Presentation is loading. Please wait.

Presentation is loading. Please wait.

TPL Business Continuity Management System (BCMS)

Similar presentations

Presentation on theme: "TPL Business Continuity Management System (BCMS)"— Presentation transcript:

1 TPL Business Continuity Management System (BCMS)

2 How vulnerable, are we?

3 How vulnerable, are we? Tonga Trench is 10,800m deep and located 200Kms east of the Kingdom of Tonga Tonga Trench is the fastest (24cm/year) velocity trench in the world

4 How vulnerable, are we?

5 How vulnerable, are we?

6 The History of Business Continuity
Mid 2007 11/9/2001 Holistic Contingency Plans DRP: The advance planning and preparations that are necessary to minimize loss and ensure continuity of the critical business functions of an organization in the event of disaster. The technological aspect of business continuity planning. Business Continuity Management System Organization wide Contingency Plans Business Continuity Planning IT or Technical Contingency Plans Disaster Recovery Planning BCP: Process of developing advance arrangements and procedures that enable an organization to respond to an event in such a manner that critical business functions continue with planned levels of interruption or essential change. Fallback Plans , Contingency Plans Alternative Planning / Plan B

7 What is the System?

8 What is BCM System? Business Continuity Management System is:
A living system; managed every day; updated at all times when the situation changes Holistic Requires a strategy/policy End-to-end critical business process restoration (focus is not asset recovery only) Communication – clients, employees, emergency organisations Integration with business processes of other Business Unites (BUs) Address employee safety & wellbeing

9 Describing BCM Risk RISK has four key components:
Threats: Fire, earthquake, power failure, loss of key staff etc. Assets: Human, mission critical systems and infrastructure, suppliers, clients, buildings, information and records Vulnerabilities: Weaknesses in assets such as single point of failure, inadequacies in fire protection, poor staffing levels, unreliable IT security, inefficient data back up etc. Impact – Financial or Non financial (e.g. reputational, health & safety impacts) Risk description (example): “A significant financial and reputational impacts to the Company as a result of IT Manager is unable to restore the Billing Server which was damaged by a power surge on time.”

Reduce Consequence Reduce Likelihood

11 BCM Risks BCM Plans are mitigation controls (i.e. minimise consequences) rather than prevention controls BCM Risks are managed through Quantate as part of the TPL’s Risk Management Program

12 BCM Assumptions Secondary or alternative site is always available to the company to restore business critical processes if the primary site not accessible due to damages sustained by a disaster. Minimum resources (e.g. staff, IT equipment etc.) are still available to restore business critical functions following a disaster Popua power station is unharmed and minor damages to the distribution network assets National communication methods (i.e. TCC or Digicel) are available to communicate with public. BCM plans are not applicable for nationwide disasters (e.g. tsunami) that may have damaged the company’s all primary and secondary sites, generation and distribution assets.

13 BS25999 Standard Requires a policy statement
Requires focusing on restoring end-to-end processes (not just equipment or machinery) Requires RTO/RPO analysis for all critical processes Requires a risk assessment and mitigation Requires a hierarchy of plans (IMP, BURP, ERP etc.) Requires a command Centre and DR sites Requires a Call Tree Requires testing, maintaining & auditing of BCM plans periodically

14 Overview of BS 25999:2007 ACT PLAN CHECK DO Maintaining and Improving
Ongoing training Update plans whenever there is a major change to the company processes/structure Embedding BCM in the culture Planning BCM Policy Steering Committee Structure, roles & responsibilities BCM scope & objectives Top management commitment ACT PLAN Implementation & Operation Identify BC threats Business impact analysis Process criticality analysis Gap analysis Risk assessment Recovery strategies & scenarios Generating BCM Plans/BCM Manual Testing & Auditing BCM plans Periodical tests – Table top exercises, Simulations, Live Exercises Periodical audits Management review CHECK DO

15 BCM Plan Portfolio (TPL)

16 BCM Plan Portfolio

17 BURP vs. DR Plan BURP is a plan used to restore the entire business unit including the key processes, which employees are moved to DR site, activation of call tree, coordination with other business units, resume business as normal. (holistic) DR Plan is technical plan designed to restore equipment and machinery back to normal. (e.g. IT DR Plan) Companies use both names intermittently.

