Business Continuity Planning Workshop Michael Kirk The CIPSA Public Sector Procurement Forum May 25 th, Canberra
Agenda Introductions, objectives and safety Why develop a Business Continuity Plan? Experience sharing Core Business Continuity Planning areas Group discussion on recent disaster events Business Continuity Planning activity Questions and answers In case of emergency break glass The Faculty Management 2 Consultants Pty Ltd 2011
Workshop Objectives Discuss why business continuity plans are important, specifically in the procurement and supply context Identify the key elements to include and address in a business continuity plan Share experiences and learn from each other in preparing and responding to a disaster scenario Prepare the outline of a business continuity plan based on a case study The Faculty Management 3 Consultants Pty Ltd 2011
Introduction About The Faculty The Faculty is dedicated to helping our clients achieve Procurement and Supply Excellence Consulting Diagnostic, benchmarking and reviews on procurement / supply Procurement and supply strategy Procurement policy, processes and systems Change management and project management Procure to Pay, Source to Contract Process Discipline and Six Sigma Roundtables and networking Training and People Development The Faculty Roundtable Category Councils The CPO Forum Leading and Learning breakfasts The Faculty Management Consultants Pty Ltd 2011 4 Skills assessment and team development gap analysis Tailored training and mentoring Public training Pathways, SRM, Anklesaria Procurement Executive Program Talent and succession planning
The importance of Business Continuity Planning Recent disasters and issues Brisbane floods Cyclone Yasi Earthquakes and Tsunami Bushfires The Faculty Management 5 Consultants Pty Ltd 2011
The importance of Business Continuity Planning Recent disasters and issues Brisbane floods Cyclone Yasi Earthquakes and Tsunami Bushfires The Faculty Management 5 Consultants Pty Ltd 2011
Experience sharing Participants to discuss and share their experience in developing BCPs Discuss experience of disasters Discuss experience in disaster recovery and rebuilding Discuss your objectives for the session The Faculty Management 6 Consultants Pty Ltd 2011
Developing a Business Continuity Plan Core elements
Identify the purpose and scope of the BCP Confirm the scope and purpose of the BCP Procurement and Supply Chain processes Suppliers supplier risk management and provisioning Review existence of other BCPs Corporate Emergency Management Plan Information Technology Disaster Recovery Plan Define how your BCP will interact with other BCPs Identify your assumptions and test if these are reasonable in a disaster scenario Consider different scenarios for invoking your BCP: 1. A disaster occurs and procurement needs to provide assistance in responding 2. A disaster occurs which impacts the procurement team s Business As Usual processes Some disasters may combine both of these scenarios The Faculty Management 8 Consultants Pty Ltd 2011
General process for activating the BCP and demobilising 1. Assess risk of event and impact 5. Demobilise BCP team, and reconcile operations 2. Emergency response to immediate items 4. Operate using BCP processes 3. Mobilise BCP team and activate plan The Faculty Management 9 Consultants Pty Ltd 2011
Identify and classify impact types Impact: availability of buildings & facilities E.g. Earthquake or flood that damages building or prevents access Impact: availability of systems & information How to continue processing without access to key business systems? Impact: availability of personnel Staff unable to attend work We may not be able to predict the nature of the disaster, but we can plan for a response based on the impact of the event Your BCP should detail how each of these impacts would be addressed with pre- prepared strategies and arrangements Buildings & Facilities Systems & Personnel 10May 2011 The Faculty Management Consultants Pty Ltd 2011
Identify key business processes Ask the question if we stopped doing this process for 24 / 48 / 72 hours, what would happen and who would notice? Identify business processes Inputs, processes and outputs Classify processes by business impact Identify stakeholders and dependencies on specific processes Provide for alternate process methods: E.g. Manual purchase order New vendor setup while systems off line Purchasing Card for emergency usage The Faculty Management 11 Consultants Pty Ltd 2011
Identify critical categories Classify categories based on impact on Business as Usual if they were unavailable for an extended period of time Also identify categories that may be critical during an emergency, and consider whether adequate emergency supplies are available or obtainable The Faculty Management 12 Consultants Pty Ltd 2011
Risk identification, assessment and mitigation strategies Risk identification Brainstorm potential types of risks Assessment Impact Likelihood Mitigation strategies Consider the once in 100 year risk If the impact is extreme, the risk may be too great to bear, no matter how unlikely The Faculty Management 13 Consultants Pty Ltd 2011
