PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Similar documents
Business Continuity Planning and Disaster Recovery Planning

Documentation. Disclaimer

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA

Principles for BCM requirements for the Dutch financial sector and its providers.

Unit Guide to Business Continuity/Resumption Planning

#316 The Security Elements of Business Continuity & Disaster Recovery Plans

Interactive-Network Disaster Recovery

Coping with a major business disruption. Some practical advice

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Business Continuity Management

Why Should Companies Take a Closer Look at Business Continuity Planning?

Business Continuity Management

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

BCP and DR. P K Patel AGM, MoF

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

Business Continuity Management

Desktop Scenario Self Assessment Exercise Page 1

Business Continuity and Disaster Recovery Planning

Proposal for Business Continuity Plan and Management Review 6 August 2008

Overview TECHIS Manage information security business resilience activities

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

Company Management System. Business Continuity in SIA

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1

Emergency Response and Business Continuity Management Policy

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity

Temple university. Auditing a business continuity management BCM. November, 2015

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) Fax: (718)

Information Security Policy. Chapter 11. Business Continuity

University of Michigan Disaster Recovery / Business Continuity Administrative Information Systems 4/6/2004 1

Statement of Guidance

Business Continuity Planning (800)

NHS 24 - Business Continuity Strategy

Business Continuity Plan

This presentation will introduce you to the concepts and terminology related to disaster recovery planning for businesses.

The PNC Financial Services Group, Inc. Business Continuity Program

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES

Business Continuity Planning for Risk Reduction

External Supplier Control Requirements BCM

State of South Carolina Policy Guidance and Training

Bank of Papua New Guinea Prudential Standard BPS251: Business Continuity Management

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

Business Continuity Management Policy

Business Resiliency Business Continuity Management - January 14, 2014

The PNC Financial Services Group, Inc. Business Continuity Program

Business Continuity Policy

Success or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper

BUSINESS RESILIENCE READY OR NOT

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity and Disaster Planning

PBSi Business Continuity Planning

How To Manage A Disruption Event

White Paper: ISO Business Continuity Management An Overview. ISO Business Continuity Management An Overview

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

Business Continuity Planning

Prudential Practice Guide

Business Continuity Policy and Business Continuity Management System

addition, business functions should be linked to IT systems using either business impact analysis (BIA) or business modeling which will be covered

Business Continuity Policy

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy

Guidance Note XGN XXX.1

Business Continuity Management Policy and Framework

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three

ILLINOIS INSTITUTE OF TECHNOLOGY School of Applied Technology. Dave Wallenberg, Mario Russo and Batchum Mataruke Edited by Ray Trygstad

Business Continuity Policy

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

November 2007 Recommendations for Business Continuity Management (BCM)

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY

Continuity of Operations Planning. A step by step guide for business

Operational Risk Publication Date: May Operational Risk... 3

Developing a Business Continuity Plan... More Than Disaster

BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE

Business Continuity (Policy & Procedure)

1.0 Policy Statement / Intentions (FOIA - Open)

Business Continuity Management and BS by Steve Chan, Head of Training - HK, BSI Management Systems

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

Solihull Clinical Commissioning Group

Overview of Business Continuity Planning Sally Meglathery Payoff

Disaster Management and Business Continuity Plan for Bankers

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

Chapter I: Fundamentals of Business Continuity Management

How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%.

Business Continuity Management Policy

D2-02_01 Disaster Recovery in the modern EPU

SUPERVISORY AND REGULATORY GUIDELINES: PU BUSINESS CONTINUITY GUIDELINES

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

Business Continuity Business Continuity Management Policy

Transcription:

1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Learning Objectives 2 To understand the concept of Business Continuity Management To understand the key phases and components of a Business Continuity Plan To understand the key aspects of Business Continuity Plan implementation To learn about Back-up and Disaster Recovery Planning To learn how to audit a Business Continuity Plan

Task Statements 3 To design, develop, implement, test, maintain and audit all key phases and components of a Business Continuity Plan in an enterprise To conduct Risk assessment and Business Impact Assessment

