The Business of Continuity
|
|
- Marcus Gardner
- 8 years ago
- Views:
Transcription
1 The Business of Continuity The loss of, or serious disruption to, any critical process, function or system can have a significant impact on an organisation; in some cases threatening its very survival. Business continuity management and information security management are concerned with assessing and addressing risks to the business and its supporting infrastructure. They are the means by which a strategy is developed, implemented and maintained, to ensure an organisation is capable of responding to, coping with and recovering from major security breaches and disruptions to normal operations. They involve the implementation of risk management strategies to avoid major incidents or crises occurring, and recovery strategies to ensure that, if the worst does happen, an organisation is capable of an effective response and recovery. Business continuity management and information security management are about protecting all critical parts of the business. The overriding objective is to ensure that an organisation can provide an acceptable level of service to all stakeholders, including customers and other business partners, regardless of any disruptive events or incidents that might occur. Achieving this at reasonable cost and within reasonable timescales are key requirements. for independence Our independence means we are not tied to a single methodology and enables us to offer truly impartial advice. acumen ak ū-men, n. the ability to judge well; insight. [from Latin: sharpness, from acuere to sharpen, from acus needle] for experience Our consultants have a wealth of practical, real-life experience in helping organisations plan and prepare to respond to and recover from disruptive incidents. for service Project management Scoping exercise Information security review Plan health check/capability review Business impact analysis Risk analysis Dependency modelling Emergency response planning and crisis management Strategy development/implementation of solutions Plan development Exercising and testing Training and awareness Review, maintenance and continuous improvement Crisis media communications for excellence Our innovative style is based upon a sound working knowledge of industry best practice and a partnership approach with our clients. Acumen has the skills and experience to assist companies to produce effective and workable business continuity and IT recovery plans.
2 Company Profile Formed in 1997, Acumen Business Services Ltd specialises in the provision of independent business continuity management, risk management and information security management consultancy services. Acumen has provided consultancy support to a number of well-known organisations, across a wide range of industry types, including insurance, financial services, manufacturing, distribution, pharmaceutical, petrochemical, retail, local government, publishing, education, transport, housing, utilities and IT services. In addition to our own direct client list we are regularly involved with some of the UK s leading providers of business continuity and IT recovery services in managing and participating in projects for their clients. Our managing consultants are either Fellows or Members of the Business Continuity Institute and have a wealth of practical experience in business continuity and IT recovery planning. We are actively involved in supporting the ongoing business continuity management programmes of a number of major organisations. Acumen s philosophy is one of capability-based planning, whereby we aim to develop and enhance the client s business continuity capability rather than merely providing a business continuity plan. To this end, Acumen s style is to work closely with our clients as part of their business continuity management team, with the emphasis on working with rather than for them. We believe that we adopt an innovative approach that is based upon a sound working knowledge of industry best practice. Being independent enables us to offer truly impartial advice based upon over twelve years of business continuity management involvement backed by invaluable practical experience. We are not tied to a particular working methodology and prefer a partnership approach. This approach has proved successful in a number of assignments, where a close working relationship has been a contributing factor in the successful implementation of the client s business continuity objectives. Acumen has the skills and experience to assist our clients in producing effective and workable business continuity plans. Scoping Exercise Organisations embarking on a business continuity project for the first time are often unclear as to what the project should involve. Where this is the case, it is beneficial to conduct a scoping exercise, to determine the full extent of the work that needs to be carried out. A scoping exercise, conducted by experienced Acumen consultants, involves interviews with key personnel and analysis of relevant documentation to: Determine the existing level of business continuity capability; Assess the level of business continuity awareness within the organisation; Identify the steps required to implement an appropriate business continuity programme; Estimate project timescales and resource requirements (internal and external); Identify budget costs; Provide an outline project plan. On completion of the review a report is produced, which includes the above findings and recommendations. A scoping exercise will help to ensure that your business continuity programme is appropriate to the needs of the organisation, and will help get the project off to the right start.