Develop business response approach and plan Define roles and responsibilities Business Continuity Emergency Response team Define mobilisation and communication protocols Availability of buildings & facilities: Identify alternate premises (primary, alternate, backup, etc) Ensure communications, power, resources and required operating equipment is available Define strategy for securing facilities and equipment if required Availability of systems & information: Define paper based processes Prepare templates and standard communications Define reconciliation approach for post disaster recovery Availability of personnel: Identify mitigation approach due to loss of personnel The Faculty Management 14 Consultants Pty Ltd 2011
Identify stakeholders and contact details Capture stakeholder names, roles and contact details (email, home and mobile phone number) Include key supplier contacts Include key business operational stakeholders Ensure this is kept current and is available in multiple locations Soft copy Hard copy off site storage Key contacts stored in mobile phones The Faculty Management 15 Consultants Pty Ltd 2011
Draft sample communications Prepare the tool kit of communications documents which can be quickly used when needed Draft communication documents to: Internal stakeholders Vendors Having a pre- prepared set of documents will be greatly beneficial in case of emergency Notification that BCP is being invoked Pre- prepared manual forms and process flows Manual requisition / purchase order Manual warehouse issue Emergency vendor setup The Faculty Management 16 Consultants Pty Ltd 2011
Distribute equipment, contact lists and BCP to team Defined list of team members Ensure they have access and carry with them laptop, Air Card, mobile phone Provide remote access to systems to support working from home or out of office Distribute team contact lists and keep them up to date Ensure team members have a copy of the BCP in hard copy and soft copy at their homes Make sure people carry their equipment with them if they are a nominated member of the BCP team Identify sources of backup hardware and equipment that could be drawn upon if required The Faculty Management 17 Consultants Pty Ltd 2011
Group Discussion Recent Disasters and use of BCPs
Recent Disaster and Business Continuity Events Recent disasters and issues Brisbane floods Cyclone Yasi Earthquakes and Tsunami Bushfires For each of these events, what type of impact would have been experienced? Availability of premises Availability of IT systems Availability of personnel The Faculty Management 19 Consultants Pty Ltd 2011
Risk precautions Don t locate IT systems or emergency generators in the basement Consider the impact of flooding or tsunami when designing buildings Consider the impact of loss of power or communications post an initial disaster E.g. Fukishima reactor appears to have failed due to loss of cooling What happens if the primary alternate location is not available Distributed systems and geographic diversification Offsite access to IT systems working from home The Faculty Management 20 Consultants Pty Ltd 2011
Business Continuity Planning Activity Case Study Group activity
Final Thoughts
Summary of BCP elements Define the purpose and scope of the BCP Identify assumptions in your BCP Identify and classify events based on the impact Buildings and facilities Information and systems Personnel Identify key business processes and develop alternatives Identify critical categories and develop mitigation strategies Identify stakeholders and consider their communication needs Develop draft communications plan and documents for use in emergency Ensure the team understands their role and have appropriate equipment Store the BCP and key equipment / documents off site The Faculty Management 23 Consultants Pty Ltd 2011
Keep your plan up to date Ensure the plan is a living document that is owned by a nominated role / person Update for changes of personnel and contact details Changes of supplier and contacts Changes of operational / site stakeholder contacts Periodic review of key risks, processes Ensure key team members understand the role they are expected to play Hold test events on a periodic basis for critical processes and categories The Faculty Management 24 Consultants Pty Ltd 2011
Be prepared... Thorough preparation Mental attitude and resourcefulness A positive attitude and essential skills Prepare for the worst, and hope for the best The Faculty Management 25 Consultants Pty Ltd 2011
Be prepared... Thorough preparation Mental attitude and resourcefulness A positive attitude and essential skills Prepare for the worst, and hope for the best The Faculty Management 25 Consultants Pty Ltd 2011
Be prepared... Thorough preparation Mental attitude and resourcefulness A positive attitude and essential skills Prepare for the worst, and hope for the best The Faculty Management 25 Consultants Pty Ltd 2011
Business Continuity Planning Workshop Michael Kirk Email: Michael.Kirk@thefaculty.com.au Phone: +61 3 9654 4900