BUSINESS RESILIENCE READY OR NOT
|
|
- Blake Sanders
- 8 years ago
- Views:
Transcription
1 BUSINESS RESILIENCE READY OR NOT EDC Whitepaper 2014
2 Table of Contents Executive Summary 2 Need for Effective BCM 2 Government requirements for BCM 4 The Challenge - Disasters and Threats 4 Pandemic and biological threats 4 Natural Disasters 5 Other threats 5 The Global Experience 6 Current State of BCM - Australia 7 Plans in place but not comprehensive 7 Crisis Management 7 Business Continuity Management a wise investment! 7 Business Resilience 8 Bridge the gap 8 BCM Culture 8 Organisational Trends for Business Resilience 8 Solution - Focus your BCM Investment 9 Outsourcing or contracting the services of BCM to specialists 11 Benefits of Outsourcing 11 Summary 12 EDC - End To End Solutions for Disaster Recovery and Business Continuity 13 Page 01
3 Executive Summary A survey was undertaken by Victorian Government with analysis by Enterprise Data Corporation (EDC) a leading BCM provider. This exercise benchmarked the current state of business resilience and business continuity within government departments against global good practice, based on a comprehensive survey of Victorian State Departments. The results indicated there are several areas where government departments have adopted principles of good practice business continuity in managing business resilience. However, there were also areas of concern, especially given the increased demand on power and also power failures both on a global scale and within Australia. This increased demand for power, combined with a spiralling increase in natural disasters, has made business resilience one of the top 10 risks faced by company boards and government executive management. Risks that result from disasters are often interrelated, requiring 360 degree visibility and accountability on an enterprise-wide scale, calling for a fully integrated disaster recovery and business continuity management plan. The need to manage these risks and ensure business continuity in a proactive manner using real-time analysis of current data as disaster events unfold has called for the wider and greater use of technology. Dependencies on supply-chain and interdependencies between organisations and departments are highlighted within this study as a growing concern, with management of the entire supply chain becoming increasingly critical. Most of the 38 countries used as benchmarks have embedded business continuity and resilience planning within corporate planning to support the delivery of organisational objectives. Like risk management, BCM is everyone s responsibility. Each and every employee has a part to play in the continued success of the organisation. Need for Effective BCM In this current environment, the need for effective Business Continuity Management (BCM) is so top of mind that it is no longer a nice to have but an integral part of the risk management framework within an organisation. Effective BCM relies on the expertise from within the organisation. It is the people that understand the organisation, its business, processes and business interruption risks, and it is the people that you rely on to resume operations quickly. However, it is not assumed that everyone is an expert in the field of BCM but it is expected that everyone has an accepted risk management and business continuity management framework in place. Page 02
4 With this in mind, it is important to validate that there is an understanding across an organisation of the maximum time the business can survive without key business functions before the Business Continuity Plan / Program (BCP) must be initiated and recovery procedures must commence. In the business continuity management process, it is important to consider what plans are already in place, so effort is not wasted. Business continuity means maintaining the uninterrupted availability of all key business resources required to support essential business activities. However, preventative controls and other proactive treatments are no guarantee that risk events will not occur, that is, they cannot entirely eliminate their likelihood of occurrence. Therefore, for effective risk management, it is equally important that organisations design controls that are implemented once a risk event has occurred. For effective business continuity management organisations need to view being prepared as addressing not if something should happen but when it does, what should we do. The primary output from the business continuity management process is the BCP. The BCP comprises many elements, which collectively define the approach to dealing with a break in business continuity, and which prescribes the steps an organisation should take to recover lost business functions. Page 03
5 Government requirements for BCM Fundamentally, BCM in government ensures that essential functions can continue during and after a disaster. This includes the prevention of mission critical service interruptions, and the ability to re-establish full functionality as quickly as possible. According to the Australian Government Attorney-General's Department, there is a mandatory requirement for government agencies to establish a business continuity management (BCM) program to provide for the continued availability of critical services and assets, and of other services and assets when warranted by a threat and risk assessment. Agencies must: Develop a governance structure establishing authorities and responsibilities for a BCM program, and for the development and approval of business continuity plans; Within the context of the identification of assets, undertake impact analysis to identify and prioritise the agency s critical services and assets, including identifying and prioritising information exchanges provided by, or to other agencies or external parties; Develop plans, measures and arrangements to ensure the continued availability of critical services and assets, and of any other service or asset when warranted by a threat and risk assessment; Undertake activities to monitor the agency s level of overall preparedness; and Make provision for the continuous review, testing and audit of business continuity plans. The Challenge - Disasters and Threats There is a variety of emergency situations that require BCM throughout federal, state and local governments. Emergency situations prompted by natural disasters have the potential to cause widespread impact on organisations and government agencies supporting the public, due to the immediate threat of loss. However, other threats also need to be considered. Pandemic and biological threats A pandemic is an epidemic of infectious disease that spreads through human populations across a large region; for example across multiple continents, or even globally. Examples are 2009 H1N1 Flu (sometimes called swine flu ), Avian influenza and Severe Acute Respiratory Syndrome (SARS). Biological threats are diseases that impact humans and animals, for example plague, smallpox, Anthrax, West Nile Virus, Foot and Mouth Disease. Natural Disasters According to the Australian Bureau of Meteorology and World Meteorological Organization, Australia is located in one of the most vulnerable regions of the world for natural disasters, including drought, tropical cyclones, tsunamis, floods and bushfires. Australian Government Attorney General s Office, Protective Security Policy Framework, Section 5.11: rk/5governance/pages/511businesscontinuitymanagem ent.asp Page 04
