1 / 27

Contemporary Security Management Chapter 16 Business Continuity

Contemporary Security Management Chapter 16 Business Continuity. Introduction. 291. When it comes to business continuity, not thinking ahead is foolish . Business Continuity is often described as ‘just common sense ’.

kerry
Télécharger la présentation

Contemporary Security Management Chapter 16 Business Continuity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Contemporary Security Management Chapter 16 Business Continuity Chapter 16 - Business Continuity

  2. Introduction 291 • When it comes to business continuity, not thinking ahead is foolish. • Business Continuity is often described as ‘just common sense’. • It is about taking responsibility for your business and enabling it to stay on course whatever storms it is forced to weather. • It is about “keeping calm and carrying on”! Chapter 16 - Business Continuity

  3. Introduction • A business continuity plan is a roadmap for continuing operations under adverse conditions such as a storm or a crime. In the US, governmental entities refer to the process as continuity of operations planning(COOP). • Any event that could impact operations is included, such as supply chain interruption, loss of or damage to critical infrastructure (major machinery or computing/network resource). As such, risk management must be incorporated as part of BCP Chapter 16 - Business Continuity

  4. Definition • Business Continuity (BC) is defined as the capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident. (Source: ISO 22301:2012) Chapter 16 - Business Continuity

  5. The BCM Lifecycle Chapter 16 - Business Continuity

  6. Policy 291 • Management should issue a clear policy statement on business continuity planning (BCP). The policy should address: • Mandatory development of a BCP; identification of the scope of the BCP. • A method for projecting business time lost, business function that will be out of service until full restoration, and the projected date of full restoration. • Identification of critical business functions. • Identification of assets essential to performance of critical business functions. Chapter 16 - Business Continuity

  7. Policy 293 • One or more alternate workplaces for performance of critical business function; identification of responsibilities and the persons charged to carry them out. • Periodic training and testing of the BCP, and revising it in light of lessons learned. • Updating the BCP to meet changed circumstances. Chapter 16 - Business Continuity

  8. ABusiness Continuity Plan (BCP) is the least expensive insurance any company can have (especially for small companies, as it costs virtually nothing to produce). • It details how employees will stay in touch and keep doing their jobs in the event of a disaster or emergency, such as a fire at the office. • Unfortunately, many companies never take the time to develop such a plan. Chapter 16 - Business Continuity

  9. Business Continuity Plans • Business Continuity Plans are sometimes referred to as Disaster Recovery Plans (DRP) and the two have much in common. • However a DRP should be oriented towards recovering after a disaster whereas a BCP shows how to continue doing business until recovery is accomplished. • Both are very important and are often combined into a single document for convenience. Chapter 16 - Business Continuity

  10. STEPS • Step 1 Document • Document internal key personnel and backups. • These are people who fill positions without which your business absolutely cannot function – make the list as large as necessary but as small as possible. • Consider which job functions are critically necessary, every day. • Think about who fills those positions when the primary job-holder is on vacation. • Make a list of all those individuals with all contact information including business phone, home phone, cell phone, pager, business email, personal email, and any other possible way of contacting them in an emergency situation where normal communications might be unavailable. Chapter 16 - Business Continuity

  11. STEPS • Step 2 Identify who can telecommute. •  Some people in your company might be perfectly capable of conducting business from a home office. • Find out who can and who cannot. • You might consider assuring that your critical staff (identified in Step 1) can all telecommute if necessary. Chapter 16 - Business Continuity

  12. STEPS • Step 3 Document external contacts. • If you have critical vendors or contractors, build a special contact list that includes a description of the company (or individual) and any other absolutely critical information about them including key personnel contact information. • Include in your list people like attorneys, bankers, IT consultants...anyone that you might need to call to assist with various operational issues. • Don’t forget utility companies, municipal and community offices (police, fire, water, hospitals) and the post office! Chapter 16 - Business Continuity

  13. STEPS • Step 4 Document critical equipment. • Personal computers often contain critical information (you do have off-site backups, don’t you?). • Some businesses cannot function even for a few hours without a fax machine. Do you rely heavily on your copy machine? Do you have special printers you absolutely must have? • Don’t forget software – that would often be considered critical equipment especially if it is specialized software or if it cannot be replaced. Chapter 16 - Business Continuity

  14. STEPS • Step 5 Identify critical documents. • Articles of incorporation and other legal papers, utility bills, banking information, critical HR documents, building lease papers, tax returns...you need to have everything available that would be necessary to start your business over again. • Remember, you might be dealing with a total facility loss. • Would you know when to pay the loan on your company vehicles? • To whom do you send payment for your email services? Chapter 16 - Business Continuity

