Presentation on theme: "Kpmg Business Continuity Planning An experience based approach Tamás Gaidosch Director, Information Risk Management KPMG Central and Eastern Europe +36."— Presentation transcript:
kpmg Business Continuity Planning An experience based approach Tamás Gaidosch Director, Information Risk Management KPMG Central and Eastern Europe +36 1 270 7139 firstname.lastname@example.org Piaţa Financiară Centre de Continuitate Operaţională şi Recuperare din Dezastre - ediţia II Bucuresti, 11.02.2003
kpmg 2 Agenda KPMG in a nutshell Definitions -BCP, DRP, etc…what are we talking about? Goals -what do we want to achieve? The method -a practical way to achieve the goals The experience -what works and what does not? Q & A
kpmg 3 KPMG in a nutshell One of the leading professional services firms Offices in more than 160 countries Over 100 000 professional staff worldwide Central and Eastern Europe: 15 countries, over 2 500 professional staff -full breadth of audit and consulting services
kpmg 4 Information Risk Management (IRM) Audit and other financial assurance services IT Consulting Information Risk Management (IRM) IRM services E-Advisory E-Assurance
kpmg 5 Definitions DRP (Disaster Recovery Plan) -the roots of business continuity planning (‘70s) -focused on IT recovery BCP (Business Continuity Plan) -scope extended to the business processes BCM (Business Continuity Management) -focuses on continuous availability CM (Crisis Management) -deals with big disasters
kpmg 6 Goals Recovery of services -as fast as possible -as cost effective as possible What do we want to achieve with a BCP?
kpmg 11 The method 100% 0% Bus. Processes Event Activate Verify Business Continuity as a process
kpmg 12 The method Preparation -Before the event Response -immediately after the event Transient operations -alternative processes -diminished capacity and functionality Recovery -returning to normal operations Phases of the the plan
kpmg 13 Running a BCP project Business impact analysis (BIA) Plan development Implementation Testing Training Maintenance
kpmg 14 Business Impact Analysis (BIA) Process and risk assessment Impacts of disruption -financial -operational -legal -reputation Results -priorities of business processes -critical processes and systems -maximum allowable downtimes
kpmg 15 Business Impact Analysis (BIA) Business Process day 12-3.4-5. week 23-4 Business Unit TreasuryCash supply of branches Cash management Bulk deposits Branch Network Cash transactions Transfers Claims resolution Loans Central Cust. Care Non-stop Call Center Claims resolution LowMediumSevere after disruption Financial impact of disruption
kpmg 16 The experience For major financial institutions Typical length: 6-8 months Typical effort: 5-6 manyears Typical outputs -1200+ pages of analysis and plans -customised BCP software solutions -hundreds of staff trained Projects delivered
kpmg 17 The experience The business impact analysis is crucial! -deep business understanding and experience -experience in business and risk analysis -objectivity (?) The method is less important Software (database) support No testing = waste of money No maintenance = false sense of safety What is key and what is not?
kpmg 18 The experience Employees -their participation is a must External consultants -not absolutely necessary, but: bring in wide experience and support tools do not start from ground zero, do not commit basic mistakes, do not get stuck in the process help the objectivity (external eye) External IT providers -they know the most about their systems Who should do the project?
kpmg 19 The experience Thick, cumbersome manual A piece of work done by the IT and for the IT Only known to those who created it Result of a compulsory homework, without support and staff not trusting it Gathering dust on a shelf somewhere... How to tell a bad plan?
kpmg 20 The experience Easy to use, well structured Covers all important areas Testable and maintainable Up-to-date (timely inclusion of changes) A living and well-known document How to tell a good plan?
kpmg 21 The broader view Business Continuity Planning (BCP) Proactive and preventive (strategic) Fast reaction and recovery (tactical) Enterprise High Availability (EHA) Availability Service Level Management (SLM) Reliability Issue Solution Focus Goal. Achieve and maintain set availability targets Effectively manage and control the IT infrastructure to improve overall operational reliability Minimise downtime of critical processes in the event of a major disruption Recoverability Business Continuity Management Services
kpmg 22 Q & A Tamás Gaidosch Director, Information Risk Management KPMG Central and Eastern Europe +36 1 270 7139 email@example.com