6 These threats can have a catastrophic impact on normal business operations, as they are extreme and occur quickly and without a lot of warning. Recent examples are the 2009 Victorian bushfires, 2011 Queensland floods and Tropical Cyclone Yasi. Other threats The final categories of emergency situations are human-caused events and intentional terrorist activities. In the last decade more attention has been placed on the latter, owing to the rise of anti-terrorism measures following the 2001 September 11 attack on the World Trade Centre and the fact that extremist groups have far-reaching effects on a government s ability to continue daily operations. However, Australian terrorist activity most recently has focused on Australian nationals travelling outside Australia. Examples include 2002 Bali Bombing and the 2004 Australian embassy bombing, also in Indonesia, although there has since been many people convicted of planning a terrorist attack, including the Holsworthy Barracks terror plot (2009), Benbrika Group in Melbourne (2008) and Sydney Five (2005). More likely to cause damage and disrupt business continuity are events related to human-caused accidents, such as hazardous material spills or release, explosions or fire, transportation accidents, building structure collapse, energy/power/utility failure, fuel/resource shortages, air/water pollution, contamination, water control structure/dam failure, financial issues, economic depression, inflation, financial system collapse and communications systems interruptions. If any of the above were to occur the effect on government would be a denial of service to the users of the services. As each government agency increasingly relies upon sophisticated systems to supply information needed to perform their operations they are increasingly faced with new and unique vulnerabilities. Page 05
7 The Global Experience Key findings from the survey across 35 countries and 15 industry sectors indicated that more than 90% of the global organisations demonstrated an increase of events causing business disruptions in several key areas: Adverse weather was the main cause of disruption around the world, with 53% citing it, up from 29% last year. Unplanned IT and telecommunication outages was the second most likely disruption and the failure of service provision by outsourcers was third, up to 35% from 20% in These incidents led to a loss of productivity for over half of businesses. 49% estimated that the cost to their business of supply chain incidents in the last 12 months was between $10,000 and $500,000, with a further 10% reporting a cost of $500,000 or more. The average number of identified supply chain risks in the past 12 months was 5, with some organisations reporting over % admitted they had suffered damage to their brand or reputation as a result of these disruptions. The survey also indicated some positive trends within the surveyed organisations making moves towards business resilience. In particular, it found that 50% of government departments have tried to optimise their businesses through outsourcing, consolidating suppliers, adopting Just-In-Time (JIT), or lean manufacturing techniques. Where businesses have shifted production to low cost countries they are significantly more likely to experience supply chain disruptions, with 83% experiencing disruption. The main causes were transport networks and supplier insolvency. Only 7% had been fully successful in ensuring suppliers adopted BCM practices to meet their needs, with nearly a quarter not taking this step. Even when suppliers were regarded as key to their business, nearly half of respondents had not checked or validated their supplier s business continuity plans. 24 hours is the typical period within which businesses look to recover critical activities, since sustained disruption beyond this period will cause significant economic and service delivery problems in many sectors. Very few organisations plan for disruption lasting longer than one week. Although only a number of organisations faced sustainability disruption issues - defined in the report as environmental, health and safety or business ethics - those exposed to such risks fared badly when problems did arise, with much higher levels of adverse media coverage and brand damage with 37% admitting that they had suffered damage to their brand or reputation. Page 06
8 Current State of BCM - Australia In the current environment, the need for effective and practical BCM needs to be top of mind, requiring involvement from the Board, the CEO and Executive to set the tone at the top and then have employees aligned in the commitment to effective BCM. 67.2% of Australian respondents have direct involvement at the executive, director or board level, which compared favourably against the global benchmark, where direct board involvement has increased from 43% in 2009 to 72% in In several areas, organisations have adopted the principles of good practice business continuity management in managing business resilience through a combination of factors that include: Increased board awareness; Focus on enterprise-wide risk management; Proactively budgeting for business resilience as a strategic objective to ensure that the enterprise s strategic objectives are met; and Managing business resilience holistically including the need for secure data centres, secure business continuity seats and infrastructure including making use of the latest technologies to ensure the robustness of organisations and enterprises alike. Plans in place but not comprehensive While there is an increased focus on enterprise-wide risk management, it is not yet comprehensive. 58% of respondents stated that where Business Continuity Plans / Programs (BCP) have been developed, the plan is organisational wide. There are already some parts of the BCP that organisations have in place as part of its normal business operations, including: Increased board awareness; Focus on enterprise-wide risk management; Proactively budgeting for business resilience as a strategic objective to ensure that the enterprise s strategic objectives are met; and Managing business resilience holistically including the need for secure data centres, secure business continuity seats and infrastructure including making use of the latest technologies to ensure the robustness of organisations and enterprises alike. However, these alone do not constitute a complete BCP, but are important elements of a robust continuity plan. Crisis Management 35% of respondents stated that the organisation has a clearly articulated and current Crisis Management Plan. Business Continuity Management a wise investment! 66% of respondents indicated that organisation wide BCM activities is well supported by senior management commitment and is an established priority for the organisation. Page 07
