planning por
Business Continuity PlanningBusiness Continuity Planning
Business Continuity PlanningInstitute for Business Continuity Training
173 visualizações30 slides
Bcm Roadmap por
Bcm RoadmapBcm Roadmap
Bcm Roadmapbtrmuray
1.9K visualizações7 slides

Mais procurados(20)

Business continuity for SMEs por reedgrace1
Business continuity for SMEsBusiness continuity for SMEs
Business continuity for SMEs
reedgrace1458 visualizações
Business Continuity Planning Presentation Overview por Bob Winkler
Business Continuity Planning Presentation OverviewBusiness Continuity Planning Presentation Overview
Business Continuity Planning Presentation Overview
Bob Winkler7.3K visualizações
Business Continuity Management PowerPoint Presentation Slides por SlideTeam
Business Continuity Management PowerPoint Presentation SlidesBusiness Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation Slides
SlideTeam6.4K visualizações
business-continuity-management-awareness-presentation-for-mampu2929 por Andy Willams
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929
Andy Willams871 visualizações
Bcm Roadmap por btrmuray
Bcm RoadmapBcm Roadmap
Bcm Roadmap
btrmuray1.9K visualizações
BCP Awareness por Imad Almurib
BCP Awareness BCP Awareness
BCP Awareness
Imad Almurib7.3K visualizações
Bcp drp por aqel aqel
Bcp drpBcp drp
Bcp drp
aqel aqel3.6K visualizações
Assess Your Business Continuity Management Process por Anand Subramaniam
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management Process
Anand Subramaniam4K visualizações
Business Continuity Planning por Dipankar Ghosh
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
Dipankar Ghosh2.2K visualizações
Business Continuity Planning por Bharath Rao
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
Bharath Rao12.8K visualizações
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx por JayLloyd8
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptxBUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
JayLloyd8296 visualizações
Business Continuity & Disaster Recovery por EC-Council
Business Continuity & Disaster RecoveryBusiness Continuity & Disaster Recovery
Business Continuity & Disaster Recovery
EC-Council762 visualizações
Business continuity & disaster recovery planning (BCP & DRP) por Narudom Roongsiriwong, CISSP
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)
Narudom Roongsiriwong, CISSP51.6K visualizações
Business continuity planning and disaster recovery por KrutiShah114
Business continuity planning and disaster recoveryBusiness continuity planning and disaster recovery
Business continuity planning and disaster recovery
KrutiShah114499 visualizações
9 Bcp+Drp por Alfred Ouyang
9 Bcp+Drp9 Bcp+Drp
9 Bcp+Drp
Alfred Ouyang6.4K visualizações
Business continuity management www.reconglobal.in por Satya Yadav
Business continuity management   www.reconglobal.inBusiness continuity management   www.reconglobal.in
Business continuity management www.reconglobal.in
Satya Yadav3.3K visualizações
Business continuity por Alka Mehar
Business continuityBusiness continuity
Business continuity
Alka Mehar110 visualizações
Business Impact Analysis - The Most Important Step during BCMS Implementation por PECB
Business Impact Analysis - The Most Important Step during BCMS ImplementationBusiness Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS Implementation
PECB 3.6K visualizações

Destaque

BUSINESS CONTINUITY PLANNING por
BUSINESS CONTINUITY PLANNINGBUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNINGHealth Informatics New Zealand
2.3K visualizações20 slides
Business Continuity Plan (Introduction) por
Business Continuity Plan (Introduction)Business Continuity Plan (Introduction)
Business Continuity Plan (Introduction)Hafiza Abas
3.6K visualizações15 slides
Business continuity planning por
Business continuity planningBusiness continuity planning
Business continuity planningSandeep Kashyap
1.4K visualizações33 slides
Business Continuity: Plan, Prepare, Prevent por
Business Continuity: Plan, Prepare, PreventBusiness Continuity: Plan, Prepare, Prevent
Business Continuity: Plan, Prepare, PreventNational Restaurant Association
2.4K visualizações26 slides
Business Continuity Planning Seminar por
Business Continuity Planning SeminarBusiness Continuity Planning Seminar
Business Continuity Planning Seminarcmckinney
3.1K visualizações56 slides
Business Continuity Plan por
Business Continuity PlanBusiness Continuity Plan
Business Continuity PlanPlash Chowdhary
6.6K visualizações10 slides

Destaque(17)

