Upload
paul-robere
View
176
Download
2
Tags:
Embed Size (px)
Citation preview
Business Continuity Management
..or what do I do when the world turns to..
1(c) Robere & Associates (Thailand) 2010
….A disruption……2(c) Robere & Associates (Thailand) 2010
Let me begin with a story…
• There once was a company…
• Who found themselves in a difficult situation and needed additional financial resources..
• And needed a “key” to unlock their financial resources…
3(c) Robere & Associates (Thailand) 2010
But…
• There’s no Magic when it comes to survival.
• It is a structured approach to understanding our business, and planning for the “unplanned”
4(c) Robere & Associates (Thailand) 2010
What’s important to you?
• Have you ever thought about how you would survive in case of an emergency?– External:
• Political disruptions• Natural Catastrophes• Change in market or customers
– Internal:• Strikes• Fire• breakdowns • illness
5(c) Robere & Associates (Thailand) 2010
How do we ensure on-going business success – continuity?
(c) Robere & Associates (Thailand) 2010 6
• In 2006, British Standards (BSI) created a document called “Business Continuity Management” COP
• It was followed in 2007 by an auditable standard for “Business Continuity Management”
Today, we’ll discuss the BCM Code of Practice
• The whole purpose of this code of practice is to define a structured approach to recognizing the possible areas in the company that could be subject to a disruption and the effect it would cause
(c) Robere & Associates (Thailand) 2010 7
Managing the “program”• Similar to ISO9001,
ISO14001• Responsibilities• Ongoing Management• Documentation– Programs– Plans– reporting
(c) Robere & Associates (Thailand) 2010 8
Who are we? What do we need?
• Business Impact Analysis (BIA)
• Identification of critical activities
• Determining Continuity Requirements
• Evaluating Threats (Risk Assessment)
• Determining Choices
(c) Robere & Associates (Thailand) 2010 9
What are we going to do?
• What are our options?– People– Premises– Technology– Information– Supplies– Stakeholders
• Civil emergencies• Sign off
(c) Robere & Associates (Thailand) 2010 10
How do we use our strategy to respond?
• Response Structure:– Confirm the nature of
the problem– Take control– Contain the incident and– Communicate with
stakeholders
(c) Robere & Associates (Thailand) 2010 11
(c) Robere & Associates (Thailand) 2010 12
Timeline
Incident response
Business continuity
Recovery/ resumption-back-to-normal*
Overall recovery objective:Back-to-normal as quickly as possible
Incident!
Tim
e Ze
ro
Within weeks to months:Damage repair / replacementRelocation to permanent place of workRecovery of costs from insurers
Within minutes to days:Contact staff, customers, suppliers, etc.Recovery of critical business processRebuild lost work-in-progress
Within minutes to hours:Staff and visitors accounted for Casualties dealt withDamage containment / limitationInvocation of BCP
*Note: Do you really want to go back to “normal”?
Exercising, maintaining and reviewing BCM arrangements
• Exercise program– Exercising BCM arrangements– Maintaining BCM arrangements– Reviewing BCM arrangements– Audit– Self-assessment
(c) Robere & Associates (Thailand) 2010 13
Types and methods of exercising BCM strategies (Ref: BS25999-1)
(c) Robere & Associates (Thailand) 2010 14
Embedding BCM in your organization
• General• Awareness• Skills training
(c) Robere & Associates (Thailand) 2010 15
Business Continuity Management is:
An holistic management process that identifies potential threats to an organization and the impacts to business
operations that those threats, if realized, might cause, and which provides a framework for building organizational
resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities.(1)
(c) Robere & Associates (Thailand) 2010 16
In
Conclusion..
(1) BS25999-1, P1
17
"Upon the plains of hesitation bleach the bones of countless millions who, on the threshold
of victory, sat down to wait, andawaiting they died."
- Anonymous
Thank you for you time and attention…
Paul RobereRobere & Associates (Thailand) Ltd.
(c) Robere & Associates (Thailand) 2010 18