3 Business Continuity Health Check/Capability Review For clients who have already developed and implemented business continuity plans it can be extremely useful to obtain a fresh perspective from someone not connected with the organisation. Often, the responsibility for plan development is given to someone who does not have in-depth experience of business continuity management. An assessment of the plans against industry best practice will confirm whether all key considerations have been addressed. A plan health check and capability review, carried out by experienced Acumen consultants, enables you to have confidence in the viability of your plans and will highlight any areas for improvement. It will clarify whether your plans meet, or how they fall short of, business requirements. The study, which is tailored to the specific requirements of the client, includes interviews with key personnel and analysis of the plan documents. It will typically include a review of: The business continuity policy and strategy; Underlying recovery solutions; Your ability to meet the stated recovery time and recovery point objectives; The crisis/incident management framework; The business continuity plan structure, format and content; Staff awareness and training; Change management and plan updates. On completion of the review a report is produced, which includes observations and recommendations. The likelihood is that you will have invested a significant amount of time and money in the development of your plans. The Health Check and Capability Review can give you confidence that your investment has been worthwhile.
4 Business Impact Analysis To enable an appropriate and cost-effective business continuity strategy to be developed, an organisation needs to know, in measurable terms, just what impact an interruption would have on the business. The following questions, therefore, need to be answered: How much will the business lose, or how much additional expense will accrue, if the business is disrupted for varying periods of time? What reputational impact will a disruption have on the business? How much disruption to other areas of the business will occur? How quickly do the critical business functions need to be recovered following an interruption? How much data loss can the organisation tolerate? Conducting a formal business impact analysis (BIA) will provide this crucial information, and assist in the identification and justification of an appropriate business continuity strategy. The BIA is a study which identifies critical business functions and systems and the impacts on the business (financial, operational and regulatory) which would result if those functions or systems were unavailable. Impacts are measured in both quantitative (financial) and qualitative (e.g. reputation) terms. To be effective, the BIA has to be an interactive process involving input from key management groups. Project Initiation Business function rep s identified Questionnaires tailored Presentations, etc scheduled Kick-off & impacts workshop Participants briefed Impacts identified RTOs set Questionnaires distributed Recovery req ts interviews Structured interviews Questionnaires discussed/completed Follow-up meetings Issues resolved Analysis Findings collated and analysed Concurrence Draft findings presented/discussed Working group approval Report & presentation Draft report produced Feedback/updates Final report issued On completion of the process a detailed report is delivered which includes an analysis of the organisation's business functions and critical systems, an outline of the client's financial and operational exposure, a recommended recovery strategy and a summary of recovery requirements. The BIA provides senior management with the information necessary to enable them to make informed decisions on business continuity management strategies, and is an essential first step in the business continuity management project.
5 Risk Analysis All businesses are constantly faced with a number of risks, from fires and floods to commercial risks such as negative cash flow, loss of a major client or litigation. Significant risks have the potential to seriously affect an organisation s business continuity. It is therefore important to understand the probability and potential impact of a particular risk materialising, so that priority can be given to mitigating the significant risks. A risk analysis will identify particular threats and vulnerabilities to the business and its support facilities and recommend risk reduction measures that can be implemented to mitigate them. The analysis is based on a site survey and discussions with key business and support facility managers. The resulting report will include a list of vulnerabilities together with risk reduction options. X Y Z Risk* Classification* Probability* Impact* Rating* Countermeasures** * Classification, based on probability and impact (eg High/Medium/Low, Red/Amber/Green, 1/2/3, etc), indicating significance of each risk to the organisation ** Risk mitigation measures to be considered The risk analysis, in conjunction with the business impact analysis, enables senior management to make informed decisions regarding the business continuity strategies that are appropriate for the organisation. Emergency Response and Crisis/Incident Management Planning The Emergency Response and Crisis Management structures that will come into play at-time-of-disaster are likely to be very different from your normal, day-to-day organisational structure. Decisions will have to be made quickly under unfamiliar and extremely stressful conditions. It is essential that there is a Crisis or Incident Management Team framework in place that can manage the overall recovery process effectively. The Home Office recommends a 3-tiered approach to Emergency Response and Incident Management, and this structure is used by the emergency services. Strategic (Gold) Strategic co-ordinating group Authority to make executive decisions Focus for high-level communication (eg Gov't) Based away from scene of incident Imposes control Reports status Tactical (Silver) Overall general management Prioritises allocation of resources Plans and co-ordinates tasks Based at or near to scene of incident Imposes control Reports status Operational (Bronze) Assesses extent of problem Performs tasks within own area of responsibility Operates at incident/recovery location(s)