Business Continuity Plan (Introduction) por Hafiza Abas
Business Continuity Plan (Introduction)Business Continuity Plan (Introduction)
Business Continuity Plan (Introduction)
Hafiza Abas3.6K visualizações
Business continuity planning por Sandeep Kashyap
Business continuity planningBusiness continuity planning
Business continuity planning
Sandeep Kashyap1.4K visualizações
Business Continuity Planning Seminar por cmckinney
Business Continuity Planning SeminarBusiness Continuity Planning Seminar
Business Continuity Planning Seminar
cmckinney3.1K visualizações
Business Continuity Plan por Plash Chowdhary
Business Continuity PlanBusiness Continuity Plan
Business Continuity Plan
Plash Chowdhary6.6K visualizações
Business continuity overview slideshare por Chris Greenhill
Business continuity overview slideshareBusiness continuity overview slideshare
Business continuity overview slideshare
Chris Greenhill26.9K visualizações
Disaster Recovery by Tom Canavan por John Coonen
Disaster Recovery by Tom CanavanDisaster Recovery by Tom Canavan
Disaster Recovery by Tom Canavan
John Coonen452 visualizações
15 Secrets To Writing A Great Business Continuity Plan por hSo
15 Secrets To Writing A Great Business Continuity Plan15 Secrets To Writing A Great Business Continuity Plan
15 Secrets To Writing A Great Business Continuity Plan
hSo779 visualizações
Profiting From Hospital Disaster Preparedness: A Process Enhancement Model por Disabled/Retired
Profiting From Hospital Disaster Preparedness: A Process Enhancement ModelProfiting From Hospital Disaster Preparedness: A Process Enhancement Model
Profiting From Hospital Disaster Preparedness: A Process Enhancement Model
Disabled/Retired1.2K visualizações
Emerging Risks, BCP & DRP por Jorge Sebastiao
Emerging Risks, BCP & DRPEmerging Risks, BCP & DRP
Emerging Risks, BCP & DRP
Jorge Sebastiao2.2K visualizações
Pecha Kuch - BCP & DRP - By Balasubramanian P por Compassites Navigator
Pecha Kuch - BCP & DRP - By Balasubramanian P Pecha Kuch - BCP & DRP - By Balasubramanian P
Pecha Kuch - BCP & DRP - By Balasubramanian P
Compassites Navigator1.2K visualizações
Pecha Kuch – Trips You Should Definitely Make In Your Lifetime- By Sanjay P A por Compassites Navigator
Pecha Kuch – Trips You Should Definitely Make In Your Lifetime- By Sanjay P APecha Kuch – Trips You Should Definitely Make In Your Lifetime- By Sanjay P A
Pecha Kuch – Trips You Should Definitely Make In Your Lifetime- By Sanjay P A
Compassites Navigator410 visualizações
Business continuity - 5 key steps to effective business impact analysis por moranjustin
Business continuity - 5 key steps to effective business impact analysisBusiness continuity - 5 key steps to effective business impact analysis
Business continuity - 5 key steps to effective business impact analysis
moranjustin1.1K visualizações
Plan de Recuperación de Desastres - TI por Marcel Aponte
Plan de Recuperación de Desastres - TIPlan de Recuperación de Desastres - TI
Plan de Recuperación de Desastres - TI
Marcel Aponte1.2K visualizações

Similar a Business Continuity Planning

Disaster Recovery Planning por
Disaster Recovery PlanningDisaster Recovery Planning
Disaster Recovery PlanningJohn Wilson
1.3K visualizações26 slides
Matt Tidwell-Crisis communications presentation to Nonprofit Connect-Kansas City por
Matt Tidwell-Crisis communications presentation to Nonprofit Connect-Kansas CityMatt Tidwell-Crisis communications presentation to Nonprofit Connect-Kansas City
Matt Tidwell-Crisis communications presentation to Nonprofit Connect-Kansas CityMatthew Tidwell
919 visualizações17 slides
2007 CPM West Keynote Presentation por
2007 CPM West Keynote Presentation2007 CPM West Keynote Presentation
2007 CPM West Keynote Presentationsirjem
218 visualizações41 slides
2009 Tech Columbus Annual Report por
2009 Tech Columbus Annual Report2009 Tech Columbus Annual Report
2009 Tech Columbus Annual ReportRev1 Ventures
2.1K visualizações28 slides
HRM_PPT.pptx.pptx por
HRM_PPT.pptx.pptxHRM_PPT.pptx.pptx
HRM_PPT.pptx.pptxnsominvz345
1 visão11 slides
Module 2 - How to Recognise a Business Crisis.pptx por
Module 2 - How to Recognise a Business Crisis.pptxModule 2 - How to Recognise a Business Crisis.pptx
Module 2 - How to Recognise a Business Crisis.pptxcaniceconsulting
50 visualizações15 slides

