Business Continuity Planning

Size: px
Start display at page:

Download "Business Continuity Planning"

Transcription

1 Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why we have written this white paper as a guideline for what you should consider when developing your plan.

2 Business Continuity Planning 1. The life cycle of Business Continuity Management (BCM) Writing a Business Continuity Plan (BCP) is not a one off exercise it is essential that it becomes embedded in the culture of the organisation and is continually updated to reflect changes in the company and environment. Don t try and develop the whole BCP in one go you will encounter elements which are more challenging than others and need some time to address. Break the project down into phases and concentrate on quick wins which you can implement to demonstrate progress and get the attention of staff who need to contribute to the overall solution. This also encourages the culture of BCM being a dynamic and ongoing discipline within the organisation.

3 2. Assess the potential threats and risks facing your company and analyse their likely impact. It is daunting to think about the possibility of a disruption preventing your business from operating but you need to accept that unexpected events can cause turmoil for your business and statistically they do happen. Once you have carried out a Risk Assessment (RA) you will be able to better understand the potential impact of risks and then develop a plan that ensures that both your business s assets and personnel are sufficiently protected. Enter the risks you can identify into the grid below and assess both the likelihood of them happening and the consequences if they should. Remember that not all risks can be anticipated so try to use generic scenarios such as what if our premises were destroyed rather than what if there was a fire or what if a hurricane strikes. Then carry out a Business Impact Analysis (BIA) to investigate what action can be taken to mitigate the impact or eliminate the risk so that red entries can be downgraded either by reducing the likelihood of them happening or making the impact if they do happen less serious. For example, if loss of comms is a very high probability and would have a very significant impact on your ability to operate you should consider installing a secondary service as a backup. This additional connection could also be used for load balancing and hence improve productivity under normal business operations which would help justify the cost of implementing the BCP.

4 Examples of potential impacts from both identified and unidentified risks to consider include: Lost revenue Reputational damage Unbudgeted costs Customer defection/dissatisfaction Missed service delivery targets Regulatory fines Delay/inability to commence future business plans Downgraded credit rating 4. Separate Business Continuity from Disaster Recovery Although these disciplines are very much related, it is important to consider them separately. Business Continuity Planning is intended to prevent the negative consequences of an interruption to operations and enable Business As Usual (BAU). A Disaster Recovery Plan (DRP) focuses on the ability to restore operations to pre- incident status with the minimum of downtime and data loss. Try to separate responsibilities so that one team will focus on keeping the day- to- day business running while another deals with solving whatever has caused the invocation. 5. Identify key resources While all organisations have operations specific to their business there are certain key things which are constant across all companies. Staff: Probably the most important element of every business. Ensure that you have a list of contact details for all members of staff and make sure that it is kept current on a regular basis. Have a strategy in place for being able to communicate with all relevant people quickly and accurately in an emergency situation.

5 Consider which job functions are critically necessary to continue every day operations. Make sure key processes are fully documented with a secure and accessible record of critical passwords, etc. Carry out cross training to be certain all functions can be fulfilled by more than one member of staff. Company data: Your business cannot continue to operate in the short term without immediate access to information such as customer contact details, order status, financial records, etc, so you will need to ensure these can be very quickly recovered as part of your BCP. There are many solutions that can support this requirement such as hosted applications (also referred to as Cloud Computing), system replication and even failover where your live systems automatically recover immediately in a remote location. In the longer term you will need to have access to information such as contracts and trading history so this needs to be part of your DRP. Of course, you may be able to implement a single solution that covers both requirements, however faster recovery typically means a higher cost so it may be appropriate to have a mixed solution to ensure an appropriate Recovery Time Objective (RTO) and Recovery Point Objective (RPO) for different business functions at a price you can justify commercially. For example, you may decide to host your business critical applications in an off- site secure data centre with a guaranteed Service Level Agreement (SLA) for power and communications to ensure availability but it may be satisfactory to simply hold paper copies of important documents in a remote secure storage site. Premises: You should decide in advance where your core business will operate from in the event of not being able to work in your normal premises. While some members of staff may be able to work from home in the short term, it is not a viable alternative for running your company which can be challenging enough when everyone is in the same office. Furthermore, you have no control over the confidentiality of data which has serious security implications at a time when your business is particularly vulnerable. Have contracts in place that entitle you to use alternative premises so that you can invoke immediately without having to investigate availability and get agreement which you realistically won t have time to do in an emergency scenario. Test regularly to make sure you can carry out business critical activities from your alternative premises, it is no good relocating to somewhere that does not have sufficient physical capacity, connectivity or power. Ensure the staff who would be required to work from the site know how to get there and are comfortable

