Presented by You Exec Business Continuity Management RISK MANAGEMENT Business Continuity Management Business continuity management BCM is a component of risk management It also overlaps with IT security and information security management It involves developing contingency plans and strategi ID: 1039767
Download Presentation The PPT/PDF document "BUSINESS CONTINUITY FRAMEWORKS" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
1. BUSINESS CONTINUITY FRAMEWORKSPresented by You Exec
2. Business Continuity ManagementRISK MANAGEMENTBusiness Continuity ManagementBusiness continuity management (BCM) is a component of risk management. It also overlaps with IT security and information security management. It involves developing contingency plans and strategies to safeguard a company’s viability in the event of a crisis.Information Security ManagementIT Security Management
3. Business Continuity ManagementRISK MANAGEMENTBusiness Continuity ManagementBusiness continuity management (BCM) is a component of risk management. It also overlaps with IT security and information security management. It involves developing contingency plans and strategies to safeguard a company’s viability in the event of a crisis.Information Security ManagementIT Security Management
4. Business Continuity ManagementRISK MANAGEMENTBusiness Continuity ManagementBusiness continuity management (BCM) is a component of risk management. It also overlaps with IT security and information security management. It involves developing contingency plans and strategies to safeguard a company’s viability in the event of a crisis.Information Security ManagementIT Security Management
5. Development of BCM500 BC to 20th centurySince 1950Since 1980Recent historySince 1998Homeland Security in the USACIVIL DEFENCE AND PROTECTIONBCM is expanded to all corporate divisions. BCM remain a key focus for IT.EMERGENCY PLANS FOR THE ENTIRE COMPANYSun Tzu - that Art of WarCarl von Clausewitz - on WarBASED ON HISTORICAL MILITARY CONCEPTSafeguarding IT operations with IT contingency plansINFORMATION TECHNOLOGYWorldwide definitions of standards, guidelines & certificates i.e.. IISO 22301STANDARDS AND NORMS
6. Potential Business Threats - Part 1DISASTERSCENARIOSCRIMEExample : product piracy, cyber attacksAMENDMENTS TO THE LAWExample : GDPR (2018)INFRASTRUCTURE ISSUESExample : power outages or network crashesNATURAL DISASTERSExample : earthquakes, floodsRESOUREC CONSTRAINTSExample : loss of suppliersLOSSES DUE TO ACCIDENTSExamples : fire, machinery issuesHEALTH-RELATED ISSUESExample : Flu season or any pandemicsSOCIAL & POLITICAL UNRESTExample : strikes, political upheavals, attacks
7. Potential Business Threats - Part 2Storm DamageTheft or RobberyPower OutagesViral OutbreakTechnical FailureNatural DisasterCyber AttackHuman ErrorFire AccidentWater Shortage
8. DEVELOP STRATEGIESDetermine the selection of alternative strategies available for mitigate loss (testing scenarios).0203050104IDENTIFY & ANALYZEIdentifies all significant roles of risks, resources & all critical processes. CONTINGENCY PLANSHere you can develop plans which includes role allocation & responsibilities in case of crisis.DEFINE BUSINESSWrite about BCM objectives, define its value & protection instructions for each assets.USE TESTSTesting helps to create awareness for execution in the event of any disaster or risk.06ESTABLISH BCMIt helps to create awareness among managers, employees and partners in company.Steps to Business Continuity
9. Business Continuity CycleANALYZEDESIGN SOLUTIONSIMPLEMENTTEST AND ACCEPTIdentify potential threats or risks, impacted business processes, warning and communication processDesign or define addition solutions, strategy, documentation processes and supplier dependenciesInitiate response checklist and relocation strategies of critical processes in the business disruption.Recovery time objectives, test critical processes, monitor primary and alternate facility details.Update key details and associated processes as deficiencies & inaccuracies are identified.MAINTAIN
10. PDCA to Business Continuity Mgmt.StakeholdersBCM RequirementsStakeholdersFunctional BCMMaintain & Improve(ACT)Monitor & Review(CHECK)Setup(PLAN)Implement(DO)CONTINIUAL IMPROVEMENT
11. Business Continuity Mgmt. CycleASSESSMENTSDevelopment & implementation of test scenarios, staff training, Gap analysisANALYSISIdentify, Risk assessment, Business impact analysisDEVELOPStrategy review & implementation, Plan developmentINTEGRATIONCoordination with external organizations & companiesMAINTENANCEChange management, Scheduling, Financial audit managementPROJECT STARTSProject management & awareness, leadership, basic development
12. BCM as a Component of Resilience ManagementStrategy DevelopmentCRISIS MANAGEMENTEMERGENCY PREPAREDNESSRisk ControlBC ImpactBC StrategyBC PlanTraining + TestEmergency MeasuresEmergency OperationsResume Normal OperationsBCMRisk ControlStrategy DevelopmentBUSINESS CONTINUITY
