Business Continuity Planning Preparing Your Organization



Similar documents
Why Should Companies Take a Closer Look at Business Continuity Planning?

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Business Continuity Planning for Risk Reduction

Business Continuity Plan

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning MARCH 2003 IT EXAMINATION H ANDBOOK

Business Continuity and Disaster Recovery Planning

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

CISM Certified Information Security Manager

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Western Intergovernmental Audit Forum

Business Continuity and Disaster Planning

How To Back Up A Virtual Machine

Business Continuity Planning

Meeting FFIEC Requirements: Enterprise-Wide Testing of Your. Business Continuity Plan

Business Continuity Planning (800)

State of South Carolina Policy Guidance and Training

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP).

Unit Guide to Business Continuity/Resumption Planning

MHA Consulting. Business Continuity Management 101

Overview of how to test a. Business Continuity Plan

Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM

Business Unit CONTINGENCY PLAN

Temple university. Auditing a business continuity management BCM. November, 2015

Ohio Supercomputer Center

Disaster Recovery. Hendry Taylor Tayori Limited

Business Resiliency Business Continuity Management - January 14, 2014

National Check Payments Certification. Fraud, Risk, and Risk Mitigation Part II. Copyright 2015 by the Electronic Check Clearing House Organization

Disaster Preparedness & Response

Business Continuity Management

Principles for BCM requirements for the Dutch financial sector and its providers.

NCUA LETTER TO CREDIT UNIONS

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Business Continuity Overview

Table of Contents... 1

Business Continuity and Disaster Recovery Planning

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

PBSi Business Continuity Planning

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

BUSINESS CONTINUITY PLAN

Cisco Disaster Recovery: Best Practices White Paper

Business Continuity Planning and Disaster Recovery Planning

D2-02_01 Disaster Recovery in the modern EPU

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Best Practices in Disaster Recovery Planning and Testing

Building a strong business continuity plan

Agenda. Creating a Robust Testing Program. Notification Tests. Overview of Testing. Beverly Schulz, CBCP

Creating a Business Continuity Plan for your Health Center

2014 NABRICO Conference

Vendor Management. Outsourcing Technology Services

Ohio Conference for Payroll Professionals Disaster Recovery

NHS 24 - Business Continuity Strategy

Interactive-Network Disaster Recovery

BUSINESS CONTINUITY. Plan Annex

Statement of Guidance

Disaster Recovery and Business Continuity Plan

DASTA Guide to Business Continuity (BC) and Disaster Recovery (DR) Planning

Continuity of Operations Planning. A step by step guide for business

Evaluating and Improving Your Business Continuity Plan

Business Continuity Planning and Disaster Recovery Planning

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

Business Continuity & Recovery Plan Summary

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1

Guideline on Business Continuity Management

Pandemic Planning. Presented by: Ron Wagner, IT Examiner with FDIC & Dana Lavey, Supervision Analyst with NCUA

Company Management System. Business Continuity in SIA

Mazzone & Associates, Inc.

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY

Business Continuity. Port environment

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity

Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

Business Continuity Planning

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

BUSINESS CONTINUITY PLANNING GUIDELINES

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS

Business Continuity & Disaster Recovery

Operational Risk Management Policy

Business Continuity Glossary

Building and Maintaining a Business Continuity Program

BCP and DR. P K Patel AGM, MoF

ASX SETTLEMENT OPERATING RULES Guidance Note 10

Appendix J: Strengthening the Resilience of Outsourced Technology Services

Business Continuity Planning. Presentation and. Direction

Transcription:

Business Continuity Planning Preparing Your Organization Nicholas De Laurentis, CRM, IGP nick.delaurentis.gmkj@statefarm.com 1 Objectives Understand the importance of Business Continuity Planning Know basic terms used and roles involved in Business Continuity Planning Understand the steps and relationship of initial Business Continuity Planning and continuous review and maintenance 2 1

3 Accountability Disposition Transparency Regulatory Retention Information Governance Programs Integrity Operational Availability Protection Compliance 4 2

Protection An information governance program shall be constructed to ensure a reasonable level of protection to records and information that are private, confidential, privileged, secret, classified, essential to business continuity, or that otherwise require protection. Availability An organization shall maintain records and information in a manner that ensures timely, efficient, and accurate retrieval of needed information. 5 DR is to BC as RIM is to IG Business Continuity Business Continuity is the entire process of planning how to recover from a disaster or significant interruption to normal business operations. We regard this process as developing plans and procedures in advance of an event that would allow our critical business functions to continue to operate at acceptable levels. Disaster Recovery The process, policies and procedures that are related to preparing for recovery or continuation of technology infrastructure which are vital to an organization after a natural or human-induced disaster. Focus is on recovering IT capabilities, processes, and services. 6 3

Importance of Business Continuity Planning 70% of businesses involved in a major fire fail within 3 years (Chubb) One out of two businesses never return to the marketplace following a major disaster (AXA) Within 2 years after Hurricane Andrew in Florida (1992), 80% of affected companies that lacked a BCP went out of business (FEMA) 7 Internal and External Threats Natural Disasters Earthquake Hurricane Flood Accidents Fire Utility Outage Malicious Sabotage Terrorism Cyber Attack Market Suppliers Competitors Consumer Trends Political Legislation 8 4

