Practices and Challenges June 24 2020 About the Speaker Dhiraj Lal Over 32 years in the industry Ex BCM Sponsor and Head of American Express Mix of experience as Practitioner Trainer and Consultant BCI Approved Instructor Over 15 years in BCM and related domains ID: 912369
Download Presentation The PPT/PDF document "Business Continuity Planning (BCP) - Be..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Business Continuity Planning (BCP) - Best Practices and ChallengesJune 24, 2020
Slide2About the Speaker – Dhiraj Lal Over 32 years in the industry. Ex BCM Sponsor and Head of American Express. Mix of experience as Practitioner, Trainer, and Consultant . BCI Approved Instructor. Over 15 years in BCM and related domains. Contributing Author to : The Encyclopaedia of Business Continuity, 3rd EditionAuthor of: Step by Step guide AE/SCNS/NCEMA 7000:2015. Implement BCM the UAE Way!
Dhiraj Lal
,
E
XECUTIVE DIRECTOR, CONTINUITY & RESILIENCE (CORE)MBCI, CBCP, CBCI, ISO 22301 Technical Expert, CISA, ITIL, ISO 31000, ISO 27001 Lead AuditorA Chemical Engineer from IIT Delhi and MBA from IIM Calcutta, , Dhiraj Lal has over 20 years BCM experience and 32 years overall. He has worked with Citibank, Standard Chartered, Agilent and American Express, where he was the Program Sponsor and BCM Head. He is Asia’s first BSI appointed Technical Expert for BS25999/ ISO 22301, and assessed 2 of the top 10 certified organizations globally. He teaches and consults in BCM (NCEMA 7000/ ISO 22301) and related domains. He has been invited to present at the BCI Annul conference in the UK, DRI US, BCMI Singapore, itSMF UK, DRI Asia in Malaysia, ISACA UAE, KSA and India, and also various Middle East Crisis, BCM and IT Resilience Summits in Abu Dhabi, Dubai, KSA and India
Slide3About Continuity & ResilienceISO 22301 Certified Management Consulting FirmBusiness Continuity ManagementCrisis ManagementIT Disaster RecoveryInformation SecurityCyber SecurityRisk ManagementWe
Consult / Train / Assess and Certify in these domains
We provide advisory services
Automation tools – BCM/ ITDR/ Mass Communication
Workplace recoveryE-Learning
Slide4AgendaBusiness Continuity PlanningBusiness Continuity Implementation RoadmapBCP in times of COVID-19Challenges and Best Practices
Slide5Business Continuity Planning“Planning to to continue the Business”Not a new concept. A fancy name for common sense. In reality, we have been performing Business Continuity Planning for centuries
But still, many organizations struggled to restart operations during COVID-19
So we need more than just common sense. We need a structured and formal implementation of common sense.
Slide6What we do not fully do in BAU common senseAgree timelines, worst case and best case (MTPD and RTO)Base it fully on facts and data (consequences of downtime)Consultative process involving all interested partiesComprehensive, documented and signed off
Communicate to all who need to know, including relevant third parties and service providers
Practice, Test
&
exercise. Review. Maintain & continually ImproveAmazingly, this works…!!
Slide7Challenges for cyber professionalsAn uneven battle against an unknown enemy who has nothing better to doYou have other matters to focus on but they have a single point agenda – to damageYou constantly focus on getting better and better - but so do theyBy the sheer law of averages, once in a while they will succeedAt those times, your best best is to be able to restart fast and within minimum loss. So you need the world’s best Business Continuity readiness
Have you formally put in place the 6 Rs (Reduce, Respond, Recover, Resume, Restore Return)?
When did you last practice them?
Slide8Challenges for cyber professionalsEconomic Times, June 24 2020
Slide9Some reasons for Outages (Global data)9
Slide10Business Continuity is a wise investmentMinimize business disruptions and quickly recover Retain business model and increase market share and profitsProtect the organization’s value and reputationCorporate governance and shareholder commitmentNational requirementsContractual commitments, Legal and regulatory complianceMoral and social responsibilitiesDemonstrate “best practice”Reduce insurance liabilities10
Lack
of BCP is self
goal
Slide11Typical stepsBusiness Continuity Implementation Roadmap
Slide12International BCM Standard – ISO 2230112Clause 1 : ScopeClause 2 : Normative referencesClause 3 : Terms and definitionsClause 4 : Context of the organisationClause 5 : LeadershipClause 6 : PlanningClause 7 : SupportClause 8 : OperationClause 9 : Performance evaluationClause 10 : Improvement
Slide13Please implement a BCMS – not just BCM“Part of the overall management system that establishes, implements, operates, monitors, reviews, maintains and improves business
continuity”– ISO 22301
Ensure continual improvement via the PDCA cycle
Slide14BCP in times of COVID-19COVID-19 is different from a typical Business Continuity situationMuch longer duration
No clarity on final resolution
Triggered not by damage to resources
Entire ecosystem is impacted
SOME POSITIVESRealization by allEven the PM asked entities to
implement Business Continuity
Tolerance – “It’s Ok”
Permanent mindset changes
Slide15Suggestions for professionalsDon’t stop now – complete the journeyProtect yourself against other new threats - implement the full BCM cycle Use this opportunity to create permanent BCM readiness and awareness across all segments Get your people ISO22301 trained and your organization ISO22301 compliant – or even ISO22301 certified
Slide16Implement the full BCM lifecycleChoose the right people
Provide effective training in advance of the implementation
Best Practices
Slide17CustomersCitizensDistributorsShareholders
Investors
Owners
Insurers
Government
Regulators
Recovery Services Suppliers
Competitors
Media
Commentators
Trade Groups
Neighbours
Pressure Groups
Emergency Services
Transport Services
Other Response Agencies
Dependents of staff
THE ORGANIZATION
Top Management
Those who establish policies and objectives for the BCMS
Those who set up & manage BC
Those who maintain BC Procedures
Owners of business continuity procedures
Incident Response Personnel
Those with authority to invoke
Appropriate spokespeople
Response Teams
Other Staff
Contractors
Build culture across all Interested
Parties ..
Slide18Group/ AudienceTrainingTop ManagementAwareness, Crisis Management, Crisis CommunicationCore BCM TeamCBCI/ Lead Implementer, Lead AuditorCore BCM TeamSpecialised courses (BIA, RA, Plan Writing, Testing etc.)
Department Coordinator/ BC Champions
Implementer, Internal Auditor
Audit Team
Internal Auditor, Lead AuditorAll Employees
Awareness
Build
Culture via Training and Awareness
Slide19Graph not to scaleCostComplexityRiskAssurance
Frequency
Build
Culture via t
ests and exercises
Slide20Ensure Review, Maintenance and ImprovementMaintenanceAdvanced Testing and ExercisingOngoing Awareness and TrainingInternal Audit and Self AssessmentManagement reviewSupplier Review Corrections and Corrective actionsBenchmarkingContinual ImprovementInstilling a BCM mindset20
Slide21Way Forward=> Organizational Resilience
Way Forward=
> Organizational Resilience
The
ability of an organisation to absorb and adapt in a changing environment (BCI GPG 2018/ ISO 22316:2017)
Slide22Questions?
Slide2323
LETS KEEP IN TOUCH!!
Dhiraj Lal, Executive Director +91 99101 10240
dhiraj.l
@continuityandresilience.com
Thank You!