6 An example of this structure applied to an organisation s business continuity plans follows: Strategic Executive Management Team (EMT) MAIN DUTIES Policy decisions Strategic direction High level liaison Tactical Incident Management Team (IMT) MAIN DUTIES Damage assessment Incident management Recovery support Operational Infrastructure Recovery Team (IRT) Business Recovery Teams (BRTs) MAIN DUTIES Facilities restoration IT & network recovery Salvage MAIN DUTIES Business recovery It is essential that the personnel nominated to make up these teams are fully aware of the structure that will apply in an emergency and of their own roles and responsibilities within that structure. Training and exercising, therefore, form an important part of the construction of the teams. Acumen s experienced consultants can provide advice and guidance with the formation of the Crisis Management and Recovery Teams; address the training needs of the various team members; and assist with the production, maintenance and exercising of the associated plans. Crisis Media Communications Effective management of the media is a crucial element of effective crisis or incident management, which requires careful planning and particular skills. Successful management of a crisis is not only about taking the appropriate actions to remedy the situation, it is also about being seen to be taking them and being heard to say the right things. In other words, your stakeholders perception of your crisis management capability is their reality. And the best business or technical recovery plans in the world may come to nothing if that perception is not managed effectively. Unfortunately, history is littered with the casualties of poor crisis media communications. A robust and positive public relations policy is therefore a key part of your crisis management capability. And it is essential that your nominated media spokespeople are sufficiently trained and practised in the role. But it is also important that your planning efforts are not restricted to your senior spokespeople, as experience has shown that managers and front-line personnel on the ground are likely to be the first target for the media.
7 Acumen s specialist media consultants, all of whom have previously worked as journalists and therefore have first hand experience of how the media operates, can offer expert advice, guidance and training to ensure that your key people are ready to face anything the media may throw at them. This includes: Basic media awareness training for those who may come into contact with the media or be tasked with assisting media communications planning Crisis media training, including mock interviews and news conferences One-to-one (or small group) training and mentoring for media spokespeople Media focussed crisis/incident management exercises Business Continuity Plan Development Your business continuity programme should address the following four elements: Planning Emergency Response Business Recovery Crisis Management The documented business continuity plan is the culmination of the planning activity, which includes Business Impact Analysis, risk analysis, and selection and implementation of appropriate continuity strategies. It is the document that will be used at the time of a disaster or major incident to aid the various recovery teams in ensuring the recovery of your critical business functions. The business continuity plan should include the following elements: Emergency Response Escalation and invocation Callout Damage assessment Crisis Management Command centres Recovery strategies HR issues Media management Business Recovery Recovery Team structure Team members Key contact details (staff, customers, suppliers, etc) Vital records Infrastructure recovery (premises and IT) Key processes and tasks There are various styles of business continuity plan and the style you choose should reflect the needs and culture of your organisation. Whichever style you choose, the plan needs to be easy to follow and usable under unfamiliar and stressful conditions.
8 A good business continuity plan is seen as a living document that will change as your organisation changes. It is essential that it is kept up-to-date the survival of your organisation could depend on it. Acumen s experienced consultants will work as part of your business continuity management team to provide expert advice and guidance on all of the above elements. They will help you to develop and maintain an effective and workable business continuity plan that reflects the needs of your business. Strategy Development/Implementation of Solutions The Business Impact Analysis and Risk Analysis processes will have resulted in a number of recommended strategies for business recovery, risk mitigation and information security management, such as: Internal arrangements, eg: Spare office accommodation Standby computer facilities Mirroring of critical systems Reciprocal arrangements with other parts of the group Specialist external services, eg: Warm restart computer sites Workarea recovery sites Cold restart sites Ship-in services Expert salvage and restoration services Environmental improvements, eg: Fire, water and intruder detection Physical security Diverse routing of power and telecommunications circuits Information security and data protection measures, eg: Data security policy Procedural changes Data backups Virus checking Firewalls The objective of the implementation phase is to deliver the chosen strategies within approved time, resource and financial constraints. It incorporates: Project management 3 rd party ITT processes for appropriate maintenance, support and recovery services; Implementation of resilience countermeasures; Provision of operational documentation and procedures; Implementation of backup strategies; Development of business continuity and information security plans; Executive and user awareness training. Acumen can provide expert assistance in all of the above areas, helping you meet your business continuity and information security objectives.
