a briefing about your bcm programme. why bcm benefits of bcm programme objectives methodology ...
TRANSCRIPT
A briefing about your BCM Programme
Why BCMBenefits of BCMProgramme ObjectivesMethodologyTasks & Deliverables
Programme Overview
“Business Continuity Management is an holistic management
process that identifies potential threats to an organisation and
the impacts to business operations that those threats, if
realised, might cause, and which provides a framework for
building organisational resilience with the capability for an
effective response that safeguards the interests of its key
stakeholders, reputation, brand and value creating activities”.
Threats, Impacts, Framework, Response, Stakeholders
BCM definition (BS 25999)
Principles of BCM
• Understanding what could go wrong - threats• Asset Dispersion – backup data, store off-site• Focus on Critical Capabilities and business priorities –
know what is URGENT to your business unit / organisation
• Teamwork & Mutual Support – understand your dependencies: people, information, IT, suppliers etc
• Awareness, training and rehearsals – be familiar with your plans
• Flexible response – knowing what to do in an emergency, where to go and who to contact
Protect reputation Corporate governance Financial regulations International regulations Customer expectations Partner contractual requirements Audit Insurance Known threats Business benefits
Drivers – why we do BCM
What are you protecting against
Component
Operator error
Building levelincident
Metropolitanarea event
Regional eventThe failure event spectrum
Causes of downtime• Hardware/software failures
• Natural disasters and accidents
• Human error
• Malicious acts
• Utility issues
• Business crises
Source: HP
Protects Stakeholders• Employees• 3rd Parties / business partners• Shareholders
Protects Corporate Image, Reputation & Brand Improves Customer Service Meet customer expectations Improves Market Competitiveness Process for Corporate Survival Added value
• Increased efficiency• Full business participation
Business benefits
The objective of Steelhenge’s programme of activity is to ensure that FEWA can continue to provide an acceptable level of business continuity to all stakeholders, regardless of the cause of disruption.
This project will provide FEWA with organisational resilience across its operations in the form of a Business Continuity Management System (BCMS) incorporating:
• Business continuity and recovery plan• Crisis management plan• Crisis communication plan
Project objectives
Provision of Business Continuity Consultancy Services in three phases:
Phase 1• Site visits, gap analysis, maturity modelling, road map
development etc Phase 2
• Policy and BCMS development, business impact analysis, risk assessment, crisis, business continuity and communications plans development etc
Phase 3• Exercising, training and awareness
Scope of work
Sites in scope
Phase 1: May – July 2011
Clear understanding of the FEWA current position – Gap analysis
Draft BC Policy – Policy Document Clear scope of the required programme - PID Roadmap for the project – Project Plan as part of the
PID (Project Initiation Document) Develop the strategic key services of FEWA and
criticalities – Critical Services overview A benchmark report of what has been found - BS
25999 A statement of work for the next phase – SOW A maturity model against which progress can
subsequently be measured – Capability assessment
Phase 1 details
Phase 2: Aug – Dec 2011
Business Impact Analysis – Findings Report Risk Assessment – Findings Report BC Strategy development - Options Paper
• People, sites, systems, operations, reputation, supply chain BC Planning - Methodology Crisis plans development - Plans
• Structure, roles & responsibilities• Command and control• Procedures
EOC Assessment - Report Crisis Communications development - Plans BCMS structuring – System documentation Management presentation and review - Presentation
Phase 2 details
Phase 3: Jan – Sept 2012
Finalise Communications Plan – Comms Plan Emergency Service, Local Authority and NCEMA liaison
and plan integration – Stakeholder Liaison Plan BC Awareness programme – Training programme
• Internal and external communications programme Training
• Senior management• Awareness training• Practitioner training
Desktop and simulation exercises – Rehearsal Programme Management system embedding – Rehearsal Programme Final report and review - Report
Phase 3 details
Three developmental workshops• Operational criticality workshop• BC awareness workshop• BC validation workshop
A Business Continuity Pocket Aide Memoire for all FEWA staff A maturity model covering all phases of the programme A staff induction package and introduction to FEWA Business
Continuity Design and development of a FEWA Business Continuity
Awareness Package to develop awareness of BC across the organisation
ICT recovery test in Phase 3 Exercise evaluation and monitoring in Phase 3
Additional deliverables
AE/HSE 7000 – May 2011 BS 25999 Parts 1 and 2 (2006 and 2007) have been
developed by practitioners and the BSI to provide a system based on good practice for BCM.
Part 1: a Code of Practice that takes the form of guidance and recommendations.
Part 2: a Specification - it establishes the process, principles and terminology for a BCMS, providing a basis for understanding, developing and implementing a business continuity management system within an organisation.
Optional: Self certification Optional: Formal certification
Standards and best practice
BCM process methodology
Timeline
Recovery / ResumptionRecovery / Resumption
Incident ResponseIncident Response
Within minutes to hours:Account for people; Deal with casualties; Contain damage; Assess damage;Invoke Business Continuity
Business ContinuityBusiness Continuity
Within minutes to days:Contact staff, customers, suppliers etc. Recover critical processes; Rebuild lost work-in-progress
Within weeks to months:Repair / replace damage; Relocate to permanent site Recover costs from insurers
Overall Objective: Back-to-Normal as soon as possible
Timeline
IncidentIncident
NormalNormal
From: BS25999-1:2006 British Standard for Business Continuity Management
Context
FEWA Project Sponsor – Mohammad Mohd. Saleh –
Director General
FEWA Project Manager – Ms Shaikha Yousuf Al Shaer
(Central Laboratory Manager & Acting HSE Director HSE
Department)
Steelhenge Project Director – James Royds FBCI
Steelhenge Project Manager – Bill Ogilvie MBCI
Steelhenge Account Manager – Phil James SBCI
Steelhenge Commercial Services – Dominic Cockram MBCI
Project Governance
High level project plan – Phase 1
High level project plan – Phase 2
High level project plan – Phase 3
Identifying what your critical activities and outputs are
Identifying the impact of the loss of those critical activities
Identifying the risks and threats to critical activities / key
business processes
Developing measures to mitigate vulnerabilities
Developing a strategy to support the continuity of
operations following disruption
BCM – a summary
Designing plans to respond to disruption to your operations
and recover your business
Creating an internal crisis management team structure ,
roles and responsibilities
Training staff in BCM awareness and emergency response
Rehearsing the plans through scenarios to validate their
effectiveness and the abilities of the crisis team
Aligning with standards (AE/HSE 7000, BS 25999), self or
formal certification
BCM – a summary
Knowledge transfer
FEWA is ready to respond with right people at the right time
with the right plans to reduce the impact or consequences of a
crisis with a proven process for managing the crisis
Words into action
Self sufficiency and long term process (not short term project)
Confidence for all your Stakeholders
Operational Resilience
Value proposition
The approval to plan
The confidence to cope
The reassurance to recover
Meeting and exceeding customer and stakeholder
expectations
A proven continuity management process which is one
of the key indicators of effective corporate governance
Value Summary
BCM starts as a project and becomes a process
Think strategic, act/influence tactical and operational
Understand the importance of information and the
implications this has for your area of responsibility
(business unit / process)
Orientate in the direction of threat(s) and think
consequences not causes
Key messages and conclusions
Thank you for reading!James Royds [email protected]