9 Business Resilience For the most recent business interruption, recovery objectives were completely met by 48% of respondents and service levels were completely maintained by 47% of respondents. Bridge the gap BCM is NOT just part of the IT department s responsibilities. It is imperative that an organisation works together to bridge the gap between IT and other departments when it comes to business continuity. BCM Culture It is critical to ensure that BCM practices address the human element of disasters. Organisations must understand the risks related to employee resiliency that could arise in a crisis and provide a framework for addressing them. Organisational Trends for Business Resilience As a leader in the field of Business Continuity Management EDC has identified three management imperatives for tomorrow s leading organisations and governments: 1. Risk leadership 2. Knowledge leadership 3. Technology exploration Mastering and developing good practices in each area will be the key to sustaining a competitive edge and attaining long-term strategic goals. These three imperative of risk leadership, knowledge leadership and technology efficiency are interlinked and mutually supportive. Three new imperatives for high performing organisations Certainty of Objectives Risk Leadership Organisation Excellence Innovation and Strategy Business Resilience Knowledge Leadership Technology Efficiency Business Resilience Page 08
10 With the recent global events of earthquakes, floods and other natural disasters, organisations and governments priorities are quickly changing to being better prepared. These emerging priorities are based on war time modes of simplicity, as opposed to peace time due diligence. This trend is also driving simplicity and integration between governance, risk and compliance (GRC) and BCM. It s no longer a matter of what if something happens, but more when it happens, what do we do? This means organisations and departments will need to take GRC and BCM to a higher level, which EDC terms Business Resilience. Solution - Focus your BCM Investment Make sure that the people involved in BCM within your organisation are given the time, authority, accountability and support to put your own system in place. The goal is to have BCM become part your business routine. This can be done by implementing a tailored and effective BCM structure for your organisation. Appoint a Business Continuity Management Manager at senior management level who has overall responsibility for BCM and is directly accountable for ensuring the continued success of this capability and for making sure adequate funding is available. Appoint a Business Continuity Management Steering Committee. Creating a Steering Committee where management, staff and other interested parties meet regularly to discuss and sort out BCM issues. Issues could include: Estimating your funding requirements and spending the budget; Developing BCM policy and strategy; Coordinating and overseeing the Business Impact Analysis process; Ensuring effective input from staff; Coordinating and overseeing the development of plans and arrangements for business continuity; Establishing, where necessary, working groups and teams and defining their responsibilities; and Coordinating training; and providing for the regular review, testing and auditing of BCM system. Appoint BCM champions within the business, across the different departments, functions or locations depending on the size, scale and complexity of your business. These champions should be actively involved in encouraging compliance and getting staff feedback, in terms of constructive criticism and suggestions for improvement. Appoint an Incident Response Team. Their duties should involve invoking and executing the Business Continuity Management Plan in response to a major disruption. Provide administrative support. Encourage CIOs to work with the Business Continuity Management Steering Committee and IT specialists to plan for the effective recovery and restoration of IT services. This appointment depends on the size and nature of your IT requirements. Page 09
11 Appoint specialist service providers. Not all of the resources you need to respond to a disruption are necessarily available in-house. For example: Data recovery and back-up IT facilities Emergency telecommunications Cleaning and restoration Document restoration Salvage and decontamination Building and facilities Counselling Security Public relations Your plans should identify where and how these resources can be obtained. It is a good idea to make your arrangements in advance of any disruption. In this way, you will be contractually protected against their inability to deliver their service in a disaster situation. Integrate the roles, accountabilities, responsibilities and authorities into their job descriptions and into your company's appraisal, reward and recognition policy. Your company's audit process should review these responsibilities to make sure they address all the various aspects of the Business Continuity Management Plan and that they reflect any changes within your company's structure or business activities. The process of assigning responsibilities raises important considerations in determining a person's level of competency: To be effective people tasked with overseeing or implementing BCM or in the invocation of the Business Continuity Management Plan in response to a disruption must be competent in carrying out their duties. You need to: Determine what competencies exist within your company and what training is needed; Provide training; Evaluate the effectiveness of the training provided; Keep records of a person's experience, training and qualifications; and Give your team latest Business Resilience tools and technologies to automate the process to help them decipher data to into information that will speed the prevention and recovery process. The real-benefit of BCM is that it focuses your attention on identifying and protecting business key activities and then planning and rehearsing your response to a disruption of services. If you have the specialist do this work for you, you will have lost this benefit and will undermine your position to deal with an emergency because you will be unfamiliar with the Business Continuity Management Plan. It is vital your organisation builds up in-house BCM expertise. Firstly, so that you can effectively respond to a disruption, and secondly, so you can adapt your BCM program to deal with any changes in business processes, staff, equipment and so on. BCM tools like ReadiNow bring increased expertise to both new and expert managers of the Business Resilience process. Page 10