6 with being based there if you don t have their cooperation the recovery plan simply won t work. Equipment: Identify what equipment is essential to the day- to- day running of your business and plan where you could get replacements from in an appropriate timescale. If availability in an emergency does not fit your RTO then consider holding spares at a remote location, or taking out a contract with another company who uses similar equipment and could provide you with a guaranteed interim service. 6. Document the BCP Use the KISS principle (Keep It Simple Stupid) - a huge document will just be ignored in an emergency. Concentrate on the basic information and make it easy to navigate. Start with who has authority to invoke the plan and who has specific responsibility for making each part of it happen. Try and work with job titles rather than individual names so the plan doesn t need to be amended when staff change jobs. Don t try and document exact details of what they should do as the actions required may vary in the particular scenario you find yourself in, if you pick the right people they will be able to make the necessary decisions and get on with managing their specific responsibilities. Include a list of critical suppliers and partners with full contact information. If it is only stored on your system which no longer exists well, enough said! Involve the relevant people in the production of the BCP so they are comfortable with the responsibility and actions required from them. Publish the document and make sure there is a form of version control so everyone knows they are working from the same version. Distribute the document to each of your relevant staff members and make sure there is at least one copy stored off site that people know where to find in an emergency. Educate all members of staff in the contents of the plan and encourage a culture of BCM

7 across the organisation so that any changes introduced into the business are reflected in the recovery strategy. Test the plan using a worst case scenario such as catastrophic loss of premises and assets. Gather feedback from all participants and update the BCP to reflect any shortfall in RTO and RPO. Regularly review and update the BCP to ensure it still meets your recovery requirements and highlights its importance to key personnel. 7. Benefits of implementing a BCP Your auditors should be asking about your business resilience and ability to meet your SLAs and commitments in any event. Showing you have a proven BCP in place will tick the box for this requirement. Use it as a marketing tool to differentiate between you and your competitors to win (or retain) customers. And don t forget to have a chat with your insurance broker about how you have reduced the likelihood of making an expensive claim on your Business Interruption policy and therefore their liability to pay you compensation you may find they will discount your premium which again will contribute to any costs involved in implementing your BCP.

External Supplier Control Requirements BCM

External Supplier Control Requirements BCM External Supplier Control Requirements BCM BCM Requirement Description BCM Tiers Recovery Time Objective Why this is important 1. Business Continuity Policy Supplier will have a documented Business Continuity

More information

How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%.

How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%. How to write a DISASTER RECOVERY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A DRP AND HOW CAN IT HELP MY COMPANY? CHAPTER PREPARING TO WRITE YOUR DISASTER RECOVERY PLAN

More information

Proposal for Business Continuity Plan and Management Review 6 August 2008

Proposal for Business Continuity Plan and Management Review 6 August 2008 Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.

More information

BUSINESS CONTINUITY FRAMEWORK

BUSINESS CONTINUITY FRAMEWORK BUSINESS CONTINUITY FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Manager Organisational

More information

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan? Business Continuity Is your Business Prepared for the worse? Major emergencies can develop suddenly without warning. Situations can threaten and disrupt your business and impact upon you and your staff.

