National Fire Protection Association s Contribution to Business Continuity Strategies
|
|
- Kelley Waters
- 8 years ago
- Views:
Transcription
1 National Fire Protection Association s Contribution to Business Continuity Strategies
2 about me 1. Retired AVP Senior Business Risk Consultant 2. FM Global Trained: Years Service 2. Founder Member of the Business Risk Consulting Group (BRCG) for FM Global. 3. Senior Account Engineer with Arkwright International/FM Global 4. Field Engineer/Account Engineer with Factory Mutual International (FMI) 3. Industrial Experience 1. Servicing FM Global s Corporate Clients from Account Engineering & BRCG responsibilities. 2. Conducted Business Impact Analysis (BIA) for pharmaceutical, mining, manufacturing, media, financial services, defence, medical, chemical, power generation industries. 3. Quantified financial risks for company s internal & external global supply chains 4. Contributed to Business Continuity training programmes & seminars 5. Reviewed Business Continuity Plans for FM Global clients 4. Professionally Qualified to Masters Degree Level 1. Member Chartered Management Institute (MCMI) 2. Chartered Chemical Engineer (CEng) 3. Fellow Institution of Chemical Engineers (FIChemE) 4. Certified Business Continuity Practitioner (CBCP) DRII (Member Lapsed) 5. Affiliate Member of Business Continuity Institute (BCI) (Current) 2
3 the introduction Business Continuity Management Survey of 1,021 Managers from the Chartered Management Institute
4 the introduction Business Continuity Management Survey Chartered Management Institute % Managers Anticipating Specific Causes of Disruption Loss of IT Loss of Telecommunications Loss of Access to Site Loss of Skills Loss of People Fire Loss of Electricity/Gas Damage to Corporate image/brand/reputation Terrorist Damage Extreme Weather (Flood/Winds) Negative publicity/coverage Malicious Cyber Attack Loss of water/sewerage Employee health and safety incident Transport disruption Supply Chain disruption Environmental incident Customer health/product safety incident Industrial action Pressure group protest School/childcare closures 0% 10% 20% 30% 40% 50% 60% 70% 80% 4
5 the introduction Business Continuity Management Survey Chartered Management Institute % Managers Actual Specific Causes of Disruption Loss of IT Loss of Telecommunications Loss of Access to Site Loss of People Loss of Skills Fire Loss of Electricity/Gas Damage to Corporate image/brand/reputation Terrorist Damage Extreme Weather (Flood/Winds) Negative publicity/coverage Malicious Cyber Attack Loss of water/sewerage Employee health and safety incident Transport disruption Supply Chain disruption Environmental incident Customer health/product safety incident Industrial action Pressure group protest School/childcare closures 0% 10% 20% 30% 40% 50% 60% 70% 80% 5
6 the introduction Business Continuity Management Survey Chartered Management Institute Loss of IT Loss of Telecommunications Loss of Access to Site Loss of Skills Loss of People Fire Loss of Electricity/Gas Damage to Corporate image/brand/reputation Terrorist Damage Extreme Weather (Flood/Winds) Negative publicity/coverage Malicious Cyber Attack Loss of water/sewerage Employee health and safety incident Transport disruption Supply Chain disruption Environmental incident Customer health/product safety incident Industrial action Pressure group protest School/childcare closures Anticipated Actual 0% 10% 20% 30% 40% 50% 60% 70% 80% 6
7 the introduction 12 month record of, number and impact by cause of disruptive incidents ( ) 7
8 the introduction % of Organisations with Business Continuity Plans
9 the introduction Summary of Key Findings: 1. The actual cause of a major disruption cannot be reliably predicted at any one time, hence the adopted measures of likelihood and/or probability of occurrence. 2. The meaning of a major impact to a business has different significance, depending on who is asked. 3. The gradual increase in Business Continuity Plans is primarily being attributed to corporate governance, legislation/regulation and customer demands. 9
10 my objectives 1. To briefly summarise the origins of the NFPA business continuity standard and to review the approach as a concept for business survival. 2. To outline a bespoke Business Impact Analysis (BIA) which can align Business Continuity activity with the entity s business requirements. 3. To explore where NFPA s fire protection and business continuity activities could contribute to the continuity strategies for a company s overall Business Continuity Management Systems (BCMS) programme. 10
11 my objectives What this presentation is NOT: 1. A debate on all Business Continuity standards. 2. A discussion on risk probabilities. 3. A detailed financial analysis of a company 4. A preparation of a Business Continuity Plan. 5. A worst-case scenario study of an incident in a particular industry 6. A full list of Business Continuity definitions. 7. A complete description of what is required for a Business Continuity Management System (BCMS), or the BCM Life-Cycle 8. A review of Emergency Management/Disaster Recovery systems 11
12 the agenda 1. Business Continuity s Development a. the origins 2. Bespoke Business Impact Analysis a. the concept b. the activity c. the analysis d. the benefits 3. Business Continuity Strategies a. the summary b. the conclusion 12
13 the origins NFPA s Contribution to Fire Protection, Health and Safety Established in 1896, NFPA develops, publishes, and disseminates more than 300 consensus codes and standards that are designed to minimize the risk and effects of fire by establishing criteria for building, processing, design, service, and installation in the United States, as well as many other countries. Virtually every building, process, service, design, and installation in society today is affected by NFPA documents. Codes and Standards Numbered: NFPA 1 thru NFPA
14 the origins NFPA s Contribution to Fire Protection, Health and Safety Timeline Status 1995 NFPA 1600 issued as first standard on disaster/emergency response 2000 Updated to include Total Programme Approach 2004 Updated terminology and reformatted text 2007 Expanded conceptual framework for disaster/emergency management & Business Continuity programmes. Prevention, risk management, security, loss prevention 2010 Reordered & expanded Programme Management. Addressed planning, implementation, testing & exercising, programme improvement Required Business Impact Analysis 2013 Wide array of changes. Alignment with CSA Z1600 & DRII Professional Practices 14
