White Paper: ISO Business Continuity Management An Overview. ISO Business Continuity Management An Overview
|
|
- Alexina Boyd
- 8 years ago
- Views:
Transcription
1 White Paper: ISO Business Continuity Management An Overview ISO Business Continuity Management An Overview
2
3 Introduction As incidents such as malicious activism, terrorist attacks and environmental disasters among others garner increased attention, so does the need for appropriate business continuity planning within organisations. Aside from overall business closure, further motivation is gained from considering consequences of business continuity disasters. These include decreased employee productivity, data loss, reductions in revenues and profits, and overall damage to corporate reputation and customer relationships. This paper provides an introduction to the Business Continuity Management (BCM) discipline and the critical process steps involved in developing a continuity initiative throughout your organisation. This includes defining what BCM is, discussing historical and emerging standards (particularly key changes in the new ISO standard versus predecessors) and the steps in planning and executing BCM initiatives. The impacts of emerging technologies on business continuity planning are also highlighted. The key guardians of BCM initiatives are also identified in this paper giving a high-level overview of typical requirements for CEOs and other board-level executives, IT and Risk professionals, as well as project managers, consultants, or other line managers potentially involved in endorsing and driving BCM initiatives. So what is Business Continuity Management? Officially known as Societal Security, Business Continuity Management Systems - Requirements, ISO is a standard for implementing a business continuity management system and continuously improving business continuity capabilities based on management priorities and feedback. ISO was officially approved for publication as an international standard on 2 April 2012, and ISO published the final version of the standard on 15 May BCM is often considered as part of overlapping disciplines such as security management, emergency management and risk management, but while overlapping concerns exist there also are significant differences. For example, risk management focuses on identifying probabilities and causes of adverse events, whereas business continuity focuses on the impact of a potential event, and what can be done should that event happen. Also, BCM has a more holistic and cross-functional focus, involving personnel within disciplines of IT, security, HR, and individual business lines, meaning that ownership of BCM should ultimately sit at the CEO level. In contrast, management of the other mentioned disciplines tend to exist at a department level, for example within Compliance or IT Department management roles. BCM Key Business Failure Outcomes By Numbers 40% of businesses experiencing a major failure or disaster event will go out of business within five years. Source: Gartner 30% of businesses experiencing a disaster event never reopen, while 29% go out of business within two years. Source: Meta Insurance 80% of businesses without pre-emptive Business Continuity Plans will go out of business within 13 months of a major incident. Source: Business Continuity Institute Why BCM? 1) Proactively improves an organisation s resilience against the disruption of its ability to achieve its key objectives. 2) Provides a rehearsed method of restoring an organisation s ability to apply its business critical products and services after a disruption. 3) Delivers a proven capability to manage a business disruption and protects the organisation s reputation and brand. ISO Business Continuity Management An Overview Page 1
4 Implementing an organisational BCM strategy has many advantages, supporting improvements such as: A predictable and effective response to future crises Protection of individuals Maintenance of vital activities of the organisation A better overall understanding of the organisation Cost reduction Respect of the interested parties Protection of company s reputation and brand Ensuring client confidence in the organisation Increased competitive advantage Better support for legal and regulatory compliance Better assurance that various contractual obligations are met Business Continuity Standards History and Context Development of the BCM global standard began in the mid-2000s, where the ISO Technical Committee No. 223 examined existing BCM standards and created a framework for a global BCM standard. The ISO adapted content from many existing standards such as ISO 9000 and ISO into the new BCM standard. An important standard, which heavily influenced ISO 22301, was the British Standards Association s BS standard which was first released in December 2006 and updated in November Prior to ISO 22301, this standard also influenced a number of BCM standards for other EU member states. (Source PECB ISO Business Continuity Management An Overview Page 2
5 There are a number of key differences between the present ISO and its predecessors. ISO places greater emphasis on setting objectives, developing metrics and measuring performance, therefore placing further emphasis on making top management levels accountable for Business Continuity processes. It also places emphasis on defining necessary resources for ensuring business continuity, and as it is an international standard, certification bodies are more likely to buy-in and push the standard, and should lead to greater popularity and certification among implementers. Other overlapping standards in the BCM arena include ISO 22399, ISO (ICT disaster recovery focus), ISO 27031, NIST and NFPA ISO versus its predecessors Key Changes Much greater emphasis on setting objectives and monitoring performance via metrics Clearer expectations and responsibilities placed on top management Increased focus placed on planning and preparing necessary resources As ISO22301 is a global standard, certification against standard will be pushed more strongly by certification bodies. There is also significant overlap between ISO s Information Security standard and ISO Firstly, ISO s section A.14.1 already covers information security aspects of business continuity management, so compliance with ISO will