Proposal for Business Continuity Plan and Management Review 6 August 2008
|
|
- Sheila Craig
- 8 years ago
- Views:
Transcription
1 Proposal for Business Continuity Plan and Management Review 6 August /8/6
2 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS BCM Development Case Study Appendix 2008/8/6 2
3 About Newton IT Newton IT Limited (Newton) is pleased to have the opportunity to propose for Business Continuity Plan and Management Review. Since our foundation in 998, Newton IT Limited has continually developed its business and increased its Products & Service offerings. With our combined Anglo Japanese management philosophy, Newton IT has been able to raise its profile of skill sets to meet the demands set by today's dynamically changing IT industry and to provide solutions at every level of our customer requirements and needs. All Rights Newton IT Ltd. 3
4 Quality of Our Services Member of The Business Continuity Institute ISO7799 Associate Consultant of BSI BS25999 / ISO900 / ISO2700 Registered Company (*) BCI Qualified Business Continuity Specialists (MBCI, ABCI) Other Specialists Skills (e.g. CISA, CEH, CISSP, MCSE, CCNA, CCNP) Provision of Solutions in accordance with International Standards (e.g. ISO2700, BS25999, COBIT, ITIL, ISO900, ISO20000) Proven ability to manage Projects on time and within budgets Corporate lawyer partnership with Legal Authority specialized in information systems (*) The Scope includes the provision of design, implementation and support IT Infrastructure, Consultancy on ISO2700 and Security Policies All Rights Newton IT Ltd. 4
5 .BCM & BS25999 Overview All Rights Newton IT Ltd. 5
6 BCM Overview (Terminologies) Terminologies around BCM BCM Risk Assessment RTO IMP BIA Recovery Response Business DR Continuity BCP Incident Response Incident Management DRP Business Impact Analysis Business Recovery RPO MTPD All Rights Newton IT Ltd. 6
7 BCM Overview (Timeline) (Business As Usual) Incident Timeline BCPs Exercise Assess Internal Audit Improvement Operation Rate Incident Incident Management Business Continuity Business Recovery 8hours 48hours 3months 00% TIME 60% Back to Normal 20% 0% RTO:8 hours RPO:20% of Normal Operation Note: RTO: Recovery time objective / RPO: Recovery point objective All Rights Newton IT Ltd. 7
8 Terms and Definition (/2) BCM Holistic management process that identified potential threats to an organization and the impacts to business operations that those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities Business Continuity Strategy Approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major incident or business interruption BCP Documented collection of procedures and information that is developed, compiled and maintained in readiness of use in an incident to enable an organization to continue to deliver its critical activities at an acceptable predefined level IMP Incident management plan. Clearly defined and documented plan of action for use at the time of an incident, typically covering the key personnel, resources, services and actions needed to implement the incident management process All Rights Newton IT Ltd. 8
9 Terms and Definition (2/2) Invocation Act of declaring that an organization s business continuity plan needs to be put into effect in order to continue delivery of key products or services BIA Business impact analysis. Process of analysing business functions and the effect that a business disruption might upon them RTO Recovery time objective. Target time set for resumption of product, service or activity delivery after an incident. The recovery time objective has to be less than the maximum tolerable period of disruption MTPD Maximum tolerable period of disruption. Duration after which an organization s viability will be irrevocably threatened if product and service delivery cannot be resumed All Rights Newton IT Ltd. 9
10 BS25999 Structure (/2) BS25999 Part Code of Practice Scope and applicability Terms and definitions Overview of business continuity management (BCM) The business continuity management policy BCM programme management Understanding the organization Determining business continuity strategy Developing and implementing a BCM response Exercising, maintaining and reviewing BCM arrangements Embedding BCM in the organization s culture All Rights Newton IT Ltd. 0
11 BS25999 Structure (2/2) BS25999 Part2 Specification Scope Terms and definitions Planning the business continuity management system General Establishing and managing the BCMS Embedding BCM in the organization s culture BCMS documentation and records Implementing and operating the BCMS Understanding the organization Determining business continuity strategy Developing and implementing a BCM response Exercising, maintaining and reviewing BCM arrangement Monitoring and reviewing the BCMS Internal Audit Management review of the BCMS Maintaining and improving the BCMS Preventive and corrective actions 6.2 Continual improvement All Rights Newton IT Ltd.
