Capability Business Continuity / Disaster Recovery Context What is Business Continuity? The Business Continuity Program Life Cycle Copyright: Virtual Corporation, 1994 2006 Modified U.S. DoD Graphic Normal Operations Incident Occurs Recovery Time Objective Return to Normal Operations Emergency Response Recovery Restoration Acceptable Business Capability Time Proactive BCM Activities Reactive BCM Activities Proactive BCM Activities Prevention and Preparedness Risk Avoidance / Mitigation / Acceptance Response, Recovery & Restoration Prevention and Preparedness Risk Avoidance / Mitigation / Acceptance 1
Business Continuity / Disaster Recovery Context Incident Occurs Normal Operations Emergency Response and Damage Assessment Business Continuity Management 6 Plans - Working Together ** Mitigation Action Plan may allow organization to avoid disruption. ** Crisis Management Plan Activated Preparing for Recovery of Critical Operations Operating in Recovery Mode Copyright: Virtual Corporation, 1994 2006 Normal Operations Acceptable Business Capability Disaster Recovery Plan Activated Implement Restoration Plan Time Hour 0 Recovery Begins Recovery In Place Restoration Begins Back to Normal Emergency Response Plan Saves lives and protects assets Conduct damage assessment Site Emergency Operations Center (EOC) Crisis Management Plan Enterprise Crisis Management Center (ECMC) Multiple EOC Activations Command, Control and Communications Risk Mitigation Plan Tasks to initiate mitigation action (s) Avoid or minimize disruption Business Recovery Plan Ensure that critical functions continue to be performed Departmental Recovery Plans Requires EOC communications and authorizations Disaster Recovery Plan Site Operations and Physical Infrastructure Ensure critical technical and operational infrastructure is available Alternate site recovery Restoration Plan A plan to return to normal operations 2
Why create a BC maturity model? The Business Continuity Maturity Model was developed to: Answer the following questions for senior mgmt: 1. Where are we now? 2. Where do we ultimately want to be? 3. What steps do we take to get there? Achieve executive buy-in to implement and/or sustain a Business Continuity program 3
Why create a BC maturity model? The Business Continuity Maturity Model was developed to: Generate consistent data from which meaningful benchmark analyses can be drawn: 1. Establish standard means of scoring BC program implementations 2. Develop historical databank tagged in meaningful ways, e.g., by industry, by region, by company size, etc. 3. Generate awareness that business continuity program effectiveness can be quantified 4
Why create a BC maturity model? The Business Continuity Maturity Model was developed to: Provide a diagnostic tool for objective evaluation of BC program effectiveness 1. Generate consistent and repeatable measurements of the current state-ofpreparedness 2. Conduct accurate and reliable analyses to identify gaps in BC program implementation 3. Propose demonstrable and justifiable actions to maximize program effectiveness and resource utilization 5
What is a Business Continuity Program? Business Continuity Program A proactive process identifying and prioritizing critical business functions and the likely threats to those functions. From this information, plans and procedures are developed through a regular program of personnel training, plan testing and maintenance. These management disciplines, processes and techniques provide business continuity of the critical business functions under the circumstances and within limits set by senior management. These circumstances and limits include: Defined scope and framework of a sustainable BC Program Approved funding and staffing of the company's BC Program 6
What is the Business Continuity Maturity Model? Assessment tool Provides standardized approach Consisting of: Six Levels Eight Corporate Competencies Associated Criteria Categories & Descriptors Associated Performance Requirements 7
Business Continuity Maturity Model 8
Business Continuity Maturity Model Leadership The commitment and understanding demonstrated by executive management regarding the implementation of a scaled, enterprise-wide business continuity program. The degree to which the business case has been articulated and understood. 9
Business Continuity Maturity Model Employee BC Awareness The breadth and depth of business continuity conceptual awareness throughout all staff levels of the organization. 10
Business Continuity Maturity Model BC Program Structure The scale and appropriateness of the business continuity program implemented across the enterprise. The degree to which the BC Program matches the articulated business case. 11
Business Continuity Maturity Model Program Pervasiveness The level of business continuity coordination between departments, functions and business units. The degree to which business continuity considerations have been incorporated in other business initiatives / programs. 12
Business Continuity Maturity Model Metrics The development and regular reporting of quantifiable criteria used to monitor the BC Program performance. The establishment of a baseline and on-going tracking of established business continuity competency goals. 13
Business Continuity Maturity Model Resource Commitment The application of sufficient, properly trained and supported personnel, financial and other resources to ensure the sustainability of the BC Program. 14
Business Continuity Maturity Model External Coordination Coordination of business continuity issues and requirements with external community including customers, vendors, government regulatory bodies, unions, local 1 st responders. Insure that critical supply chain partners have in place adequate BC Programs of their own. 15
Business Continuity Maturity Model BC Program Content Business Continuity Disciplines The degree and quality of implementation of each of the four central disciplines of BC: 1. Incident Management 3. Business Recovery 2. Technology Recovery 4. Security Management 16
Feedback From BCMM Download Users Executive Buy-In Self-Assessment Regulatory Compliance Evaluation Framework BCMM Supply Chain Vulnerability Program Design BCMM SM 17
BCMM Proprietary Tool Proprietary Model provides: A standardized methodology that is consistently applied. A diagnostic tool for objective evaluation of business continuity program effectiveness. Consistent data from which meaningful benchmark analyses could be drawn. Assessment Score Card provides: Consistent reporting format Comprehensive data presentation Comparative data 18
BCMM Assessment Toolkit Sample BCMM Scorecard BCMM SM Scorecard for (Enterprise) Scored Scored 10/10/2004 11/12/10 1:12 1:0012 PM PM BCMM SM Scorecard Score Corporate Competencies 3.8 Leadership 3.3 Employee Awareness 4.0 BC Program Structure 4.2 Program Pervasiveness 3.7 Metrics 4.2 Resource Commitment 3.8 External Coordination BC Program Content 3.6 3.7 Incident Management 4.1 Technical Recovery 4.1 Security Management 3.5 Business Recovery Total Score 3.2 3.8 19