15 the origins Purpose NFPA 1600 Application Business Continuity adoption: Primary Focus: Primary objective: Strategic Objectives based on: Overall Outcome Predominant standard for US & Department of Homeland Security. (DHS). Used in Europe, Latin America, Asia, Chile, China, Colombia, Ecuador, Korea, Thailand T&T. Mid-size to large public not for profit and private sector organisations High level standard defining the essential elements of an emergency management and business continuity program. Prevention & mitigation of vulnerabilities to people, property, environment, business enterprise. Programme constraints, operational experience and cost benefit analysis from detailed analysis of all threats, hazards & causes. Procedures for documenting responses primarily according to laws and regulations. 15
16 the origins NFPA/DRII Definitions Disaster/Emergency Management. An ongoing process to prevent, mitigate, prepare for, respond to, maintain continuity during, and recover from an incident that threatens life, property, operations, or the environment. Business Continuity. An ongoing process to ensure that the necessary steps are taken to identify the impact of potential losses and maintain viable recovery strategies, recovery plans, and continuity of services. Disaster/Emergency Management & Business Continuity Auditor Training
17 the origins NFPA 1600 IS A BCM STANDARD 1. emphasising programme policies and management components, provides guidelines that address the analysis, planning and implementation of the core elements of crisis management, business resumption planning and IT disaster recovery to manage the impact of disasters. 2. legal compliant but less concerned with the business requirements of the entity 17
18 the origins NFPA 1600 IS A BCM STANDARD 1. emphasising programme policies and management components, provides guidelines that address the analysis, planning and implementation of the core elements of crisis management, business resumption planning and IT disaster recovery to manage the impact of disasters. 2. legal compliant but less concerned with the business requirements of the entity 18
19 the origins Business Impact Analysis. A management level analysis that identifies, quantifies, and qualifies the impacts resulting from interruptions or disruptions of an entity s resources. The analysis may identify time-critical functions, recovery priorities, dependencies, and interdependencies so that recovery time objectives can be established and approved. NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs 2013 Edition
20 the origins The BIA shall evaluate the potential impact resulting from interruption or disruption of individual functions, processes, and applications * The BIA shall identify those functions, processes, infrastructure, systems, and applications that are critical to the entity and the point in time [recovery time objective (RTO)] when the impact of the interruption or disruption becomes unacceptable to the entity The BIA shall identify dependencies and interdependencies across functions, processes, and applications to determine the potential for compounding impact in the event of an interruption or disruption * The BIA shall evaluate the potential loss of information and the point in time [recovery point objective (RPO)] that defines the potential gap between the last backup of information and the time of the interruption or disruption * The BIA shall be used in the development of recovery strategies and plans to support the program. NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs 2013 Edition
21 the origins NFPA 1600 States the BIA should include 3 main components: 1. Identify the lines of process flow (i.e., material flow, information flow, people movement, cash flow) and time constraints. 2. Identify the interruption potentials that describe the financial, regulatory, customer, or operational impacts. 3. Identify the entity s dependency on technology infrastructure. NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs 2013 Edition
22 the origins Typical observations from my review of Business Continuity Plans:- 1. Plans lacked strategic direction from a Senior Management Business Continuity Policy. 2. Plans had no documented ownership, or demonstrated practical support, by appointed Senior Management at Board Level 3. Plans not aligned with business requirements: a. lacked business objectives, b. omitted customer requirements, c. ignored market demands to maintain a key customer base, d. omitted actions to assure delivery of products and/or services. 4. Plans predominantly based on worst-case scenarios identified from specific causes of disruption and estimated time required to repair damage and restore operations to normal levels. 5. Plans contained far too much detail and appeared onerous to maintain current. 22
23 the agenda the origins the concept the activity the analysis the benefits the summary the conclusion 23
24 the concept Business Continuity Survey Question 1. How will we do business if our critical systems are rendered inoperable? 2. How can we resume operations quickly following a business disruption? 3. Are there any particular vulnerable aspects to our business that we can eliminate as opposed to harden? 4. What are the pieces of business that are so critical that a major investment in hardening or redundancy would be justified? 5. Despite taking proper precautions are we still vulnerable to disruption due to outmoded infrastructure in the region? What the Questions should have Asked How can we maintain delivery of our products/services to achieve survival income? Within what time do we need to recover critical operations to achieve survival income? What strategy is required to reduce our dependency on internal and external critical activities? Which products/services must we deliver to key customers to maintain survival income during recovery of operations????? What is wrong with these questions? 24
