Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 3: Business Continuity Planning. Planning for Business Continuity Assess risks to business processes Minimize impact from disruptions Maintain.

Published byMarsha Holt Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 3: Business Continuity Planning. Planning for Business Continuity Assess risks to business processes Minimize impact from disruptions Maintain."— Presentation transcript:

1 Chapter 3: Business Continuity Planning

2 Planning for Business Continuity Assess risks to business processes Minimize impact from disruptions Maintain continuity of being able to perform mission-critical business tasks Main steps: – Project scope and planning – Business impact assessment – Continuity planning – Approval and implementation

3 Project Scope and Planning Business organization analysis BCP team selection Resource requirements Legal and regulatory requirements

4 Business Organization Analysis Identify all departments Identify critical services Identify senior executives and key individuals

5 BCP Team Selection Needs members from every department/division Include members from: – IT – Senior management – Legal – Security

6 Resource Requirements BCP development BCP testing, training, and maintenance BCP implementation Mostly personnel but may include IT and physical resource allocation

7 Legal and Regulatory Requirements Federal, state, and local laws or regulations Emergency services Industry regulations Country-specific laws Service-level agreements

8 Business Impact Assessment Quantitative decision making vs. qualitative decision making Identify priorities Identify risk Assess likelihood Assess impact Prioritize resources

9 Identify Priorities Critical prioritization of business processes Assess by department, then organization Assign an AV (asset value) to each process Determine MTD (maximum tolerable downtime) Choose an RTO (recovery time objective)

10 Risk Identification Inventory-specific risks Natural and man-made Logical and physical and social Don’t overlook the cloud Get input from all departments

11 Likelihood Assessment Determine frequency of occurrence Establish an ARO (annualized rate of occurrence) Based on history, experience, and experts

12 Impact Assessment Evaluate consequences of a breach EF (exposure factor) SLE (single loss expectancy) – SLE = AV x EF ALE (annualized loss expectancy) – ALE = SLE x ARO Consider nonmonetary impacts

13 Resource Prioritization Biggest ALE is biggest risk concern Combine qualitative priorities with quantitative priorities Work at addressing each item from largest ALE value first

14 Continuity Planning Strategy development Provisions and processes Plan approval Plan implementation Training and education

15 Strategy Development Bridge between BIA and BCP crafting Determine which risks to address in this BCP crafting time frame Determine acceptable risks vs. those that require mitigation Commit sufficient resources to resolve priorities

16 Provisions and Processes People Building and facilities – Hardening provisions – Alternate sites Infrastructure – Physically hardening systems – Alternative systems

17 Plan Approval Top-level management endorsement Educate top executives about plan concepts and details Senior executive approval establishes plan credibility throughout organization

18 Plan Implementation Define an implementation schedule Use allocated implementation resources Achieve process and provisioning goals Implement BCP maintenance program

19 Training and Education Assign responsibilities Plan overview briefing Dedicated training for those with assigned responsibilities A backup or replacement person for each position

20 BCP Documentation Continuity planning goals Statement of importance Statement of priorities Statement of organizational responsibility Statement of urgency and timing Risk assessment Risk acceptance/mitigation Vital records program Emergency-response guidelines Maintenance Testing and exercises

21 Continuity Planning Goals To set goals To ensure the continuous operation of the business in the face of an emergency situation To meet organizational needs

22 Statement of Importance Reflects criticality of BCP Disclosed in a memo to all employees Should be signed by CEO to avoid compliance resistance

23 Statement of Priorities Directly reflects designed BCP priorities Includes evaluation of priorities Focuses on importance to the continued operation of business functions in the event of an emergency

24 Statement of Organizational Responsibility Business continuity is everyone’s responsibility Reinforces organization’s commitment to BCP Informs individuals of the expectation to assist and support

25 Statement of Urgency and Timing Stresses priority of implementation Defines the roll-out timetable

26 Risk Assessment A recap of the BCP decision-making process Summary of BIA Discloses quantitative and qualitative analysis results

27 Risk Acceptance/Mitigation Identifies those risks deemed acceptable Identifies those risks deemed unacceptable – List risk management provisions – Define processes and responses – Define how the risk is reduced or managed

28 Vital Records Program Determine where critical records will be stored Set procedures for backing up critical records Identity critical records Digital and paper should be considered Includes records needed to reconstruct the organization in the event of a disaster

29 Emergency-Response Guidelines Define responsibilities in an emergency Detail activation of BCP elements Immediate response procedures Individuals to notify of the incident Secondary response procedures Goal: to minimize response time

30 Maintenance The BCP is a living document. The BCP should be periodically updated. Drastic changes may require a complete re-design and re-crafting. You should practice good version control. Include the BCP in job descriptions/responsibilities.

31 Testing and Exercises Establish a formalized testing program Train personnel on their tasks and responsibilities See disaster recovery testing in Chapter 18

Download ppt "Chapter 3: Business Continuity Planning. Planning for Business Continuity Assess risks to business processes Minimize impact from disruptions Maintain."

Similar presentations

1 Documentation Legal Framework Air Navigation Orders Guidelines ATS Manual Airport Manual Safety Management Manual ICAO Annexes Licenses / Certificates.

1 Documentation Legal Framework Air Navigation Orders Guidelines ATS Manual Airport Manual Safety Management Manual ICAO Annexes Licenses / Certificates.
Module N° 4 – ICAO SSP framework

Module N° 4 – ICAO SSP framework
Business Continuity Planning Presentation to Management.

Business Continuity Planning Presentation to Management.
Continuity of Operations (COOP) Awareness Training

Continuity of Operations (COOP) Awareness Training
Process and Procedure Documentation. Agenda Why document processes and procedures? What is process and procedure documentation? Who creates and uses this.

Process and Procedure Documentation. Agenda Why document processes and procedures? What is process and procedure documentation? Who creates and uses this.
Business Continuity and Disaster Recovery Planning.

Business Continuity and Disaster Recovery Planning.
Project Management Gaafar 2007 / 1 This Presentation is uses information from PMBOK Guide 2000 Project Management Risk Management* Dr. Lotfi Gaafar.

Project Management Gaafar 2007 / 1 This Presentation is uses information from PMBOK Guide 2000 Project Management Risk Management* Dr. Lotfi Gaafar.
1 Continuity Planning for transportation agencies.

1 Continuity Planning for transportation agencies.
Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning
Contractor Management and ISO 14001:2004

Contractor Management and ISO 14001:2004
Security Controls – What Works

Security Controls – What Works
Action Implementation and Monitoring A risk in PHN practice is that so much attention can be devoted to development of objectives and planning to address.

Action Implementation and Monitoring A risk in PHN practice is that so much attention can be devoted to development of objectives and planning to address.
Unit # 3: Information Security and Risk Management

Unit # 3: Information Security and Risk Management
ENVIRONMENTAL MANAGEMENT PLAN

ENVIRONMENTAL MANAGEMENT PLAN
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Planning for Contingencies

Planning for Contingencies
Managing Project Risk.

Managing Project Risk.
Gulf Coast Energy International Business Continuity / Disaster Recovery Planning and Design Proposal Prepared by Andrew Rolf, Felipe Torres, Pranay Jaiswal.

Gulf Coast Energy International Business Continuity / Disaster Recovery Planning and Design Proposal Prepared by Andrew Rolf, Felipe Torres, Pranay Jaiswal.
Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.

Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.

Similar presentations

Ads by Google