13. Business Continuity CycleBUSINESS CONTINUITY PLANTesting And MaintenanceRecovery StrategiesImpact AnalysisDevelop Plan
14. BUSINESSCONTINUITY1. ASSESS IMPACTBusiness Continuity CycleUnderstand the risk and impact on businessDevelop business continuity strategiesDevelop business continuity plansImplementTest plansReview and maintain2. DEVELOP STRATEGIES3. DEVELOP BC PLANS4. IMPLEMENT5. TEST PLANS6. REVIEW & MAINTAIN
15. Six Phases of Business Continuity Cycle06MAINTENANCEPLAN12345Processes, recovery times, resource requirementsThreat analysis, risk exposure, threat scenariosContinuity, strategy, key resources, alternatives, service methods, and recovery methodsBC proceduresBC plan validationBusiness Impact AnalysisThe BIA, which is conducted during the first stage, analyze the financial & operational impact of disruptive events on the business areas & processes.01Risk AssessmentThis is composed of risk analysis and risk evaluation, is performed on the critical processes identified during the BIA stage.02Strategy DevelopmentThe main purpose of this stage is to develop a business continuity strategy. That satisfies the business recovery requirements.03Operation Resumption PlanningThe predetermined procedures & guidelines prevent organizations from making on the spot critical decisions in the middle of a crisis.04Exercising & TestingIts main purpose is to validate the business continuity strategy, activities, assumptions regarding times in business continuity plans.05BCM Maintenance PlanThis phase maintain the BCP in a constant ready-state. The maintenance process of a BCMS is constant and dynamic.06
16. Business Continuity Plan020103050406Understand Business Risk and their ImpactsDevelop Business Continuity StrategiesDevelop Business Continuity PlansImplement Business Continuity PlansTesting of Business Continuity PlansReview and Maintain
17. Business Continuity PlanBUSINESS PROCESS PRIORITIZATIONIT INTEGRATIONBCP MANAGEMENTRiskAssessmentBusiness Impact AnalysisBC Program AssessmentBC ProgramDesignIT Strategy DesignImplementationProgram ReviewResilience program managementProcesses and activitiesCrisis teamsBusiness resumptionHigh availabilityRecoveryStreamline IT infrastructureHigh availability designHigh availability serversData replicationDatabase and software designMaturity modelModel ROICreate program roadmapOutage impactRisks, vulnerabilities, threatsPeopleProcessesPlansStrategiesNetworksPlatformsFacilitiesAwareness, review, change management, regular briefingsCurrent capabilitiesExpected recovery time
18. RISK PLANNINGIDENTIFYTHREATSRisk EvaluationProbabilityScaleOptionsAvoid, ReduceTransferResponse & RecoveryResponse PlanRecovery PlanStaffCommunicationTrainingRegular UpdatesFind upcoming issuesRisk updatesBusiness Continuity PlanningKey AssetsEmployeesBusiness Good-willKey ServiceCustomer satisfactionPartnerThreatsUnwanted disasterLegal issuesRisksMarket stabilityRecoveryNatural DisasterEarthquake, stormsFloodsAccidentsFire accidentUtility outragesCriminal ActivitySabotageTerrorism, Cyber attacksMarketSuppliersCompetitors, consumer trendsPoliticsLegislationsDocumentations
19. Business Impact Analysis Steps01SELECT BUSINESS PROCESSESExclude business processes that are not essential to the company’s objective02DEVELOP FAILURE ANALYSISAnalyze the impact of potential downtime of individual processes03SIMULATE A RESTARTDefine acceptable downtime andrecovery times04IDENTIFY DEPENDENCIESIdentify and factor in correlations between individual processes05EVALUATE BUSINESS PROCESSESRank processes according to their criticality06ASCERTAINRESOURCESDetermine the resources required for normal and emergency operation07EVALUATE RESOURCESDetermine thecriticality of theRequired resources
20. Risk Analysis Steps01IDENTIFY RISKSInternal and external risksDirect and indirect risksRisks that can and cannot be managed02EVALUATE RISKSAssess risk probabilityAssess impactAssigning and prioritizing risk03DESIGN POSSIBLE RISK SCENARIOIT failure and network collapseBuilding damageDelivery bottlenecksLoss of employees04SELECT RISK STRATEGIESAcceptanceTransferAvoidanceReduction
21. Risk Assessment Matrix - ExamplePROBABILITYIMPACT / DAMAGELOWMODERATEHIGHVERY HIGHFrequentLowModerateHighVery HighProbableLowModerateHighHighOccasionalLowLowModerateModerateImprobableLowLowLowLow
22. Phases ofRecovery PlanA disaster recovery team regularly reviews and manages all data and facilities that are essential to continuing business operations. The most important data is regularly backed up to an external location.DISASTER OCCURRENCEA disaster is declared. Decision : activate the recovery planPLAN ACTIVATIONActivate the business continuity plan. This phase last until the business is relocated.OPERATION AT LOCATIONThis phase is continued until the main location is operational again.TRANSIT MAIN LOCATIONThis begins as soon as operation can be safely continued at the main location.
