Protecting Your Revenues: A Risk Management Approach to Business Continuity Planning (Instructor-led; 2 Days)
Module I. Project Initiation and Management A. DRII/BCI Project initiation and control B. Business continuity project activities C. Business Continuity Planning Scope D. Disaster Recovery Planning Scope E. Business Continuity Awareness 1. Communication to management 2. Communication to employees, vendors, customers, investors, and other stakeholders F. Planning steering committee G. Project planning 1. Budgetary requirements 2. Reporting to senior management H. Resources provided: 1. Checklist: Project Initiation 2. Example BCP/DRP Communication Briefing 3. Example Disaster Recovery Project 4. Example Business Continuity Project: Terms and Scope 5. Example Business Continuity Plan 6. Indicative Project Deliverables and Investment 7. Action Plan Project Initiation and Management 2
Module II. Risk Evaluation and Control A. DRII/BCI Risk Evaluation and Control B. Risk Assessment 1. Business needs 2. Health and safety 3. System safety programs 4. Risk management for finance and the finance sector 5. Food industry 6. Health care 7. Other industries C. Risk Assessment Guidance and Compliance 1. Statutory requirement and duty of care 2. The U.K. Combined Code (Turnbull Report) D. Risk Assessment Process E. Risk Management Methods F. Critical Component Failure Analysis G. Operational Risk Management H. Prioritizing Risk Management I. Security and Siting Risk Areas J. Case Studies K. Resources Provided: 1. Examples Possible threats to consider 2. Example Simple Risk Analysis 3
3. Case Study The E-Bomb Threat a) Definition b) History c) Technology d) Defense 4. Case Study: Fire Hazard from Computer Tapes a) Testing environment b) The tape burn c) Explanation of computer tapes and their pyrolysis products 5. Case Study: Smoke Tests 6. Case Study: Foot and Mouth Disease Disaster 7. Checklist: Site, Environmental, Health, and Safety Risk Assessment 8. Action Plan Risk Evaluation and Control Module III. Business Impact Analysis A. DRII/BCI Business Impact Analysis B. The BIA Project 1. BIA Data collection methods 2. Critical success factors / Business process matrix 3. Key performance indicators 4. Process flows 5. Outputs and deliverables 6. Activity categorization 7. Desk review 8. Questionnaires 4
9. Interviews C. Managing and Internally Promoting the BIA Project 1. Workshops 2. Financial justification for Business Continuity Management 3. Compliance and legal requirements 4. Designing an Impact Matrix D. A Tiered Approach to Business Continuity Planning 1. Business continuity and service-level agreements E. Resources Provided: 1. Example Resource and Timescale for Provisioning 2. Example Risk and Impact Analysis 3. Example A Service-Level Agreement Using Tier Rating 4. Action Plan Business Impact Analysis Module IV. Developing Continuity Strategies A. DRII/BCI Business Continuity Strategy Development B. Vital Materials and Backup C. Business Continuity Strategy Options 1. Continuous processing 2. Distributed processing 3. Alternate sites 4. Off-site storage 5. Reciprocal Agreements 6. Option Comparison D. Contractual Arrangements for Recovery Services (Outsourcing) 5
E. Insurance F. Consultants G. Resources Provided: 1. Example A Business Continuity Strategy Project 2. Action Plan Developing Continuity Strategies Module V. Emergency Response and Operations A. DRII/BCI Emergency Response and Operations B. Types of Emergencies C. Coordination with Public Authorities D. Emergency Response Standards E. International Coordination F. Public Relations and Crisis Communication 1. Media management 2. Communication with stakeholders G. Salvage and Restoration H. Resources Provided: 1. Examples Emergency Plans 2. Emergency Response Acronyms 3. Action Plan Emergency Response Module VI. Developing and Implementing the Business Continuity Plan A. Plan Components 1. Introduction 2. Business continuity teams 6
3. Tasks, actions, and functions 4. Roles and responsibilities a) BC Management b) Operations 5. Alternative standby locations 6. Internal and external contact details 7. Vital documents and materials 8. Resource requirements 9. Reporting processes and requirements 10. Audit trail 11. Plan confidentiality, version control, and document management 12. Plan structure B. Interim Plans C. Software Tools for Plan Development D. Resources Provided: 1. Example Office Services Plan for a Professional Practice 2. Example Contents of Generic BC Plan Appendices 3. Examples Commercially Available BC Planning Software 4. Checklist: BC Planning Software 5. Action Plan Developing and Implementing the Business Continuity Plan Module VII. Training Business Continuity/Disaster Recovery Awareness and A. DRII/BCI Awareness and Training Programs B. Objectives for Establishing Awareness and Training 7
C. Identifying Functional Awareness and Training Gaps D. Developing the Best Training Methodology E. Acquiring or Developing Training Aids F. Outsourcing Training G. Identifying Vehicles for Corporate Awareness H. Resources Provided: 1. Checklist: Staff Skills Assessment Matrix 2. Example: Disaster Management Event News Resources 3. Action Plan Business Continuity/Disaster Recovery Awareness and Training Module VIII. Maintaining and Testing the Business Continuity Plan and Disaster Recovery Plan A. DRII/BCI BCP/DRP Plan Maintenance and Testing B. Business Continuity Plan Audit and Review C. Testing 1. BC Plan audit areas 1. Justification 2. Testing strategy 3. Testing methods 4. Using a structured approach to plan testing 5. Post-Test reporting D. Resources Provided: 1. Example Notes from a Test Planning Meeting 2. Example Communications Brief for Test Observers 8
3. Case Study: Setting up Testing with Initial Briefings and Situation Reports 4. Action Plan - Maintaining and Testing the Business Continuity Plan and Disaster Recovery Plan Module IX. Business Continuity/Disaster Recovery Standards and Guidelines A. Overview B. Various Governmental Standards Bodies C. BS 7799 D. ISO 17799 E. Resources Provided: 1. Example Sources for Standards and Guidelines 9