12 BCM Lifecycle Understanding the business Business Impact Analysis Risk Assessment The BCM Lifecycle BCM Strategies Organizational BCM strategy Process level BCM strategy Resource recovery BCM strategy Developing / Implementing BCM plans Business Continuity Plans resource recovery and solutions plan Disaster Recovery Plans BCM exercising, maintenance and audit Embedding a BCM culture awareness, training and culture (Ref: BS ) All Rights Newton IT Ltd. 2
13 2.BCM development in line with BS25999 All Rights Newton IT Ltd. 3
14 Target of the development The BCM Lifecycle The Target to Develop BCM Lifecycle itself (Ref: BS ) All Rights Newton IT Ltd. 4
15 Process to implement and operate the BCMS I. Understand the organization Identify key stakeholders and Business impact analysis (BIA) their needs and expectations 2 Risk Assessment (RA) Identify activities supporting key services/products 3 Determining choices Identify impacts resulting from II.Determining business continuity strategy disruption to those activities and determine how these vary over time. 2 Hot to recover each critical activity within its RTO, in taking account resources and suppliers and outsource partners required for resumption and recovery. III. Developing and implementing a BCM response Incident response structure Document business continuity plans and incident management plans Define MTPD and RTO, and identify critical activities Assess risks of critical activities and supporting resources Choose and implement risk treatments for each critical activity IV.Exercising, maintaining, and reviewing BCM arrangements BCM Exercise Decide BC Strategy based on the results of BIA & RA Assess the BCM arrangements and identify 2 improvements to be made All Rights Newton IT Ltd. 5
16 Document the BCM (/2) (Business As Usual) Incident Timeline BCPs Exercise Assess Internal Audit Improvement Operation Rate Incident Incident Management Business Continuity Business Recovery 8hours 48hours 3months 00% TIME 60% Back to Normal 20% 0% RTO:8 hours RPO:20% of Normal Operation Note: RTO: Recovery time objective / RPO: Recovery point objective All Rights Newton IT Ltd. 6
17 Document the BCM (2/2) Incident Timeline POLICY & PLANS BCPs Exercise Assess Internal Audit Improvement Operation Rate Incident Management Incident Management Plans Business Incident Continuity Policy and BCPs 8hours Business Continuity Business Continuity & Recovery Plan 48hours Business Recovery System Recovery Plan 3months PROCEDURES (Business As Usual) 00% TIME Training Material Training Result Test Case Lesson learnt report Internal Audit Plan 60% Internal Audit Result 20% Improvement Plan 0% Incident Management Procedures Back to Normal Business Continuity Recovery Procedures RTO:8 hours System Recovery RPO:20% of Normal Operation Procedures Note: RTO: Recovery time objective / RPO: Recovery point objective All Rights Newton IT Ltd. 7
18 3.BCM Development - Case Study All Rights Newton IT Ltd. 8
19 Case Overview Company A Industry: IT Solutions Provider Key Services: IT System design, implementation, maintenance and supports Consulting Software Development Number of Staff: 60 Turnover: 0 Millions (2006) Office: London, UK Number of Customers : 250 Companies Number of Suppliers : 30 Companies Internal IT Infrastructure Servers: 0 Client PC: 20 All Rights Newton IT Ltd. 9
20 Understand the organization (Overview /2) I. Understand the organization 2 3 Business impact analysis (BIA) Risk Assessment (RA) Determining choices II.Determining business continuity strategy Hot to recover each critical activity within its RTO, in taking account resources and suppliers and outsource partners required for resumption and recovery. III. Developing and implementing a BCM response 2 Incident response structure Document business continuity plans and incident management plans IV.Exercising, maintaining, and reviewing BCM arrangements BCM Exercise Assess the BCM arrangements and identify 2 improvements to be made All Rights Newton IT Ltd. 20
21 Understand the organization (Overview 2/2) In a business continuity context, an understanding of the organization comes from: BS25999-: Understanding the organization Identify the organization s objectives, stakeholder obligations and statutory duties Identify activities and resources supporting the service deliveries assess the impact and consequences over time of disruptions of those activities and resources BIA identify and evaluate the perceived threats that could disrupt the organization s key services, and the critical activities and resources that support them Risk Assessment All Rights Newton IT Ltd. 2
22 Understand the organization : BIA (Stakeholder Analysis) Identify the organization s objectives, stakeholder obligations and statutory duties Identify activities and resources supporting the service deliveries assess the impact and consequences over time of disruptions of those activities and resources BIA Key Stakeholders Customers Regulatory Bodies etc Expectations / Needs Relevant Services All Rights Newton IT Ltd. 22
23 Understand the organization : BIA (Critical Activities) Identify the organization s objectives, stakeholder obligations and statutory duties Identify activities and resources supporting the service deliveries assess the impact and consequences over time of disruptions of those activities and resources BIA ACTIVITIES IMPACTS RESULTING FROM DISRUPTIONS LEVEL LEVEL 2 Likely disruption LIKELY IMPACT OF DISRUPTION Impact DETAILS OF IMPACT (RANGE OF IMPACT /VARY OVER TIME) MTPD All Rights Newton IT Ltd. 23