12 Outsourcing or contracting the services of BCM to specialists Specialists can provide extremely useful help in each of the stages of developing and implementing your BCM program. Satisfy yourself as to the company's credentials and their industry background before appointing a BCM provider. For example: How long has the company been providing specialist BCM services? Does the BCM service provider have a bias towards or dependence on vendor, technology or service solution? Does the service provider offer crisis management services and provide proactive support during a disaster? Does the service provider offer end to end business continuity solutions for the recovery of data, voice and people accommodation in the same location? Benefits of Outsourcing Companies like EDC have access to years of experience in handling real live disasters for leading organisations from: Implementation; Responding to emergencies; Recovery of critical business functions; Restoration of resources and assets; and Resumption of business to normal operations. EDC has the necessary experience and expertise to help you through the readiness phase to unsure minimal downtime in the event of an unexpected disruption or disaster to your business. The benefits of outsourcing your BCM requirements include: Access to a one stop end-to-end solution; Industry proven track record assures peace of mind; A single point of contact and accountability to reduce the complexity of your business continuity environment, manage your systems, and protect your investments; Nationwide support with 24 hour help desk providing access for disaster notification; and Account management services tailored to meet your unique needs with flexibility as your operations and technology change. Page 11
13 Summary Every day across the globe, business continuity-related events are taking place. Simply reading news headlines, several questions come to mind, for example: - How could this apply to your organisation? - Will your organisation survive such an event? - How will you be able to respond to such a disaster? - Are you armed with the right knowledge and tools? The survey results, benchmarked against global organisations, show we still have a tough journey ahead. It is a challenge we have to and will embrace. An effective business continuity management program is vital and fundamental to increasing business performance. It is important for people in organisations to know of the advances business continuity management has made in recent years. EDC s analysis illustrates that although government departments are moving in the right direction, we need to do more if we want to align to the global benchmark for business resilience in the future. This is an era where governments globally fail, electricity has become a scarce commodity, large scale natural disasters are on the increase, corporations and governments collapse overnight not only for political reasons but for failing to be resilient against all risks, financial, legal, political, supply-chain management and not the least of all, the environment. EDC - End To End Solutions for Disaster Recovery and Business Continuity EDC is a leading business continuity and disaster recovery specialist. As a result of many years of experience in handling real live disasters for leading organisations from: Implementation; Responding to emergencies; Recovery of critical business functions; Restoration of resources and assets; and Resumption of business to normal operations. As a result, EDC has the necessary experience and expertise to help clients through the readiness phase to unsure minimal downtime in the event of an unexpected disruption or disaster to their business. We specialise in highly-customised turn-key business continuity and recovery solutions. Page 12
14 Benefits of EDC's business continuity solutions: One stop end-to-end solution; Industry proven track record assures peace of mind; A single point of contact and accountability to reduce the complexity of your business continuity environment, manage your systems, and protect your investments; Nationwide support with 24 hour help desk providing access for disaster notification; and Account management services tailored to meet your own unique business needs with flexibility as your business grows and technology changes. For an on-site presentation of our approach and deliverables, please contact us on Copyright Enterprise Data Corporation 2014 Enterprise Data Corporation Norwest Business Park Baulkham Hills, NSW 2153 Australia Produced in Australia All Rights Reserved EDC and the EDC logo are trademarks of Enterprise Data Corporation in Australia, other countries or both. Other company, product and service names may be trademarks or service marks of others. References in this publication to EDC products and services do not imply that EDC intends to make them available in all countries in which EDC operates. Page 13
PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA
1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationBusiness Continuity Planning and Disaster Recovery Planning
4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business
More informationBUSINESS CONTINUITY POLICY
BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility
More informationEmergency Response and Business Continuity Management Policy
Emergency Response and Business Continuity Management Policy Owner: John Duffy, Registrar & Secretary Last updated: September 2012 Version: 04 Document control Date Version Author Changes To be populated
More informationWhy Should Companies Take a Closer Look at Business Continuity Planning?
whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters
More informationBusiness Continuity Plan
Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions
More informationSouth West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy
South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy Reference No: CG 01 Version: Version 1 Approval date 18 December 2013 Date ratified: 18 December 2013 Name of Author
More informationTable of Contents... 1
... 1 Chapter 1 Introduction... 4 1.1 Executive Summary... 4 1.2 Goals and Objectives... 5 1.3 Senior Management and Board of Directors Responsibilities... 5 1.4 Business Continuity Planning Processes...