Knowledge Statements 4 To understand the concepts and components of Business Continuity Management To know the development of Business Continuity Plans, Disaster Recovery Plans; Emergency Plans etc To know the different phases and components of Business Continuity Plan

Chapter Overview 5 Business Continuity Management Business Continuity Planning BCP Implementation Back up and DR Auditing BCP

Topics Covered Part-1 4.1 Introduction 4.2 Need for BC Management 4.3 BCM Policy Part-2 4.6 Components of BCM Process 4.7 BCM Management Process 4.8 BCM Information Collection Process 4.4 Business Continuity Planning (BCP) 4.5 Developing a BCP 6

Topics Covered Part-3 Part-4 4.9 BCM - Strategy Process 4.10 BCM Development and Implementation Process 4.11 BCM Testing and Maintenance Process 4.12 BCM - Training Process 4.13 Types of Plans 4.14 Types of Back-ups 4.15 Alternate Processing 4.16 DR Procedural Plan Part-5: 4.17 Audit of the DR/BR Plan 4.18 Summary 7

Topics Covered 8 PART-1 4.1 Introduction 4.2 Need for Business Continuity Management 4.3 BCM Policy 4.4 Business Continuity Planning 4.5 Developing a Business Continuity Plan

4.1 Introduction 9 Manage disruption of all kinds Business Continuity Management (BCM) is an effective management process to To ensure effective implementation of BCM, an enterprise should conduct regular internal audits at planned intervals Provide countermeasures to safeguard BCM facilitate understanding of the concept, planning, implementation and continuous improvements of Business Continuity Plans (BCP)

4.2 Need for BCM 10 Key terms Business Contingency An event with the potential to disrupt computer operations, thereby disrupting critical mission and business functions Eg. power outage, hardware failure, fire, or storm. If the event is very destructive, it is often called a disaster

4.2 Need for BCM 11 Key terms BCP Process A process designed to reduce the risk to an enterprise from an unexpected disruption of its critical functions and assure continuity of minimum level of services necessary for critical operations Purpose is to ensure that vital business functions (critical business operations) are recovered and operationalized within an acceptable timeframe

4.2 Need for BCM 12 Key terms Business Continuity Planning (BCP) Ability of enterprises to recover from a disaster and continue operations with least impact Independent audit to confirm adequacy and appropriateness to meet enterprise needs

Related Terms 13 Asset Vulnerability Threat Exposure Likelihood Attack Risk Countermeasure Residual Risk - Something of value to organisation - Weakness in system safeguards - Potential to harm the system - Extent of loss when risk materializes - Probability that threat will succeed - Set of actions designed to compromise CIA - Potential harm if a threat exploits a vulnerability - Measure that reduces vulnerability of a system - Risk still remaining after the counter measures

What is BCP? 14 Process designed to reduce the organization s business risk Much more than just a plan for the information systems

15 Risks of inadequate BCP Inadequate BCP could result in risks Inability to maintain critical customer services Damage to market share, reputation or brand Failure to protect Assets including IP and personnel Business control failure Failure to meet contractual or regulatory requirements

BCP Manual 16 Documented description of actions to be taken Resources to be used and Procedures to be followed before, during and after a disruptive event. BCP Manual specifies the responsibilities of the BCM team which serve as liasoning teams between the functional area(s) affected and other departments providing support services in the event of an incident or disaster.

BCP Manual 17 BCM is a framework that Proactively improves an enterprise s resilience against the disruption of its ability to achieve its key objectives. Provides a rehearsed method of restoring an enterprise s ability to supply its key products and services to an agreed level within an agreed time after a disruption. Delivers a proven capability to manage a business disruption and protect the enterprise s reputation and brand.

