Easier Than You Think Objectives Why is a BCP necessary Basic BCP definitions everyone needs this regardless of responsibilities at work Difference between BCP Disaster Recovery and Contingency Planning ID: 1020944
Download Presentation The PPT/PDF document "Introduction to Business Continuity Pla..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
1. Introduction to Business Continuity Planning (BCP): Easier Than You Think
2. Objectives:Why is a BCP necessary?Basic BCP definitions – everyone needs this regardless of responsibilities at work. Difference between BCP, Disaster Recovery, and Contingency PlanningBCP Process: 6 Things to Know BCP in place, now what? 2Introduction to Business Continuity Planning (BCP): Easier Thank You Think
3. 3Introduction to Business Continuity Planning (BCP): Easier Thank You ThinkBusiness Continuity Plan: What is it?Business Continuity Plan (BCP)Document summarizing steps a business will take in the event of a disaster and then recover from the loss event and subsequent business interruption. Source: IRMI Insurance Glossary
4. 4Introduction to Business Continuity Planning (BCP): Easier Thank You ThinkBusiness Continuity Plan: Why some don’t have itTop reasons why no BCP in place: No time. No resources.To complicated.Not going to happen to us.That’s a tool for mega corps.
5. Business Continuity Plan: Why is it necessary?Why should your organization care about continuity planning in the first place?Survive a disaster with mitigated impact to employees and assets. Your organization may be farther along than you think. 5Introduction to Business Continuity Planning (BCP): Easier Thank You Think
6. 6Introduction to Business Continuity Planning (BCP): Easier Thank You ThinkBusiness Continuity Plan: Looks daunting, but you already have a lot in place!Business Continuity PlanDisaster Recovery PlanRisk Management StrategyFinance,Banking,InvestmentsInsuranceReal Estate,Physical AssetsLegalData Recovery PlanData Continuity PlanCrisis Management PlanIncident Response PlanEvacuation PlanEmergency Action PlanContingency PlanSupply Chain Management PlanRecovery Plan: Resume Normal OperationsPandemic Response PlanCrisis Communication PlanCyber Defense PlanBCMSuccession Plan
7. Business Continuity Plan:Basic Definitions
8. Business Continuity Plan: DefinitionsBCP vs. everything else…it can be confusing.Business Continuity Plan (BCP) vsDisaster Recover Plan (DRP) (AKA Business Resiliency Plan…not to be confused with the general concept of business resilience) vsBusiness Contingency Plan (AKA Contingency Plan) and Emergency Action Plan (EAP)8Introduction to Business Continuity Planning (BCP): Easier Thank You Think
9. Business Continuity Plan: DefinitionsBusiness Continuity Plan (BCP): IRMI Insurance Glossary: A written document summarizing steps an organization should take in the event of a disaster—manmade or natural — and the plan to recover from the loss event and subsequent business interruption. ISO 22300 standard: The predefined capability of an organization to continue the delivery of products or services at acceptable levels following a disruption.Guides how the organization will handle the following after disruption: Assets (physical and financial)Human resources and safety Employees, Customers, Vendors and other stake holdersCommunicationsLogisticsIntangibles such as brand and intellectual properties9Introduction to Business Continuity Planning (BCP): Easier Thank You Think
10. Business Continuity Plan: DefinitionsA Business Continuity plan will be most effective when needed if consideration of disruption potential is included in every business decision made.10Introduction to Business Continuity Planning (BCP): Easier Thank You Think
11. Business Continuity Plan: DefinitionsDisaster Recovery Plan (DRP):DRP is focused exclusively on Information Technology disaster response.Business Resilience is built in to the DRP.Includes consideration of:HardwareSoftwareLocal and cloud dataVoice communicationInternet and social mediaCyber Security PlanCritical roles11Introduction to Business Continuity Planning (BCP): Easier Thank You Think