More informationGood Security. Good Business
Good Security Good Business Good Security Good Business Attorney-General s foreword Small business plays a crucial role, not only in our nation s economy but in Australian society. We often make decisions
More informationBUSINESS CONTINUITY PLAN
How to Develop a BUSINESS CONTINUITY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A BUSINESS CONTINUITY PLAN? CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN CHAPTER
More informationRelease: 1. BSBCON601B Develop and maintain business continuity plans
Release: 1 BSBCON601B Develop and maintain business continuity plans BSBCON601B Develop and maintain business continuity plans Modification History Release Release 1 Comments This version first released
More informationGuideline on Business Continuity Management
Circular No. 033/B/2009-DSB/AMCM (Date: 14/8/2009) Guideline on Business Continuity Management The Monetary Authority of Macao (AMCM), under the powers conferred by Article 9 of the Charter approved by
More informationPROCEDURES BUSINESS CONTINUITY MANAGEMENT FRAMEWORK PURPOSE INTRODUCTION. 1 What is Business Continuity Management? 2 Link to Risk Management
PROCEDURES BUSINESS CONTINUITY MANAGEMENT FRAMEWORK PURPOSE This Framework has been developed in support of both the Business Continuity and Crisis Management Policy and the Emergency and Fire Evacuation
More informationTemple university. Auditing a business continuity management BCM. November, 2015
Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program
More informationBusiness Continuity Management
Business Continuity Management Version 1 approved by SMG December 2013 Business Continuity Policy Version 1 1 of 9 Business Continuity Management Summary description: This document provides the rationale
More informationEMERGENCY PREPAREDNESS PLAN Business Continuity Plan
EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic
More informationBUSINESS CONTINUITY MANAGEMENT FRAMEWORK
BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1 FRAMEWORK STATEMENT Business
More informationCreating the Resilient Corporation
Creating the Resilient Corporation Business Continuity Planning and Pandemics Presented by: Eric Millard, Delivery Manager, Business Continuity and Recovery Services, Hewlett-Packard 2006 Hewlett-Packard
More informationKPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity
INFORMATION RISK MANAGEMENT KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity ADVISORY Contents Agenda: Global trends and BCM
More informationBusiness Continuity Management
Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective
More informationBusiness Continuity and Disaster Recovery Planning
Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services
More informationBusiness continuity management policy
Business continuity management policy health.wa.gov.au Effective: XXX Title: Business continuity management policy 1. Purpose All public sector bodies are required to establish, maintain and review business
More informationNORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)
NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy
More informationBusiness Continuity. Best practice in Business Continuity planning and Disaster Recovery Queensland and Brisbane CBD floods recovery 2011
Business Continuity Best practice in Business Continuity planning and Disaster Recovery Queensland and Brisbane CBD floods recovery 2011 Interactive Pty Ltd White Paper www.interactive.com.au Page 1 of
More informationPAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA
Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationBUSINESS CONTINUITY MANAGEMENT POLICY
BUSINESS CONTINUITY MANAGEMENT POLICY AUTHORISED BY: DATE: Andy Buck Chief Executive March 2011 Ratifying Committee: NHS Rotherham Board Date Agreed: Issue No: NEXT REVIEW DATE: 2013 1 Lead Director John
More informationShankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.
Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management
More informationBusiness Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?
Business Continuity Is your Business Prepared for the worse? Major emergencies can develop suddenly without warning. Situations can threaten and disrupt your business and impact upon you and your staff.