  15. STEPS • Step 6 Identify contingency equipment options. • If your company uses trucks, and it is possible the trucks might be damaged in a building fire, where would you rent trucks? Where would you rent computers? • Can you use a business service outlet for copies, fax, printing, and other critical functions? Chapter 16 - Business Continuity

  16. STEPS • Step 7 Identify your contingency location. • This is the place you will conduct business while your primary offices are unavailable. • It could be a hotel – many of them have very well-equipped business facilities you can use. It might be one of your contractors’ offices, or your attorney’s office. • Perhaps telecommuting for everyone is a viable option. • If you do have an identified temporary location, include a map in your BCP. • Wherever it is, make sure you have all the appropriate contact information (including people’s names). Chapter 16 - Business Continuity

  17. STEPS • Step 8 Make a "How-to". • It should include step-by-step instructions on what to do, who should do it, and how. • List each responsibility and write down the name of the person assigned to it. • Also, do the reverse: • For each person, list the responsibilities. • That way, if you want to know who is supposed to call the insurance company, you can look up "Insurance.“ • And if you want to know what Joe Doe is doing, you can look under "Joe" for that information. Chapter 16 - Business Continuity

  18. STEPS • Step 9 Put the information together! • A BCP is useless if all the information is scattered about in different places. • A BCP is a reference document – it should all be kept together in something like a 3-ring binder. • Make plenty of copies and give one to each of your key personnel. • Keep several extra copies at an off-site location, at home and/or in a safety-deposit box. Chapter 16 - Business Continuity

  19. STEPS • Step 10 Communicate. • Make sure everyone in your company knows the BCP. • Hold mandatory training classes for each and every employee whether they are on the critical list or not. • You do not want your non-critical staff driving through an ice storm to get to a building that has been damaged by fire then wondering what to do next. Chapter 16 - Business Continuity

  20. STEPS • Steps 11 Test the plan! • You’ve put really good ideas down, accumulated all your information, identified contingency locations, listed your personnel, contacts and service companies, but can you pull it off? • Pick a day and let everyone know what’s going to happen (including your customers, contractors and vendors); then on that morning, act as though your office building has been destroyed. • Make the calls – go to the contingency site. • One thing you will definitely learn in the test is that you haven’t gotten it all just exactly right. • Don’t wait until disaster strikes to figure out what you should do differently next time. Run the test. • If you make any major changes, run it again a few months later. Even after you have a solid plan, you should test it annually. Chapter 16 - Business Continuity

  21. STEPS • Step 12 Plan to change the plan. • No matter how good your plan is, and no matter how smoothly your test runs, it is likely there will be events outside your plan. • The hotel you plan to use for your contingency site is hosting a huge convention. • You can’t get into the bank because the disaster happened on a banking holiday. • The power is out in your house. • The copy machine at the business services company is broken. • Your IT consultant is on vacation. Chapter 16 - Business Continuity

  22. STEPS • Step 13 Review and revise. • Every time something changes, update all copies of your BCP. • Never let it get out of date. • An out-of-date plan can be worse than useless: it can make you feel safe when you are definitely not safe. Chapter 16 - Business Continuity

  23. Recovery Program 298 • The essence of a BCP is to get ready. • The recovery program is a follow-on action program for sustaining execution of critical processes, mainly information technology processes. • The best outcome of a recovery program is to make it possible for the company to continue “business as usual.” Chapter 16 - Business Continuity

  24. Recovery Program – Three steps • Respond • Recover • Restore Chapter 16 - Business Continuity

  25. Recovery Program – Three steps 299 • Respond • As much as possible, suppress and control threatening conditions. • Preliminarily assess the nature, severity, and extent of the emergency. • Identify needs to suppress and control threatening conditions. • On an ongoing basis, collect and report information to those in charge of directing operations. Chapter 16 - Business Continuity

  26. Recovery Program – Three steps 299 • Recover • Evaluate the operating capabilities of time-sensitive business operations. • Report the status of the situation. • Define assistance required to maintain business operations. • Activate service level agreements in which vendors provide replacement equipment per previous agreements. • Activate mutual aid agreements in which other companies provide quid pro quo assistance. Chapter 16 - Business Continuity

  27. Recovery Program – Three steps 299 • Restore • If possible, continue critical business operations, or portions of them, on site. • If needed, relocate critical business operations to separate locations such as cold, warm, hot, and mirror sites. • Implement restoration of procedures, necessary to mobilize operations. • Inform employees, external agencies, and others as to the status of restoration. • Assess damage. Chapter 16 - Business Continuity

More Related