business continuity management
DESCRIPTION
An Overview of BCMTRANSCRIPT
Business Continuity Managementchapter 1: an overview
Diane Christina
Prepared by Diane Christina @2009
Objective of this chapter Introduce risk management and business
continuity management as part of good governance
Develop the link between risk management and business continuity management as part of a risk management framework
Prepared by Diane Christina @2009
Material references A risk management approach to business continuity: Aligning business
continuity with corporate governance, Julia Graham & David Kaye, 2006, Chapter 1-3
COSO Enterprise Risk Management Framework: 2004 Standards Australia: ASNZS 4360: 2004 PAS 56:2003 – Guide to BCM:BSI: March 2003 Expecting the Unexpected: www.london-first.co.uk: 2003 Aligning Business Continuity and Information Security: Special Project
Report, 2006 Dr. Goh Meh Heng, 1st ed. 2007, Managing & Sustaining Your Business
Continuity Management Program Dr. Goh Meh Heng, 1st ed. 2004, Implementing Your Business Continuity Plan Andre Hiles, 1st ed. 2002, Enterprise Risk Assessment and Business Impact
Analysis
Prepared by Diane Christina @2009
Risk Managing Today
The essence of risk management is
A BALANCING ACTGetting the balance right between taking and
exploit risk
Prepared by Diane Christina @2009
Risk Managing Today The challenge for management is to create an environment that facilitates the
identification and tight control of the negative risks,
while nurturing an environment that allows for the identification and conversion of opportunities, and
to determine how much uncertainty an organization is prepared to accept (risk tolerance)
Prepared by Diane Christina @2009
Insurance
Risk Management vs Business Continuity Management
In managing risk, • Do we have control over the outcome?• Do we have control on the linkage between
effect and cause of risk?Maximize Controllable
Area
Minimize Uncontrollabl
e Area
Outsource
Others Mitigation Tools
Transfer the risk
BCM as alternative mechanism for risk mitigation
BCM
Prepared by Diane Christina @2009
Business Continuity Management As potential key control to minimize the
impact of disasters on the organization, its people, and assets
As an alternative mechanism for risk mitigation
As a contributor to business resilience in organizational processes to business disruption
A STRATEGIC MANAGEMENT PROCESS TO IDENTIFY POTENTIAL INCIDENTS AND DEVELOP EFFECTIVE RESPONSE PLANS
- BCM Institute -
Prepared by Diane Christina @2009
Business Continuity Management
A HOLISTIC MANAGEMENT PROCESS THAT IDENTIFIES POTENTIAL IMPACTS THAT
THREATEN AN ORGANIZATION AND PROVIDES A FRAMEWORK FOR BUILDING RESILIENCE AND THE CAPABILITY FOR AN EFFECTIVE RESPONSE THAT
SAFEGUARDS THE INTERESTS OF ITS KEY STAKEHOLDERS, REPUTATION, BRAND, AND VALUE
CREATING ACTIVITIES
- BCI PAS 56 -
Prepared by Diane Christina @2009
Business Continuity Management BCM is not just a response
also building resilience to strengthen an organization BCM is not just about fighting fires
also developing understanding what might be at risk and developing strategies if things do go wrong
BCM is not just about having plans to recover a business that are over elaborate
also about having plans that suit the nature of your business BCM is not an add-on to business
To be effective, it must be an embedded management process, as part of risk management and part of good business management
IT’S A PROACTIVE PROCESS THAT CONCENTRATES ON CRITICAL RESOURCES REQUIRED TO CONTINUE KEY
BUSINESS PROCESS DISREGARDS THE EVENT
Prepared by Diane Christina @2009
What is Business Continuity Planning?The main purpose of the BCP process is to ensure continuity of product / service delivery following an unplanned disruption to normal working.
“An ongoing process that helps organisations anticipate, prepare for, prevent, respond to and recover from disruptions, whatever their source and whatever aspect of the business they affect.”
Civil Contingencies Act 2004
Prepared by Diane Christina @2009
BC incidents
Prepared by Diane Christina @2009
Successful recovery or failure?
Time
Lev
el o
f b
usi
nes
s
B
No BCM – lucky escape
C No BCM – usual outcome
A
Fully tested effective BCM
Critical recovery point
Prepared by Diane Christina @2009
Understand your business What functions are critical? What are the ingredients of those functions? What is the impact of them being disrupted?
Internally Externally
How long could you cope without them?
Prepared by Diane Christina @2009
Identify Risk- What if???? Fire Crime – theft / damage Flood Power disruption IT failure Staff shortage Road network disruption / fuel problems Severe weather Reputation loss / customer confidence
Prepared by Diane Christina @2009
Consequences Loss of premises Loss of essential information Loss of staff Loss of a key supplier Loss of specialist equipment Disruption to finance flow Loss of company reputation
Prepared by Diane Christina @2009
Risk StrategiesIdentify and evaluate risk mitigation options Reduce likelihood Reduce impact
Prepared by Diane Christina @2009
Risk mitigation examples I.T procedures back up information off site Physical security Fire prevention, alarm and suppression
systems. Flood protection (internal & external) Alternate communications
Prepared by Diane Christina @2009
Recovery Strategies Business Continuity Plans. Other disaster recovery plans & procedures. Plans kept on and off site.
Prepared by Diane Christina @2009
Case Study The Auckland Power
Failure
Auckland, New Zealand, 1990
The Manchester Bombing
Manchester, UK, 1996 The Ladbroke Grove
Rail Disaster
London, UK, 1999 The Marriot and Ritz
Carlton
Jakarta, Indonesia, 2009
Brief Description on the event
Key lesson to be learned in related to minimizing the impact of disasters on the organization, its people, and assets
Maximal 2 pages A4, 1.5 line spacing, 11
font size