25 the concept Business Continuity Survey Question 1. How will we do business if our critical systems are rendered inoperable? 2. How can we resume operations quickly following a business disruption? 3. Are there any particular vulnerable aspects to our business that we can eliminate as opposed to harden? 4. What are the pieces of business that are so critical that a major investment in hardening or redundancy would be justified? 5. Despite taking proper precautions are we still vulnerable to disruption due to outmoded infrastructure in the region? What the Questions should have Asked How can we maintain delivery of our products/services to achieve survival income? Within what time do we need to recover critical operations to achieve survival income? What strategy is required to reduce our dependency on internal and external critical activities? Which products/services must we deliver to key customers to maintain survival income during recovery of operations????? 25
26 the concept BUSINESS SURVIVAL IS PRIMARILY ABOUT MANAGING CASHFLOWS: 1. Maintaining optimum cash-flows over time during periods of: unplanned disruption to normal operations recovery to product/services delivery as usual 2. Ensuring future growth in income by: supporting present & future customers development of future key markets reflecting changes to the business environment complying with legislation and regulation
27 the concept MANAGEMENT MUST BE PRO-ACTIVE IN MANAGING CASHFLOWS: Management need to establish business continuity objectives that must be achieved over time to maintain sufficient cash flows for the business in the event of any disruption, approve appropriate Business Continuity strategies to achieve the objectives 27
28 the concept TIME IS MONEY!! 28
29 Service Capacity (Cashflow) the concept 100% Normal level of operation Maximum Acceptable Outage (MAO) Minimum level of operation for business survival 0% Business Continuity Strategy Objective Unplanned operational disruption & restoration Incident Response Plan Disaster Recovery Plan Business Continuity Plan (BCP) Time Decision to invoke BCP immediate short term Phase 1 short to medium term Phase 2 medium to long term Phase 3 Increasing size of incident 29
30 the concept Management pre-determines what needs to be managed right to achieve the objectives 30
31 the concept Causes of Physical Disruption Natural Catastrophes Pre-Disruption Mitigating BC Strategies Earthquake Enhanced structural design standards Tsunami Height of tidal levees at susceptible locations Flood Maintenance, dredging, adequate flood walls, barriers Windstorm, hurricanes, tornados Operational Failure Secure buildings & structures to National Standards Adjust ground level gradients, add drainage Loss of Equipment Alternate providers and/or shared resources Mechanical breakdown Regular maintenance, spare parts policy, duplication Property damage Fire sprinklers, water supply, fire walls, non-combustible construction, fixed extinguishers, hazard reduction Construction collapse Building design codes 31
32 the concept Causes of Non-Physical Disruption Reduced Product Sales Pre-Disruption Business BC Strategies supplier solvency product substitution, replacement, duplication, dual sourcing increased market competition discount options, target specific markets end of product life-cycle product mix, product churn, new product development out-dated business model Operational Failure expand distribution channels (national vs international), implement internet access, next day delivery. obsolete equipment phased replacement & updating, standardisation loss of key peoples skills succession planning poor management practises management team skills, Merger & Acquisition (M&A), takeover regulation/legal violation implement sound relationships with governing authorities 32
33 the concept Consequences of Disruption Loss of productivity Customer complaints received Increased cost of working Service outcome impaired Loss of revenue Damage to brand/reputation/image Product release delay Product recall/withdrawal Payment of service credits Share price fall Stakeholder/shareholder concern Delayed cash flows Expected increase in regulatory scrutiny Loss of regular customers Fine by regulator for non-compliance Cost of Largest Single Disruption in Supply Chain Total Cost Greater than 1mill 500,000-1mill 250, ,000 50, ,000 < 50,000 % Survey Respondents 9% 9% 19% 5% 59% BCI Supply Chain Survey
34 the concept Stage 1: Understand the Business Management establish strategic business continuity objectives Agree minimum cash-flow required for survival. Identify key markets and customers essential to the business. Establish the Maximum Acceptable Outage (MAO) for key products and/or service deliverables. Stage 2: Develop Strategies for Survival Management approve measures for resilience. Management approve strategies for continuity. Stage 3: Implement the Strategies Protect physical assets for internal & external resources. Enhance resilience of internal & external supply chains for key deliverables, as required. 34
35 the agenda the origins the concept the activity the analysis the benefits the summary the conclusion 35
36 the activity Sample interdependency flow diagram for Corporate products & services 36
37 the activity Sample Structure for a Company s Product/Services Niche Products Premium Products Commodity Products Product Categories Product Branding Markets Served Consumer Profiles 37
38 the activity MISSION CRITICAL ACTIVITIES (MCA) S U P P L I E R S Inbound Logistics Firm Infrastructure Assets & Resources Management Philosophy Information Technology & Communications Business Continuity Management Manufacturing or Processing Operations Finished Good or Process Control Outbound Logistics Marketing Sales & Service Profit C U S T O M E R S 38
39 the activity Understanding the Business Marketing Finance Operations Suppliers & Purchasing IT/IS/ICT Business Continuity & Disaster Recovery Management Activity Focus Sales, Sales Recovery & Customer Profiles Sales/Insurable Gross Profit/Business Income Activity dependency on income stream at each location Key product service dependency Dependency on information/data for delivery Status and relevance for business needs. 39