9 Exercising and Testing Exercising and testing is a vital part of the long term business continuity or information security management lifecycle, which will prove the viability of your plans and highlight areas for further improvement. It also provides an ideal training opportunity for those involved in the key activities. Testing can often be time consuming and expensive, so it is important that adequate planning and preparation takes place to ensure that maximum benefit is gained. All testing must be carefully managed and co-ordinated to ensure low risk to the business but maximum return on the effort put in. An effective test will contain most, if not all, of the following elements: A body responsible for control and co-ordination Objectives and success criteria A test plan and schedule Briefing of participants Management and co-ordination Event logs and post-exercise critique forms Independent observers Post-test reporting and follow-up Acumen s consultants have extensive, practical experience of the full range of testing methods, including: Callout tests Talk through reviews of recovery plans Scenario-based walkthrough exercises Component tests (eg IT, communications or departmental recovery) Integrated tests (eg multiple systems and/or business processes) Relocation tests (technical and business recovery) Real disaster simulations Network penetration tests Incident Management/Business Recovery Exercising Exercising and testing is a vital part of the long term business continuity management lifecycle, which will prove the viability of your plans and highlight areas for further improvement. It also provides an ideal training opportunity for those involved in the key activities. A scenario-based exercise, involving the crisis/incident management team and/or business recovery teams, will: Raise awareness of likely issues in the event of an emergency occurring; Provide practical experience of business continuity issues for the participants; Confirm the viability of the business continuity plans and recovery strategies; Test the assumptions contained in the business continuity plans; Identify areas for improvement and follow-up actions.
10 Information feeds Facilitators Incident Management Team Information feeds Observers Observers Acumen s experienced consultants will prepare and facilitate the exercise, which is run as an interactive workshop. Participants will be presented with a disaster scenario and be asked to role play their responses as if the incident were real. A number of incident updates will be provided throughout the exercise, which is run using a combination of real time and accelerated time. Participants are debriefed at the end of the exercise and a report produced detailing relevant observations, recommendations and follow-up actions. Training and Awareness Training and awareness are crucial elements of a business continuity or information security management strategy. All personnel within an organisation need to be aware of their roles and responsibilities within the company s business continuity plans and information security management system. Key players need to develop the skills and confidence needed to play their part, whether it be managing risk, implementing business continuity and information security solutions, maintaining and exercising the plans or successfully recovering their business operations following a disaster or information security breach. Training Acumen offers a range of training courses and workshops to assist your staff to gain and practice the skills required for effective business continuity and information security management. The workshops are tailored to the precise needs of your business rather than being off the shelf packages, and are presented and facilitated by highly experienced business continuity and information security management practitioners. Workshops are run at a location that best suits the client, for instance at the client s own premises or at a local hotel or conference facility. Topics include: Introduction to business continuity management Introduction to information security management Business impact and risk analysis Emergency response planning and crisis management Developing continuity strategies and plans Media communications Scenario-based exercises and workshops
11 Awareness Programmes In addition to the workshops described above, Acumen can assist with a comprehensive business continuity and/or information security awareness programme that is tailored to the needs of the organisation. This may include any or all of the following : Newsletters Seminars Road shows Videos Executive and staff briefings Guidebooks and leaflets Training courses and workshops
Business Continuity Planning advice for Businesses with 50-250 employees
Business Continuity Planning advice for Businesses with 50-250 employees Where to begin? A business continuity plan should consist of a business and contingencies analysis. It needs to be developed by
More informationIntroduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT
INFORMATION SECURITY: UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT FACTSHEET This factsheet will introduce you to Business Continuity Management (BCM), which is a process developed to counteract systems
More informationPrinciples for BCM requirements for the Dutch financial sector and its providers.
Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011
More informationBusiness Continuity Plan Toolkit
Business Continuity Plan Toolkit March 2015 1 Contents The Template instructions for use... 2 Introduction... 3 What is the purpose of this toolkit?... 3 Why do you need a Business Continuity Plan?...
More informationBusiness Continuity Planning advice for Businesses with over 250 employees
Business Continuity Planning advice for Businesses with over 250 employees Where to begin? You can compose an effectual business continuity plan in a relatively short period and for little expenditure.
