Presentation is loading. Please wait.

Presentation is loading. Please wait.

Comprehensive Business Continuity Management

Published byMoses Andrews Modified over 8 years ago

Similar presentations

Presentation on theme: "Comprehensive Business Continuity Management"— Presentation transcript:

1 Comprehensive Business Continuity Management
Press the “Page Down” button to Advance the Slides

2 What is Business Continuity Planning?
* 07/16/96 What is Business Continuity Planning? Planning to ensure the continuation of operations in the event of a catastrophic event. Business continuity planning goes beyond disaster recovery planning to include the actions to be taken, resources required, and procedures to be followed to ensure the continued availability of essential services, programs, and operations in the event of unexpected interruptions. *

3 It’s Not Just a Technical Problem
Business Continuity Management is not just a job for your IT team - it is an operational issue. A team effort is required to develop comprehensive plans for critical operations including not just computing processes but also operational, building systems, suppliers, and other processes.

4 Risk Management Process
Identification Assessment Control Transfer Finance

5 Business Continuity Plan
* 07/16/96 Business Continuity Plan Identify Risks - Triage to assess all processes All business functions EDI/EBD Suppliers Infrastructure Develop Plans for Everything Test and Exercise the Plans Layer Business Plan & Disaster Plan *

6 Business Continuity Issues
Biggest Risk is not knowing all the risks Biggest Problem - much risk is out of your control Best Practices? Business Impact Assessment Contingency Plans Disaster Planning Business Recovery

7 Create a Business Continuity Management Team
Lead by Top Management Project BoD Monitors Regular Status Reporting to Management Broad-based Awareness for Everyone Key Players Senior Officials Internal Audit Risk Management Legal Finance/Budget Procurement Safety Others?

8 Key Components of BCP Assess - identify and triage all threats (BIA)
Evaluate - assess likelihood and impact of each threat Prepare – plan for contingent operations Mitigate - identify actions that may eliminate risks in advance Respond – take actions necessary to minimize the impact of risks that materialize Recover – return to normal as soon as possible

9 Project Reporting/Tracking
* 07/16/96 Project Reporting/Tracking Complete data repository Use summary reports for management Measurable and quantifiable progress Risk rating Prioritization Regular reporting (weekly or bi-weekly) Sort on priority, progress, time-to-completion *

10 Process Inventory and Triage The purpose of the BIA is to:
* 07/16/96 Process Inventory and Triage The purpose of the BIA is to: Identify critical systems, processes and functions; Establish an estimate of the maximum tolerable downtime (MTD) for each business process Assess the economic impact of incidents or disasters that result in a denial of access to systems, services or processes; and, Determine the priorities and processes for recovery of critical business processes. *

11 BIA Review Factors All Hazards Analysis Likelihood of Occurrence
Impact of Outage on Operations System Interdependence Revenue Risk Personnel and Liability Risks

12 Prioritize Risk Factors
Personal Safety Risk Services Risk Operational Risk Revenue Risk Liability Risk Good Will (Societal) Risk

13 Risk Analysis Matrix Area of Major Concern High Medium Low Low Medium
Probability of Likelihood Medium Area of Major Concern Low Low Medium High Severity of Consequence

14 Risk Rating Methodology
BCP Risk Rating Methodology Risk Risk Numeric Explanation Factor Rating Score Degree of H 8 Process must function for core operations Organizational M 6 Process required for daily settlement Dependence L 3 Process is not critical to daily operations Probability H Probability > 0.5 that alternative process will work of Successful M 2 Probability < 0.5 that alternative process will work Alternative L 3 No plans for alternative process Dependence H 5 Business functions depend highly on process on M 3 Business functions depend somewhat Automation L 1 Manual operation possible w/o penalty Criticality of H 4 Critical business function - core process Business M 2 Secondary line-of-business Process L Not a critical process

15 Risk Assessment Matrix
* Risk Assessment Matrix 07/16/96 *

16 What Are External Risks?
External Risks are risks presented by factors outside the enterprise; these include risk present in natural disaster, labor strife, the possible failures of business partners, suppliers, public utilities, transportation, telecommunications, and other businesses.

17 Risk Areas Risk Threat Areas High External Factors Low Infrastructure
Applications Low Threat Areas

18 Review External Dependencies
Infrastructure Dependence (power, telecom, etc.) System Up Time (computing, data,networks, etc.)

19 One Business Failure Can Shut You Down
If you rely on one supplier for a critical part or service, the impact of their non-compliance could be catastrophic. Examples: GM Parts Manufacture strike in 2 plants shuts down assembly line in 54 plants Satellite snafu impacts millions of customers UPS strike hurts many using “just-in-time” Railroad computer problems hit shipping

20 Infrastructure Issues
What will we do if there is not power? No phone service? No Water? Will government open? How will the public react?

