Presentation is loading. Please wait.

Presentation is loading. Please wait.

VICTORIAN MANAGED INSURANCE AUTHORITY Business Continuity Management (BCM) The Integration of Tactical Response and Strategic Business Recovery July 2007.

Similar presentations


Presentation on theme: "VICTORIAN MANAGED INSURANCE AUTHORITY Business Continuity Management (BCM) The Integration of Tactical Response and Strategic Business Recovery July 2007."— Presentation transcript:

1 VICTORIAN MANAGED INSURANCE AUTHORITY Business Continuity Management (BCM) The Integration of Tactical Response and Strategic Business Recovery July 2007

2 VICTORIAN MANAGED INSURANCE AUTHORITY Example Only

3 VICTORIAN MANAGED INSURANCE AUTHORITY Basic Definitions  Incident Management Framework  Emergency Response  Crisis Management  Disaster Recovery Plan  Business Continuity Plan  Business Continuity Management

4 VICTORIAN MANAGED INSURANCE AUTHORITY BCP to BCM Simplified Context / Scope Maintenance Risk Assessment Response Recovery Crisis Test Risk Assessment Continuity Historical Current

5 VICTORIAN MANAGED INSURANCE AUTHORITY BCM – A Process Overview Context / Scope Maintenance Risk Assessment Response Recovery Crisis General Intent BCM is a management process of “considered activities”. BCP is a tactical plan. BCM process offers a “considered management approach” to address a prescribed threat / event. It does not necessarily provide the solution - but it introduces the “test of reasonableness” into a “measurable framework” BCM process attempts to introduce rigour while retaining flexibility by way of application – “events simply don’t happen they way we plan” BCM activities overlap – they are not sequential in their development or their application – but they need to be managed in parallel across time BCM activities vary in their applied complexity and intensity as determined by the “dynamics” of the event. Protection of Enterprise Value Comments

6 VICTORIAN MANAGED INSURANCE AUTHORITY BCM – So what is really different? Context / Scope Maintenance Risk Assessment Response Recovery Crisis Introduction of legislation / regulations / standards Existence of Royal Commissions / Investigations Increased litigation in the business community Speed of Information Transfer Increased Community Awareness Higher Expectations – All Parties Decreasing Levels of Tolerance Increasing Complexity of Business Environment Incremental damage caused by Perception becoming reality Increased awareness of “Precedent” No longer enough to just “fix” the problem

7 VICTORIAN MANAGED INSURANCE AUTHORITY BCM – What should your client be trying to do? High Level Actions Engender – a process of CONTINUOUS IMPROVEMENT Determine – Criticality of their Business within their operating environment Aim – to protect Enterprise Value Be seen to Act – Diligently Assess – Maximum Acceptable Outage for their business / location Derive - Business Recovery Options / Priorities / Alternatives Context / Scope Maintenance Risk Assessment Response Recovery Crisis Document - Structured actions for RESPONSE through RECOVERY

8 VICTORIAN MANAGED INSURANCE AUTHORITY Incident Management Framework Optimise Tactical Response Optimise Recovery Strategy Response Recovery Crisis Manage Expectations TIME BCM Component Elements - Overview

9 VICTORIAN MANAGED INSURANCE AUTHORITY Incident Management Framework Objectives:  a clearly defined Command and Control by Policy & Process  allows efficient “transitioning” from Response through to Recovery incorporating Crisis Management  provides defined notification, activation, communication, escalation and tracking criteria by Policy & Process  is “adaptive; dynamic and assessable”  reflects the operating culture and requirements of the business Response Recovery Crisis BCM Component Elements - Overview

10 VICTORIAN MANAGED INSURANCE AUTHORITY Incident Management Framework Some Basic Elements  Structure  Control  Notification & Activation  Tasking  Information Management Response Recovery Crisis BCM Component Elements - Overview

11 VICTORIAN MANAGED INSURANCE AUTHORITY Example Only

12 VICTORIAN MANAGED INSURANCE AUTHORITY Response Level 2 - Corporate STRATEGIC Response Level 1 - Site TACTICAL Minister Board CEO Crisis Manager Transition over Time Incident Controller Evacuation Emergency Services Liaison Site security Initial Assessment Initial Response BCP or IT- - DRP activation Recovery Manager Recovery Coordinators Functional teams Activated As required Business Team Leaders Communication Management Business Support (As required) Example Only