40 the agenda the origins the concept the activity the analysis the benefits the summary the conclusion 40
41 the analysis Sample Financial Dependency Matrix For 12 Months Trading 41
42 the analysis Market Recovery Profile Assumed Period of Disruption 3 months 6 months 9 months 12 months 15 months 18 months 21 months 24 months Percentage of the product revenue anticipated in each year following restoration of supply, as a percentage of the revenue in the year prior to the disruption. Year 1 Year 2 Year 3 42
43 Cash-flow Impact (% Annual Income) the analysis Impact vs Time Recovery Profile for Strategic Income Streams 200% 180% Worst case unmitigated impact 160% 140% 120% 100% 80% 60% 40% 20% 0% Business Continuity Strategic Objective mitigated impact 50% 65% 83% 100% 75% 50% 25% Business Continuity 3 6 Strategies 9 12 Months of Disruption Production Impact Market Impact 43
44 the agenda the origins the concept the activity the analysis the benefits the summary the conclusion 44
45 1. Understand the Business & Establish Continuity Objectives The Business Impact Analysis establishes bases for key continuity objectives: Product delivery criteria (MAO) for strategic market & income streams, Identifies critical dependencies through internal and external supply chains Identifies Mission Critical Activities (MCA) for resources, activities and processes, Quantifies the financial dependency on internal & external resources & suppliers 2. Continuity Strategies the benefits Pre-plan strategies required to achieve continuity objectives: Know what options are required to achieve optimum cash-flow Identifies What needs to be managed right to achieve objectives Protects key physical property assets from physical damage Reviews options to enhance resilience of critical activities and key suppliers 45
46 the benefits 1. Costs for Business Continuity Strategies are spent where there is added value: Enhances the business of the company through improved resilience Improves & enhances alignment with normal business requirements Protects critically dependent physical assets within the supply chains Achieves minimum cash-flow for the business, whatever the cause of the disruption may be. Costs incurred can enhance normal business practise. 2. Integrating Business Continuity Management Systems supports Management: Improves product and/or service delivery to the company s customer Reduces costs of business continuity Provides competitive advantage for the business from demonstrating added resilience. 46
47 the agenda the origins the concept the activity the analysis the benefits the summary the conclusion 47
48 the summary How can NFPA make a contribution to Business Continuity Strategies? NFPA 1600 & 13 Codes & Standards provide a consistent quality standard for a company to achieve strategic Business Continuity objectives. NFPA 1600 contributes to Business Continuity strategies by advising on: 1. What information should be gathered in a BIA to establish strategic objectives. 2. Guidance for management to assess what strategies should be implemented to achieve the strategic objectives. NFPA 13 contributes to Business Continuity strategies by: 1. Providing a quality standard for the implementation of physical protection where required as a solution for identified Business Continuity strategies. 48
49 the agenda the origins the concept the activity the analysis the benefits the summary the conclusion 49
50 the conclusion The National Fire Protection Association s Business Continuity activities and expertise directly support a company s business continuity strategies through: a) The specification of the content requirements of a Business Impact Analysis in NFPA b) Offering qualified expertise and quality products and services through NFPA 13 where the protection of physical assets is deemed a solution to a continuity strategy. 50
51 the conclusion I have: 1. Summarised findings from a Business Continuity survey 2. Briefly explored the origins of the NFPA s Business Continuity Standard and appropriateness as a concept for business survival 3. Described a BIA process which can help establish business continuity strategic priorities and objectives that will enhance the delivery of the entity s products and services as an aid to business survival. 4. Identified where NFPA s core competences in the development of specific Codes and Standards can be applied to support an entity s business continuity strategies 51
52 one final thought Causes of Business Disruption Reduced Product Sales Sample Cash-flow BC Strategies supplier solvency product substitution, replacement, duplication, dual sourcing increased market competition discount options, target specific markets end of product life-cycle product mix, product churn, new product development out-dated business model Operational Failure expand distribution channels (national vs international), implement internet access, next day delivery. obsolete equipment phased replacement & updating, loss of key peoples skills succession planning poor management practises management team skills, Merger & Acquisition (M&A), takeover regulation/legal violation implement sound relationships with governing authorities 52
53 one final thought Causes of Business Disruption Reduced Product Sales Sample Cash-flow BC Strategies supplier solvency product substitution, replacement, duplication, dual sourcing increased market competition discount options, target specific markets end of product life-cycle product mix, product churn, new product development out-dated business model Operational Failure expand distribution channels (national vs international), implement internet access, next day delivery. obsolete equipment phased replacement & updating, loss of key peoples skills succession planning poor management practises management team skills, Merger & Acquisition (M&A), takeover regulation/legal violation implement sound relationships with governing authorities 53
54 Thank You for Listening
Business Continuity Planning
Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why
More informationPAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA
1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationProposal for Business Continuity Plan and Management Review 6 August 2008
Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.