18 Managing Incidents Within the Capability of TPL Plans
Identify the identification Assess damage and identify lost critical processes Declare a disaster if the critical operations are unable to be restored within the primary premises Shut- down power supply for the safety of public Activate BURPs/DRPs. Move into the DR site to restore operations at a minimum acceptable levels Restore the damaged distribution assets and network Restore power generation Resume business as usual at the DR Site Monitoring Review & Documentation

19 Conducting Business Impact Analysis (BIA)

20 RTO & RPO (Last Backup) The Recovery Time Objective (RTO) is the goal for how quickly TPL need to recover the interrupted processes. The Recovery Point Objective (RPO) is the point in time to which data must be restored to successfully resume the interrupted processes (often thought of as time between last backup and when an “interruption” occurred).

21 Business Impact Analysis
BIA identifies impacts (financial & non-financial) due to malfunction of company critical processes resulting from disasters The goal of BIA is to identify, categorise and prioritise the mission critical processes and resources (e.g. technology, infrastructure, vital records, personnel, suppliers) required to function these processes within the company. Some examples of such processes are customer service & support, order & data processing, pay roll, IT & communication, and purchasing and production. BIA also identifies interdependencies (telephones, IT facilities, office space etc.) between different business units within the company. The priorities of critical processes for subsequent resumption are based on RTO and RPO objectives of each process.

22 BIA – Identifying Critical Processes
Administer BIA Questionnaire with each BU Manager (template supplied), collect data, review and analyse them Consider the worst case scenario; a total loss of personnel, facilities and property. Does the disaster affect the critical processes? Determine impacts if a process is lost due to the disaster: Identify and quantify financial impacts (recovery costs, production losses & revenue losses) identify non-financial impacts Impact on staff or public wellbeing Impact of damage to premises/assets/records Impact of breaches of statutory regulations Damage to reputation Deterioration of product/services quality Environmental damage

23 BIA – Identify Critical Processes
Determine minimum resources required for minimum acceptable recovery of each process manually or using alternative processes. Staff – skills and knowledge Secondary premises Plant, equipment, software, data/records External services providers Determine RTOs and RPOs for each process. Note shorter the RTO, greater cost of recovery. Also, longer RTOs increases the chances that the recovery will not be achieved within MTO. Determine whether the company is able to achieve RTO/RPO objectives currently. If not, flag them as risks to analyze them at a later stage Rank the processes based on impacts to determine priority of recovery of critical processes Example: Results of RTO/RPO analysis is supplied Conduct a process dependency analysis with other business units

24 BIA - Process Dependency Analysis
RTO = 2 hrs. B D RTO = 7 hrs. BU 2 A C RTO = 3 hrs. E RTO = 5 hrs. RTO = 1 hr. BU 1 BU3 Consider the entire chain of processes to be recovered together Adjust RTOs if necessary Define Maximum Tolerable Outage (MTO) BCM Plans are designed to recover company critical processes within MTO

25 BIA – Disaster Declaration
Scenario 1 – If Estimated Recovery Time < MTO Primary Site is intact; (Example: malfunction of IT Servers) Execute IT DR Plan for all IT issues Scenario 2 – If Estimated Recovery Time <= MTO Primary site is inaccessible but DR sites are operational, key staff are available; national communication systems functional (Example: cyclone) Minimum and acceptable reputational/financial losses Execute all BCM Plans including IMP, BURPs, & IT DR Plan Resume company critical processes from the DR Sites to a minimum acceptable level Scenario 3 – If Estimated Recovery Time > MTO All primary and DR sites are not operational; key staff are unavailable; national communication system is malfunctioned (Example: tsunami) Requires a good communication plan (e.g. radio communication) Potential reputational/financial losses are inevitable Execute BCM plans with a delay

26 Incident Management Plan

27 Disaster Declaring Criteria
TPL MTO = 2 days Level 1: Minor Incident – Minor incidents occur only when critical business operations are affected and distribution network recovery or IT problems are expected to be resolved within 3 hours. In this occasion, the incident is resolved on ‘business as usual’ basis and no disaster is declared. Level 2: Major Incident – Major disruption to the critical business operations with system outage expected to last more than 1 day but not more than two business days. In this case, the incident is escalated to a semi-disaster and is declared by the members of the IMT. At this incident level, only Generation and Distribution DR Plans will be invoked as applicable. Level 3: Critical Incident – Critical disruption to the business operations with system outage expected to last more than two business days. In this case, the incident is escalated and a disaster is declared by the members of the IMT.  At this incident level all critical Business Units (IT, Finance, Generation, and Distribution) BURPs/DRPs will be invoked.