24 Understand the organization : Risk Assessment (/2) In a BCM context, the level of risk should be understood specifically in respect of the organization s critical activities and the risk of a disruption to these; BS : Risk Assessment Critical activities are underpinned by resources such as people, premises, technology, information, supplies and stakeholders Identify the threats to these resources Identify the vulnerabilities of each resource Determine the impact what would be arise if a threat became an incident and caused a business disruption Define and document the risk assessment method (criteria for risk treatment, Identifications of acceptable levels of risk etc) All Rights Newton IT Ltd. 24
25 Understand the organization : Risk Assessment (2/2) Reference documents; Risk Assessment Results Threats Vulnerabilities Probability of occurrence (A) (High 3/Medium 2/Low ) Impact (B) (High 3/Medium 2/Low ) Value of Risks (C ) = (A) * (B) Choices (BC Strategy) Help desk Unavailability of key personnel / lack of training, insufficient inexperienced staff management of staff 3 3 Develop BCPs for Help Desk PEOPLE Unavailability of key personnel / lack of training, insufficient Engineers inexperienced staff management of staff 3 3 Develop BCPs for Engineers SUPPLIES The company letter head Lack of the letter head Insufficient logistics management Accept the risk Lack of physical security, the Office No access to the office office location PREMISES 3 3 Back-up Office / Develop BCPs No access to the office area Office location 3 3 Back-up Office / Develop BCPs Customer information No access to the information No duplicated information Data Replication at DR Site / Develop BCPs and System Recovery Procedures INFORMATION Engineers' skill set No access to the information No duplicated information Data Replication at DR Site / Develop BCPs and System Recovery Procedures Engineers' schedule No access to the information No duplicated information Data Replication at DR Site / Develop BCPs and System Recovery Procedures Loss of IT system No duplicated IT system, insufficient IT system 3 3 System recovery procedures maintenance File Server Loss of IT system No duplicated IT system, insufficient IT system 3 3 System recovery procedures maintenance IT SYSTEMS SAP Server Loss of IT system No duplicated IT system, insufficient IT system 3 3 System recovery procedures maintenance SAGE Loss of IT system No duplicated IT system, insufficient IT system 3 3 System recovery procedures maintenance TTS System Loss of IT system No duplicated IT system, insufficient IT system 3 3 System recovery procedures maintenance Mobile Phone Unavailability of Mobile phone No duplicated lines 2 2 Accept the risk OTHERS Supporting Resources Utilities Loss of utilities insufficient contracts, lack of maintenance Review contracts / Back-up office Post office Unavailability of Post office Strike, natural disaster 2 2 Accept the risk All Rights Newton IT Ltd. 25
26 Determining business continuity strategy (/3) I. Understand the organization 2 3 Business impact analysis (BIA) Risk Assessment (RA) Determining choices II.Determining business continuity strategy Hot to recover each critical activity within its RTO, in taking account resources and suppliers and outsource partners required for resumption and recovery. III. Developing and implementing a BCM response 2 Incident response structure Document business continuity plans and incident management plans IV.Exercising, maintaining, and reviewing BCM arrangements BCM Exercise Assess the BCM arrangements and identify 2 improvements to be made All Rights Newton IT Ltd. 26
27 Determining business continuity strategy (2/3) Strategy options BS25999-: Strategy options The organization should consider strategic options for its critical activities and the resources that each activity will require on its resumption. Decide BC Strategy Strategies might be required the following organizational resources; People Premises IT Systems Information Supplies Stakeholders Premises Strategy IT System Strategy Supply management Strategy All Rights Newton IT Ltd. 27
28 Determining business continuity strategy (3/3) Reference documents; Business Continuity Strategic Options Option : Restore data from back-up tape Option 2: Data replication at DR site Option 3: System and data replication at DR site People The existing staff Train the existing staff Train the existing staff R e s o u c e s R e q u i r e d Premises Back-up office DR site / Back-up Office DR Site / Back-up office IT The existing back-up tape Server for data duplication Servers for system and data replications Supplies Others Data restore manuals Purchasing new server to restore data from back-up tape Transportation to/from DR site, data recovery manual Contract with DR site Transportation to/from DR site, system and data recovery manual Contract with DR site A Feasibility High High High d e Effectiveness q (MTPD) u Low High High a c Cost Low Medium High y All Rights Newton IT Ltd. 28
29 Developing and implementing a BCM response (/2) I. Understand the organization 2 3 Business impact analysis (BIA) Risk Assessment (RA) Determining choices II.Determining business continuity strategy Hot to recover each critical activity within its RTO, in taking account resources and suppliers and outsource partners required for resumption and recovery. III. Developing and implementing a BCM response 2 Incident response structure Document business continuity plans and incident management plans IV.Exercising, maintaining, and reviewing BCM arrangements BCM Exercise Assess the BCM arrangements and identify 2 improvements to be made All Rights Newton IT Ltd. 29