already ensure coverage of this. Also, both imply use of the same Plan, Do, Check, Act (PDCA) management framework, so certification in either standard will immediately place the other on the right track. Implementing BCM The first stage towards implementing Business Continuity processes in an organisation is to set up an appropriate management system. Like other management systems, a Business Continuity policy needs to be defined alongside identification of key people and their relevant responsibilities, and definition of appropriate management processes for planning, implementing, assessing, reviewing and improving Business Continuity efforts. Provision for relevant documentation to support auditing is also necessary, as well as identification of the business continuity management processes that are relevant to the organisation. As with other ISO standards, ISO standard adopts the Plan-Do-Check-Act (PCDA) approach that is applied to the structure of all processes in a management system. Stakeholder requirements and expectations are fed to the cycle as input, leading to the necessary BCM actions and processes as output. Key elements of the PDCA cycle in relation to BCM include: Plan: Establish and agree the scope, identify within scope the information assets, roles and responsibilities of staff members and conduct a Business Impact Analysis for the agreed scope. Do: Implement and operate the policy, controls, processes and procedures of the management system. Check: Assess and measure (where applicable) the process performances and report findings to management for review. Act: Undertake corrective and preventive actions on the basis of the overall process review, driving continual improvement of the Business Continuity System. ISO Business Continuity Management An Overview Page 3
6 BCP Implementation Methodology Setup BCMS and Agree/Update Scope Ensure BCP is signed off by senior management/board before proceeding. Act External Certification audit, Stage 1 & Stage 2 is required for ISO certification. Identify key roles and responsibilities Act Feedback Improvements and changes into BCP Indentify all information assets in scope ISO BCP Implementation Methodology Check Review and monitor the BCP. Conduct Internal audit, management reviews and measurements and metrics Conduct business impact analysis/ risk assessment exercise for the scope agreed 'Do' Implement BCP Testing Analyse and evaluate the risks to determine unacceptable risks. 'Do' Implement BCP training and awareness for ISMS Identify appropriate controls to mitigate these risks and obtain management approval. 'Do' Implement Physical controls* Define BCP framework, objectives, methodology 'Do' Develop of BC and DR strategy, policies, procedures and plan, and other administrative controls 'Do' Implement Technical controls * * Completed in parallel PDCA diagram Author Karn G. Bulsuk ISO Business Continuity Management An Overview Page 4
7 Planning for Business Continuity As part of the planning stage, initial steps need to be taken to understand the organisation and its context, obtain leadership and management buy-in, and established business continuity scope. Firstly, an organisation needs to itemise the various facets that might be affected by a disruptive incident, both internal and external. This could include facets such as activities, services, products, partnerships, supply chains, and existing and potential relationships with interested parties. This might include crucial information assets, goods and services produced, critical business processes, and identification of infrastructure elements such as hardware, software, networks or sites. It should also include a definition of the links between the BCM policy and other organisation objectives such as any existing risk management strategies, general business vision, as well as consideration of the organisation s appetite for risk. The next important step is to establish leadership buy-in. As already mentioned the raising of responsibility for BCM to the board level is necessary for the success of the plan. Steps towards achieving this buy-in include: Presenting a rational business case Establishing a project team Establishing a steering committee Assembling the necessary resource requirements By achieving buy-in, management commit to: Ensuring that adequate policies and objectives are established Making policy compatible with business objectives Integrating effectively with existing processes Making the necessary resources available Communicating the importance of BCM strongly across the organisation From here, business continuity scope needs to be established and determining what needs to be included in the plan. Key areas to be scoped include establishing the parts of the organisation to be included in the initiative, products and services within scope, and the external stakeholders to be included and prioritised, aligning with their importance, expectations and interest in relation to the organisation. As part of this scoping exercise it is also important to explain and justify any scope exclusions. At a minimum, the Business Continuity Management System (BCMS) should contain the following documentation: 1. Scope and objectives of the BCMS 2. Business Continuity Policy 3. Description of roles and responsibilities 4. Risk assessment and Business Impact Analysis (BIA) report 5. Business Continuity Plan 6. Communication, Training and Awareness Plan 7. Exercise and test procedure 8. Evaluation, management review and audit procedures 9. Preventative and corrective actions ISO Business Continuity Management An Overview Page 5