More informationBusiness Continuity Policy and Business Continuity Management System
Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain
More informationHow To Manage A Disruption Event
BUSINESS CONTINUITY FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Manager Organisational
More informationBusiness Continuity Planning and Disaster Recovery Planning
4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business
More informationBusiness Continuity Planning in IT
Introduction: Business Continuity Planning in IT The more your business relies on its IT systems, the more you need to consider how unexpected disruptions might affect your business. These disruptions
More informationTips and techniques a typical audit programme
Auditing Business Continuity Planning Tips and techniques a typical audit programme Karen Wills, Senior Internal Auditor St James s Place Wealth Management February 2014 Contents Background Roles and Responsibilities
More informationBusiness Continuity Management Framework 2014 2017
Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity
More informationBusiness Continuity Planning Manual. Version 1
Business Continuity Planning Manual Version 1 Business Continuity Planning for NHS Organisations Business Continuity Planning Manual CONTENTS INTRODUCTION... 1 BACKGROUND... 3 1. SCOPE, AIMS AND OBJECTIVES...
More informationBusiness Continuity (Policy & Procedure)
Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity
More informationRisk Management Guidelines
Business Continuity Management Understanding Risk We live in an unpredictable world. No matter how effectively a business protects itself through insurance, there are some risks that cannot be anticipated,
More informationabcdefghijklmnopqrstu
abcdefghijklmnopqrstu Business Continuity A Framework for NHS Scotland Strategic Guidance for NHS Organisations in Scotland 1 Contents 1. Introduction 4 1.1 Business Continuity Overview 5 2. Roles and
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More informationBUSINESS CONTINUITY POLICY RM03
BUSINESS CONTINUITY POLICY RM03 Applies to: All NHS LA employees, contractors, secondees and consultants, contractors and/or any other parties who will carry out duties on behalf of the NHS LA Version:
More informationBusiness Continuity Management For Small to Medium-Sized Businesses
Business Continuity Management For Small to Medium-Sized Businesses Produced by NORMIT and Norfolk County Council Resilience Team For an electronic copy of this document visit www.normit.org Telephone
More informationBUSINESS CONTINUITY MANAGEMENT FRAMEWORK
BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1 FRAMEWORK STATEMENT Business
More informationInstitute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745
ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan
More informationBusiness Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com
Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?
More informationBusiness Continuity Management Policy
Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3
More informationBusiness Continuity Policy
Business Continuity Policy St Mary Magdalene Academy V1.0 / September 2014 Document Control Document Details Document Title Document Type Business Continuity Policy Policy Version 2.0 Effective From 1st
More informationBusiness Continuity Management Governance. Frank Higgins Abu Dhabi March 2015
Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity
More informationMerrycon s Approach to Business Continuity Management
Merrycon s Approach to Business Continuity Management Business Continuity is a management discipline that provides a framework for an organisation to build resilience, providing the capability for an effective
More informationPost-Class Quiz: Business Continuity & Disaster Recovery Planning Domain
1. What is the most common planned performance duration for a continuity of operations plan (COOP)? A. 30 days B. 60 days C. 90 days D. It depends on the severity of a disaster. 2. What is the business
More informationUpdate from the Business Continuity Working Group
23 June 2014 Performance and Resources Board 19 To note Update from the Business Continuity Working Group Issue 1 The Business Continuity Working Group oversees the development, maintenance and improvement
More informationBusiness Continuity Management. Policy Statement and Strategy
Business Continuity Management Policy Statement and Strategy November 2011 Title Business Continuity Management Policy & Strategy Date of Publication: Cabinet Council Published by Borough Council of King
More informationBirmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy
Birmingham CrossCity Clinical Commissioning Group Business Continuity Management Policy Version V1.0 Ratified by Operational Development Group Date ratified 6 th November 2014 Name of originator / author
More informationCISM Certified Information Security Manager
CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective
More informationwww.td.com.au Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012
Business Continuity - IT Disaster Recovery Discussion Paper - - Version V2.0R Wednesday, 5 September 2012 Commercial in Confidence Melbourne Sydney 79-81 Coppin St Level 2 Richmond VIC 3121 414 Kent St
More informationBUSINESS CONTINUITY MANAGEMENT A Guide for Businesses In Northamptonshire
BUSINESS CONTINUITY MANAGEMENT A Guide for Businesses In Northamptonshire 1 What is Business Continuity? Business Continuity is a planning process which provides a framework to ensure the resilience of
More informationBS 25999 BUSINESS CONTINUITY MANAGEMENT
BS 25999 BUSINESS CONTINUITY MANAGEMENT AUDIT, CERTIFICATION & training services HOW CAN YOU ENSURE BUSINESS CONTINUITY? BS 25999 AUDITS & CERTIFICATION FROM SGS Most organisations will, at some point,
More informationPAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA
Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationSolihull Clinical Commissioning Group
Solihull Clinical Commissioning Group Business Continuity Policy Version v1 Ratified by SMT Date ratified 24 February 2014 Name of originator / author CSU Corporate Services Review date Annual Target audience
More informationEMERGENCY PREPAREDNESS PLAN Business Continuity Plan
EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic
More information" # $% "%&$& Lesley Fayers Exercising the BCP workbook.doc Page 1 of 12
! " # $% "%&$& Lesley Fayers Exercising the BCP workbook.doc Page 1 of 12 Objectives...3 1. Why run an exercise?...3 2. What sort of exercises are there?...3 Call Tree:...4 Walk Through:...4 Table Top:...4
More informationInformation Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.