Why is BCP Important? Board of Director Expectations We have expectations placed on us by the Board of Directors. Customer Expectations In order for us to meet our mission statement of helping our customers manage the risks of everyday life, recover from the unexpected and realize their dreams, we need to have Business Continuity Plans (BCP) in place so that we can be available in their time of need. Regulatory Requirements As an Insurance Company and Financial Institution, we have regulatory requirements with the Office of the Comptroller of the Currency (OCC), Department of Insurance (DOI) as well as other regulatory bodies. 9 FFEIC BCP Objectives The business continuity planning process should include the recovery, resumption, and maintenance of all aspects of the business, not just recovery of the technology components; Business continuity planning involves the development of an enterprise-wide BCP and the prioritization of business objectives and critical operations that are essential for recovery; Business continuity planning includes the integration of the institution's role in financial markets; Business continuity planning should include regular updates to the BCP based on changes in business processes, audit recommendations, and lessons learned from testing; and Business continuity planning represents a cyclical, process-oriented approach that includes a business impact analysis (BIA), a risk assessment, risk management, and risk monitoring and testing. 10 5

FFEIC BCP Process BIA, RA, RM Testing Enterprise-wide Testing Program Assign Roles & Responsibilities Annual Test/Exercise Evaluate by Leadership & Independent Party Risk Monitoring and Testing Business Impact Assessment Prioritization and Depend. of Busn. Process Potential Impact of Disruptions Leg/Reg Requirements Est. Downtime & Acceptable Loss RTOs, RPOs, Crit. Path Risk Management Risk Assessment BIA and RA Specific Steps Flexible to Respond Various Threats Minimize Disruptions 11 BIA Threat Scenarios Analyze Threat Impact Prioritizing Disruptions GAP Analysis vs. Policies & Procedures BCP Components Personnel; Communication; Technology issues; Hardware - mainframe, mid-range, servers, network, enduser; Software - applications, operating systems, utilities; Communications (network and telecommunications); Data files and vital records; Operations processing equipment; and Office equipment. 12 6

BCP Components (cont.) Facilities; Electronic payment systems; Liquidity concerns; Financial disbursement; Manual operations; and Other considerations. 13 Key Roles in BCP Enterprise Business Continuity Communicates strategic decisions to Department BRCs Provide process and tool training for BUTLs and BRCs Provide Exercise Assistance Business Recovery Coordinator (BRC) BRCs are located in the Field and in each Corporate Dept to coordinate/communica te activities associated with BCP Corporate BRCs are responsible for a specific Dept, while BRCs in the Field are responsible for a particular location 14 Business Unit Team Leader (BUTL) BUTLs are responsible for maintenance/ update of Business Unit BCP, periodic plan exercises, and execution of plan at time of disaster BUTLs are also known as plan owners 7

Annual BCP Cycle 1. Review 4. Verification 0. Plan Development 2. Exercise 3. Update 15 0. Plan Development The goal of business continuity planning is to reduce the impact of any disruptive event to a manageable level. Plans are developed to: Organize recovery of business units and/or processes. Establish team leadership responsibilities and design team structures. Document key information for the plan, including call trees, recovery procedures, work area requirements and prioritization, vital records, key contacts, etc. Each BRC is responsible for ensuring that all BCPs are in place and current. Continued plan development is critical for plans to be effective. The required annual review of the BCP must be completed within a window and consists of: 1. Plan Review 2. Plan Exercise 3. Plan Update 4. Plan Verification 16 8

1. Plan Review 1. Review the roles and responsibilities of a BRC or BUTL and the Business Continuity Annual Plan Review process. 2. Read through a printed copy of your plan, or navigate through each section in BCP tool used. Make note of any information currently contained in the plan that needs to be verified, updated, or removed, as well as any information that must be added. 3. If your plan encompasses multiple functional areas, consider contacting subject matter experts in each of those areas to ensure the plan adequately addresses their recovery needs. If necessary, gather additional material for those areas and incorporate the information into your plan. 17 2. Plan Exercise Some of the objectives of the Plan Exercise are: Evaluate the recovery procedures to ensure accuracy. Verify the ability of recovery teams to activate their plans and recover their critical functions. Identify cross-functional interdependencies with other business units. Identify plan deficiencies and document information changes that require plan modification. Evaluate whether recovery plans have been properly maintained and updated to reflect actual recovery needs. Annual exercises are performed to include all associates who have recovery responsibilities under the BCP. Each BRC should establish an exercise cycle that increases in scope and complexity over time. Walkthrough Table Top Mock Exercise Systems DR Exercise Actual Event 18 9

3. Plan Updates Based on changes identified during the annual plan review and/or exercise process, the BUTL updates the BCP and any related documentation in the plan. Updates to vital records, contact information, documented procedures, equipment needs, skillset requirements, vendor information, hardware and software requirements, 19 4. Plan Verification Plan Verification is the final phase of the business continuity planning process. This ensures business continuity plans are accurate and compliant with company standards. Each business unit is required to submit review verification documentation within 3 months from the date each business unit plan expires. Each plan must be reviewed in terms of accurate content, some level of exercise is performed, and updates are made to the plan based upon the plan review and exercise discoveries. 20 10

Additional Resources Federal Financial Institutions Examination Council (FFIEC) IT Examination Handbook - http://ithandbook.ffiec.gov/ Federal Emergency Management Agency (FEMA) - http://www.fema.gov/media-library/assets/documents/89510 21 FEMA BCP Process 22 11

BCP Overview 23 Questions? 24 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information