28 Incident Management Team (IMT)
IMP Role Primary Deputy Incident Controller Rod Lowe (Distribution Manager) Michael Lani 'Ahokava (Generation Manager) Communication – Board, Media John van Brink (Chief Executive Officer) Steven Esau (Finance Manager) Financial Support Epoki Veituna (Financial Accountant) Distribution Division Ian Skelton (Network Planning Manager) Setitaia Chen (Network Asset Design Manager) Generation Division Murray Sheerin (Power Station Superintendent) Risk & Regulatory Ajith Fernando (Risk & Compliance Manager) IT Support Lualala Tapueluelu (IT Supervisor) Peifaga Fuiono (IT Technician) Legal Support William Edwards (Company Secretary) Human Resources 'Alisi Tu'inukuafe (HR & Administration Manager) Nau Lavemai (Senior Administration Officer) IMT Assistance (CEO Secretary) Jane Guttenbeil (Communication Advisor) Media Relations

29 Command Centre Options
Command Centre Activities: Declaring the disaster based on the damage assessment Establishing 24 hour communication channels Activating, coordinating and monitoring BURPs/DRPs Monitoring and acting on staff health & safety Media relations Making all key decisions for successfully restoration Possible Locations for the Command Centre: Head Office (if available) Distribution Office (if available) Scenic Hotel, Digicel Network Operating Centre


31 DR Sites DR Site or Network Incident Site or Network
Distribution Office, Tongatapu Popua Generation Plant, Tongatapu Distribution Office, Haapai Distribution Office, Vavau Head Office, Tongatapu DR Site Distribution Network, Tongatapu There is no DR Network for TPL in Tongatapu. Therefore, if the network is severely damaged by a disaster, TPL technical staff (with assistance from external emergency teams) have to restore the network as quickly as possible. There is no DR Generation Plant for TPL in Tongatapu. Therefore, if the existing generation facility is severely damaged by a disaster, TPL technical staff have (with assistance from external emergency teams) to restore the generation facility as quickly as possible. Office, Haapai Distribution Network/ Generation Plant, Haapai There is neither DR Generation Plant nor Network for TPL in Haapai. Therefore, if the existing generation facility/ distribution network is severely damaged by a disaster, TPL technical staff have to restore the generation/network facility as quickly as possible working day and night. Office, Vavau Distribution Network/ Generation Plant, Vavau There is neither DR Generation Plant nor Network for TPL in Vavau. Therefore, if the existing generation facility/ distribution network is severely damaged by a disaster, TPL technical staff have to restore the generation/network facility as quickly as possible working day and night. Distribution Network/ Generation Plant, Eua There is neither DR Generation Plant nor Network for TPL in Eua. Therefore, if the existing generation facility/ distribution network is severely damaged by a disaster, TPL technical staff have to restore the generation/network facility as quickly as possible working day and night.

32 Internal Communication – Call Tree
Incident Management Team Business Unit Managers Field Supervisors & Foremen Office Supervisors Linesmen Staff Brief description of the disaster, loss of life or injuries, damage summary, response and recovery details Location of the DR or Network Site to report to or to remain at home on standby Phone number of the DR Site/Network Supervisor Immediate actions to be taken Location and time the team should meet at DR or Network Site Instruct everyone notified not to make any statements to the media or social media.