12. Business Continuity Plan: DefinitionsBusiness Contingency Plan:Focused exclusively on reaction to a single or specific anticipated scenario identified during the Vulnerability and Risk Assessment.Contingent actions and response would be different:Hurricane vs. wildfire event Civil unrest and riot vs a single workplace violence incident12Introduction to Business Continuity Planning (BCP): Easier Thank You Think
13. Business Continuity Plan: DefinitionsEmergency Action Plan (EAP):EAP is an important piece of overall BCP but is not itself BCP.13Introduction to Business Continuity Planning (BCP): Easier Thank You Think
14. Business Continuity Plan:Top Things to Know
15. Business Continuity Plan: Know Your RisksWhat risks were you unaware of two years ago?15Introduction to Business Continuity Planning (BCP): Easier Thank You Think
16. Business Continuity Plan: Know Your RisksRisk could be any threat or event that could disrupt normal business operations.Threat Source: Internal to the organization External to the organization Threat Cause: Natural event Human action16Introduction to Business Continuity Planning (BCP): Easier Thank You Think
17. Business Continuity Plan: Know Your Risks17Introduction to Business Continuity Planning (BCP): Easier Thank You ThinkInternal threats to the organization:People / PersonnelFacilitiesFinancesTechnologyEquipment
18. Business Continuity Plan: Know Your Risks18Introduction to Business Continuity Planning (BCP): Easier Thank You ThinkExternal threats to the organization:Natural disasters Climate, GeographyHuman action disasters Physical, Digital, Reputation, Economic
19. Business Continuity Plan: Know Your Risks19Introduction to Business Continuity Planning (BCP): Easier Thank You ThinkVulnerability and Risk Assessment Conducted to determine threats that are likely to affect your organization.Helps to rank the probability and severity of anticipated threats. Consider potential impact of each threat, i.e. the amount of damage, duration, magnitude, and extent of the threat.
20. Business Continuity Plan: Know Your Risks20Introduction to Business Continuity Planning (BCP): Easier Thank You Think
21. Business Continuity Plan: Know Your Employees21Introduction to Business Continuity Planning (BCP): Easier Thank You ThinkEmployees are your organization’s most valuable asset. Protect them. An Emergency Action Plan (EAP) ensures the safety of employees, customers and guests on site at the time of the emergency – think initial emergency response. EAP is a critical piece of overall BCP but is not itself BCP.Crisis Communication PlanContingency Plans
22. Business Continuity Plan: Know Your Operations22Introduction to Business Continuity Planning (BCP): Easier Thank You ThinkIdentify key business functions and processes then decide maximum amount of time the organization can remain closed after disruption.Considerations:What - Main product or service; how it is provided and what could disrupt this.Who – Key functions, key employees, critical vendors and how to reach them. Why - Consequences if the function cannot be performed or supplies received. Could the organization survive?
23. Business Continuity Plan: Know Your Finances23Introduction to Business Continuity Planning (BCP): Easier Thank You ThinkFinancially prepare now so business is ready to respond and recover when a disruption occurs.Available cash or creditPayroll policy during and after a disaster.Know insurance policy and what is coveredBecause your area got hit by a disaster, don’t assume suppliers, vendors and creditors are aware or will automatically grant extensions. Plan to pay all obligations as if there were no disaster.Three-month reserve is a good start.Key financial contactsHave list and know how to contact during an emergency.
24. Business Continuity Plan: Know Key Stakeholders24Introduction to Business Continuity Planning (BCP): Easier Thank You ThinkEmployees, Customers, Suppliers, Vendors, etc. = Key Stakeholders: Are stakeholders all in the same geographic location as the business or spread across multiple regions (pros and cons to both scenarios)?Request copies of supplier and vendor BCP. Identify alternate suppliers and shippers before the crisis.Business critical Key Contacts are those upon whom the business reliesCustomer and stakeholder notification list and procedures in place?
