Presentation on theme: "Business Continuity Training & Awareness by Sulia Toutai (ANZ)"— Presentation transcript:
Business Continuity Training & Awareness by Sulia Toutai (ANZ)
What would you do if…. If your office building was on fire or flooded? If you lost 50% of your staff members due to a pandemic? If your key systems were down? If there was a bomb threat to your office building? If a critical 3rd party provider could not deliver their service to you? Welcome to Business Continuity Planning (BCP)
Introduction to BCM The Overall Business Continuity approach consists of: 1.BCP (Business Continuity Planning) – Aimed at safeguarding critical business functions against any interruption events. 1.DR (Disaster Recovery) – Ensures recoverability of critical IT systems, including network communications and data. 1.CM (Crisis Management) – This involves Group Executives convening to administer corporate contingency strategies to mitigate against catastrophic events (which is likely to have a significant adverse impact) Crisis ManagementDisaster Recovery Business Continuity Planning Business Continuity Management
What is Business Continuity Planning The planning process that: identifies business functions develops contingency arrangements and procedures so as to enable the business to respond in a timely and efficient manner ensures business functions can be continued and facilitates a prompt return to normal business in the event of an incident.
Why do we need Business Continuity Complying with regulatory standards Protect customer interests Protect our staff To mitigate adverse impact to our reputation, brand or shareholder value Protect shareholder interests and meet expectations Mitigate impacts on global threats Sound risk management and corporate governance, business management and best practise
The Business Continuity Process Define Business Needs (BIA) – findings from a BIA are used to make decisions concerning BCM strategy & solutions Design the Solution – translate requirements into executable strategies (workload, recovery) BC Plans & Supporting Strategies – developed to recover & maintain functions/processes in a prolonged event Test & Maintain BC Plan – test the plan and review/up-date as changes occur Governance & Oversight – Management signoff of BCP Dashboard & report policy breaches
How does an incident escalate? Incident occurs. The BU/Country BC Director/Coordinator is informed. Managed via normal BU/Country incident management process. BU/Country BC Director manages incident at the BU/Country Management level. Divisional BC Director advised. Incident escalated to and managed by the BU/Country Situation Management Team (SMT) in conjunction with the Divisional BC Director. Level 1 ‘Incident’ Level 2 ‘Event’ Level 3 ‘Situation’ Coordinated and managed by Divisional Crisis Management Team and/or Group Crisis Management Team. Level 4 ‘Crisis’
What happens in a disaster? Depending on the nature of the disaster, you may be evacuated from the building or advised that no more processing is possible. The announcement will be either via the emergency system or via your line manager. It is always important to go to the emergency assembly area and remain there until advised otherwise – this way we will know you are safe and not trapped in the building. If BCP is invoked outside of business hours, your line manager will contact you – this is why it is important to let them know if you change your telephone number. Your BCP site is ………… Your manager or team leader will advise you whether you need to relocate and assist you with relocation to the BCP site if required.
Business Unit Maintenance Milestones Business Continuity Maintenance Milestones Cycle Activity Business Impact Analysis (BIA) Review & Update Verify impacts Review BC Strategies Verify BC Seating Review and update of the BIA in line with BU changes Review manual workarounds should be developed. If there are no manual workarounds then a Risk Acceptance should be obtained at BU Risk Forum Review of function materiality and criticality where appropriate Verification that existing seating arrangements are still appropriate Plan Review & Update Business Unit BC Manual Revert Back Plans Review of BC Manual [strategies & plans] Make amendments to BC Manual where necessary Review & update Revert Back Plans in line with business growth/change Review and update of contact lists BCP Rehearsals Business Unit BCM Alternate Site Capability Revert Back Plans Conduct Situation Management Team Rehearsal with key personnel and remediate any negative findings in a timely manner Conduct & document BC desktop rehearsal for non material functions Conduct & document local BC rehearsals to demonstrate both capability & capacity to maintain critical business operations for up to 10 business days Revert Back Testing to demonstrate both capability & capacity to maintain critical business operations BCP Training & Awareness Training and awareness modules to be completed for all staff with BC Responsibilities Supplier/3 rd Party BC Verification Completion of third party provider assessments for all new relationships Ensure contractual obligations is captured for establishment & ongoing review (where appropriate) Review of existing third party providers (at least annually)