Business Continuity Management and BS 25999 by Steve Chan, Head of Training - HK, BSI Management Systems



Similar documents
By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

Il nuovo standard ISO sulla Business Continuity Scenari ed opportunità

Proposal for Business Continuity Plan and Management Review 6 August 2008

Business Continuity Management

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

Business Continuity Management Policy

HEALTH AND SOCIAL CARE BOARD POLICY ON BUSINESS CONTINUITY MANAGEMENT

BCP and DR. P K Patel AGM, MoF

Business Continuity Management Policy

Business Continuity Management

Business Continuity Management

Business Continuity Management Framework

Coping with a major business disruption. Some practical advice

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO AUDITS, CERTIFICATION AND TRAINING

Business Continuity Policy and Business Continuity Management System

BS Certification Essentials. Andrew Pettitt Business Continuity Senior Consultant SunGard Availability Services Professional Services

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

Global Statement of Business Continuity

Business Continuity Policy

Business Continuity Policy

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY

INFOSEC.MY KNOWLEDGE SHARING SESSION

BUSINESS CONTINUITY MANAGEMENT POLICY

BS BUSINESS CONTINUITY MANAGEMENT

Business Continuity & Resilience - A Quick Overview

South Norfolk Council Business Continuity Policy

Company Management System. Business Continuity in SIA

Harrow Business Consultative Panel. Business Continuity Management. Responsible Officer: Myfanwy Barrett Director of Finance and Business Strategy

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

Finding the areas for improvement in plans, processes and procedures to protect shareholder value Performance driven. Quality assured.

Business Continuity Standards A Primer

Annex 1. Business Continuity Management Policy

Council Policy Business Continuity Management

The PNC Financial Services Group, Inc. Business Continuity Program

Business Continuity Policy

Business Continuity Management. Policy Statement and Strategy

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy

Emergency Response and Business Continuity Management Policy

Business Continuity Policy

Is securing personal information a priority? Reassure clients and achieve data protection compliance with BS 10012

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy Business Continuity Policy Statement 2015

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

Corporate Governance & the Financial Crisis

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited

The PNC Financial Services Group, Inc. Business Continuity Program

NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0

External Supplier Control Requirements BCM

Business Continuity Policy

WILTSHIRE POLICE FORCE POLICY

Essex Clinical Commissioning Groups. Business Continuity Management System. Scope and Policy

Information Security Policy. Chapter 11. Business Continuity

Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012

Business Continuity Management

1.0 Policy Statement / Intentions (FOIA - Open)

Business Continuity Planning

abcdefghijklmnopqrstu

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

BUSINESS CONTINUITY MANAGEMENT POLICY

Business Continuity Management (BCM) Policy

Business Continuity Business Continuity Management Policy

Guidance Note XGN XXX.1

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

Appendix 1 - Leicester City Council s Business Continuity Management Strategy and Policy Statement

Risk Management & Business Continuity Manual

Business Continuity Trends, Requirements and Expectations in Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

DEPARTMENT FOR TRANSPORT BUSINESS CONTINUITY MANAGEMENT POLICY

BUSINESS CONTINUITY POLICY

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief

Business Continuity Planning

BUSINESS CONTINUITY POLICY RM03

GUIDANCE DOCUMENT FOR COMPLETION OF RESIDENTIAL CARE ESTABLISHMENTS BUSINESS CONTINUITY PLAN TEMPLATE WEST MIDLANDS

Prudential Practice Guide

Chapter I: Fundamentals of Business Continuity Management

Community and Built Environment Localities and Safer Communities Business Continuity Management Policy Andrew Fyfe

Business continuity management policy

Reputation. Further excellence. business continuity. risk management. Data security

Update from the Business Continuity Working Group

I attach the following documents in response:

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

Incident Management, Business Continuity and IT Disaster Recovery

NHS 24 - Business Continuity Strategy

University of Glasgow. Policy for. Business Continuity Management

PBSi Business Continuity Planning

London Local Authorities Business Continuity Guidance for Suppliers & Contractors

Business Resiliency Business Continuity Management - January 14, 2014

How to Exercise a Business Continuity Plan (BCP)

Moving from BS to ISO The new international standard for business continuity management systems. Transition Guide

Business Continuity Management

Business continuity management

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

Introduction to Business Continuity Planning

BUSINESS CONTINUITY MANAGEMENT A Guide for Businesses In Northamptonshire

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

Expecting the unexpected. Business continuity in an uncertain world

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

Transcription:

Business Continuity Management and BS 25999 by Steve Chan, Head of Training - HK, BSI Management Systems 9 April, 2008

2 Presentation content Drivers for Business Continuity Standards and definitions. BCMS. model and implementation. Assessment and certification process. Training. Benefits of BCMS.