23. Recovery TeamASSIGNED TEAMSContact Person 02 Contact Person 03 Contact Person 04 Contact Person 01 TEAM CONTACTIncident ManagerHR & PR ManagerFinancial ManagerHR & PR ManagerFinancial ManagerTeam LeaderDeputy Team LeaderTeam MemberBC CoordinatorEmergencyCommunication TeamEmergency HR DepartmentEmergency ManagementEmergency Response TeamIT Recovery TeamTEAM RESPONSIBILITITYTEAM ROLESDEPARTMENTAL TEAM
24. Disaster notification, notifying management, initial damage assessmentDelaying disaster, activating contingency plans, relocating to alternative locationImplementing provisional plan, establishing communicationRestoring processes and communication using the backup filesStarting business operations at the alternative location, managing work tooGradually returning to main location, terminating contingency plansRecoveryProcedureIt includes measures and tasks to restore business processes.
25. Business Continuity Plan ChecklistYESNO010203040506Plans and resources for alternative locationsEmergency operations centersCopies of critical business dataEmployee contact list and recovery prioritiesBusiness impact and risk analysisRecovery task list and office recovery plansIT report and resources, Supplier list, Employee contact list07CRITERIA FOR BCP IMPLEMENTATIONS
26. Business Impact Analysis Template12-02-2020$ 120.00K$ 12000-$ 130012%12 Day--Technical13-02-2020$ 12.90K$ 269819- $ 140013%21 Day--Service14-02-2020$ 34.98K$ 97371-$ 150019%34 Day--Employee15-02-2020$ 119.9K$ 20189-$ 160020%49 Day---16-02-2020$ 45.90K$ 28012-$ 170011%510 Day---17-02-2020$ 56.92K$ 384732-$ 180035%64 Day---18-02-2020$ 34.90K$ 1029137-$ 190020%12 Day---19-02-2020$ 23.00K$ 1092-$ 200023%31 Day---TOTAL$ 448.50K$ 17,92,352-$ 13200--31 Days---DateDaily RevenueDaily TransactionsProcess BacklogPotential Impact Companywide ImpactImpact Ranking 1-6Target Recovery TimeRecovery PointRecovery StrategyTime Needed for Recovery
27. Business Continuity Maturity ModelMATURITY MODEL01 - SELF GOVERNED02 - DEPARTMENTAL03 - COOPERATIVE04 - COMPLAINT05 - INTEGRATEDLEVEL 06Comparative ModelCorp. CompetenciesLeadershipVery LowLowMediumHighHighBC Program StructureVery LowLowLowMediumHighMetricsVery LowLowMediumMediumHighResource CommitmentBC Program ContentIncident Mgmt.Very LowLowMediumHighHighSecurity Mgmt.Very LowLowMediumMediumHighORGANIZATION “AT RISK”ORGANIZATION “AT RISK”ORGANIZATION “AT RISK”Attributes of an Organization at Each Maturity LevelAttributes of Each BC Discipline at Each Maturity LevelVery LowLowMediumHighHighHighHighHighHighHighHigh
28. Does the project re-establish existing business opporunities or provide new jobs ?Does the project improve deteriorated neighborhoods ?Does the project increase existing business income or contribute to additional spending ?Does the provide new affordable lease or rent opportunities or ownership for new business ?Business Recovery ChecklistECONOMIC IMPACTDoes the project receive financial investment from various segments of the community ?Does the project have high visibility and distinct recognization with community ?Does the project bring change in high visibility ?Does the project provide support to community system ?HIGH VISIBILITY YESNO
29. Strategic BCM FrameworkBM STRESS TESTINGDefineIdentifyAssessimpactDesignchangesExecutechangesBUSINESSCONTINUITYMGMT.Test &maintainProjectinitiationIdentify& impactDesignmeasureImplementMODIFIES & CREATE VALUESUSTAINS & PRESERVES VALUE
30. Risk Distribution Dashboard by Business ProcessRISK HEAT MAPANNUALIZED COST OF CONTROLRISK SCORE CURRENTGRC Risk HistoryRisk Compare to Cost of ControlImpactLikelihoodDollar in Millions85%0100
31. Business Continuity RoadmapSetup of BCM framework & training of key project leaders and managersJANFEBMARAPRMAYJUNJULAUGRisk Analysis & business impact analysis (interviews with department heads) Develop business continuity mgmt. strategy options & business continuity plansEstablish simulation exercise and finalize BCM exercise materialsStart your pre-audit assessment for business continuity mgmt.Finalize business continuity plan with emergency management proceduresEstablish business continuity mgmt. maintenance, conduct staff awareness trainings.To take BCM standard certification - SS540:2008 certification
32. BCP Builder’s Resilience FrameworkOrganizational flexibility, responsiveness & vigilance in daily operationsUPDATEDiscuss & improve plan after an eventPredetermined response, know who is involved, process optimizationUTILIZEFollow the plan in a crisis or exerciseConfused & frustrated, lacking appropriate systemSTRUCTUREDecide on how to structure the planUnable to access critical information, miscommunication & mistakesPLANFind a template & get startedNo PlansUnpreparedSYMPTOMSKEY TO SUCCESSStarting to PlanDelayed response & access to informationWorking PlanResponds quickly & effectivelyResilient