30 Developing and implementing a BCM response (2/2) Developing a BCM Response BS : Incident Management Structure The organization shall nominate incident response personnel (e.g. Incident management team which consist of the management) with the necessary responsibility, authority and competence to manage an incident. BS : Business continuity plans and incident management plans The organization shall have documented plans (e.g. Incident management plans, business continuity plans) that detail how the organization will manage an incident and how it will recover or maintain its activities to a predetermined level in the event of an disruption. All Rights Newton IT Ltd. 30
31 Developing and implementing a BCM response (Invocation of plans) TIME LINE INCIDENT What has gone wrong? IMPACT ANALYSIS Which critical processes will be stopped? DURATION ANALYSIS How long can the disruption be expected to last? IMT IMPs DRPs INFORMATION GAP ANALYSIS Do we have enough information to assess the incident? If we wait to get more information will we be able to safely invoke? START BUSINESS CONTINUITY & RECOVERY Implement Business Continuity Plans BCPs INVOKE DR SITE SEND EVERYONE ELSE BACK-UP Send the Recovery staff to DR site and OFFICE start system recovery All staff other than Recovery staff to go back-up office (or home) All Rights Newton IT Ltd. 3
32 Developing and implementing a BCM response (Contents of plans). BC Policy 2. Objectives and scope 3. Roles and responsibilities 4. Plans invocation 5. Document management 6. Contact list The Company-level BCP. Task and action lists 2. Emergency contact lists 3. Activities Site evaluation procedure Safety and first aid Safety briefing Staff/customer communications 4. Media response 5. Response to key stakeholders 6. Incident management team 7. Appendix (sample) access to the sites communications with insurance companies Secure facilities and premises. Task and action lists Plans Invocation Available services Transpiration Manual operation and system recovery operation procedures 2. Required resources People Premises IT systems Information and supplies etc 3. Owner of the BCP 4. Check sheet Incident Management Plans Team s BCPs All Rights Newton IT Ltd. 32
33 Exercising, maintaining, and reviewing BCM arrangements (/2) I. Understand the organization 2 3 Business impact analysis (BIA) Risk Assessment (RA) Determining choices II.Determining business continuity strategy Hot to recover each critical activity within its RTO, in taking account resources and suppliers and outsource partners required for resumption and recovery. III. Developing and implementing a BCM response 2 Incident response structure Document business continuity plans and incident management plans IV.Exercising, maintaining, and reviewing BCM arrangements BCM Exercise Assess the BCM arrangements and identify 2 improvements to be made All Rights Newton IT Ltd. 33
34 Exercising, maintaining, and reviewing BCM arrangements (2/2). Test policy 2. Objective 3. Scope 4. Success criteria 5. Roles and responsibilities 6. Test method 7. Test schedule BCP Test plans. Objective 2. Scope Test scenario Success criteria Test result Recommended improvement action Improvement action target date Internal Audit Plans Internal Audit Report Lesson learnt report Improvement Action Plans All Rights Newton IT Ltd. 34
35 Appendix 2008/8/6 35
36 Introduction of Key Staff Aki Sudo (Senior Consultant) Aki Sudo is an experienced Business and IT Governance consultant with more than 0 years experience, including the audit and risk management for organizations in a variety of sectors. Aki is a Certified Information System Auditor (CISA), BCI Business Continuity Professional member (MBCI), ISO2700 specialist and BS25999 specialist. Kieran McDonagh (Senior Consultant) Kieran McDonagh is an experienced Operational and IT risk consultant with more than fifteen years experience in reviewing and managing risks for organizations in a variety of sectors. Kieran is a Certified Information System Auditor (CISA) and BCI member. All Rights Newton IT Ltd. 36
By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd
BS 25999 Business Continuity Management By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd 1 Contents slide BSI British Standards 2006 BS 25999(Business Continuity) 2002 BS 15000
More informationBusiness Continuity Management
Business Continuity Management Version 1 approved by SMG December 2013 Business Continuity Policy Version 1 1 of 9 Business Continuity Management Summary description: This document provides the rationale
More informationCompany Management System. Business Continuity in SIA
Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT
More informationTemple university. Auditing a business continuity management BCM. November, 2015
Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program
More informationNHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY
NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY AUTHOR/ APPROVAL DETAILS Document Author Written By: Human Resources Authorised Signature Authorised By: Helen Shields Date: 20
More informationBusiness Continuity Management Policy
Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3
More informationwww.td.com.au Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012
Business Continuity - IT Disaster Recovery Discussion Paper - - Version V2.0R Wednesday, 5 September 2012 Commercial in Confidence Melbourne Sydney 79-81 Coppin St Level 2 Richmond VIC 3121 414 Kent St
More informationINFOSEC.MY KNOWLEDGE SHARING SESSION
INFOSEC.MY KNOWLEDGE SHARING SESSION Integration BCM into your Organization: Challenges & Opportunities 31 st October 2007 1 Prabha Ramanathan ( CBCP, MBCI, MBCS, MSCS) Certified Business Continuity Professional.have
More informationBusiness Continuity Management and BS 25999 by Steve Chan, Head of Training - HK, BSI Management Systems
Business Continuity Management and BS 25999 by Steve Chan, Head of Training - HK, BSI Management Systems 9 April, 2008 2 Presentation content Drivers for Business Continuity Standards and definitions.