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

Desktop Scenario Self Assessment Exercise Page 1

Desktop Scenario Self Assessment Exercise Page 1 Page 1 Neil Jarvis Head of IT Security & IT Risk DHL Page 2 From reputation to data loss - how important is business continuity? Neil Jarvis Head of IT Security (EMEA) DHL Logistics IT Security Taking

More information

BUSINESS CONTINUITY MANAGEMENT A Guide for Businesses In Northamptonshire

BUSINESS CONTINUITY MANAGEMENT A Guide for Businesses In Northamptonshire BUSINESS CONTINUITY MANAGEMENT A Guide for Businesses In Northamptonshire 1 What is Business Continuity? Business Continuity is a planning process which provides a framework to ensure the resilience of

More information

BUSINESS CONTINUITY PLAN

BUSINESS CONTINUITY PLAN How to Develop a BUSINESS CONTINUITY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A BUSINESS CONTINUITY PLAN? CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN CHAPTER

More information

Coping with a major business disruption. Some practical advice

Coping with a major business disruption. Some practical advice Coping with a major business disruption Some practical advice Coping with a major business disruption What is business continuity? Business continuity planning (BCP) is a management process that helps

More information

Business Continuity and Disaster Planning

Business Continuity and Disaster Planning WHITE PAPER Business Continuity and Disaster Planning A guide to preparing for the unexpected Robert Drewniak Director, Strategic & Advisory Services Disasters are not always the result of high winds and

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Business Continuity Policy and Business Continuity Management System

Business Continuity Policy and Business Continuity Management System Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain

More information

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity INFORMATION RISK MANAGEMENT KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity ADVISORY Contents Agenda: Global trends and BCM

More information

The Difference Between Disaster Recovery and Business Continuance

The Difference Between Disaster Recovery and Business Continuance The Difference Between Disaster Recovery and Business Continuance In high school geometry we learned that a square is a rectangle, but a rectangle is not a square. The same analogy applies to business

More information

Company Management System. Business Continuity in SIA

Company Management System. Business Continuity in SIA Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT

More information

Beyond Disaster Recovery: Why Your Backup Plan Won t Work

Beyond Disaster Recovery: Why Your Backup Plan Won t Work Beyond Disaster Recovery: Why Your Backup Plan Won t Work Contents Introduction... 3 The Data Backup Model - Upgraded for 2015... 4 Why Disaster Recovery Isn t Enough... 5 Business Consequences with DR-Only

More information

Method 1 of 4: Understanding What Makes a Good Business Continuity Plan

Method 1 of 4: Understanding What Makes a Good Business Continuity Plan Business Continuity Plans (BCP) provide procedures for how employers and employees will stay in touch and keep doing their jobs in the event of a disaster or emergency, such as a fire at the office. Unfortunately,

More information

Disaster Recovery and Business Continuity What Every Executive Needs to Know

Disaster Recovery and Business Continuity What Every Executive Needs to Know Disaster Recovery and Business Continuity What Every Executive Needs to Know Bruce Campbell & Sandra Evans Contents Why you need DR and BC What constitutes a Disaster? The difference between disaster recovery

More information

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015 Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity

More information

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3

More information

Risk Management Guidelines

Risk Management Guidelines Business Continuity Management Understanding Risk We live in an unpredictable world. No matter how effectively a business protects itself through insurance, there are some risks that cannot be anticipated,

More information

Table of Contents... 1

Table of Contents... 1 ... 1 Chapter 1 Introduction... 4 1.1 Executive Summary... 4 1.2 Goals and Objectives... 5 1.3 Senior Management and Board of Directors Responsibilities... 5 1.4 Business Continuity Planning Processes...

More information

Business Continuity Management Policy

Business Continuity Management Policy Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3

More information

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY AUTHOR/ APPROVAL DETAILS Document Author Written By: Human Resources Authorised Signature Authorised By: Helen Shields Date: 20

More information

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING ISO 22301 BUSINESS CONTINUITY MANAGEMENT SYSTEMS Most organisations will, at some point, be faced with having to respond

More information

Business Continuity Management For Small to Medium-Sized Businesses

Business Continuity Management For Small to Medium-Sized Businesses Business Continuity Management For Small to Medium-Sized Businesses Produced by NORMIT and Norfolk County Council Resilience Team For an electronic copy of this document visit www.normit.org Telephone

More information

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Information Security Management: Business Continuity Planning Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Overview BCP: Definition BCP: Need for (Why?) BCP: When BCP: Who

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective

More information

NAVIGATING THROUGH A CATASTROPHIC DISASTER:

NAVIGATING THROUGH A CATASTROPHIC DISASTER: NAVIGATING THROUGH A CATASTROPHIC DISASTER: The five most common mistakes in business continuity planning As we continue to send our thoughts and prayers to the Japanese people, many of us are also reflecting

More information

Emergency Response and Business Continuity Management Policy

Emergency Response and Business Continuity Management Policy Emergency Response and Business Continuity Management Policy Owner: John Duffy, Registrar & Secretary Last updated: September 2012 Version: 04 Document control Date Version Author Changes To be populated

More information

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT INFORMATION SECURITY: UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT FACTSHEET This factsheet will introduce you to Business Continuity Management (BCM), which is a process developed to counteract systems

More information

a Disaster Recovery Plan

a Disaster Recovery Plan Construction of a Disaster Recovery Plan David Godwin, Sr. Sales Engineer March 18, 2014 Objectives Understand What Disaster Recovery is? Why is Disaster Recovery Needed? Effectively assist customers or

More information

Business Continuity Plan Toolkit

Business Continuity Plan Toolkit Business Continuity Plan Toolkit March 2015 1 Contents The Template instructions for use... 2 Introduction... 3 What is the purpose of this toolkit?... 3 Why do you need a Business Continuity Plan?...

More information

1.0 Policy Statement / Intentions (FOIA - Open)

1.0 Policy Statement / Intentions (FOIA - Open) Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies

More information

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

PROMOTING BUSINESS CONTINUITY. Greater Manchester Local Authority Business Continuity Group

PROMOTING BUSINESS CONTINUITY. Greater Manchester Local Authority Business Continuity Group PROMOTING BUSINESS CONTINUITY Greater Manchester Local Authority Business Continuity Group What is Business Continuity? Business Continuity is a planning process, which provides a framework for ensuring

More information

Disaster Recovery. Hendry Taylor Tayori Limited

Disaster Recovery. Hendry Taylor Tayori Limited Disaster Recovery Hendry Taylor Tayori Limited Agenda What is Business Continuity planning (BCP) What is Disaster Recovery (DR) and Disaster Recovery Planning (DRP) Overview Lifecycle Analysis Plan design

More information

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

Business Continuity Plan

Business Continuity Plan Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not

More information

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1 FRAMEWORK STATEMENT Business

More information

Information Security Policy. Chapter 11. Business Continuity

Information Security Policy. Chapter 11. Business Continuity Information Security Policy Chapter 11 Business Continuity Author: Policy & Strategy Team Version: 0.5 Date: July 2008 Version 0.5 Page 1 of 6 Document Control Information Document ID Document title Sefton

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Information Security- Perspective for Management Business Impact Analysis ( BIA ) and Business

More information

BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE

BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE Introduction 1. Recently many organisations both public and private have directed much more time, money and effort towards protecting service

More information

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Data Handling in University Business Impact Analysis ( BIA ) Agenda Overview Terminologies Performing

More information

Disaster Recovery Policy

Disaster Recovery Policy Disaster Recovery Policy INTRODUCTION This policy provides a framework for the ongoing process of planning, developing and implementing disaster recovery management for IT Services at UCD. A disaster is

More information

Business Continuity Planning advice for Businesses with 50-250 employees

Business Continuity Planning advice for Businesses with 50-250 employees Business Continuity Planning advice for Businesses with 50-250 employees Where to begin? A business continuity plan should consist of a business and contingencies analysis. It needs to be developed by

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Version 1 approved by SMG December 2013 Business Continuity Policy Version 1 1 of 9 Business Continuity Management Summary description: This document provides the rationale

More information

Best Practices in Disaster Recovery Planning and Testing

Best Practices in Disaster Recovery Planning and Testing Best Practices in Disaster Recovery Planning and Testing axcient.com 2015. Axcient, Inc. All Rights Reserved. 1 Best Practices in Disaster Recovery Planning and Testing Disaster Recovery plans are widely

More information

DISASTER RECOVERY 101 3 Steps You Need to Take (Before It s Too Late)