More informationwww.pwc.com Business Resiliency Business Continuity Management - January 14, 2014
www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition
More informationNHS Hardwick Clinical Commissioning Group. Business Continuity Policy
NHS Hardwick Clinical Commissioning Group Business Continuity Policy Version Date: 26 January 2016 Version Number: 2.0 Status: Approved Next Revision Due: January 2017 Gordon Stevens MBCI Corporate Assurance
More informationIntel Business Continuity Practices
Intel Business Continuity Practices As a global corporation with locations and suppliers all over the world, Intel requires every designated Intel organization to embed business continuity as a core business
More informationBUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE
BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE Introduction 1. Recently many organisations both public and private have directed much more time, money and effort towards protecting service
More informationBusiness Continuity Policy
Business Continuity Policy Page 1 of 15 Business Continuity Policy First published: Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/14 Vicky Ryan Updated to include
More informationDesktop Scenario Self Assessment Exercise Page 1
Page 1 Neil Jarvis Head of IT Security & IT Risk DHL Page 2 From reputation to data loss - how important is business continuity? Neil Jarvis Head of IT Security (EMEA) DHL Logistics IT Security Taking
More informationAnnex 1. Business Continuity Management Policy
Annex 1 Business Continuity Management November 2008 p 2 Thanet District Council Business Continuity Management Contents Foreword...3...4 Definition of Terms...5 Document History...6 This policy is supported
More informationIntroduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT
INFORMATION SECURITY: UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT FACTSHEET This factsheet will introduce you to Business Continuity Management (BCM), which is a process developed to counteract systems
More informationSUPERVISORY AND REGULATORY GUIDELINES: PU19-0406 BUSINESS CONTINUITY GUIDELINES
SUPERVISORY AND REGULATORY GUIDELINES: PU19-0406 Business Continuity Issued: 1 st May, 2007 Revised: 14 th October 2008 BUSINESS CONTINUITY GUIDELINES I. INTRODUCTION The Central Bank of The Bahamas (
More informationBusiness Continuity Management Policy
Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3
More informationINFOSEC.MY KNOWLEDGE SHARING SESSION
INFOSEC.MY KNOWLEDGE SHARING SESSION Integration BCM into your Organization: Challenges & Opportunities 31 st October 2007 1 Prabha Ramanathan ( CBCP, MBCI, MBCS, MSCS) Certified Business Continuity Professional.have
More informationBusiness Continuity Policy. Version 1.0
Business Continuity Policy Version.0 January 206 Contents Contents Version control Foreword Policy. Scope.2 Aim and objectives.3 Methods and standards.4 Responsibilities.5 Governance.6 Training and exercises
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More informationFebruary 2011 Records disaster preparedness and
February 2011 Records disaster preparedness and recovery It will never happen... Disasters are unexpected events with destructive consequences which can be measured by the scale of damage as well as the
More informationWEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy
WEST YORKSHIRE FIRE & RESCUE SERVICE Business Continuity Management Strategy Date Issued: 12 November 2012 Review Date: 12 November 2015 Version Control Version Number Date Author Comment 0.1 June 2011
More informationConstructing a successful business continuity plan
Constructing a successful business continuity plan By Alan Berman Alan Berman Being prepared is the cornerstone of having a business continuity plan regardless of the size of a company. Ultimately, getting
More informationNHS 24 - Business Continuity Strategy
NHS 24 - Strategy Version: 0.3 Issue Date: 20/09/2005 Status: Issued for Board Approval Status: draft Page 1 of 13 Table of Contents 1 INTRODUCTION...3 2 PURPOSE...3 3 SCOPE...3 4 ASSUMPTIONS...4 5 BUSINESS
More informationChapter 1: An Overview of Emergency Preparedness and Business Continuity
Chapter 1: An Overview of Emergency Preparedness and Business Continuity After completing this chapter, students will be able to: Describe organization and facility stakeholder needs during and after emergencies.
More informationBusiness Continuity and Disaster Recovery Planning
Business Continuity and Disaster Recovery Planning Jeffrey P. Back 2009 Oncore Associates, LLC Business Continuity Planning Business continuity planning is the way an organization can prepare for and aid
More informationCoping with a major business disruption. Some practical advice
Coping with a major business disruption Some practical advice Coping with a major business disruption What is business continuity? Business continuity planning (BCP) is a management process that helps
More informationRSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief
RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief INTRODUCTION Now more than ever, organizations depend on services, business processes and technologies to generate revenue and meet
More information2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP
2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level Tracy L. Hall, MBCP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C.