More informationBusiness Continuity Management
Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not
More informationBCP and DR. P K Patel AGM, MoF
BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management
More informationBusiness Continuity Policy and Business Continuity Management System
Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain
More informationPrinciples for BCM requirements for the Dutch financial sector and its providers.
Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011
More informationBUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS
BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3
More informationHOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING
HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING ISO 22301 BUSINESS CONTINUITY MANAGEMENT SYSTEMS Most organisations will, at some point, be faced with having to respond
More informationBusiness Continuity Planning
Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why
More informationExternal Supplier Control Requirements BCM
External Supplier Control Requirements BCM BCM Requirement Description BCM Tiers Recovery Time Objective Why this is important 1. Business Continuity Policy Supplier will have a documented Business Continuity
More informationPAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA
1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationEmergency Response and Business Continuity Management Policy
Emergency Response and Business Continuity Management Policy Owner: John Duffy, Registrar & Secretary Last updated: September 2012 Version: 04 Document control Date Version Author Changes To be populated
More informationBusiness Continuity Policy
Business Continuity Policy 1 NHS England INFORMATION READER BOX Directorate Medical Commissioning Operations Patients and Information Nursing Trans. & Corp. Ops. Commissioning Strategy Finance Publications
More informationBusiness Continuity Policy
Business Continuity Policy Page 1 of 15 Business Continuity Policy First published: Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/14 Vicky Ryan Updated to include
More informationNORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)
NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy
More informationBusiness Continuity Management Governance. Frank Higgins Abu Dhabi March 2015
Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity
More informationBusiness Continuity (Policy & Procedure)
Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity
More informationBusiness Continuity Policy
Page 1 of 16 Business Continuity Policy Issue Date: Aug 2013 Document Number: 00241 Prepared by: Business Management and Continuity Senior Manager Next Review Date: April 2014 Page 2 of 16 NHS England
More informationBSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012
To: From: Subject: Status: Date of Meeting: BSO Board Director of Human Resources & Corporate Services Business Continuity Policy For Approval 28 February 2012 The Board is asked to agree the attached
More informationUpdate from the Business Continuity Working Group
23 June 2014 Performance and Resources Board 19 To note Update from the Business Continuity Working Group Issue 1 The Business Continuity Working Group oversees the development, maintenance and improvement
More informationHow To Manage A Disruption Event
BUSINESS CONTINUITY FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Manager Organisational
More informationUniversity of Glasgow. Policy for. Business Continuity Management
University of Glasgow Policy for Business Continuity Management 1 Policy Statement The University of Glasgow is committed to delivering the highest possible quality of service to our students, and the
More informationCITY UNIVERSITY OF HONG KONG Business Continuity Management Standard
PUBLIC Version: 1.0 CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief
More informationInstitute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745
ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan
More informationBusiness Continuity Management
Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective
More informationNHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0
NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy Version 1.0 Document Control Title: Status: Version: 1.0 Issue date: May 2014 Document owner: (Name,
More informationCoping with a major business disruption. Some practical advice
Coping with a major business disruption Some practical advice Coping with a major business disruption What is business continuity? Business continuity planning (BCP) is a management process that helps
More informationBusiness Continuity Management Program Development Guide
Business Continuity Management Program Development Guide Prepared by The NS Emergency Management Office, Winter 2012 Version 1.1 Page 2 of 24 Document Revision History Date Author Revision Notes Fall 2011
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More informationBirmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy
Birmingham CrossCity Clinical Commissioning Group Business Continuity Management Policy Version V1.0 Ratified by Operational Development Group Date ratified 6 th November 2014 Name of originator / author
More informationBUSINESS CONTINUITY MANAGEMENT FRAMEWORK
BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1 FRAMEWORK STATEMENT Business
More informationBusiness Continuity Policy