25. Business Continuity Plan: Know Your IT25Introduction to Business Continuity Planning (BCP): Easier Thank You ThinkWithout access to computer hardware, software, and digital data, what happens to business operations?Which data and records are vital to perform critical functions? (see Know Your Operations)Backup data – frequently, onsite, offsite, different geographic region (cloud).Established secondary recovery location for IT operations.Previous arrangements with IT vendors (list under key contacts) to replace damaged hardware and software, and/or to set-up hardware and software at the recovery location
26. Business Continuity Plan: Know Your IT - Threats26Introduction to Business Continuity Planning (BCP): Easier Thank You ThinkSmall businesses are especially vulnerable to Cyber Risk.Average of $50-$100k initial ransom recovery hard cost + subsequent soft costsHalf of owners report significant financial impact and Personally Identifiable Information (PII) concernOnly about 1/3 have taken precautions Data breaches are complicated and costly. 86 % believe that digital risk will continue to grow35 % are unaware of the significant financial cost to recover.30 % of companies with 11-50 employees do not provide any type of formal training on cybersecurity.
27. Business Continuity Plan: Know Your IT - ThreatsIs your business prepared for Cyber Threat?Ransomware – Train employees. Know who to consult and whether to pay ransom.Cyber Attack – Train employees. Hire experts who are equipped to protect networks and sensitive data.Data Leak Incident – Train employees. Have necessary resources identified ahead of time. Insurance – Ensure adequate Cyber Risk and Business Interruption coverage.27Introduction to Business Continuity Planning (BCP): Easier Thank You Think
28. Business Continuity Plan:Complete, now what?
29. Business Continuity Plan: Know When to Review29Introduction to Business Continuity Planning (BCP): Easier Thank You ThinkTest with a quick skim through review every six monthsCheck for changes in contact information, business priorities, staff responsibilities, or procedures.Deep test annually using a very disruptive scenario.Catastrophic premises fire, major storm event, or a pandemic scenario.Test periodically using lighter scenarios (2-3 x / year).Power outage, vendor failure, health and safety incident.
30. Business Continuity Plan: Know What to Test30Introduction to Business Continuity Planning (BCP): Easier Thank You ThinkTest process documentation contained in the plan using fresh perspective.Ask a co-worker who was not involved with developing the BCP for a critical review.Conducting exercises or drills effectively tests the plan.Informal disruption training scenarios engage employees and promote team building.Test the systems that will be used during a disaster.For example, how will you contact your staff as a part of the crisis communications plan?
31. 31Introduction to Business Continuity Planning (BCP): Easier Thank You ThinkBusiness Continuity Plan: Complete the RestBusiness Continuity PlanDisaster Recovery PlanRisk Management StrategyFinance,Banking,InvestmentsInsuranceReal Estate,Physical AssetsLegalData Recovery PlanIncident Response PlanEvacuation PlanEmergency Action PlanContingency PlanPandemic Response PlanCrisis Communication PlanCyber Defense PlanBCM?????Big pictures, what’s missing? A gap analysis exercise will tell
32. Business Continuity Plan:Resources
33. Business Continuity Plan: Know Where to get Help33Introduction to Business Continuity Planning (BCP): Easier Thank You ThinkInsurance Institute for Business & Home Safety(IBHS) http://disastersafety.org OFB-EZ® is a program of the Insurance Institute for Business & Home Safety Download this document at DisasterSafety.org/open-for-businessDisasterAssistance.govwww.fema.govhttp://www.irs.govwww.sba.govAmerican Red Cross www.redcross.org Family Preparednesshttps://www.ready.gov/make-a-plan
34. Business Continuity Plan: Know the Standards34Introduction to Business Continuity Planning (BCP): Easier Thank You ThinkNFPA 1600 — US National Fire Protection Association, developed from dealing with fire and looks at business continuity from a denial of access perspectiveISO 17799 — a standard for information security management systems that manages and minimizes threats to informationISO 22301 – Business Continuity Management SystemsISO 22399 — guidelines for incident awareness and operational continuity management
35.