More informationFederal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK
Federal Financial Institutions Examination Council FFIEC Business Continuity Planning BCP FEBRUARY 2015 IT EXAMINATION H ANDBOOK Table of Contents Introduction 1 Board and Senior Management Responsibilities
More informationFederal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION
Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT
More informationBy: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015
Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level June 9, 2015 By: Tracy Hall MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company,
More informationRisks and uncertainties
Risks and uncertainties Our risk management approach We have a well-established risk management methodology which we use throughout the business to allow us to identify and manage the principal risks that
More informationBUSINESS CONTINUITY MANAGEMENT
BUSINESS CONTINUITY MANAGEMENT Handbook Business Continuity Management Originated as HB 221:2003. Second edition 2004. COPYRIGHT Standards Australia/Standards New Zealand All rights are reserved. No part
More informationBUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS
BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3
More informationHow To Manage A Business Continuity Strategy
Business continuity strategy 2009 2012 Table of contents 1 Why this strategy is needed 3 2 Aim of the strategy 4 3 Our approach to business continuity 4 PROCESS 4 STRUCTURE 5 DOCUMENTATION 6 DISRUPTION
More informationBusiness Continuity Management
Business Continuity Management Factsheet To prepare for change, change the way you prepare In an intensely competitive environment, a permanent market presence is essential in order to satisfy customers
More informationOhio Supercomputer Center
Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationExpecting the unexpected. Business continuity in an uncertain world
Expecting the unexpected Business continuity in an uncertain world National Counter Terrorism Security Office (NaCTSO) The National Counter Terrorism Security Office is a police unit working to the Association
More informationBusiness Continuity and Disaster Recovery for Law Firms CAROLINE POYNTON
Business Continuity and Disaster Recovery for Law Firms CAROLINE POYNTON PUBLISHED BY IN ASSOCIATION WITH Contents Executive summary... VII The regulatory landscape...vii Part One Business Continuity
More informationBUSINESS CONTINUITY MANAGEMENT A Guide for Businesses In Northamptonshire
BUSINESS CONTINUITY MANAGEMENT A Guide for Businesses In Northamptonshire 1 What is Business Continuity? Business Continuity is a planning process which provides a framework to ensure the resilience of
More informationPreparing for. a Pandemic. Avian Flu:
Avian Flu: Preparing for a Pandemic With increasing urgency over the past year, a variety of governments, nongovernmental organizations, industry groups, and media outlets have trumpeted the potential
More informationBusiness Continuity Management
Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not
More informationBusiness Continuity for the Hospitality Industry
MANAGEMENT GUIDE MANAGEMENT for the Hospitality Industry Managing threats and building organisation resilience What is business continuity? According to the Institute, business continuity management is
More informationPrepared by Rod Davis, ABCP, MCSA November, 2011
Prepared by Rod Davis, ABCP, MCSA November, 2011 Disaster an event, which causes the loss of an essential service, or part of it, for a length of time which imperils mission achievement. (Andrew Hiles,
More informationBusiness Continuity & Disaster Recovery
Business Continuity & Disaster Recovery Safety First Quality Every Time 1 Business Continuity & Disaster Recovery Planning Who here has a formal Business Continuity & Disaster Recovery plan? The purpose
More informationIT Disaster Recovery and Business Resumption Planning Standards
Information Technology Disaster Recovery and Business IT Disaster Recovery and Business Adopted by the Information Services Board (ISB) on May 28, 1992 Policy No: Also see: 500-P1, 502-G1 Supersedes No:
More informationBenchmarking resilience Organisational Resilience to Extreme Climatic Events
Benchmarking resilience Organisational Resilience to Extreme Climatic Events This project compares Sydney Water s organisational resilience and practices with other water utilities to identify strengths
More informationBT Conferencing Business Continuity Management. Planning to stay in business
BT Conferencing Business Continuity Management Planning to stay in business Planning for the unexpected In today s connected world, businesses are increasingly dependent on their communications and networked
More informationBusiness Continuity and Disaster Recovery Planning 3/16/2011. Lee Goldstein CPCP, MBCI President Business Contingency Group
Business Continuity and Disaster Recovery Planning 3/16/2011 Lee Goldstein CPCP, MBCI President Business Contingency Group Business Continuity/Disaster Recovery Planning to ensure the continuation/recovery
More informationHow To Manage A Financial Institution
BUSINESS CONTINUITY MANAGEMENT GUIDELINE April 2010 Table of Contents Preamble...3 Introduction...4 Scope...5 Coming into effect and updating...6 1. Continuity and resumption of business...7 2. Sound and
More informationBusiness Continuity Management Governance. Frank Higgins Abu Dhabi March 2015
Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity
More informationBUSINESS CONTINUITY PLAN. Specific Issues for Public Health Emergencies. Guidelines for Air Carriers
BUSINESS CONTINUITY PLAN Specific Issues for Public Health Emergencies Guidelines for Air Carriers 1 Contents PART 1 BACKGROUND 1.1. Introduction 1.2. Purpose 1.3. Scope and Application 1.4. Definition
More informationStrategic Alliance. Business Continuity Policy
Version 1.1 April 2016 Contents Contents Version control Foreword Policy Scope Aim and objectives Methods and standards Responsibilities Governance Training and exercises Page i ii 1 2 2 2 Version 1.1
More informationBusiness Continuity Policy and Business Continuity Management System
Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain
More informationFORMULATING YOUR BUSINESS CONTINUITY PLAN
WHITE PAPER Page 0 Planning for the Worst Case Scenario: FORMULATING YOUR BUSINESS CONTINUITY PLAN 9 Wing Drive Cedar Knolls, NJ 07927 www.nac.net Page 1 Table of Contents Overview... 2 What is Disaster
More informationEmergency Preparedness: Learning Objectives. Minimizing and Controlling Future Disasters. SHRM Disaster Preparedness Survey 3.