Information Security Management: Business Continuity Planning Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Overview BCP: Definition BCP: Need for (Why?) BCP: When BCP: Who
More informationNORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)
NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy
More informationBusiness Continuity Management
Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not
More informationNHS Durham Dales, Easington and Sedgefield Clinical Commissioning Group. Business Continuity Plan
NHS Durham Dales, Easington and Sedgefield Clinical Commissioning Group Business Continuity Plan Page 1 Review To be done annually Author Chief Operating Officer Reviewer Head of Corporate Services Version
More informationHOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING
HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING ISO 22301 BUSINESS CONTINUITY MANAGEMENT SYSTEMS Most organisations will, at some point, be faced with having to respond
More informationBCP and DR. P K Patel AGM, MoF
BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management
More informationCoping with a major business disruption. Some practical advice
Coping with a major business disruption Some practical advice Coping with a major business disruption What is business continuity? Business continuity planning (BCP) is a management process that helps
More informationHow To Manage A Business Continuity Strategy
Business continuity strategy 2009 2012 Table of contents 1 Why this strategy is needed 3 2 Aim of the strategy 4 3 Our approach to business continuity 4 PROCESS 4 STRUCTURE 5 DOCUMENTATION 6 DISRUPTION
More informationCompany Management System. Business Continuity in SIA
Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT
More informationWould Your Business survive a crisis?
Would Your Business survive a crisis? A guide to business continuity Planning. Emergency Planning in Partnership Page 1 A guide to Business Continuity Planning. The main objective of a Business Continuity
More informationBusiness Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?
Business Continuity Is your Business Prepared for the worse? Major emergencies can develop suddenly without warning. Situations can threaten and disrupt your business and impact upon you and your staff.
More informationPROMOTING BUSINESS CONTINUITY. Greater Manchester Local Authority Business Continuity Group
PROMOTING BUSINESS CONTINUITY Greater Manchester Local Authority Business Continuity Group What is Business Continuity? Business Continuity is a planning process, which provides a framework for ensuring
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationBusiness Continuity Management Policy
Business Continuity Management Policy Policy Holder: Authoriser: Caroline Gover, Head of Business Continuity Caroline Thomson, Chief Operating Officer Reviewed on: Feb 08 Reviewed on: Feb 08 Next Review
More information1.0 Policy Statement / Intentions (FOIA - Open)
Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies
More informationExpecting the unexpected. Business continuity in an uncertain world
Expecting the unexpected Business continuity in an uncertain world National Counter Terrorism Security Office (NaCTSO) The National Counter Terrorism Security Office is a police unit working to the Association
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Data Handling in University Business Impact Analysis ( BIA ) Agenda Overview Terminologies Performing
More informationdisaster recovery and contingency plan RISK MANAGEMENT MADE TO MEASURE
disaster recovery and contingency plan RISK MANAGEMENT MADE TO MEASURE INTRODUCTION Contingency planning for business continuity (business continuity management) is defined by the Institute of Business
More informationBusiness Continuity and Disaster Recovery Planning
Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services
More informationSpecialist Cloud Services Lot 4 Cloud EDRM Consultancy Services
Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services Page 1 1 Contents 1 Contents... 2 2 Transcend360 Introduction... 3 3 Service overview... 4 3.1 Service introduction... 4 3.2 Service description...