More informationFederal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK
Federal Financial Institutions Examination Council FFIEC Business Continuity Planning BCP FEBRUARY 2015 IT EXAMINATION H ANDBOOK Table of Contents Introduction 1 Board and Senior Management Responsibilities
More informationBUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS
BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3
More informationFederal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION
Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT
More informationShankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.
Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management
More informationDesktop Scenario Self Assessment Exercise Page 1
Page 1 Neil Jarvis Head of IT Security & IT Risk DHL Page 2 From reputation to data loss - how important is business continuity? Neil Jarvis Head of IT Security (EMEA) DHL Logistics IT Security Taking
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More informationwww.pwc.com Business Resiliency Business Continuity Management - January 14, 2014
www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition
More informationTemple university. Auditing a business continuity management BCM. November, 2015
Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program
More informationBCP and DR. P K Patel AGM, MoF
BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management
More informationBusiness Continuity Planning for Risk Reduction
Business Continuity Planning for Risk Reduction Ion PLUMB ionplumb@yahoo.com Andreea ZAMFIR zamfir_andreea_ileana@yahoo.com Delia TUDOR tudordelia@yahoo.com Faculty of Management Academy of Economic Studies
More informationPBSi Business Continuity Planning
Business Continuity Planning Definition Business Continuity planning is a planning process designed to reduce the risk that disruptive failures or events could seriously harm your business. It is designed
More informationEmergency Response and Business Continuity Management Policy
Emergency Response and Business Continuity Management Policy Owner: John Duffy, Registrar & Secretary Last updated: September 2012 Version: 04 Document control Date Version Author Changes To be populated
More informationEvaluating and Improving Your Business Continuity Plan
Evaluating and Improving Your Business Continuity Plan As presented to the Northeast Florida IIA Chapter January 23, 2015 Contact Information Karen Weir, MAC, CISA, CBCP Manager kweir@accretivesolutions.com
More informationBusiness Continuity Planning and Disaster Recovery Planning
4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business
More informationCompany Management System. Business Continuity in SIA
Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT
More informationBusiness Continuity Planning
Business Continuity Planning Public Entities Risk Management Forum 5 th July 2012 Presented by Mark Penberthy FBCI Overcoming Practical Challenges Business Continuity Management (BCM) AGENDA 1. What is
More informationBusiness Continuity Plan
Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions
More informationEMERGENCY PREPAREDNESS PLAN Business Continuity Plan
EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic
More informationWhy Should Companies Take a Closer Look at Business Continuity Planning?
whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters
More informationDeveloping a Business Continuity Plan... More Than Disaster
Developing a Business Continuity Plan..... More Than Disaster Recovery! April 19, 2010 UHY / MMA Business Survival Series Webinar Focus.... Understanding the components of Business Continuity Planning
More informationHow To Manage A Disruption Event
BUSINESS CONTINUITY FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Manager Organisational
More informationBT Conferencing Business Continuity Management. Planning to stay in business
BT Conferencing Business Continuity Management Planning to stay in business Planning for the unexpected In today s connected world, businesses are increasingly dependent on their communications and networked
More informationBusiness Continuity Management
Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not
More informationINFOSEC.MY KNOWLEDGE SHARING SESSION
INFOSEC.MY KNOWLEDGE SHARING SESSION Integration BCM into your Organization: Challenges & Opportunities 31 st October 2007 1 Prabha Ramanathan ( CBCP, MBCI, MBCS, MSCS) Certified Business Continuity Professional.have
More informationOverview TECHIS60851. Manage information security business resilience activities
Overview Information security business resilience encompasses business continuity and disaster recovery from information security threats. As well as addressing the consequences of a major security incident,
More informationBusiness Continuity (Policy & Procedure)
Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity
More informationNORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)
NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy
More informationNHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY
NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY AUTHOR/ APPROVAL DETAILS Document Author Written By: Human Resources Authorised Signature Authorised By: Helen Shields Date: 20
More informationHOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING
HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING ISO 22301 BUSINESS CONTINUITY MANAGEMENT SYSTEMS Most organisations will, at some point, be faced with having to respond
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Information Security- Perspective for Management Business Impact Analysis ( BIA ) and Business
More informationBusiness Continuity & Disaster Recovery
Business Continuity & Disaster Recovery Safety First Quality Every Time 1 Business Continuity & Disaster Recovery Planning Who here has a formal Business Continuity & Disaster Recovery plan? The purpose
More informationRSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief
RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief INTRODUCTION Now more than ever, organizations depend on services, business processes and technologies to generate revenue and meet
More informationBusiness Continuity Management Systems. Protecting for tomorrow by building resilience today
Business Continuity Management Systems Protecting for tomorrow by building resilience today Vital statistics 31% 40% of UK businesses have been affected by bad weather related transport problems, power
More informationBUSINESS CONTINUITY POLICY
BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility
More informationUpdate from the Business Continuity Working Group
23 June 2014 Performance and Resources Board 19 To note Update from the Business Continuity Working Group Issue 1 The Business Continuity Working Group oversees the development, maintenance and improvement
More informationTable of Contents... 1
... 1 Chapter 1 Introduction... 4 1.1 Executive Summary... 4 1.2 Goals and Objectives... 5 1.3 Senior Management and Board of Directors Responsibilities... 5 1.4 Business Continuity Planning Processes...
More informationBusiness Continuity Management - A Guide to the Italian Premier Control System
BELA-BELA LOCAL MUNICIPALITY Chris Hani Drive, Bela- Bela, Limpopo. Private Bag x 1609 BELA-BELA 0480 Tel: 014 736 8000 Fax: 014 736 3288 Website: www.belabela.gov.za OFFICE OF THE MUNICIPAL MANAGER Information
More informationCreating a Business Continuity Plan for your Health Center
Creating a Business Continuity Plan for your Health Center 1 Page Left Intentionally Blank 2 About This Manual This tool is the result of collaboration between the Primary Care Development Corporation
More informationDISASTER RECOVERY PLANNING GUIDE
DISASTER RECOVERY PLANNING GUIDE AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING FOR JD EDWARDS SOFTWARE CUSTOMERS www.wts.com WTS Disaster Recovery Planning Guide Page 1 Introduction This guide will provide
More informationBusiness continuity plan
Business continuity plan CONTENTS INTRODUCTION 2 - Scope - Components BUSINESS IMPACT ANALYSIS 3 - Business Affairs - Information Technology RISK ASSESSMENT 5 - Broad Categories of Hazards - Hazard Table
More informationThe Supply Chain and Business Continuity: Preparing to Survive the Next Disaster
The Supply Chain and Business Continuity: Preparing to Survive the Next Disaster Betty A. Kildow, CBCP, FBCI, Emergency Management Consultant Kildow Consulting 765/483-9365 BettyKildow@comcast.net 95th
More informationInstitute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745
ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan
More informationIntroduction to Business Continuity Planning
Introduction to Business Continuity Planning Business Continuity and Disaster Resilience Forum May 10, 2012 Rizal Ballroom A, Makati Shangri-la Manila, Philippines Dr Goh Moh Heng President BCM Institute
More informationProtecting your Enterprise
Understanding Disaster Recovery in California Protecting your Enterprise Session Overview Why do we Prepare What is? How do I analyze (measure) it? What to do with it? How do I communicate it? What does
More informationCoping with a major business disruption. Some practical advice
Coping with a major business disruption Some practical advice Coping with a major business disruption What is business continuity? Business continuity planning (BCP) is a management process that helps
More informationInformation Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.
Information Security Management: Business Continuity Planning Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Overview BCP: Definition BCP: Need for (Why?) BCP: When BCP: Who
More informationUnit Guide to Business Continuity/Resumption Planning
Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions
More informationPrinciples for BCM requirements for the Dutch financial sector and its providers.
Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011
More informationBusiness Continuity Policy
Business Continuity Policy Page 1 of 15 Business Continuity Policy First published: Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/14 Vicky Ryan Updated to include
More informationNovember 2007 Recommendations for Business Continuity Management (BCM)
November 2007 Recommendations for Business Continuity Management (BCM) Recommendations for Business Continuity Management (BCM) Contents 1. Background and objectives...2 2. Link with the BCP Swiss Financial
More informationWith the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS
How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning The world has experienced a great deal of natural and man-made upheaval and destruction in the past few years, including tornadoes,
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Data Handling in University Business Impact Analysis ( BIA ) Agenda Overview Terminologies Performing
More informationInteractive-Network Disaster Recovery
Interactive-Network Disaster Recovery BACKGROUND IT systems are vulnerable to a variety of disruptions, ranging from mild (e.g., short-term power outage, disk drive failure) to severe (e.g., terrorism,
More informationPrepared by Rod Davis, ABCP, MCSA November, 2011
Prepared by Rod Davis, ABCP, MCSA November, 2011 Disaster an event, which causes the loss of an essential service, or part of it, for a length of time which imperils mission achievement. (Andrew Hiles,
More informationRisk management + Strategic planning IT TAKES AN ENTIRE ORGANIZATION
1 Risk management + Strategic planning IT TAKES AN ENTIRE ORGANIZATION Background 2 Technology has become the central component of business operations Businesses have become more vulnerable to risks associated
More informationKPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity
INFORMATION RISK MANAGEMENT KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity ADVISORY Contents Agenda: Global trends and BCM
More informationBusiness Continuity Management
Business Continuity Management Factsheet To prepare for change, change the way you prepare In an intensely competitive environment, a permanent market presence is essential in order to satisfy customers
More informationDisaster Management and Business Continuity Plan for Bankers
Introduction Business interruptions can occur anywhere, anytime. Massive hurricanes, tsunamis, power outages, terrorist bombings and more have made recent headlines. It is impossible to predict what may
More informationAssessment of natural hazards, man made hazards, technical and societal related risks and associated impact.
Aon Business Continuity Planning The Aon Business Continuity Planning practice provides consulting services that allow Aon clients to measure and manage their strategic and tactical risks through Crisis
More informationExternal Supplier Control Requirements BCM
External Supplier Control Requirements BCM BCM Requirement Description BCM Tiers Recovery Time Objective Why this is important 1. Business Continuity Policy Supplier will have a documented Business Continuity
More informationDISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES
APPENDIX 1 DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES March 2008 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS EXECUTIVE SUMMARY...1
More informationIntroduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT
INFORMATION SECURITY: UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT FACTSHEET This factsheet will introduce you to Business Continuity Management (BCM), which is a process developed to counteract systems
More informationBusiness Continuity Management Governance. Frank Higgins Abu Dhabi March 2015
Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity
More informationBUSINESS CONTINUITY PLAN
How to Develop a BUSINESS CONTINUITY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A BUSINESS CONTINUITY PLAN? CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN CHAPTER
More informationBusiness Continuity and Disaster Planning
WHITE PAPER Business Continuity and Disaster Planning A guide to preparing for the unexpected Robert Drewniak Director, Strategic & Advisory Services Disasters are not always the result of high winds and
More informationBusiness Continuity Management
Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective
More informationBest Practices in Disaster Recovery Planning and Testing
Best Practices in Disaster Recovery Planning and Testing axcient.com 2015. Axcient, Inc. All Rights Reserved. 1 Best Practices in Disaster Recovery Planning and Testing Disaster Recovery plans are widely
More informationBusiness Continuity Management Policy
Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3
More informationMoving from BS 25999-2 to ISO 22301. The new international standard for business continuity management systems. Transition Guide
Transition Guide Moving from BS 25999-2 to ISO 22301 The new international standard for business continuity management systems Extract from The Route Map to Business Continuity Management: Meeting the
More informationBusiness Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com
Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?
More informationSCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E. 913-601-0104 (mobile) Bill.Biehl@we-inc.com
SCADA Business Continuity and Disaster Recovery Presented By: William Biehl, P.E. 913-601-0104 (mobile) Bill.Biehl@we-inc.com Business Continuity Planning, a Sound Process A Business Continuity Plan: "A
More informationBusiness Continuity Planning (BCP) & Disaster Recovery Planning (DRP).
Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP). Ed Fortin President Fortin Consulting Paul Godden Consultant & Quotation Author Friday 24 th February 2012 Business Continuity Planning
More informationBusiness Continuity and Emergency Preparedness Planning. Vandita Zachariah, MA, MBA, CIA HHSC Internal Audit Division May 21, 2010
Business Continuity and Emergency Preparedness Planning Vandita Zachariah, MA, MBA, CIA HHSC Internal Audit Division May 21, 2010 Overview Define key terms and list essential elements of business continuity
More informationNCUA LETTER TO CREDIT UNIONS
NCUA LETTER TO CREDIT UNIONS NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA 22314 DATE: December 2001 LETTER NO.: 01-CU-21 TO: SUBJ: ENCL: All Federally Insured Credit Unions Disaster
More informationBusiness Continuity Planning Guide
Business Continuity Planning Guide For Small Businesses Prepared by the City of Vaughan Emergency Planning Department 1 Business Continuity Planning Business Continuity Planning (BCP) is a planning process
More informationDisaster Recovery Journal Spring World 2014
Disaster Recovery Journal Spring World 2014 What works: Services and service supply chain business continuity risk management Don Hall, CBCP, Cisco Services Business Continuity Analyst Cisco Systems, Inc.