13 VICTORIAN MANAGED INSURANCE AUTHORITY Incident Management Framework- Structure Objectives  Right Teams - Right Place - Right Time - To Solve Right Problem  Must be capable of operating independently and / or AT SAME TIME of normal business structure  Teams must be linked and capable of interacting with wider environment / community  Highly adaptive – easy to use – reflect “cultural response” of both the organisation and its operating environment  Structural Activation must be “idiot proof” Response Recovery Crisis BCM Component Elements - Overview

14 VICTORIAN MANAGED INSURANCE AUTHORITY Incident Management Framework- Control Objectives:  introduce extra / “lead” time into the mix  maximise “speed of considered response”  introduce “efficiencies of scale” – remove bottlenecks  minimise “time dependent load” on system elements  improve efficiency of decision making process Response Recovery Crisis BCM Component Elements - Overview

15 VICTORIAN MANAGED INSURANCE AUTHORITY Objectives  clear EASY guidelines to “most senior executive” level - supported by POLICY  activation criteria supported by appropriate “Delegations of Authority”  clearly defined - Business and “After Hour” criteria  for each “activation level” – defined points of confirmation with notification guidelines  process MUST be adaptive  activation criteria must reflect “tactical & strategic” exposure – perceived or otherwise Incident Management Framework Notification & Activation Response Recovery Crisis BCM Component Elements - Overview

16 VICTORIAN MANAGED INSURANCE AUTHORITY Objectives  clearly defined roles; responsibility and delegated authority  defined position descriptions for all “team leaders” and “key” functional positions  actionable checklists for “generic” activities and functional teams  defined activation protocols - only “required” roles need to be activated – remainder stay on call  tasking to be assigned to “most able” not necessarily “most senior” person  to provide:  Redundancy through deputies  Resiliency through appropriate deployment of resources;  Efficiency through changeover; monitoring and reporting Incident Management Framework Tasking Response Recovery Crisis

17 VICTORIAN MANAGED INSURANCE AUTHORITY Observation:  3 things that make life difficult and can really “stuff you up” 1.Communications! 2.Communications!! 3.Communications!!! Incident Management Framework Information Management Response Recovery Crisis

18 VICTORIAN MANAGED INSURANCE AUTHORITY Objectives:  Strive to minimise corruption of data  Establish “practical” communication protocols  Differentiate between communication channels – manage accordingly  Be able to “monitor” communications  Implement an “effective” reporting / tracking regime  Check “filter” points; remove bottlenecks;  Manage information flow & load Incident Management Framework Information Management Response Recovery Crisis

19 VICTORIAN MANAGED INSURANCE AUTHORITY Other Considerations  effective differentiation and management of “hazard & outrage”  sleep mode; transitioning and stand – down arrangements  stakeholder management; prioritisation & communication  incident tracking & reporting  potential for “formal 3 rd party” post incident inquiry  credibility & reputation  ROI optimisation of recovery Incident Management Framework Response Recovery Crisis

20 VICTORIAN MANAGED INSURANCE AUTHORITY BCM – So what is really different? Context / Scope Maintenance Risk Assessment Response Recovery Crisis Real Life Examples Bankstown City Council World Trade Centre Sydney Water Kraft Insurance Company (UK) Barings Bank Hurricane Rita (USA) Blood Bank (France) No longer enough to just “fix” the problem

21 VICTORIAN MANAGED INSURANCE AUTHORITY BCM - Some Post-Event Observations Context / Scope Maintenance Risk Assessment Response Recovery Crisis 1.Expect multiple and concurrent points of failure in critical systems 2.Consider “broader” geographical / political / economic / impacts (local-regional-global) 3.Scrutinise system / process redundancies vs interdependencies 4.Consider “cross industry” impacts 5.Consider greater emphasis on “mutual aid” and shared services 6.Increase scrutiny on Supply Chain vulnerability 7.Place greater emphasis on “human capital”, its availability and associated intellectual property 8.Do not underestimate the impacts of “corporate / community” culture and “post event” behaviour 9.Scrutinise logistics / distribution channels and their inter- dependency on technology

22 VICTORIAN MANAGED INSURANCE AUTHORITY Maintenance

23 VICTORIAN MANAGED INSURANCE AUTHORITY Types of Training:  Introductory awareness training – all staff  Team Leader development training  Specialist functional support training (eg Log keepers; Telephone Support Team; Admin Support etc)  Web-based advisory / update training  Scenario based training by:  Desktop exercise  Interactive role play exercise  Live simulation  3 rd party integrated training (eg whole of industry response; supply chain tests etc) SESSION 6 Ensure Continuous Improvement Maintenance


Download ppt "VICTORIAN MANAGED INSURANCE AUTHORITY Business Continuity Management (BCM) The Integration of Tactical Response and Strategic Business Recovery July 2007."

Similar presentations


Ads by Google