8 Business Impact Analysis and Risk Assessment Following the initial planning steps above, a Business Impact Analysis (BIA) should be carried out. In line with ISO Section 8.2.2, the organisation should establish, implement and maintain a formal documented evaluation process for determining continuity and recovery priorities, objectives and targets. More specifically, the aim of BIA is to identify the key activities that need to be performed in order to deliver business critical products and services, in order to meet the most important, time-critical objectives. By extension, the resources supporting those key activities also need to be identified, be they people, premises, technology, information, supplies and stakeholders. The criticality of some activities can fluctuate depending on timing, for example a company offering an online tax return service would have a most critical uptime for the period immediately prior to tax return dates compared to other time periods. Examples of resources examined and recorded in a BIA include: Process Stages - e.g. R&D, Sales, Design, Production, Accounting Information - e.g. patents, customer data, market research reports, financial statements, and source code Hardware - e.g. servers, laptops, external drives, networks, printers Software - CRM, word processing, Excel, accounting packages, production simulation tools Personnel - defined company roles relevant to the organisation s structure Identification of critical points of failure in critical business processes or other activities is another crucial part of a BIA - particularly single points that will prevent an entire system or subsystem from working if they fail. Outside services such as electricity, water, gas, transport and communications supply are the most common examples. A summary output of this stage would be a business impact matrix indicating impact thresholds (limited, important, serious, critical) in relation to different impact categories, such as financial risk, functionality impact, impact on public image, engagement of responsibility, and economic, human or social impacts. Another key step in the continuity planning stage is to identify, analyse and evaluate the risk of disruptive incidents occurring to the organisation. This process ties heavily with the standard for risk management (ISO 31000) and a wide range of techniques can apply depending on the specific context. Risk scenarios might include a building being made unavailable due to a disaster such as a fire, flood, bomb alert, worker strike or other incident. Once individual scenarios are defined, potential consequences of such events in relation to that scenario can be defined, and an overall risk level rating applied (i.e. impact x probability = risk level). Key Steps in Implementing BCM Once the planning and organisational understanding stage is completed, next steps can be taken towards implementing the continuity process, or executing the Do step in the PDCA process. The first step towards implementation is to determine the correct BCM strategy, based on prior assessment of maximum tolerable disruption periods, costs involved, and consequences of inaction. Depending on the scenario, strategies may be required for people, premises, technology, information, supplies and stakeholders - for example: People - how do we maintain core skills and knowledge? Premises - how do we reduce the impact of a normal worksite not being available? Technology - how do we maintain availability and uptime of key technology assets when disasters occur? Information - how do we protect and recover vital information? Supplies - how do we maintain key supplies and inventory to minimise supply chain impact upon an unexpected event? ISO Business Continuity Management An Overview Page 6
9 Cost-benefit analysis is a crucial component of developing this strategy, in particular weighing the cost of being without a given service at various points in time versus the cost of the continuity solution. Various ways of introducing backup redundancy support for business critical operations should be considered, and appropriate approaches identified. This can include having dedicated backup sites that become active when primary sites are compromised, or having two active sites that can failover onto each other if needed. Several hybrid variants of these two options are also possible depending on scenario and business needs. Developing a continuity strategy around the organisation s business-critical technology elements is a crucial part of any plan, and for most organisations, there will be both internal and external technology-based assets and services that need consideration. Strategies for handling continuity might involve spreading technology geographically so that a disaster event is less likely to affect entire infrastructures, holding older equipment as emergency replacement or spares, or adding particular risk mitigation for sensitive unique or long lead time equipment. By extension, chosen technology continuity strategies need to consider elements such as: The required recovery time for key systems and applications Location and distance between technology sites Remote access requirements and required telecoms connectivity Failover requirements - are system downtime and manual intervention required? Does the continuity switchover need to be instantaneous? Influence of Key Macro Technology Trends on Business Continuity IT business continuity strategies are also being influenced by key macro-trends such as virtualisation, cloud computing, mobile devices, and social networking among others. Much of these developments are positive and can facilitate continuity planning, but they can also introduce new IT challenges. Virtualisation A key benefit that virtualisation allows in relation to BCM is that it can greatly reduce the number of physical servers or other hardware that an organisation needs to manage and worry about. Virtual machines and applications can be replicated more easily, and switched more easily between physical resource pools such as processors, memory and storage. In addition, desktop virtualisation technologies such as Citrix and DVI, combined with secure tunnelling, can facilitate employees working remotely away from core premises in the case of a disaster event. Cloud Computing Developments in cloud computing can facilitate significant benefits around continuity planning. For example organisations are now able to combine external SaaS options with private cloud infrastructures, switching seamlessly between different internal and external cloud scenarios as needed for continuity. For example baseline operating scenarios might operate on a private cloud infrastructure, but a downtime event or a need to scale up requirements may automatically transition the infrastructure to an external cloud provided by service providers. While this creates new possibilities, it also creates new IT management challenges, and appropriate SLAs with external service providers should be arranged. It is important to note that gaining insight into the site recovery capabilities of external providers may be a challenge. ISO Business Continuity Management An Overview Page 7
