110 likes | 289 Vues
Underwriters Laboratories Business Continuity Operations. Introduction to Crisis & Business Continuity Management. Introduction to Crisis & Business Continuity Management. 2. Risks and threats that UL is exposed to. Risks mitigated with tools and controls
E N D
Underwriters Laboratories Business Continuity Operations Introduction to Crisis & Business Continuity Management
Risks and threats that UL is exposed to Risks mitigated with tools and controls These risks are frequent to organizations and are mitigated with common controls. UL has these in place. Virus Data corruption Risks mitigated with some redundancy These risks are less common to organizations and are partially mitigated with redundancy and basic tools. UL generally has these in place. Application outage Disk failure Frequent Human error Component failure Heart Attack Network problem Frequency of occurrences per year Power failure Hacking Transportation disruption Flooding Tornado Building fire Hurricane Earthquake Terror Typhoon Risks cannot be mitigated These risks are infrequent but are very impactful to organizations but can’t be mitigated with common tools and controls. This is where BCM is necessary. Pandemic flu Infrequent $1 $10 $100 $1,000 $10k $100k $1M $10M $100M Level of Impact Low High
What is Business Continuity Management? • Business Continuity Management: “the ability and readiness to manage business interruptions, in order to provide continuity of services at a minimum acceptable level and to safeguard the financial and competitive position in the short and longer term. It includes the organization in place to ensure the continuous adaptation to changing risks, changing environment and co-ordination of regular training and testing.” • Safety & well being of employees • Ongoing service to customers • Survival of the mission Business Continuity Objectives 4
BC/DR Plan Overview • What is a Disaster Recovery Plan? A document used by UL IT to help recover an application, system or electronic data in response to a disaster or interrupting event • What is a Business Continuity Plan? A document to help UL stabilize and recover business processes in the event of a disaster or interrupting event What is a Crisis Management Plan? A document to help focus enterprise efforts in response to a major disaster or interrupting events that threaten a severe negative impact to an organization's financial results, brand, reputation, or relations with employees, customers, suppliers, or the public
Crisis & Business Continuity Management Plan Value Why have plans? • Customers are starting to require them • Competitors have them • Auditors require them • Outside investors are interested in our capabilities & resilience • Laws are emerging that will require plans • Socially responsible for our employees, their families, communities • They provide guidance and help us cope more effectively during a disaster • They document the Whos, Whats, Wheres, Whens and Hows of recovery • Simply the right thing to do
BCM Timeline & Direction Roadmap BCM and ENS Tools BCM and CM Governance BC Plan Pilot Global BCM Program Rollout Base Planning Global BCM Program Rollout Base-Refinement Planning Initial Regional & Core Team Testing Pandemic Planning Leadership and Staff awareness & orientation BC Program Improvements Aids/Ease of Use BC 101 – CBT for all Staff and New Employee orientation Ongoing Testing, Maintenance, Auditing
Scenarios Overview For the purposes of planning, we will plan for disasters resulting in a very bad scenario. Though plans are intended to be “event neutral” and not meant to address specific disaster types (e.g. tornado, flood, terrorism, fire) they should address the following three scenarios: Limited staff availability 50% Reduction for 30+ Days Office or Workstation unavailable 3+ Months Technology Outage 96 hours & last 36 hours of data lost
Recovery Procedures • Effectively document the necessary steps for recovery from a disaster • Because no two events are the same, these procedures should be constructed for the three event neutral scenarios • All Plans and related information necessary for recovery will be located in the OpsPlanner repository • Recovery procedures should be written assuming that individuals with related experience and UL knowledge will be following them • Recovery procedures may be added, changed or deleted as appropriate in the event of an actual recovery • An individual following the recovery procedures will need to use judgment and experience to adapt to the disaster scenario and determine how to proceed • Certain functions/processes may already have recovery procedures documented which can be used