Similar a Business Continuity Planning(20)

Disaster Recovery Planning por John Wilson
Disaster Recovery PlanningDisaster Recovery Planning
Disaster Recovery Planning
John Wilson1.3K visualizações
Matt Tidwell-Crisis communications presentation to Nonprofit Connect-Kansas City por Matthew Tidwell
Matt Tidwell-Crisis communications presentation to Nonprofit Connect-Kansas CityMatt Tidwell-Crisis communications presentation to Nonprofit Connect-Kansas City
Matt Tidwell-Crisis communications presentation to Nonprofit Connect-Kansas City
Matthew Tidwell919 visualizações
2007 CPM West Keynote Presentation por sirjem
2007 CPM West Keynote Presentation2007 CPM West Keynote Presentation
2007 CPM West Keynote Presentation
sirjem218 visualizações
2009 Tech Columbus Annual Report por Rev1 Ventures
2009 Tech Columbus Annual Report2009 Tech Columbus Annual Report
2009 Tech Columbus Annual Report
Rev1 Ventures2.1K visualizações
Module 2 - How to Recognise a Business Crisis.pptx por caniceconsulting
Module 2 - How to Recognise a Business Crisis.pptxModule 2 - How to Recognise a Business Crisis.pptx
Module 2 - How to Recognise a Business Crisis.pptx
caniceconsulting50 visualizações
Module 1 - What is a Business in Crisis.pptx por caniceconsulting
Module 1 - What is a Business in Crisis.pptxModule 1 - What is a Business in Crisis.pptx
Module 1 - What is a Business in Crisis.pptx
caniceconsulting76 visualizações
Bankruptcy And Restructuring Conference por HarryKobritz
Bankruptcy And Restructuring ConferenceBankruptcy And Restructuring Conference
Bankruptcy And Restructuring Conference
HarryKobritz277 visualizações
2011 Missouri DIFP Annual Report por Faux Person
2011 Missouri DIFP Annual Report2011 Missouri DIFP Annual Report
2011 Missouri DIFP Annual Report
Faux Person812 visualizações
Crisis Management Training Strategies by RIMS por Atlantic Training, LLC.
Crisis Management Training Strategies by RIMSCrisis Management Training Strategies by RIMS
Crisis Management Training Strategies by RIMS
Atlantic Training, LLC.7.3K visualizações
Crisis Management Communication Plan por Michelle Sprague
Crisis Management Communication PlanCrisis Management Communication Plan
Crisis Management Communication Plan
Michelle Sprague9 visualizações
Sesi 3 defining crisis pr por Firsan Nova
Sesi 3 defining crisis prSesi 3 defining crisis pr
Sesi 3 defining crisis pr
Firsan Nova1.3K visualizações
1unum group 11907_Investor_Meeting_Presentation por finance26
1unum group   11907_Investor_Meeting_Presentation1unum group   11907_Investor_Meeting_Presentation
1unum group 11907_Investor_Meeting_Presentation
finance26305 visualizações
1.19 clo peoplefluent_final_slides por Human Capital Media
1.19 clo peoplefluent_final_slides1.19 clo peoplefluent_final_slides
1.19 clo peoplefluent_final_slides
Human Capital Media427 visualizações
Effective Training Programs to Mitigate Compliance Risks in 2012 por Human Capital Media
Effective Training Programs to Mitigate Compliance Risks in 2012Effective Training Programs to Mitigate Compliance Risks in 2012
Effective Training Programs to Mitigate Compliance Risks in 2012
Human Capital Media392 visualizações
Module 1_Introduction.pptx por AineHamill
Module 1_Introduction.pptxModule 1_Introduction.pptx
Module 1_Introduction.pptx
AineHamill90 visualizações
Weekly10 - How to manage employees during tough times.pdf por Weekly10
Weekly10 - How to manage employees during tough times.pdfWeekly10 - How to manage employees during tough times.pdf
Weekly10 - How to manage employees during tough times.pdf
Weekly1088 visualizações