10 Mobile Computing Business Continuity thought leaders increasingly see mobile devices as a key medium in supporting workforce recovery during a business recovery event. Mobile devices can alert employees to information such as the current status of recovery, locations to which employees should be in response to the event, applications and services to which they can access. Mobile sales personnel can also be supported in continuing remote work with minimal disruption. Aside from these communication aspects, mobile devices are increasingly subsuming much of the functionality traditionally associated with PCs, allowing them to support actual work tasks when PC-based sites are unavailable. Social Networks The role that social networking platforms such as Twitter, Facebook, LinkedIn, Skype and others can play around BCM is still emerging. Its potential as a mass communications channel for supporting incident management and disaster recovery is self-evident, particularly in relation to mobilising employees and other key stakeholders. However, it can also be harmful from a PR perspective if misleading, inappropriate or untimely information around a disaster event is made available to the public. Drafting Business Continuity Plans (BCPs) Clause of ISO establishes documented procedures for responding to a disruptive incident and how it will continue and recover activities within a predetermined timeframe. The primary goal is to address the business disruption or loss from the initial response to the point at which normal business operations are resumed. Crucial plan elements to be covered include defining incident response roles for people and teams, processes for activating necessary incident responses, identifying necessary notifications and communications (both to internal and external parties), and the key activities that need to be taken and allowable timeframes involved. Ultimately, the overarching BCP will contain various categories of sub-plan depending on the organisation s specific context, with overlapping plans covering areas such as incident response, emergency response, crisis management, recovery and restoration, communication and training and awareness. Training, Awareness and Testing As part of the planning stage, it is important to consider the skills requirements of those who will be required to manage and execute BC efforts, whether existing personnel can manage the efforts, and/or whether new personnel are needed. Once personnel requirements are identified, a plan needs to be put in place to make the relevant people aware of the business continuity initiative, and details of their role within that effort. If skill gaps exist, appropriate training measures should also be put in place. Once the continuity plans are in place and the necessary procedures identified, they should be practiced and tested to ensure consistency with the business continuity objectives. Different levels of testing can be employed depending on the scenario, ranging from less invasive methods such as distributing business plans for review, to practice simulations, to parallel tests that replicate a core process without interrupting it, to full invasive tests that fully replicate the disaster event and actually require day-to-day operations to be interrupted. The goal of such tests and exercises is to ensure that personnel are capable of executing the defined continuity plan, and to ensure that defined procedures are consistent with the necessary steps in question. ISO Business Continuity Management An Overview Page 8
11 Monitoring, Reviewing and Improving BCM Efforts The Check and Act elements of the PDCA wheel involve an iterative analysis of the continuity planning and execution stages. Taking the outputs of the business continuity planning, exercise and test stages as input, the overall performance and effectiveness of the initiative needs to be evaluated. An important part of this evaluation is to identify key metrics against which the process can be measured. Such metrics can be defined for both operational aspects of the continuity planning (e.g. rating the quality of the defined procedures and associated documentation), versus KPI-type metrics to support management understanding at the high-level (e.g. monitoring the average cost of a disruptive incident over time). The self-validation stage should also include provision for self-auditing and ensuring that what has been outlined and defined in the BCP is in fact delivered upon and executed. For added assurance, external auditing by a suitably qualified third party can also be considered. This auditing process forms the basis for management review, ensuring the continuing suitability, adequacy and effectiveness of the BCMS, and highlighting opportunities for improvement. Business Continuity Planning - What Espion Can Provide Espion can provide your organisation with end-to-end support towards developing improved Business Continuity Management processes within your organisation ranging from consultancy services, training, and auditing. More specific service offerings include: Scoping exercise to identify requirements BCM Workshops Gap Analysis between current status and full compliance Business Impact Analysis (BIA) Risk Assessment Roadmap to compliance Risk Assessment Plan Documentation Certified Training & Awareness BCP and DR Exercise Facilitation Internal Audit Certification Preparation Need To Know More Info For more information on this research, contact Seamus Galvin, Espion Research at +353 (1) , or seamus.galvin@espiongroup.com ISO Business Continuity Management An Overview Page 9
12
13 About Espion Espion are Corporate Information specialists. We work with organisations across all industries and business functions to provide advice and assistance relating to the holistic compliance, protection and management requirements of their most valuable asset information. This allows our clients to focus on their core business and ultimately achieve greater success. Espion Headquaters Corrig Court, Corrig Road, Sandyford Industrial Estate, Dublin 18, Ireland +353 (01)
Principles for BCM requirements for the Dutch financial sector and its providers.
Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011
More informationPAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA
1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationBusiness Continuity Management Governance. Frank Higgins Abu Dhabi March 2015
Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity
More informationNHS 24 - Business Continuity Strategy
NHS 24 - Strategy Version: 0.3 Issue Date: 20/09/2005 Status: Issued for Board Approval Status: draft Page 1 of 13 Table of Contents 1 INTRODUCTION...3 2 PURPOSE...3 3 SCOPE...3 4 ASSUMPTIONS...4 5 BUSINESS
More informationBusiness Continuity Management Policy
Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3
More informationCompany Management System. Business Continuity in SIA
Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT
More informationEmergency Response and Business Continuity Management Policy
Emergency Response and Business Continuity Management Policy Owner: John Duffy, Registrar & Secretary Last updated: September 2012 Version: 04 Document control Date Version Author Changes To be populated
More informationISO 22301: Societal Security Terminology ISO 22313: BCMS Guidance ISO 22398: Exercises and Testing - Guidance
The Impact of ISO 22301 Moving Your BCM Program to a Management System Implementing the Newly Approved International Business Continuity Management System Standard & Guidance Documents ISO 22301: Societal
More informationBusiness Continuity Management
Business Continuity Management Version 1 approved by SMG December 2013 Business Continuity Policy Version 1 1 of 9 Business Continuity Management Summary description: This document provides the rationale
More informationBCP and DR. P K Patel AGM, MoF
BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management
More informationBusiness Continuity Management
Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not
More informationTemple university. Auditing a business continuity management BCM. November, 2015
Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More informationMoving from BS 25999-2 to ISO 22301. The new international standard for business continuity management systems. Transition Guide
Transition Guide Moving from BS 25999-2 to ISO 22301 The new international standard for business continuity management systems Extract from The Route Map to Business Continuity Management: Meeting the
More informationBusiness Continuity Policy
Business Continuity Policy St Mary Magdalene Academy V1.0 / September 2014 Document Control Document Details Document Title Document Type Business Continuity Policy Policy Version 2.0 Effective From 1st
More informationWhy Should Companies Take a Closer Look at Business Continuity Planning?
whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters
More informationBusiness Continuity Planning and Disaster Recovery Planning
4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business
More informationBUSINESS CONTINUITY POLICY
BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility
More informationAn Introduction to. Business Continuity Planning
An Introduction to Business Continuity Planning Company Profile Practical Experience European Head Office Extensive Client Base Established 1998 Expert Consultants Global Network Why BCP? I am often asked
More informationBusiness Continuity and Disaster Recovery Planning
Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services
More informationBusiness Continuity Policy
Business Continuity Policy Page 1 of 15 Business Continuity Policy First published: Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/14 Vicky Ryan Updated to include
More informationBusiness Continuity (Policy & Procedure)
Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity
More informationBusiness Continuity Planning. A guide to loss prevention
Business Continuity Planning A guide to loss prevention There are many statistics quoted about the effect that a lack of planning for a disaster has on a business. What s certain is that any unplanned
More informationSouth West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy
South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy Reference No: CG 01 Version: Version 1 Approval date 18 December 2013 Date ratified: 18 December 2013 Name of Author
More informationBusiness Continuity Policy
Page 1 of 16 Business Continuity Policy Issue Date: Aug 2013 Document Number: 00241 Prepared by: Business Management and Continuity Senior Manager Next Review Date: April 2014 Page 2 of 16 NHS England
More informationBusiness Continuity Management Policy and Framework
Management Policy and Framework Version: Produced by: Date Produced: Approved by: Updated: 7 University Manager with the assistance of the Operational Group 11 th March 2010 Steering Group (14 December
More informationBusiness Continuity Management Framework 2014 2017
Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity
More informationProposal for Business Continuity Plan and Management Review 6 August 2008
Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.
More informationwww.td.com.au Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012
Business Continuity - IT Disaster Recovery Discussion Paper - - Version V2.0R Wednesday, 5 September 2012 Commercial in Confidence Melbourne Sydney 79-81 Coppin St Level 2 Richmond VIC 3121 414 Kent St
More informationBusiness Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited
Business Continuity and Risk Management Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited What does Business Continuity mean? Business Continuity Management- Definition Business Continuity
More informationa Disaster Recovery Plan
Construction of a Disaster Recovery Plan David Godwin, Sr. Sales Engineer March 18, 2014 Objectives Understand What Disaster Recovery is? Why is Disaster Recovery Needed? Effectively assist customers or
More informationHOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING
HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING ISO 22301 BUSINESS CONTINUITY MANAGEMENT SYSTEMS Most organisations will, at some point, be faced with having to respond
More informationHow to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%.