DISASTER RECOVERY 101 3 Steps You Need to Take (Before It s Too Late) DISASTER RECOVERY 101 3 Steps You Need to Take (Before It s Too Late) Introduction... 4 Disaster Recovery vs. Business Continuity... 4 Why You Need to Read this ebook... 5 Chapter 1: The Risks (aka, The

More information

Business continuity plan

Business continuity plan Business continuity plan CONTENTS INTRODUCTION 2 - Scope - Components BUSINESS IMPACT ANALYSIS 3 - Business Affairs - Information Technology RISK ASSESSMENT 5 - Broad Categories of Hazards - Hazard Table

More information

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management

More information

Temple university. Auditing a business continuity management BCM. November, 2015

Temple university. Auditing a business continuity management BCM. November, 2015 Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program

More information

courtesy of F5 NETWORKS New Technologies For Disaster Recovery/Business Continuity overview f5 networks P

courtesy of F5 NETWORKS New Technologies For Disaster Recovery/Business Continuity overview f5 networks P courtesy of F5 NETWORKS New Technologies For Disaster Recovery/Business Continuity overview Business Continuity, Disaster Recovery and Data Center Consolidation IT managers today must be ready for the

More information

TO AN EFFECTIVE BUSINESS CONTINUITY PLAN

TO AN EFFECTIVE BUSINESS CONTINUITY PLAN 5 STEPS TO AN EFFECTIVE BUSINESS CONTINUITY PLAN Introduction The Snowpocalypse of 2015 brought one winter storm after another, paralyzing the eastern half of the United States. It knocked out power for

More information

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy Birmingham CrossCity Clinical Commissioning Group Business Continuity Management Policy Version V1.0 Ratified by Operational Development Group Date ratified 6 th November 2014 Name of originator / author

More information

Business Continuity Planning in IT

Business Continuity Planning in IT Introduction: Business Continuity Planning in IT The more your business relies on its IT systems, the more you need to consider how unexpected disruptions might affect your business. These disruptions

More information

Business Continuity Planning. Presentation and. Direction

Business Continuity Planning. Presentation and. Direction Business Continuity Planning Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180 20 th Avenue Whitestone, NY 11357 Phone: (718) 591-5553 Email: bronackt@dcag.com

More information

Business Continuity Business Continuity Management Policy

Business Continuity Business Continuity Management Policy Business Continuity Business Continuity Management Policy : Date of Issue: 28 January 2009 Version no: 1.1 Review Date: January 2010 Document Owner: Patricia Hughes Document Authoriser: Tony Curtis 1 Version

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis

More information

FINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation

FINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation Facilitate Business Continuity Planning and disaster recovery for a Overview This unit is suitable for those working in risk management roles who have responsibility for facilitating business continuity

More information

Assessment of natural hazards, man made hazards, technical and societal related risks and associated impact.

Assessment of natural hazards, man made hazards, technical and societal related risks and associated impact. Aon Business Continuity Planning The Aon Business Continuity Planning practice provides consulting services that allow Aon clients to measure and manage their strategic and tactical risks through Crisis

More information

With 57% of small to medium-sized businesses (SMBs) having no formal disaster

With 57% of small to medium-sized businesses (SMBs) having no formal disaster Disaster Recovery For Business Owners Practical Guidance for a Critical Operation With 57% of small to medium-sized businesses (SMBs) having no formal disaster recovery plan (Symantec, 2011), and 52% believing

More information

Principles for BCM requirements for the Dutch financial sector and its providers.

Principles for BCM requirements for the Dutch financial sector and its providers. Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011

More information

Council Policy Business Continuity Management

Council Policy Business Continuity Management Policy Name: Business Continuity Management Council Policy Business Continuity Management ADOPTED BY COUNCIL: 19 th April 2016 DATE OF NEXT REVIEW: 18 th April 2020 RESPONSIBLE OFFICER: REFERENCES: Chief

More information

Business continuity strategy

Business continuity strategy Business continuity strategy 2009 2012 Table of contents 1 Why this strategy is needed 3 2 Aim of the strategy 4 3 Our approach to business continuity 4 PROCESS 4 STRUCTURE 5 DOCUMENTATION 6 DISRUPTION