Business Continuity Planning

  • 1. Business JW JW T T JW Disaster T Continuity Recovery Planning (BCP) Planning (DRP) Fundamentals Fundamentals Fundamentals Wilson John John Wilson Wilson John Copyright © 2004 T. John Wilson & Associates P/L Copyright © 2004 T. John Wilson & Associates P/L
  • 2. Business Continuity Planning – JW T What is it ? In broad terms it is a plan to cater for continuing in business, in the event of a major disaster, both from a business process and ICT recovery perspective. By definition, it is a Business Plan, which encompasses similar terms such as: – Disaster Recovery Planning (usually IT environment) – Risk Assessment/Management – Contingency Planning It is supported by two AS/NZS Standards: – AS/NZS 4360:1995 for Risk Management – AS/NZS 4444:1996 for Business Continuity Planning Copyright © 2004 T. John Wilson & Associates P/L
  • 3. Why do we need to Plan for Disasters JW T ? We need to assess the potential risks to the organisation, which could result in disasters or emergency situations We need to consider all the possible incident types, and the impact they may have on the organisation’s ability to continue in business We need to plan for resuming business (not just ICT), in the event of a disaster 40% of major companies that experience a serious disaster go out of business within one year WHY ? Copyright © 2004 T. John Wilson & Associates P/L
  • 4. Answer JW T Earthquake The process of resuming normal business is: • Too Traumatic • Too Difficult • Too Expensive There has been little or no Planning & Preparation to minimise the impact of a Disaster Copyright © 2004 T. John Wilson & Associates P/L
  • 5. JW T What is a Disaster ? Act of God: Earthquake e.g. Kobe, Turkey Cyclone/Hurricane e.g. Florida Floods e.g. Nyngan, Bangladesh Bushfires e.g. Australia, California Act of Man: Accident e.g. Plane Crash, Train Crash Terrorism e.g. World Trade Centre, Bali Sabbotage e.g. Network Hacking, Staff Grievance Copyright © 2004 T. John Wilson & Associates P/L
  • 6. BCP in Perspective JW T For a business to continue/survive after a disaster, 3 main preparatory disciplines are needed: – Business Impact, Risk Assessment & Management (ongoing) – Business Continuity Planning (non-IT & ongoing) – Disaster Recovery Planning (IT only & ongoing) A business ignores these at its peril !!! Copyright © 2004 T. John Wilson & Associates P/L
  • 7. BCP/DRP Becoming Mandatory – JW T WHY ? Other than Employees, Information/Data is a company’s most valuable asset – this may be computerised or on paper. Can the business continue operating manually, if computers are not available ? Business is becoming increasingly dependent on computerisation and technology Auditors are demanding it Insurers are demanding it Shareholders are holding management responsible for having it Copyright © 2004 T. John Wilson & Associates P/L
  • 8. Requirements for JW T Getting Something Done The knowledge of how to do it The skill to do it The time in which to do it The desire/motivation to do it Problem: Requirements may be for Constructive or Destructive reasons Motivating Factor: The individual’s Attitude or Frame of Mind Copyright © 2004 T. John Wilson & Associates P/L
  • 9. Pyramid of Needs JW T (Abraham Maslow, in the 1920’s) I am Motivation making Self-Actualisation the best Theory of myself Respect of family, friends etc. Esteem Acceptance by family, friends & workmates Love Needs Safety (physical) and Safety from Worry Safety Needs Food, Warmth, Shelter, Sex Psychological Theory: “Once needs have been met at Needs one particular level, they cease to be motivators” Copyright © 2004 T. John Wilson & Associates P/L
  • 10. Start with Management by: JW T Getting their commitment & support by: Educating them on the changing/increasing role of IT Explaining the risks & implications to them Identifying the cost of not having a BCP/DRP Getting them involved in initial planning Getting their commitment – both financial & People Making BCP/DRP a Corporate Policy Copyright © 2004 T. John Wilson & Associates P/L
  • 11. Corporate Policy Guidelines should: JW T Demonstrate that management is serious about BCP/DRP Involve Legal, Financial and Audit departments to reinforce it Emphasise the importance of corporate procedures and data and the need to protect it Define the minimum requirements to allow the business to recover after a disaster Be delivered to all employees concerned in an authorative manner Copyright © 2004 T. John Wilson & Associates P/L
  • 12. AS/NZS 4444:1996 (Section 9) states that JW T a BCP should cover: Identification/Prioritisation of critical business processes Identification of potential impact of various types of disaster on business activities Identification & Agreement of responsibilities and emergency arrangements Documentation of agreed processes and procedures Education of staff in the execution of these procedures Testing of the BCP Ongoing updating of the BCP Copyright © 2004 T. John Wilson & Associates P/L
  • 13. Perspectives of Business JW T Continuity Planning: The following perspectives should be central to creating a BCP: Prevention: What can be done to minimize the likelihood of a crisis ? Detection: What can be done to ensure timely detection of a crisis ? Correction: What can be done to ensure optimum response to recovering from a crisis ? Copyright © 2004 T. John Wilson & Associates P/L