How to write a DISASTER RECOVERY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A DRP AND HOW CAN IT HELP MY COMPANY? CHAPTER PREPARING TO WRITE YOUR DISASTER RECOVERY PLAN
More informationwww.pwc.com Business Resiliency Business Continuity Management - January 14, 2014
www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition
More informationBUSINESS CONTINUITY MANAGEMENT FRAMEWORK
BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1 FRAMEWORK STATEMENT Business
More informationNHS Hardwick Clinical Commissioning Group. Business Continuity Policy
NHS Hardwick Clinical Commissioning Group Business Continuity Policy Version Date: 26 January 2016 Version Number: 2.0 Status: Approved Next Revision Due: January 2017 Gordon Stevens MBCI Corporate Assurance
More informationDesktop Scenario Self Assessment Exercise Page 1
Page 1 Neil Jarvis Head of IT Security & IT Risk DHL Page 2 From reputation to data loss - how important is business continuity? Neil Jarvis Head of IT Security (EMEA) DHL Logistics IT Security Taking
More informationBirmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy
Birmingham CrossCity Clinical Commissioning Group Business Continuity Management Policy Version V1.0 Ratified by Operational Development Group Date ratified 6 th November 2014 Name of originator / author
More informationNORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)
NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy
More informationBusiness Continuity Policy
Business Continuity Policy 1 NHS England INFORMATION READER BOX Directorate Medical Commissioning Operations Patients and Information Nursing Trans. & Corp. Ops. Commissioning Strategy Finance Publications
More informationBusiness Continuity Planning
Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why
More informationBy. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd
BS 25999 Business Continuity Management By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd 1 Contents slide BSI British Standards 2006 BS 25999(Business Continuity) 2002 BS 15000
More informationBusiness Continuity Management Group Policy
THE WAREHOUSE GROUP LIMITED ( the Company ) 1. Purpose of Policy This policy is to communicate The Warehouse Group Limited ( TWG ) governance requirements and arrangements for developing and sustaining
More informationBusiness Continuity Management
Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective
More informationBusiness Continuity Plan
Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions
More informationBusiness Continuity and Disaster Recovery Planning from an Information Technology Perspective
Business Continuity and Disaster Recovery Planning from an Information Technology Perspective Presenter: David Bird, Director of Sales, Business Technology Consultant phone: 215-672-7100 email: dbird@quatro.com
More informationBSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012
To: From: Subject: Status: Date of Meeting: BSO Board Director of Human Resources & Corporate Services Business Continuity Policy For Approval 28 February 2012 The Board is asked to agree the attached
More informationBusiness Continuity Plan Toolkit
Business Continuity Plan Toolkit March 2015 1 Contents The Template instructions for use... 2 Introduction... 3 What is the purpose of this toolkit?... 3 Why do you need a Business Continuity Plan?...
More informationBUSINESS CONTINUITY PLAN
How to Develop a BUSINESS CONTINUITY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A BUSINESS CONTINUITY PLAN? CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN CHAPTER
More informationInformation security controls. Briefing for clients on Experian information security controls
Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face
More informationBS 25999 BUSINESS CONTINUITY MANAGEMENT
BS 25999 BUSINESS CONTINUITY MANAGEMENT AUDIT, CERTIFICATION & training services HOW CAN YOU ENSURE BUSINESS CONTINUITY? BS 25999 AUDITS & CERTIFICATION FROM SGS Most organisations will, at some point,
More informationBT Conferencing Business Continuity Management. Planning to stay in business
BT Conferencing Business Continuity Management Planning to stay in business Planning for the unexpected In today s connected world, businesses are increasingly dependent on their communications and networked
More informationIBM Global Technology Services March 2008. Virtualization for disaster recovery: areas of focus and consideration.
IBM Global Technology Services March 2008 Virtualization for disaster recovery: Page 2 Contents 2 Introduction 3 Understanding the virtualization approach 4 A properly constructed virtualization strategy
More informationBest Practices in Disaster Recovery Planning and Testing
Best Practices in Disaster Recovery Planning and Testing axcient.com 2015. Axcient, Inc. All Rights Reserved. 1 Best Practices in Disaster Recovery Planning and Testing Disaster Recovery plans are widely
More informationBusiness Continuity Management. Policy Statement and Strategy
Business Continuity Management Policy Statement and Strategy November 2011 Title Business Continuity Management Policy & Strategy Date of Publication: Cabinet Council Published by Borough Council of King
More informationSecuring and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable
More informationWhite Paper: Managing ediscovery Initiatives In-House. Managing ediscovery Initiatives In-House
White Paper: Managing ediscovery Initiatives In-House Managing ediscovery Initiatives In-House Introduction Traditionally, enterprises responding to litigation, compliance, auditing or similar events
More informationStaying In Business. A Business Continuity White Paper by. Paul O Brien and Gerard Joyce. LinkResQ Limited
Staying In Business A Business Continuity White Paper by Paul O Brien and Gerard Joyce LinkResQ Limited Contents: Introduction. 2 What is Business Continuity? 2 Loss Events = Opportunities for Disaster..