21 Emergency Management Planning
Work with local and regional disaster agencies Assess special problems with disasters Loss of power, communications Supply-chain impacts Review and revise existing disaster plans Look for new areas for disaster plans Include Disaster Recovery Planning

22 Contingency Planning

23 Contingency Planning Issues
Power and Telecommunication Failures System Failures Natural Disasters Local Emergencies Workplace Violence Supply Chain Disruptions Public Response to Crisis

24 Contingency Planning Process Phases
Assessment - organizing the team, defining the scope, prioritizing the risks, developing failure scenarios Planning - building contingency plans, identifying trigger events, testing plans, and training staff on the plan Plan Execution - based on a trigger event, implementing the plan (either preemptively or reactively) Recovery - disengaging from contingent operations mode and restarting primary processes of normal operations by moving from contingency operations to a permanent solution as soon as possible.

25 Develop Scenarios How bad will the “big one” be?
Extended Power, Water, or Telecom Outages? Supply Chain Disruptions? Civil unrest? Develop various scenarios and pick which ones to plan for.

26 Evaluating Alternatives
Functionality - provides an acceptable level of service Practicality - is reasonable in terms of the time and resources needed to acquire, test, and implement the plan Cost Benefit - cost is justified by the benefit to be derived from the plan

27 It’s Not Enough Just to Plan
* 07/16/96 It’s Not Enough Just to Plan Use focus groups and brainstorming Seek “what can go wrong” Find alternate plans & manual work arounds Find innovative solutions to risks Contingency plans must be exercised Hold table top exercises for disasters Conduct “fire drills” of plans Train staff for action during emergencies Constantly assess your project *

28 Contingency Planning Phases
Trigger Event Occurs Execute Plan Execution Event Ends Activate Recovery Plan Recovery Develop Plans Planning Identify Event Triggers Develop Scenarios Conduct Risk Assessment Risk Scoping & Prioritization Assessment Test Plans Organize Risk Assessment Team Train on Plans

29 Risk Management Formula
* 07/16/96 Risk Management Formula Best Practices Risk Assessments + Contingency and Recovery Planning Validation and Training Due Diligence Good Business Judgement *

30 For More Information Steve Davis, Principal DavisLogic POB 394
Simpsonville, MD 21150

Download ppt "Comprehensive Business Continuity Management"

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
Disaster Planning in Legal Services Disaster Planning in Legal Services June 15, 2007 www.lsntap.org.

Disaster Planning in Legal Services Disaster Planning in Legal Services June 15,
FMS. 2 Fires Terrorism Internal Sabotage Natural Disasters System Failures Power Outages Pandemic Influenza COOP/ Disaster Recovery/ Emergency Preparedness.

FMS. 2 Fires Terrorism Internal Sabotage Natural Disasters System Failures Power Outages Pandemic Influenza COOP/ Disaster Recovery/ Emergency Preparedness.
Business Continuity Planning DavisLogicDavisLogic & All Hands ConsultingAll Hands Consulting.

Business Continuity Planning DavisLogicDavisLogic & All Hands ConsultingAll Hands Consulting.
Detail actions necessary to implement the interim housing mission in the post-disaster environment Identify command and control structures at all levels.

Detail actions necessary to implement the interim housing mission in the post-disaster environment Identify command and control structures at all levels.
Business Continuity Training & Awareness by Sulia Toutai (ANZ)

Business Continuity Training & Awareness by Sulia Toutai (ANZ)
PROJECT RISK MANAGEMENT

PROJECT RISK MANAGEMENT
Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.

Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.
Disaster Preparedness I Lessons Learned Don Hall Thomson Prometric 2006 Annual ConferenceAlexandria, Virginia Council on Licensure, Enforcement and Regulation.

Disaster Preparedness I Lessons Learned Don Hall Thomson Prometric 2006 Annual ConferenceAlexandria, Virginia Council on Licensure, Enforcement and Regulation.
Introduction to Business Continuity Planning An Introduction to the Business Continuity Planning Process Including Developing your Process and the Plans.

Introduction to Business Continuity Planning An Introduction to the Business Continuity Planning Process Including Developing your Process and the Plans.
Project Management Gaafar 2007 / 1 This Presentation is uses information from PMBOK Guide 2000 Project Management Risk Management* Dr. Lotfi Gaafar.

Project Management Gaafar 2007 / 1 This Presentation is uses information from PMBOK Guide 2000 Project Management Risk Management* Dr. Lotfi Gaafar.
Project Management.

Project Management.
1 Continuity Planning for transportation agencies.

1 Continuity Planning for transportation agencies.
Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Hull and East Yorkshire Hospitals NHS Trust Membership Event: 7 October 2014 Emergency Preparedness: How would HEY respond to a major incident?

Hull and East Yorkshire Hospitals NHS Trust Membership Event: 7 October 2014 Emergency Preparedness: How would HEY respond to a major incident?
Emergency Response & Continuity of Operations Planning Stephen A. Morash Daniel R. Wieland Emergency Response Planning Boston University.

Emergency Response & Continuity of Operations Planning Stephen A. Morash Daniel R. Wieland Emergency Response Planning Boston University.
8 Managing Risk Teaching Strategies

8 Managing Risk Teaching Strategies
Comprehensive Emergency Management Presented by Steve Davis Principal, DavisLogic & All Hands ConsultingDavisLogicAll Hands Consulting.

Comprehensive Emergency Management Presented by Steve Davis Principal, DavisLogic & All Hands ConsultingDavisLogicAll Hands Consulting.

Similar presentations

Ads by Google