  • 14. Phases of JW T Business Continuity Planning To begin with, it is imperative to focus on the “Minimum” requirements to allow the business to continue – avoid a Rolls Royce solution which becomes too costly and impractical to implement and maintain. Then focus on: Risk Assessment Business Impact Analysis Strategy Planning & Agreement Plan Development Testing/Maintenance Copyright © 2004 T. John Wilson & Associates P/L
  • 15. Risk Assessment JW T This is the first step towards a Business Continuity Plan (BCP) Ideally it should be a Management Workshop which identifies the Critical Business Processes & Risks which the business faces (both IT & non-IT), and the likelihood of them happening These risks should then be placed in descending order of priority/seriousness These should be documented for later input to the BCP and be part of Risk Management Policy …..see next slide Copyright © 2004 T. John Wilson & Associates P/L
  • 16. Risk Assessment Table JW T A Risk Assessment Table, including Target Recovery Timescales, should be prepared, containing the following headings: – Risk Ref No (in descending order of priority) – Description – Extent (of loss to the business) – ODDS (of occurring) – Low, Medium, High or Extreme – Impact (on the business) - L, M, H or E – Risk (of it happening) - L, M, H or E – Maximum Allowable Outage (Days) – BCP Action (Xref to appropriate section) Business Processes rated H or E should be given highest priority Note: This table should logically follow the Overview in the BCP itself Copyright © 2004 T. John Wilson & Associates P/L
  • 17. Risk Management JW T AS/NZS 4360:1999 Standard definition: “ The systematic application of management policies, procedures and practices to the tasks of identifying, analyzing, assessing, treating and monitoring risk” The standard also recommends the scope to cover an interruption period of 0 - 14 days. A period longer than that is significantly less probable Copyright © 2004 T. John Wilson & Associates P/L
  • 18. Business Impact Analysis JW T Management need to have structured analythical information on: – Critical business activities & associated computer systems – Critical timeframes for each activity – Consequences (Direct & Indirect) of these activities being unavailable – Mimimum resources required for each activity Copyright © 2004 T. John Wilson & Associates P/L
  • 19. Strategy Planning & Agreement JW T Management should workshop, identify & agree the strategies for Business Continuity in the event of a disaster Multiple strategies may be needed depending on size and business nature of the organisation Alternative manual processes may be needed if IT environment is not available Minimum requirement is to enable business to continue operating Copyright © 2004 T. John Wilson & Associates P/L
  • 20. Plan Development JW T (Typical Contents) Action Plans: Basic instructions for incident containment, communications policies, notification guidelines General Supporting Policies: Operation, Maintenance, Testing, Training & Distribution of the plan Background Information: Decisions on which BCP is based – agreed definitions, scope, scenarios considered and relationship to IT DRP Checklists and Forms Recovery Strategies: Documentation for recovery and resumption of critical business processes, including personnel involved Contact Details: of all key personnel who would be involved in the execution of the BCP. Copyright © 2004 T. John Wilson & Associates P/L
  • 21. JW T BCP Essentials BCP outputs can vary depending on the size and complexity of the business, however…. To be effective any BCP must be kept as simple as possible and must still address two major areas: 1. Logistics: High level information on:- Where to recover to; business priorities; plan activation; checklists 2. Operational: Pre-existing procedures/processes which may require manual operation to address the needs of Business Continuity Planning Copyright © 2004 T. John Wilson & Associates P/L
  • 22. JW T BCP Minimum Essentials Every BCP must address at a minimum: – Initial recovery and/or continuity of business operations – Activities necessary to maintain operations in crisis mode – Return of the business operations to the original locations/state (resumption procedures) Copyright © 2004 T. John Wilson & Associates P/L
  • 23. Putting it into Action JW T Testing the plan is essential – otherwise it is hypothetical A role-playing workshop involving key personnel is a good approach to testing Focus on the manual requirements for Business Continuity e.g. ensure key suppliers are involved: – Spare cheque books at bank – Stock of company letterhead, order books, invoices at print supplier Copyright © 2004 T. John Wilson & Associates P/L
  • 24. JW T Summary BCP Focus needs to be on Minimum Requirements to keep business operating Remember it is an interim arrangement – not permanent Apply the KISS principle - keep it basic and simple, otherwise it will be unworkable Keep the planning at management level, otherwise interest groups get involved, making it unworkable Ensure the BCP gets updated to reflect changes in the business Copyright © 2004 T. John Wilson & Associates P/L
  • 25. JW T Q st i on ? p pens ! …. just in case ! v er ha pared – e it ne be pr e Let’ s hop …. Bu t let’s Copyright © 2004 T. John Wilson & Associates P/L