More informationBusiness Continuity Plan
Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions
More informationAcknowledgement. First edition August 2006 Second edition July 2009 Third edition June 2015
WESTERN AUSTRALIAN GOVERNMENT BUSINESS CONTINUITY MANAGEMENT GUIDELINES Third Edition Acknowledgement RiskCover has produced the Business Continuity Management Guidelines to assist the Western Australian
More informationBusiness Continuity Management
Business Continuity Management Factsheet To prepare for change, change the way you prepare In an intensely competitive environment, a permanent market presence is essential in order to satisfy customers
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis
More informationBT Conferencing Business Continuity Management. Planning to stay in business
BT Conferencing Business Continuity Management Planning to stay in business Planning for the unexpected In today s connected world, businesses are increasingly dependent on their communications and networked
More informationBusiness Continuity Management
Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective
More informationInformation Services IT Security Policies B. Business continuity management and planning
Information Services IT Security Policies B. Business continuity management and planning Version 1 Date created: 28th May 2009 Approved by Directorate: 2nd July 2009 Review date: 1st July 2010 Primary
More informationBUSINESS CONTINUITY GUIDE FOR SMALL BUSINESSES
INTRODUCTION BUSINESS CONTINUITY GUIDE FOR SMALL BUSINESSES Organisations that have a business continuity capability are far more likely to survive the effects of a major incident than those that don t.
More informationDepartmental Business Continuity Framework. Part 2 Working Guides
Department for Work and Pensions Departmental Business Continuity Framework Part 2 Working Guides Page 1 of 60 CONTENTS Guide to business impact analysis...3 Guide to business continuity planning...7 Guide
More informationBusiness Continuity Planning
WWW. BASILDON. GOV. UK A guide to Business Continuity Planning Would your business survive a crisis? FOREWORD The Civil Contingencies Act 2004 introduced a responsibility on all local authorities to raise
More informationBusiness Continuity Business Continuity Management Policy
Business Continuity Business Continuity Management Policy : Date of Issue: 28 January 2009 Version no: 1.1 Review Date: January 2010 Document Owner: Patricia Hughes Document Authoriser: Tony Curtis 1 Version
More informationNHS 24 - Business Continuity Strategy
NHS 24 - Strategy Version: 0.3 Issue Date: 20/09/2005 Status: Issued for Board Approval Status: draft Page 1 of 13 Table of Contents 1 INTRODUCTION...3 2 PURPOSE...3 3 SCOPE...3 4 ASSUMPTIONS...4 5 BUSINESS
More informationDisaster Recovery and Business Continuity What Every Executive Needs to Know
Disaster Recovery and Business Continuity What Every Executive Needs to Know Bruce Campbell & Sandra Evans Contents Why you need DR and BC What constitutes a Disaster? The difference between disaster recovery
More informationBusiness Continuity Planning (BCP) 101
2011/EPWG/WKSP/004 Intro 1 Business Continuity Planning (BCP) 101 Submitted by: Business Continuity Management Institute Workshop on Private Sector Emergency Preparedness Sendai, Japan 1-3 August 2011
More informationBUSINESS CONTINUITY MANAGEMENT PLAN
BUSINESS CONTINUITY MANAGEMENT PLAN For Thistley Hough Academy Detailing arrangements for Recovery and Resumption of Normal Academy Activity Table of Contents Section Content 1.0 About this Plan 1.1 Document
More informationHow prepared are you?
How prepared are you? Business Continuity Management Toolkit Version 1 Click on content to navigate What Is Business Continuity Management (BCM)? 3 About the Toolkit 4 1. BCM programme management 5 2.
More informationA GUIDE TO BUSINESS CONTINUITY PLANNING
A GUIDE TO BUSINESS CONTINUITY PLANNING Introduction The Civil Contingencies Act 2004 places a duty on Local Authorities to ensure that local businesses and voluntary sector organisations in their area
More informationNOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager 17.09.12
POLICY BUSINESS CONTINUITY Policy owners Policy holder Author Head of Services Specialist Operations Contingency Planning Business Continuity Manager Policy No. 132 Approved by Legal Services 17.09.12
More informationSCHEDULE 25. Business Continuity
SCHEDULE 25 Business Continuity 1. Scope 1.1 This schedule covers TfL s requirements in respect of: any circumstance or event which renders, or which TfL considers likely to render, it necessary or desirable
More informationKPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity
INFORMATION RISK MANAGEMENT KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity ADVISORY Contents Agenda: Global trends and BCM
More informationPAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA
1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationSpecialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services
Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services Page 1 1 Contents 1 Contents... 2 2 Transcend360 Introduction... 3 3 Service overview... 4 3.1 Service introduction... 4
More informationDisaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery
Disaster Recovery 1.1 Introduction Every day, there is the chance that some sort of business interruption, crisis, disaster, or emergency will occur. Anything that prevents access to key processes and
More informationBusiness Continuity Planning:
Business Continuity Planning: How prepared must a CFO & other Executives be for a potential interruption to the business Presenter: Bruce L Scott, Partner Risk & Business Continuity Services June 2005
More informationBusiness Continuity Management & Disaster Recovery GETTING STARTED Checklist for Local Businesses & Organisations
Business Continuity Management & Disaster Recovery GETTING STARTED Checklist for Local Businesses & Organisations Name of Organisation: Date: This Document has been designed to assist local businesses
More informationBCS Practitioner Certificate in Business Continuity Management Syllabus
BCS Practitioner Certificate in Business Continuity Management Syllabus Version 4.3 March 2015 Contents Change History... 4 Introduction... 5 Objectives... 5 Entry Criteria... 5 Examination Format and
More informationEach section has handy hints and advice on completing your plan along with links to further information which you can download and print.