More informationCoping with a major business disruption. Some practical advice
Coping with a major business disruption Some practical advice Coping with a major business disruption What is business continuity? Business continuity planning (BCP) is a management process that helps
More informationBusiness Continuity Management Policy
Governance 1 Purpose The purpose of this policy is to communicate Business Continuity Management (BCM) framework, responsibilities and guiding principles for Victoria to effectively prepare for and achieve
More informationBusiness Continuity Policy and Business Continuity Management System
Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain
More informationBusiness Continuity Management
Business Continuity Management cliftonlarsonallen.com Introductions Brian Pye CliftonLarsonAllen Senior Manager Business Risk Services group 15 years of experience with Business Continuity Megan Moore
More informationNETWORK SERVICES WITH SOME CREDIT UNIONS PROCESSING 800,000 TRANSACTIONS ANNUALLY AND MOVING OVER 500 MILLION, SYSTEM UPTIME IS CRITICAL.
NETWORK SERVICES WITH SOME CREDIT UNIONS PROCESSING 800,000 TRANSACTIONS ANNUALLY AND MOVING OVER 500 MILLION, SYSTEM UPTIME IS CRITICAL. Your Credit Union information is irreplaceable. Data loss can result
More informationHow To Manage A Disruption Event
BUSINESS CONTINUITY FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Manager Organisational
More informationRSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief
RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief INTRODUCTION Now more than ever, organizations depend on services, business processes and technologies to generate revenue and meet
More information1.0 Policy Statement / Intentions (FOIA - Open)
Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies
More informationBusiness Continuity Standards A Primer
INTELLIGENT NOTIFICATION Alphabet Soup: Making Sense of BC/DR Standards Part 1: Business Continuity Standards A Primer Why all the attention now? One of the hottest topics in BC/DR these days is standards.
More informationWith the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS
How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning The world has experienced a great deal of natural and man-made upheaval and destruction in the past few years, including tornadoes,
More informationBUSINESS CONTINUITY MANAGEMENT SYSTEM STEP BY STEP GUIDE TO DEVELOPING A BUSINESS CONTINUITY MANAGEMENT SYSTEM REPUBLIC OF IRELAND
BUSINESS CONTINUITY MANAGEMENT SYSTEM STEP BY STEP GUIDE TO DEVELOPING A BUSINESS CONTINUITY MANAGEMENT SYSTEM REPUBLIC OF IRELAND YOUR QUICK REFERENCE GUIDE TO THE PROCESS DEVELOPING A BUSINESS CONTINUITY
More informationBusiness continuity management policy
Business continuity management policy health.wa.gov.au Effective: XXX Title: Business continuity management policy 1. Purpose All public sector bodies are required to establish, maintain and review business
More informationA risky business. Why you can t afford to gamble on the resilience of business-critical infrastructure
A risky business Why you can t afford to gamble on the resilience of business-critical infrastructure Banking on a computer system that never fails? Recent failures in the retail banking system show how
More informationBusiness Continuity Management For Small to Medium-Sized Businesses
Business Continuity Management For Small to Medium-Sized Businesses Produced by NORMIT and Norfolk County Council Resilience Team For an electronic copy of this document visit www.normit.org Telephone
More informationDRAFT BUSINESS CONTINUITY MANAGEMENT POLICY
DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY This document outlines a set of policies and procedures for formalising a Business Continuity programme, and provides guidelines for developing, maintaining
More informationBusiness Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com
Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?