More information

Business Continuity Management. Policy Statement and Strategy

Business Continuity Management. Policy Statement and Strategy Business Continuity Management Policy Statement and Strategy November 2011 Title Business Continuity Management Policy & Strategy Date of Publication: Cabinet Council Published by Borough Council of King

More information

ESKITP6034 IT Disaster Recovery Level 4 Role

ESKITP6034 IT Disaster Recovery Level 4 Role Overview This sub-discipline is about the competencies required in order to manage all aspect of Disaster Recovery (DR), as it applies to IT within an organisation. ESKITP6034 1 Performance criteria You

More information

D2-02_01 Disaster Recovery in the modern EPU

D2-02_01 Disaster Recovery in the modern EPU CONSEIL INTERNATIONAL DES GRANDS RESEAUX ELECTRIQUES INTERNATIONAL COUNCIL ON LARGE ELECTRIC SYSTEMS http:d2cigre.org STUDY COMMITTEE D2 INFORMATION SYSTEMS AND TELECOMMUNICATION 2015 Colloquium October

More information

Business Continuity Management Policy and Framework

Business Continuity Management Policy and Framework Management Policy and Framework Version: Produced by: Date Produced: Approved by: Updated: 7 University Manager with the assistance of the Operational Group 11 th March 2010 Steering Group (14 December

More information

NHS 24 - Business Continuity Strategy

NHS 24 - Business Continuity Strategy NHS 24 - Strategy Version: 0.3 Issue Date: 20/09/2005 Status: Issued for Board Approval Status: draft Page 1 of 13 Table of Contents 1 INTRODUCTION...3 2 PURPOSE...3 3 SCOPE...3 4 ASSUMPTIONS...4 5 BUSINESS

More information

INFOSEC.MY KNOWLEDGE SHARING SESSION

INFOSEC.MY KNOWLEDGE SHARING SESSION INFOSEC.MY KNOWLEDGE SHARING SESSION Integration BCM into your Organization: Challenges & Opportunities 31 st October 2007 1 Prabha Ramanathan ( CBCP, MBCI, MBCS, MSCS) Certified Business Continuity Professional.have

More information

Prudential Practice Guide

Prudential Practice Guide Prudential Practice Guide LPG 232 Business Continuity Management March 2007 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal

More information

www.td.com.au Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012

www.td.com.au Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012 Business Continuity - IT Disaster Recovery Discussion Paper - - Version V2.0R Wednesday, 5 September 2012 Commercial in Confidence Melbourne Sydney 79-81 Coppin St Level 2 Richmond VIC 3121 414 Kent St

More information

HA / DR Jargon Buster High Availability / Disaster Recovery

HA / DR Jargon Buster High Availability / Disaster Recovery HA / DR Jargon Buster High Availability / Disaster Recovery Welcome to Maxava s Jargon Buster. Your quick reference guide to Maxava HA and industry technical terms related to High Availability and Disaster

More information

Statement of Guidance

Statement of Guidance Statement of Guidance Business Continuity Management All Licensees 1. Statement of Objectives 1.1. To enhance the resilience of the financial sector and to minimise the potential impact of a major operational

More information

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd BS 25999 Business Continuity Management By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd 1 Contents slide BSI British Standards 2006 BS 25999(Business Continuity) 2002 BS 15000

More information

IT Disaster Recovery...It's Just the Tip of the Business Continuity Iceberg

IT Disaster Recovery...It's Just the Tip of the Business Continuity Iceberg PROFESSIONALADVANTAGE IT Disaster Recovery...It's Just the Tip of the Business Continuity Iceberg The importance of a holistic approach to Business Continuity and the art of making decisions when everyone's

More information

Building a Successful Business Continuity Program. Clyde Hague, CISM, CISSP, CRISC Information Security Officer First Merchants Corporation

Building a Successful Business Continuity Program. Clyde Hague, CISM, CISSP, CRISC Information Security Officer First Merchants Corporation Building a Successful Business Continuity Program Clyde Hague, CISM, CISSP, CRISC Information Security Officer First Merchants Corporation Discussion Topics Breaking Down the Parts Create a Solid Base