Information on business continuity plans for businesses with 10 or fewer employees You will find that it is quick, easy and inexpensive to create a business continuity plan. This is a basic five-step guide
More informationIt s the Business! Business continuity considerations for all organisations
It s the Business! Business continuity considerations for all organisations It ll never happen to me That s what they all say isn t it? But it happens a lot more than you d think. Statistics show that
More informationBUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE
BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE Introduction 1. Recently many organisations both public and private have directed much more time, money and effort towards protecting service
More informationBusiness Continuity Policy
Business Continuity Policy Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain its essential business functions during
More informationBUSINESS CONTINUITY PLAN
How to Develop a BUSINESS CONTINUITY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A BUSINESS CONTINUITY PLAN? CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN CHAPTER
More informationBUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS
BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3
More informationAssessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC
Assessing Your Disaster Recovery Plans Gregory H. Soule, CPA, CISA, CISSP, CFE Andrews Hooper Pavlik PLC Andrews Hooper Pavlik PLC Agenda Business Continuity Concepts Impact Analysis Risk Assessment Risk
More information(Instructor-led; 2 Days)
Protecting Your Revenues: A Risk Management Approach to Business Continuity Planning (Instructor-led; 2 Days) Module I. Project Initiation and Management A. DRII/BCI Project initiation and control B. Business
More informationBUSINESS CONTINUITY PLAN 1 DRAFTED BY: INTEGRATED GOVERNANCE MANAGER 2 ACCOUNTABLE DIRECTOR: DIRECTOR OF QUALITY AND SAFETY 3 APPLIES TO: ALL STAFF
BUSINESS CONTINUITY PLAN 1 DRAFTED BY: INTEGRATED GOVERNANCE MANAGER 2 ACCOUNTABLE DIRECTOR: DIRECTOR OF QUALITY AND SAFETY 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: GOVERNING BODY, 5 MARCH
More informationAssessment of natural hazards, man made hazards, technical and societal related risks and associated impact.
Aon Business Continuity Planning The Aon Business Continuity Planning practice provides consulting services that allow Aon clients to measure and manage their strategic and tactical risks through Crisis
More informationwww.pwc.com Business Resiliency Business Continuity Management - January 14, 2014
www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition
More informationUniversity Emergency Management Plan
University Emergency Management Plan This plan has been designed to be consistent with the format of the Emergency Action Plans held by the departments and buildings of the University. This will enable
More informationBusiness Continuity Management Policy and Framework
Management Policy and Framework Version: Produced by: Date Produced: Approved by: Updated: 7 University Manager with the assistance of the Operational Group 11 th March 2010 Steering Group (14 December
More informationI attach the following documents in response:
London Fire Brigade Headquarters 169 Union Street London SE1 0LL T 020 8555 1200 F 020 7960 3602 Minicom 020 7960 3629 www.london-fire.gov.uk Freedom of Information request reference number: FOIA608.1
More informationCYBER SECURITY Audit, Test & Compliance
www.thalescyberassurance.com CYBER SECURITY Audit, Test & Compliance 02 The Threat 03 About Thales 03 Our Approach 04 Cyber Consulting 05 Vulnerability Assessment 06 Penetration Testing 07 Holistic Audit
More informationIT Disaster Recovery Plan Template
HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned
More informationBy. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd
BS 25999 Business Continuity Management By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd 1 Contents slide BSI British Standards 2006 BS 25999(Business Continuity) 2002 BS 15000
More information