Emergency Preparedness: 1 Minimizing and Controlling Future Disasters October 7-8, 2013 Presenter: Marna Hayden, SPHR Hayden Resources Inc. www.haydenhr.com Learning Objectives How to develop emergency
More informationIT Disaster Recovery...It's Just the Tip of the Business Continuity Iceberg
PROFESSIONALADVANTAGE IT Disaster Recovery...It's Just the Tip of the Business Continuity Iceberg The importance of a holistic approach to Business Continuity and the art of making decisions when everyone's
More informationBusiness continuity plan
Business continuity plan CONTENTS INTRODUCTION 2 - Scope - Components BUSINESS IMPACT ANALYSIS 3 - Business Affairs - Information Technology RISK ASSESSMENT 5 - Broad Categories of Hazards - Hazard Table
More informationSection A: Introduction, Definitions and Principles of Infrastructure Resilience
Section A: Introduction, Definitions and Principles of Infrastructure Resilience A1. This section introduces infrastructure resilience, sets out the background and provides definitions. Introduction Purpose
More informationBus incident management planning: Guidelines
Bus incident management planning: Guidelines What is incident management planning? Incident management planning is everything your business does to prepare for potential disruptive or damaging incidents.
More informationDisaster Management and Business Continuity Plan for Bankers
Introduction Business interruptions can occur anywhere, anytime. Massive hurricanes, tsunamis, power outages, terrorist bombings and more have made recent headlines. It is impossible to predict what may
More informationTestimony of. Edward L. Yingling. On Behalf of the AMERICAN BANKERS ASSOCIATION. Before the. Subcommittee on Oversight and Investigations.
Testimony of Edward L. Yingling On Behalf of the AMERICAN BANKERS ASSOCIATION Before the Subcommittee on Oversight and Investigations Of the Committee on Financial Services United States House of Representatives
More informationBusiness Continuity Management and The Extended Enterprise
WHITE PAPER Business Continuity Business Continuity Management and The Extended Enterprise Continuous Availability in a Real-Time Economy Business Continuity is receiving a great deal of attention in the
More informationPrudential Practice Guide
Prudential Practice Guide LPG 232 Business Continuity Management March 2007 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal
More informationCompany Management System. Business Continuity in SIA
Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT
More informationBusiness Continuity Policy
Business Continuity Policy 1 NHS England INFORMATION READER BOX Directorate Medical Commissioning Operations Patients and Information Nursing Trans. & Corp. Ops. Commissioning Strategy Finance Publications
More informationRethinking contingency planning for an integrated world
Business Continuity* January 2010 Rethinking contingency planning for an integrated world Highlights: Increased supply chain complexities require broadened scope of contingency planning. Increasing outsourcing
More informationBusiness Continuity. Introduction. Safer Business - Better Health. Issue date - December 2007
Business Continuity Business Continuity Safer Business - Better Health Issue date - December 2007 Introduction Would your business survive if it was affected by a major incident or circumstances beyond
More informationAn Introduction to. Business Continuity Planning
An Introduction to Business Continuity Planning Company Profile Practical Experience European Head Office Extensive Client Base Established 1998 Expert Consultants Global Network Why BCP? I am often asked
More informationBSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012
To: From: Subject: Status: Date of Meeting: BSO Board Director of Human Resources & Corporate Services Business Continuity Policy For Approval 28 February 2012 The Board is asked to agree the attached
More informationBuilding and Maintaining a Business Continuity Program
Building and Maintaining a Business Continuity Program Successful strategies for financial institutions for effective preparation and recovery Table of Contents Introduction...3 This white paper was written
More informationQUEENSLAND HEALTH POLICY STATEMENT
Policy Identifier: 28028 QUEENSLAND HEALTH POLICY STATEMENT Policy Title Policy Statement Emergency Preparedness and Continuity Management Policy Queensland Health must maintain prepared ness and the capability
More informationBusiness Continuity Management (BCM) Policy
Business Continuity Management (BCM) Policy Reference number: Corporate 042 Title: Business Continuity Management (BCM) Policy Version number: Version 2 Policy Approved by: LLR PCT Cluster Board Date of
More informationASX SETTLEMENT OPERATING RULES Guidance Note 10
BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis
More informationBusiness Continuity Management Policy
Governance 1 Purpose The purpose of this policy is to communicate Business Continuity Management (BCM) framework, responsibilities and guiding principles for Victoria to effectively prepare for and achieve
More informationClinic Business Continuity Plan Guidelines
Clinic Business Continuity Plan Guidelines Published: January 2015 Table of Contents Emergency Notification Contacts Primary... 2 Emergency Notification Contacts Backups (in case primary is unavailable)...
More informationRisk Management & Business Continuity Manual 2011-2014
ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page
More information