Business Continuity Policy St Mary Magdalene Academy V1.0 / September 2014 Document Control Document Details Document Title Document Type Business Continuity Policy Policy Version 2.0 Effective From 1st
More informationBest Practices in Disaster Recovery Planning and Testing
Best Practices in Disaster Recovery Planning and Testing axcient.com 2015. Axcient, Inc. All Rights Reserved. 1 Best Practices in Disaster Recovery Planning and Testing Disaster Recovery plans are widely
More informationISO 22301: Societal Security Terminology ISO 22313: BCMS Guidance ISO 22398: Exercises and Testing - Guidance
The Impact of ISO 22301 Moving Your BCM Program to a Management System Implementing the Newly Approved International Business Continuity Management System Standard & Guidance Documents ISO 22301: Societal
More informationOverview TECHIS60851. Manage information security business resilience activities
Overview Information security business resilience encompasses business continuity and disaster recovery from information security threats. As well as addressing the consequences of a major security incident,
More informationSolihull Clinical Commissioning Group
Solihull Clinical Commissioning Group Business Continuity Policy Version v1 Ratified by SMT Date ratified 24 February 2014 Name of originator / author CSU Corporate Services Review date Annual Target audience
More informationBUSINESS CONTINUITY MANAGEMENT POLICY
BUSINESS CONTINUITY MANAGEMENT POLICY AUTHORISED BY: DATE: Andy Buck Chief Executive March 2011 Ratifying Committee: NHS Rotherham Board Date Agreed: Issue No: NEXT REVIEW DATE: 2013 1 Lead Director John
More informationBusiness Continuity Management Framework 2014 2017
Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity
More information1.0 Policy Statement / Intentions (FOIA - Open)
Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies
More informationShankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.
Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management
More informationWEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy
WEST YORKSHIRE FIRE & RESCUE SERVICE Business Continuity Management Strategy Date Issued: 12 November 2012 Review Date: 12 November 2015 Version Control Version Number Date Author Comment 0.1 June 2011
More informationUpdate from the Business Continuity Working Group
18 June 2015 Performance and Resources Board 14 To note Update from the Business Continuity Working Group Issue 1 The Business Continuity Working Group oversees the development, maintenance and improvement
More informationBusiness Continuity Planning and Disaster Recovery Planning
4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business
More informationRETAIL AUDIT FORUM - AUDITING BUSINESS CONTINUITY
RETAIL AUDIT FORUM - AUDITING BUSINESS CONTINUITY Alan Hodgson MSc CMIIA MBCI 2 My Background 15 years within Internal Audit CMIIA MSc Audit Management and Consultancy 10 years in Retail 10 years in Business
More informationTips and techniques a typical audit programme
Auditing Business Continuity Planning Tips and techniques a typical audit programme Karen Wills, Senior Internal Auditor St James s Place Wealth Management February 2014 Contents Background Roles and Responsibilities
More informationMoving from BS 25999-2 to ISO 22301. The new international standard for business continuity management systems. Transition Guide
Transition Guide Moving from BS 25999-2 to ISO 22301 The new international standard for business continuity management systems Extract from The Route Map to Business Continuity Management: Meeting the
More informationCHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY
Zurich Management Services Limited Registered in England: No 2741053 Registered Office The Zurich Centre, 3000 Parkway Whiteley, Fareham Hampshire, PO15 7JZ CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY
More informationBusiness Continuity Management For Small to Medium-Sized Businesses
Business Continuity Management For Small to Medium-Sized Businesses Produced by NORMIT and Norfolk County Council Resilience Team For an electronic copy of this document visit www.normit.org Telephone
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis
More informationBUSINESS CONTINUITY & STRATEGY POLICY
BUSINESS CONTINUITY & STRATEGY POLICY Authorship: Chris Wallace, Information Governance Manager Committee Approved: Quality and Clinical Governance Committee Approved date: 1 Feb 2014 Review Date: Jan
More informationabcdefghijklmnopqrstu
abcdefghijklmnopqrstu Business Continuity A Framework for NHS Scotland Strategic Guidance for NHS Organisations in Scotland 1 Contents 1. Introduction 4 1.1 Business Continuity Overview 5 2. Roles and
More informationBusiness Continuity Management Charter
Province of Nova Scotia Business Continuity Management Charter Department, Agency or Commission Name Business Continuity Coordinator Name 3/14/2014 Program Charter for Business Continuity Management Program
More informationDriving Operational Risk Management Into the Customer/Product Value Chain
Driving Operational Risk Management Into the Customer/Product Value Chain Eric Staffin, MBCI, CISSP Vice President, Global Head of Product & Infrastructure Risk Management Thomson Reuters, Investment &
More informationInternal Audit Department NeighborWorks America. Audit Review of the Business Continuity Plan (BCP) Management and Documentation
Department NeighborWorks America Audit Review of the Business Continuity Plan (BCP) and Documentation Project Number: ADMN.BCP.2013 Audit Review of of BCP Table of Contents Project Completion Letter...