More informationBusiness Continuity and Disaster Recovery Planning
Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services
More informationILLINOIS INSTITUTE OF TECHNOLOGY School of Applied Technology. Dave Wallenberg, Mario Russo and Batchum Mataruke Edited by Ray Trygstad
ITM Whitepaper ILLINOIS INSTITUTE OF TECHNOLOGY School of Applied Technology...because knowledge is power. Selling the Boss: Convincing Senior Management of the Need for Contingency Planning Dave Wallenberg,
More informationBUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE
BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE Introduction 1. Recently many organisations both public and private have directed much more time, money and effort towards protecting service
More informationNEEDS BASED PLANNING FOR IT DISASTER RECOVERY
The Define/Align/Approve Reference Series NEEDS BASED PLANNING FOR IT DISASTER RECOVERY Disaster recovery planning is essential it s also expensive. That s why every step taken and dollar spent must be
More informationBusiness Unit CONTINGENCY PLAN
Contingency Plan Template Business Unit CONTINGENCY PLAN Version 1.0 (Date submitted) Submitted By: Business Unit Date Version 1.0 Page 1 1 Plan Review and Updates... 3 2 Introduction... 3 2.1 Purpose...
More information1.0 Policy Statement / Intentions (FOIA - Open)
Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies
More informationwww.td.com.au Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012
Business Continuity - IT Disaster Recovery Discussion Paper - - Version V2.0R Wednesday, 5 September 2012 Commercial in Confidence Melbourne Sydney 79-81 Coppin St Level 2 Richmond VIC 3121 414 Kent St
More informationHB 292 2006 A Practitioners Guide to Business Continuity Management
HB 292 2006 A Practitioners Guide to Business Continuity Management HB HB 292 2006 Handbook A practitioners guide to business continuity management First published as HB 292 2006. COPYRIGHT Standards Australia
More information#316 The Security Elements of Business Continuity & Disaster Recovery Plans
#316 The Security Elements of Business Continuity & Disaster Recovery Plans Ken Doughty CISA CBCP ODAS kdoughty@ozemail.com.au Presentation Outline Introduction Overview of Business Continuity Security
More informationDRAFT BUSINESS CONTINUITY MANAGEMENT POLICY
DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY This document outlines a set of policies and procedures for formalising a Business Continuity programme, and provides guidelines for developing, maintaining
More informationNHS 24 - Business Continuity Strategy
NHS 24 - Strategy Version: 0.3 Issue Date: 20/09/2005 Status: Issued for Board Approval Status: draft Page 1 of 13 Table of Contents 1 INTRODUCTION...3 2 PURPOSE...3 3 SCOPE...3 4 ASSUMPTIONS...4 5 BUSINESS
More informationBusiness Continuity Template
Emergency Management Business Continuity Template The Regional Municipality of Wood Buffalo would like to give credit to the Calgary Emergency Management Agency (CEMA) and the Calgary Chamber of Commerce
More informationPreparing for the Convergence of Risk Management & Business Continuity
Preparing for the Convergence of Risk Management & Business Continuity Disaster Recovery Journal Webinar Series September 5, 2012 2012 Strategic BCP, Inc. All rights reserved. strategicbcp.com 1 Today
More informationBUSINESS CONTINUITY MANAGEMENT FRAMEWORK
BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1 FRAMEWORK STATEMENT Business
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis
More informationThe Business Continuity Maturity Continuum
The Business Continuity Maturity Continuum Nick Benvenuto & Brian Zawada Protiviti Inc. 2004 Protiviti Inc. EOE Agenda Terminology Risk Management Infrastructure Discussion A Proposed Continuity Maturity
More informationAssessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC
Assessing Your Disaster Recovery Plans Gregory H. Soule, CPA, CISA, CISSP, CFE Andrews Hooper Pavlik PLC Andrews Hooper Pavlik PLC Agenda Business Continuity Concepts Impact Analysis Risk Assessment Risk
More informationBusiness Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?
Business Continuity Is your Business Prepared for the worse? Major emergencies can develop suddenly without warning. Situations can threaten and disrupt your business and impact upon you and your staff.
More informationHow to measure your business resiliency
How to measure your business resiliency Define the KPI s/kri s and scorecards to control your security and business continuity capabilities Krzysztof Pulkiewicz BCMLogic krzysztof.pulkiewicz@bcmlogic.com
More informationSCOPE; ENFORCEMENT; AUTHORITY; EXCEPTIONS
Title: DRAFT USG Continuity of Operation Plan Policy Policy Number: 2009-Julian Date Topical Security Area: Document Type: Standard Pages: Words: Lines: 5 1,387 182 Issue Date: May-09 Effective Date: Immediately
More informationBUSINESS CONTINUITY PLANNING GUIDELINES
BUSINESS CONTINUITY PLANNING GUIDELINES Washington University in St. Louis The purpose of this guide is to serve as a tool to all departments, divisions, and labs across the University in building a Business
More information