3 Drivers for BS 25999 and BCM More business continuity awareness Civil contingencies / Homeland security Corporate governance & compliance Protection of corporate value and reputation Supply chain & outsourcing confidence Commitments to customers Duty of care to stakeholders Protect the interests of shareholders Give confidence to insurers

Source: Business Continuity Management 2007 4

5 Increased awareness in BCM BCM seen as part of overall Risk Management profile. Recognition that it can help reduce business interruptions. Can add value to the business by identifying opportunities for improvement Should be integrated across all business functions; should not be seen as an IT specialty. Better understanding of business benefits among increasing numbers of organizations.

6 BS 25999-1 committee profile Committee Profile: 33 people Businesses (Cable & Wireless, Sainsbury's, Siemens, RBS, Thames Water, Scottish Power, AON, Marsh, KPMG, Deloitte) Institutes & Associations (CBI, IOD, FSB, Software & IT, IEM) Academic (Coventry University) Government (DTI, FSA, Civil Contingencies, ALARM) ABCB is represented on the committee Robert Whitcher (BSI Management Systems)

7 Early interest in BS 25999-1 Draft for public comment (DPC) Published August, 2006 Over 5,000 copies were downloaded (a record) other similar standards had less than 250 Over 70 set of comments About 300 pages of comments mostly positive

8 BS 25999-1:2006 Code of practice for business continuity management Establishes the BCM processes, principles and terminology Provides a basis for understanding, developing and implementing business continuity within organizations of any size or from any sector Provides a comprehensive methodology based on BCM best practice and the whole BCM lifecycle Business driven

9 BS 25999 Code of practice contents 1 Scope and applicability 2 Terms and definitions 3 Overview of business continuity management (BCM) 4 The Business Continuity Management policy 5 BCM Programme Management 6 Understanding the organization 7 Determining business continuity strategy 8 Developing and implementing a BCM response 9 Exercising, maintaining and reviewing BCM arrangements 10 Embedding BCM in the organization's culture

10 BS 25999 Code of practice contents 1 Scope and applicability 2 Terms and definitions 3 Overview of business continuity management (BCM) 4 The Business Continuity Management policy 5 BCM Programme Management 6 Understanding the organization 7 Determining business continuity strategy 8 Developing and implementing a BCM response 9 Exercising, maintaining and reviewing BCM arrangements 10 Embedding BCM in the organization's culture

BS 25999-2:2007 Requirements for business continuity management Establishes requirements for there to be a BCM system of policy and processes. Understanding the organization Determining strategy Implementing a response Exercising and reviewing Making sure there is a cultural awareness of BCM in the organization.

BS 25999-2 Development Timeline 12

13 What is Business Continuity Management? 2.4 business continuity management (BCM) holistic management process that identifies potential threats to an organization and the impacts to business operations that those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities NOTE: Business continuity management involves managing the recovery or continuation of business activities in the event of a business disruption, and management of the overall programme through training, exercises and reviews, to ensure the business continuity plans) stays current and up-to-date. Source: BS 25999-2

14 Incident timeline Incident! Overall recovery objective: Back-to-normal as quickly as possible Timeline Within minutes to hours: Staff and visitors accounted for, casualties dealt with, damage containment / limitation, damage assessment, Invocation of BCP Incident response Within minutes to days: Contact staff, customers, suppliers, etc. Recovery of critical business processes Rebuild lost work-in-progress Business Continuity Within weeks to months: Damage repair / replacement Relocation to permanent place of work Recovery of costs from insurers Recovery / resumption back-to-normal

Look at the BIG picture..

BCM Model

Assessment and certification process

Gap analysis/pre-assessment (optional) Informal check, relationship building, discussing scope. Stage 1 Audit Review of documents and records Stage 2 Audit Confirm that the organisation adheres to its own policies, objectives and procedures. Testing and evaluation. Continual Assesment Visits (CAV's) Ongoing reviews

Training Awareness of BCM 1 day Implementing BS 25999 Course 2 day BS 25999 Internal Auditor Course 3 day BS 25999 Lead Auditor Course 5 day

Benefits of BS 25999 20 Provides a common framework, based on international best practice, to manage business continuity Proactively improves your resilience when faced with disruptions to your ability to achieve key objectives Provides a rehearsed method of restoring your ability to supply critical products and services to an agreed level and timeframe following a disruption Delivers a proven response for managing a disruption

Benefits of BS 25999 21 Helps protect and enhance your reputation and brand Opens new markets and helps you win new business Enables a clearer understanding of how your entire organization works which can identify opportunities for improvement Demonstrates that applicable laws and regulations are being observed Creates an opportunity to reduce the burden of internal and external BCM audits and may reduce business interruption insurance premiums

The likelihood of something very unlikely happening, is very likely! If you think business continuity is expensive, try having an incident! You can t predict the incident, but you can predict the outcome.

Further Contact: BSI HK: www.bsigroup.hk General Enquiry: 3149 3300 Email: hk@bsigroup.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information