33 External Communication
IMT Distribution Manager Finance Manager Generation Manager Planning & Design Manager Business Unit Restoration Plans Vendors & Suppliers Police, Fire & Hospital National Emergency Management Office (Ministry of Works) Tonga Met Service Radio Tonga Tonga Defense Service Government Organisations Embassies & High Commissions Business Unit DR Plans IT Supervisor

34 Media Relations Only the authorised spokespeople shown below are to comment to the media. John van Brink (CEO) – English media Steven Esau (Finance Manager) – Tongan media All unauthorised staff should know that if they are contacted by the media that they are not to comment and that their standard reply should be “I’m sorry I can’t help you, I am not the appropriate person to speak to. If you provide me your name and contact number, I’ll get the right person to get in touch with you shortly”. Jane Guttenbeil and Nau Lavemai coordinate media relations

35 Business Unit Recovery Plan

36 Head Office BURP Minimum Systems Required at DR Site
Priority Rank Process to Recover Minimum Systems Required Can TPL Provide Min. Systems Required? RPO RTO Minimum Staff Required 1 Customer call management Voice call & Calls redirection to mobile phones Yes (refer IT DR Plan) NA 1 Day Dedicated staff 2 Meter reading & Billing Computers with Orien, Printer, mobile phones 2 Day Billing Supervisor, Meter readers 3 Revenue management Computers with Orien, mobile phones, Credit supervisor and 2 cashiers Minimum Staff Required at DR Site Division Manager/Supervisor Team Members IT Lualala Pei, Sonia Billing Ofa Makueta Revenue Heta Ovava, Grace

37 Distribution Office BURP
Minimum Systems Required at DR Site Priority Rank Process to Recover Minimum Systems Required Can TPL Provide Min. Systems Required? RPO RTO Minimum Staff Required 1 Customer faults call management Calls redirection to mobile phones, Computer with File Maker Software Yes (refer IT DR Plan) NA 1 day 2 Call Centre Staff 2 GIS Database Management Computers with GIS Database, Printer, mobile phones 2 Day 1 Planning Staff Minimum Staff Required at DR Site Division Manager/Supervisor Team Members Faults Malia Hehea GIS Database Ian Semi

38 Generation DR Plan Priority Rank Process to Recover
Minimum Systems Required Can TPL Provide Min. Systems Required? RPO RTO Minimum Staff Required Option 1 Power generation to critical organizations 3MW Backup Generator (TPU) and 500KW Generators for outer islands, 2 weeks fuel supply No, but will have to restore damaged generators as quickly as possible NA 4 Days Generation manager and all generation technical staff Option 2 If the power station is unrecoverable, generators will be hired from Aggreko NZ 1 week CEO, Power Generation Manager

39 Distribution Network DR Plan
Priority Rank Process to Recover Minimum Systems Required Can TPL Provide Min. Systems Required? RPO RTO Minimum Staff Required 1 Distribution network Network equipment (poles, transformers, insulators etc.) Yes, Transnet stores has adequate standby supply for disasters. NA Urban areas – 2 Days Villages – 1 Week Distribution manager, supervisors, and 100% field staff 2 Field vehicles, PPE, VHF Comms Assume 50% damaged Yes, there VHF systems for 50% of field vehicles 100% field staff Note: H/O staff are expected to support distribution staff for cooking etc. Meter readers are expected support linesmen at the field

40 Livening Priorities Airport – Feeder 3 Hospital – Feeder 1/2
NEMO/MET Service– Feeder 1 Emergency evacuation centers (e.g. schools & churches) if applicable – Feeder 1/3 Prime minister’s Office – Feeder 2 King’s royal palace – Feeder 2 Water Board – Feeder 2/1 Defense organisations – Feeder 2 Communication organisations (e.g. Radio, TV) Government offices – Feeder 2 Commercial organisations – Feeder 2

41 Feeder 1

42 Feeder 2

43 Vaini Feeder 1

44 Emergency Response Plan

45 Emergency Response Plans
ERPs contain specific emergency procedures that must be followed during a disaster in order to protect people and assets, and to mitigate further damage. For example: Building Evacuation Damage Assessment Spillage (Oil/Chemical/Diesel Fuel) at Power Station Fuel Supply Cut Off Civil Disturbance Hurricane/Storm Records Recovery Bomb Threat Earthquakes