More informationIntroduction to Business Continuity Planning
Introduction to Business Continuity Planning Business Continuity and Disaster Resilience Forum May 10, 2012 Rizal Ballroom A, Makati Shangri-la Manila, Philippines Dr Goh Moh Heng President BCM Institute
More informationBusiness Continuity Management Emerging Trends
Business Continuity Management Emerging Trends Presentation Title Goes Here Samir Shah CA, CISA, DISA, CIA, CISSP, CFE, ISO 22301 LI Associate Director Axis Risk Consulting March 2013 Outline 2 1. Business
More informationDacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery
Dacorum Borough Council Final Internal Audit Report IT Business Continuity and Disaster Recovery Distribution list: Chris Gordon Group Manager Performance, Policy and Projects John Worts ICT Team Leader
More informationBusiness Continuity and Disaster Recovery Planning
Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services
More informationState of South Carolina Policy Guidance and Training
State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Business Continuity Management Policy June 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy
More informationHow To Manage A Business Continuity Strategy
Business continuity strategy 2009 2012 Table of contents 1 Why this strategy is needed 3 2 Aim of the strategy 4 3 Our approach to business continuity 4 PROCESS 4 STRUCTURE 5 DOCUMENTATION 6 DISRUPTION
More informationBusiness Continuity Management Policy
Governance: Business Committee Policy Owner: Chief Superintendent, Corporate Services Department: Corporate Services Policy Number: 002 Version: 3.0 Policy Writer: Business Continuity Co-ordinator Effective
More informationTable of Contents... 1
... 1 Chapter 1 Introduction... 4 1.1 Executive Summary... 4 1.2 Goals and Objectives... 5 1.3 Senior Management and Board of Directors Responsibilities... 5 1.4 Business Continuity Planning Processes...
More informationNOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager 17.09.12
POLICY BUSINESS CONTINUITY Policy owners Policy holder Author Head of Services Specialist Operations Contingency Planning Business Continuity Manager Policy No. 132 Approved by Legal Services 17.09.12
More informationESKITP6036 IT Disaster Recovery Level 5 Role
Overview This sub-discipline is about the competencies required in order to manage all aspect of Disaster Recovery (DR), as it applies to IT within an organisation. ESKITP6036 1 Performance criteria You
More informationCouncil Policy Business Continuity Management
Policy Name: Business Continuity Management Council Policy Business Continuity Management ADOPTED BY COUNCIL: 19 th April 2016 DATE OF NEXT REVIEW: 18 th April 2020 RESPONSIBLE OFFICER: REFERENCES: Chief
More informationESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1
ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1 June 2007 The ESCB has developed a glossary of major business continuity terms for market
More informationPost-Class Quiz: Business Continuity & Disaster Recovery Planning Domain
1. What is the most common planned performance duration for a continuity of operations plan (COOP)? A. 30 days B. 60 days C. 90 days D. It depends on the severity of a disaster. 2. What is the business
More informationBusiness Continuity Management. Policy Statement and Strategy
Business Continuity Management Policy Statement and Strategy November 2011 Title Business Continuity Management Policy & Strategy Date of Publication: Cabinet Council Published by Borough Council of King
More informationBCM and DRP - RFP Template
BCM and DRP - The Supreme Council of Information & Communication Technology ictqatar PUBLICATION DATE Document Reference This document should be used as an example of the contents of an RFP for business
More informationIncident Management, Business Continuity and IT Disaster Recovery
Incident Management, Business Continuity and IT Disaster Recovery Aggeliki Tsohou Lecturer, Ionian University, Department of Informatics, Greece atsohou@ionio.gr 1 Contents Information Security Incident
More informationCode Subsidiary Document No. 0007: Business Continuity Management. September 2015
Code Subsidiary Document No. 0007: September 2015 Change History Version Number Date of Issue Reason For Change Change Control Reference Sections Affected 20150511 11 May 2015 For industry consultation
More informationBusiness Continuity Management Policy and Framework
Management Policy and Framework Version: Produced by: Date Produced: Approved by: Updated: 7 University Manager with the assistance of the Operational Group 11 th March 2010 Steering Group (14 December
More informationModule 7. Business Continuity Management
Module 7 Business Continuity Management MODULE 7: BUSINESS CONTINUITY MANAGEMENT Table of Contents Module 7: Business Continuity Management... 1 SECTION 1: OVERVIEW... 7 MODLULE 7: BUSINESS CONTINUITY
More informationBUSINESS CONTINUITY STRATEGY 2014-2017