More informationManaging business risk
Managing business risk What senior managers need to know about business continuity bell.ca/businesscontinuity Information and Communications Technology (ICT) has become more vital than ever to the success
More informationBUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS
BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3
More informationSolihull Clinical Commissioning Group
Solihull Clinical Commissioning Group Business Continuity Policy Version v1 Ratified by SMT Date ratified 24 February 2014 Name of originator / author CSU Corporate Services Review date Annual Target audience
More informationHow To Manage A Business Continuity Strategy
Business continuity strategy 2009 2012 Table of contents 1 Why this strategy is needed 3 2 Aim of the strategy 4 3 Our approach to business continuity 4 PROCESS 4 STRUCTURE 5 DOCUMENTATION 6 DISRUPTION
More informationTalentLink Disaster Recovery & Service Continuity
Technical Services Briefing Document TalentLink Disaster Recovery & Service Continuity Version 1.2 (January 2012) Contents Overview Planning for Service Continuity Disaster Recovery Process Business Continuity
More informationKPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity
INFORMATION RISK MANAGEMENT KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity ADVISORY Contents Agenda: Global trends and BCM
More informationIntroduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT
INFORMATION SECURITY: UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT FACTSHEET This factsheet will introduce you to Business Continuity Management (BCM), which is a process developed to counteract systems
More informationGuardian365. Managed IT Support Services Suite
Guardian365 Managed IT Support Services Suite What will you get from us? Award Winning Team Deloitte Best Managed Company in 2015. Ranked in the Top 3 globally for Best Managed Service Desk by the Service
More informationThe Difference Between Disaster Recovery and Business Continuance
The Difference Between Disaster Recovery and Business Continuance In high school geometry we learned that a square is a rectangle, but a rectangle is not a square. The same analogy applies to business
More informationMonetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES
Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES June 2003 TABLE OF CONTENTS 1.0 INTRODUCTION... 1 1.1 READINESS IS YOUR ONLY PROTECTION... 1 1.2 APPLICATION OF THE GUIDELINES...
More informationBusiness Continuity Planning in IT
Introduction: Business Continuity Planning in IT The more your business relies on its IT systems, the more you need to consider how unexpected disruptions might affect your business. These disruptions
More informationCouncil Policy Business Continuity Management
Policy Name: Business Continuity Management Council Policy Business Continuity Management ADOPTED BY COUNCIL: 19 th April 2016 DATE OF NEXT REVIEW: 18 th April 2020 RESPONSIBLE OFFICER: REFERENCES: Chief
More informationInstitute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745
ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan
More informationUpdate from the Business Continuity Working Group
23 June 2014 Performance and Resources Board 19 To note Update from the Business Continuity Working Group Issue 1 The Business Continuity Working Group oversees the development, maintenance and improvement
More informationDepartmental Business Continuity Framework. Part 2 Working Guides
Department for Work and Pensions Departmental Business Continuity Framework Part 2 Working Guides Page 1 of 60 CONTENTS Guide to business impact analysis...3 Guide to business continuity planning...7 Guide
More informationPAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA
Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationCourse: Information Security Management in e-governance. Day 1. Session 3: Models and Frameworks for Information Security Management
Course: Information Security Management in e-governance Day 1 Session 3: Models and Frameworks for Information Security Management Agenda Introduction to Enterprise Security framework Overview of security
More informationBC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value
BC / DR Implementation Tying Disaster Investment to Measurable Business Value Continuity Insights Conference May 16-18, 2005 Agenda Purpose Discuss best practice process and tools that might be leveraged
More informationISO 22301:2012 Societal Security Appendix B Business Continuity Management Systems Requirements 347
Appendix B Business Continuity Management Systems Requirements 347 B.3 Format and Structure ISO 22301 is the second published standard to adopt ISO s new high-level structure for management systems standards
More informationWhite Paper: Cloud Security. Cloud Security
White Paper: Cloud Security Cloud Security Introduction Due to the increase in available bandwidth and technological advances in the area of virtualisation, and the desire of IT managers to provide dynamically
More informationASX SETTLEMENT OPERATING RULES Guidance Note 10
BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they
More informationFlinders University IT Disaster Recovery Framework
Flinders University IT Disaster Recovery Framework Establishment: Flinders University, 1 August 2013 Last Amended: Manager, ITS Security Services, 4 October 2013 Nature of Amendment: Initial release Date
More informationEvaluating and Improving Your Business Continuity Plan
Evaluating and Improving Your Business Continuity Plan As presented to the Northeast Florida IIA Chapter January 23, 2015 Contact Information Karen Weir, MAC, CISA, CBCP Manager kweir@accretivesolutions.com
More informationBUSINESS CONTINUITY POLICY
BUSINESS CONTINUITY POLICY Document Type Corporate Policy Unique Identifier CO-038 Document Purpose To provide a structure through which: i. A comprehensive business continuity management system (BCMS)
More informationPlan Development Getting from Principles to Paper
Plan Development Getting from Principles to Paper March 22, 2015 Table of Contents / Agenda Goals of the workshop Overview of relevant standards Industry standards Government regulations Company standards
More informationInformation Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.
Information Security Management: Business Continuity Planning Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Overview BCP: Definition BCP: Need for (Why?) BCP: When BCP: Who
More information