More information

Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke

Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke Agenda Key components essential to a FFIEC compliant Business Continuity Plan Recovery Time Objectives & Recovery Point

More information

Business Continuity Management

Business Continuity Management Business Continuity Management cliftonlarsonallen.com Introductions Brian Pye CliftonLarsonAllen Senior Manager Business Risk Services group 15 years of experience with Business Continuity Megan Moore

More information

IT Disaster Recovery Plan Template

IT Disaster Recovery Plan Template HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned

More information

IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement

More information

Business Continuity Policy

Business Continuity Policy Business Continuity Policy Page 1 of 15 Business Continuity Policy First published: Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/14 Vicky Ryan Updated to include

More information

National Fire Protection Association s Contribution to Business Continuity Strategies

National Fire Protection Association s Contribution to Business Continuity Strategies National Fire Protection Association s Contribution to Business Continuity Strategies about me 1. Retired AVP Senior Business Risk Consultant 2. FM Global Trained: 1. 35 Years Service 2. Founder Member

More information

AUSTRACLEAR REGULATIONS Guidance Note 10

AUSTRACLEAR REGULATIONS Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

JUMP START DISASTER RECOVERY PLAN FOR HOSPITALITY

JUMP START DISASTER RECOVERY PLAN FOR HOSPITALITY JUMP START DISASTER RECOVERY PLAN FOR HOSPITALITY Introduction In the hospitality industry, a disaster recovery plan (DRP) is a key part of smart business. A DRP can help you protect guests and employees

More information

Unit Guide to Business Continuity/Resumption Planning

Unit Guide to Business Continuity/Resumption Planning Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions

More information

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT

More information

Why Should Companies Take a Closer Look at Business Continuity Planning?

Why Should Companies Take a Closer Look at Business Continuity Planning? whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters

More information

Business Continuity Management AIRM Presentation

Business Continuity Management AIRM Presentation 16 January, 2008 Business Continuity Management AIRM Presentation David Hamilton, Senior Consultant http://www.marsh.ie Presentation Overview Terms used for BCP Where BCM fits in a business plan Business

More information

How to measure your business resiliency

How to measure your business resiliency How to measure your business resiliency Define the KPI s/kri s and scorecards to control your security and business continuity capabilities Krzysztof Pulkiewicz BCMLogic krzysztof.pulkiewicz@bcmlogic.com

More information

Each section has handy hints and advice on completing your plan along with links to further information which you can download and print.

Each section has handy hints and advice on completing your plan along with links to further information which you can download and print. Information on business continuity plans for businesses with 10 or fewer employees You will find that it is quick, easy and inexpensive to create a business continuity plan. This is a basic five-step guide

More information

LFRS Business Continuity Planning

LFRS Business Continuity Planning LFRS Business Continuity Planning 1.1 INTRODUCTION The LFRS Business Continuity Plan provides a framework for the activation, allocation and deployment of Lancashire Fire and Rescue Services resources

More information

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

Whitepaper. Disaster Recovery as a Service (DRaaS): A DR solution for all

Whitepaper. Disaster Recovery as a Service (DRaaS): A DR solution for all Whitepaper Disaster Recovery as a Service (DRaaS): A DR solution for all Disaster Recovery as a service: A DR solution for all Disaster Recovery (DR) is more important today than ever before. Why? Because

More information

BUSINESS CONTINUITY PLAN. Specific Issues for Public Health Emergencies. Guidelines for Air Carriers

BUSINESS CONTINUITY PLAN. Specific Issues for Public Health Emergencies. Guidelines for Air Carriers BUSINESS CONTINUITY PLAN Specific Issues for Public Health Emergencies Guidelines for Air Carriers 1 Contents PART 1 BACKGROUND 1.1. Introduction 1.2. Purpose 1.3. Scope and Application 1.4. Definition

More information

Flinders University IT Disaster Recovery Framework

Flinders University IT Disaster Recovery Framework Flinders University IT Disaster Recovery Framework Establishment: Flinders University, 1 August 2013 Last Amended: Manager, ITS Security Services, 4 October 2013 Nature of Amendment: Initial release Date

More information