1 / 25

Business Continuity Planning

Business Continuity Planning. DavisLogic & All Hands Consulting. What is Business Continuity Planning?. Planning to ensure the continuation of operations in the event of a catastrophic event.

Télécharger la présentation

Business Continuity Planning

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.


Presentation Transcript

  1. Business Continuity Planning DavisLogic & All Hands Consulting

  2. What is Business Continuity Planning? Planning to ensure the continuation of operations in the event of a catastrophic event. Business continuity planning goes beyond disaster recovery planning to include the actions to be taken, resources required, and procedures to be followed to ensure the continued availability of essential services, programs, and operations in the event of unexpected interruptions.

  3. Key Elements • Disaster Recovery • Business Recovery • Contingency Planning • Crisis Management

  4. Business Continuity Plan • Identify Risks - Triage to assess all processes • All business functions • Data • Suppliers • Infrastructure • Develop Plans for Everything • Test and Exercise the Plans • Layer Business Plan & Disaster Plan

  5. Create a Business Continuity Management Team • Lead by Top Management • Project BoD Monitors • Regular Status Reporting to Management • Broad-based • Awareness for Everyone Key Players Senior Officials Internal Audit Risk Management Legal Finance/Budget Procurement Safety Others?

  6. Business Continuity Process • Assess - identify and triage all threats (BIA) • Evaluate - assess likelihood and impact of each threat • Prepare – plan for contingent operations • Mitigate - identify actions that may eliminate risks in advance • Respond – take actions necessary to minimize the impact of risks that materialize • Recover – return to normal as soon as possible

  7. Project Reporting/Tracking • Use summary reports for management • Measurable and quantifiable progress • Risk rating • Prioritization • Regular reporting (weekly or bi-weekly) • Sort on priority, progress, time-to-completion

  8. Process Inventory and TriageThe purpose of the BIA is to: • Identify critical systems, processes and functions; • Establish an estimate of the maximum tolerable downtime (MTD) for each business process • Assess the impact of incidents that result in a denial of access to systems, services or processes; and, • Determine the priorities and processes for recovery of critical business processes.

  9. BIA Review Factors • All Hazards Analysis • Likelihood of Occurrence • Impact of Outage on Operations • System Interdependence • Revenue Risk • Personnel and Liability Risks

  10. Prioritize Risk Factors • Personal Safety Risk • Services Risk • Operational Risk • Revenue Risk • Liability Risk • Good Will (Societal) Risk

  11. Risk Analysis Matrix High Medium Probability of Likelihood Area of Major Concern Low Low Medium High Severity of Consequence

  12. Risk Rating Methodology BCP Risk Rating Methodology Risk Risk Numeric Explanation Factor Rating Score Degree of H 8 Process must function for core operations Organizational M 6 Process required for daily settlement Dependence L 3 Process is not critical to daily operations Probability H 0 Probability > 0.5 that alternative process will work of Successful M 2 Probability < 0.5 that alternative process will work Alternative L 3 No plans for alternative process Dependence H 5 Business functions depend highly on process on M 3 Business functions depend somewhat Automation L 1 Manual operation possible w/o penalty Criticality of H 4 Critical business function - core process Business M 2 Secondary line-of-business Process L 0 Not a critical process

  13. What Are External Risks? External Risks are risks presented by factors outside the enterprise; these include risk present in natural disaster, labor strife, the possible failures of business partners, suppliers, public utilities, transportation, telecommunications, and other businesses.

  14. Risk Areas High External Factors Risk Infrastructure Applications Low ThreatAreas

  15. Review External Dependencies Infrastructure Dependence (power, telecom, etc.) System Up Time (computing, data,networks, etc.)

  16. Loss of Lifelines • What will we do if there is not power? • No phone service? • No Water? • Government services? • How will the public react?

  17. Emergency Management Planning • Work with local and regional disaster agencies • Assess special problems with disasters • Loss of lifelines • Emergency response • Review and revise existing disaster plans • Look for new areas for disaster plans • Include Disaster Recovery Planning

  18. Contingency Planning Issues • Power and Telecommunication Failures • System Failures • Natural Disasters • Local Emergencies • Workplace Violence • Supply Chain Disruptions

  19. Contingency Planning Process Phases • Assessment - organizing the team, defining the scope, prioritizing the risks, developing failure scenarios • Planning - building contingency plans, identifying trigger events, testing plans, and training staff on the plan • Plan Execution - based on a trigger event, implementing the plan (either preemptively or reactively) • Recovery - disengaging from contingent operations mode and restarting primary processes of normal operations by moving from contingency operations to a permanent solution as soon as possible.

  20. Develop Scenarios • How bad will the “big one” be? • Extended Power, Water, or Telecom Outages? • Supply Chain Disruptions? • Civil unrest? • Develop various scenarios and pick which ones to plan for.

  21. Evaluating Alternatives • Functionality - provides an acceptable level of service • Practicality - is reasonable in terms of the time and resources needed to acquire, test, and implement the plan • CostBenefit - cost is justified by the benefit to be derived from the plan

  22. It’s Not Enough Just to Plan • Use focus groups and brainstorming • Seek “what can go wrong” • Find alternate plans & manual work arounds • Find innovative solutions to risks • Contingency plans must be exercised • Hold table top exercises for disasters • Conduct “fire drills” of plans • Train staff for action during emergencies

  23. Assessment Organize Risk Assessment Team Conduct Risk Assessment Risk Scoping & Prioritization Develop Scenarios Planning Develop Plans Identify Event Triggers Test Plans Train on Plans Execution Recovery Trigger Event Occurs Execute Plan Event Ends Activate Recovery Plan Contingency Planning Phases

  24. Risk Management Formula Best Practices Risk Assessments + Contingency and Recovery Planning + Validation and Training Due Diligence Good Business Judgement

  25. For More Information Steve Davis, Principal DavisLogic POB 394 Simpsonville, MD 21150 DavisLogic.com AllHandsConsulting.com Steve@DavisLogic.com

More Related