BUSINESS CONTINUITY STRATEGY 2014-2017 This strategy covers the period 01 April 2014 31 March 2017 and was approved by the Major Incident Working Group 19.03.2014 Caroline Rushmer Major Incident and Business
More informationBusiness Continuity Planning. A guide to loss prevention
Business Continuity Planning A guide to loss prevention There are many statistics quoted about the effect that a lack of planning for a disaster has on a business. What s certain is that any unplanned
More informationBusiness Continuity Management
GENERALLY ACCESSIBLE Business Continuity Management Field Report from an Audit Point of View ISACA Swiss Chapter - After Hour Seminar 28 August 2006 - Urs Voigt - Group Internal Audit Disasters Happen
More informationBusiness Continuity Plan
Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions
More informationa Disaster Recovery Plan
Construction of a Disaster Recovery Plan David Godwin, Sr. Sales Engineer March 18, 2014 Objectives Understand What Disaster Recovery is? Why is Disaster Recovery Needed? Effectively assist customers or
More informationBusiness Continuity Planning
Business Continuity Planning Presenter Carolyn Bell-Wisdom, CIA, FCCA, FCA, CISA, CFE, Director, Internal Audit Outsourcing, Risk & Business Continuity Services at Jamaica AGENDA Welcome and introduction
More informationPAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA
Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationInformation Services IT Security Policies B. Business continuity management and planning
Information Services IT Security Policies B. Business continuity management and planning Version 1 Date created: 28th May 2009 Approved by Directorate: 2nd July 2009 Review date: 1st July 2010 Primary
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page
More information2014 NABRICO Conference
Business Continuity Planning 2014 NABRICO Conference September 19, 2014 6 CityPlace Drive, Suite 900 St. Louis, Missouri 63141 314.983.1200 1520 S. Fifth Street, Suite 309 St. Charles, Missouri 63303 636.255.3000
More informationVal-EdTM. Valiant Technologies Education & Training Services. 2-day Workshop on Business Continuity & Disaster Recovery Planning
Val-EdTM Valiant Technologies Education & Training Services 2-day Workshop on Business Continuity & Disaster Recovery Planning All Trademarks and Copyrights recognized Page 1 of 8 Welcome to Valiant Technologies.
More informationBS 25999 BUSINESS CONTINUITY MANAGEMENT
BS 25999 BUSINESS CONTINUITY MANAGEMENT AUDIT, CERTIFICATION & training services HOW CAN YOU ENSURE BUSINESS CONTINUITY? BS 25999 AUDITS & CERTIFICATION FROM SGS Most organisations will, at some point,
More informationIntroduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT
INFORMATION SECURITY: UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT FACTSHEET This factsheet will introduce you to Business Continuity Management (BCM), which is a process developed to counteract systems
More informationLeveraging the IT Service Continuity Management framework Gord Novoselnik Business Continuity Office Enterprise Solutions Division
Leveraging the IT Service Continuity Management framework Gord Novoselnik Business Continuity Office Enterprise Solutions Division 1 MTS Allstream Inc. proprietary. Use pursuant to company instructions./
More informationBusiness Continuity Business Continuity Management Policy
Business Continuity Business Continuity Management Policy : Date of Issue: 28 January 2009 Version no: 1.1 Review Date: January 2010 Document Owner: Patricia Hughes Document Authoriser: Tony Curtis 1 Version
More informationGlobal Statement of Business Continuity
Business Continuity Management Version 1.0-2014 Date October 18, 2014 Status Author Business Continuity Management (BCM) Page 1 of 8 Table of Contents 1. Credit Suisse Business Continuity Statement 3 2.
More informationBUSINESS CONTINUITY POLICY
BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility
More informationBusiness Continuity for the New Professional. Britt Corra Enterprise BCM Erika Voss Senior BCM
Business Continuity for the New Professional Britt Corra Enterprise BCM Erika Voss Senior BCM New to Business Continuity? Agenda & Experience 3-5 years experience? Seasoned veteran? What is BCM Tool Kit?
More informationFinding the areas for improvement in plans, processes and procedures to protect shareholder value Performance driven. Quality assured.
End-to-End Business Continuity Testing Finding the areas for improvement in plans, processes and procedures to protect shareholder value Performance driven. Quality assured. End-to-End Business Continuity
More informationBusiness Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?
Business Continuity Is your Business Prepared for the worse? Major emergencies can develop suddenly without warning. Situations can threaten and disrupt your business and impact upon you and your staff.
More information