46 Testing, Maintenance & Auditing the BCM Plans

47 Testing Business Continuity Plans
The development of BCM plans does not end of the BCM process. The emphasis of BCM is upon management Without regular maintenance and testing, their usefulness in a real crisis may be severely limited Practicing the company’s ability to recover from an incident. Test the scenarios identified under the Scenario Planning Section (refer above) Tests validates effectiveness and timeliness (RTO and RPO objectives) of restoration of critical activities. Determine adequacy of SLAs (service level agreements) with third party suppliers Testing identifies communication breakdowns during call-tree activation trials. Tests are essential to developing teamwork, competence, confidence, and knowledge which is vital at the time of an incident. Frequency of testing can be annual, bi-annual etc. and announced or unannounced

48 Types of Tests Table top checks: is the simplest and most frequent form of tests. The author of the plan simply checks the contents of the plan to ensure that information (e.g. employee names, contact numbers) are up to date. Walk-Through: similar to table top exercise but involve all named participants to test a special disaster scenario. The participants are brought together to role play their defined resumption procedures alongside those of others. This is the most common method of testing BCM plans as is relatively less expensive. Simulation: exercises widens participation to all those who are involved in business recovery with a prior notice. A simulation may includes an interruption such as building fire in which people do not access to normal facilities and must relocate to an alternative location (i.e. DR site). Full or Live Exercises: are the most extensive and expensive form of test thus they are normally undertaken yearly or bi-yearly basis. This is the largest scale of test and involves the invocation of all BCM plans (i.e. IMP, BURP & ERPs) to deal with a scenario which normally involves a move to an alternative site where operations are to be resumed. The dependencies and links between BURPs are the focal point of this type of testing.

49 Post Test Evaluations The post test evaluation should consider following issues: Did the plans help or hinder recovery efforts? Did people deviate from the plan and, if so, what was the effect of this? Were RTO & RPO objectives achieved? Where and when did delays occur? What did staff do well? What did staff do badly? How did the expectations differ from what actually happened? Were all BURPs integrated sufficiently to achieve recovery? What are the priorities for change? Is there a paper or audit trail? How should changes be implemented? Could the observation process be improved? Identify and document all the deficiencies, lesions learned etc. Update BCM plans if required based on test outcomes

50 BCM Maintenance & Auditing
Ongoing BCMS audits should be conducted to evaluate and identify gaps/inconsistencies of entire BCM portfolio of plans. If testing has shown that plans have failed to meet the recovery objectives, a fundamental review of plans may be required. In addition, audits should be conducted after company restructure as a result of a merger or acquisition, installation new systems & facilities (e.g. IT) etc. Auditor will issue corrective and preventive actions focusing continuous improvement Ensure the BCMS is current and up to date at all times (i.e. BCM plans are living documents) Provide ongoing training on the entire BCM process (e.g. BIA, Risk Management etc.) Communicate to all employees the BCM initiatives through newsletters, induction programmes etc. Cultivate a BCM culture.

51 Interruptions Outside the Capabilities of BCM Plans

52 Managing Disasters Outside the Capability of BCM Plans
Usually BCM plans are prepared to mitigate impacts and resume business operations for manageable interruptions such as fire, flood, supply chain interruptions, IT failure, etc. However, there are some disasters (e.g. tsunami) where company’s current BCM plans may be simply ineffective due to following reasons: Business may be interrupted for a while RTO and RPO objectives may not be able to be achieved (Estimated Recovery Time > Predefined MTO) All DR sites may have been damaged Possible loss of key staff Severe damages to the company’s mission critical assets (e.g. distribution network) All communication (e.g. TCC, Digicel) malfunctioned Severe damages to the power station

53 Managing Disasters Outside the Capability of BCM Plans
In case of a such disaster, a possible action plan would be: Shut-down the power generation for safety of he public Monitor and support staff health & safety and wellbeing Coordinate with NEMO for possible recovery efforts (e.g. assistance from TDS to clear fallen trees etc.) Broadcast public that power is interrupted for a while Restore the distribution network (might have to import network equipment from overseas) with some delays Establish alternative fuel supply (if the fuel tank has been damaged by the tsunami) If the power station cannot be recovered import generators from Aggreko Ltd., NZ. Establish a new DR site to resume key processes (e.g. billing/revenue) to minimum acceptable level. Implement current BCM plans with a delay

54 Any Questions?

Download ppt "TPL Business Continuity Management System (BCMS)"

Similar presentations

Ads by Google