Scope of Business Continuity 18 Top management needs to define the scope of the BCM program It involves identifying key products and services that support enterprise s objectives, obligations and statutory duties in line with the threat scenario and the business impact analysis (BIA) In case of an outsourced service or activity, the risk accountability remains with the enterprise

Advantage of Business Continuity 19 Ability to proactively assess the threat scenario and potential risks Planned response to disruptions which can contain the damage and minimize the impact on the enterprise Ability to demonstrate a response through a process of regular testing and trainings

4.3 BCM Policy 20 A high level document To make a systematic approach for disaster recovery To bring about awareness among the persons in scope about the business continuity aspects and its importance To test and review the business continuity planning for the enterprise in scope. Developing the BCM policy involves Defining the scope Defining the BCM principles, guidelines and minimum standards

4.3 BCM Policy 21 Objective of this policy is to provide a structure through which Critical services and activities will be identified. Plans will be developed to ensure continuity of key service delivery following a business disruption. Invocation of incident management and business continuity plans can be managed. Incident management and business continuity plans are subject to ongoing testing, revision and updation. Planning and management responsibility are assigned to a member of the relevant senior management team.

4.4 Business Continuity Planning 22 Business Continuity Planning (BCP) is the Creation and validation of a practical logistical plan For how an organization Will recover and restore partially or Completely interrupted critical (urgent) functions Within a predetermined time after a disaster or extended disruption.

Business Continuity Areas 23 Business resumption planning The operation s piece of business continuity planning Disaster recovery planning The technological aspect of business continuity planning Crisis management The overall coordination of an organization's response to a crisis in an effective timely manner

DR and BC Disaster Recovery Disaster recovery focuses on the IT or technology systems that support business functions. It is a subset of business continuity. BCM Disaster Recovery Business Continuity 24

Elements of Business Continuity Disaster Recovery Recover mission-critical technology and applications at an alternate site. Business Recovery Recover the business process at an alternate site. Workspace recovery. Contingency Planning To manage an external event that has far-reaching impact on the business. 25

Business Continuity Life Cycle 26 Recovery Alternatives Recovery Plan validation Risk Assessment Recovery Plan implementation

Objectives and Goals of BCP 27 Primary Objectives of BCP To minimize loss by minimizing the cost associated with disruptions To enable an organisation to survive a disaster To re-establish normal business operations

Objectives and Goals of BCP 28 Key Objectives of Contingency Plan Provide for the safety and well-being of people on the premises at the time of disaster Continue critical business operations Minimise the duration of a serious disruption to operations and resources Minimise immediate damage and losses

Objectives and Goals of BCP 29 Key Objectives of Contingency Plan Establish management succession and emergency powers Facilitate effective co-ordination of recovery tasks Reduce the complexity of the recovery effort Identify critical lines of business and supporting functions

Objectives and Goals of BCP 30 Goals of Business Continuity Plan Identify weaknesses and implement a disaster prevention program Minimise the duration of a serious disruption to business operations Facilitate effective co-ordination of recovery tasks Reduce the complexity of the recovery effort

Questions 31 1. Discuss the objectives and goals of Business Continuity planning. 6. (c) What are the goals of Business Continuity Plan? (5 Marks) (Nov 2008) 4 Marks (Nov. 2012) 1. c) What is meant by Business Continuity Planning? Explain the areas covered by Business Continuity. (5 Marks) (Nov. 2010)

Answer 32 The primary objective of a business continuity planning is to enable an organization To survive in a disaster and To re-establish normal business operations. In order to survive, the organization must assure that critical operations can resume normal processing within a reasonable time frame.

Answer 33 The key objectives of the contingency plan should be to: Provide for the safety and well-being of people on the premises at the time of disaster Continue critical business operations Minimise the duration of a serious disruption to operations and resources (both information processing and other resources) Minimise immediate damage and losses

Answer 34 Establish management succession and emergency powers Facilitate effective co-ordination of recovery tasks Reduce the complexity of the recovery effort and Identify critical lines of business and supporting functions.

Answer 35 Therefore, the goals of the business continuity plan should be to Identify weaknesses and implement a disaster prevention program Minimise the duration of a serious disruption to business operations Facilitate effective co-ordination of recovery tasks Reduce the complexity of the recovery effort.

4.5 Developing a BCP 36 Methodology for developing a BCP Understanding the total efforts required Commitment from appropriate management Defining recovery requirements Documenting impact of an extended loss Disaster prevention, impact minimisation & orderly recovery Business continuity teams Understandable, easy to use & maintain Integrated into ongoing business planning

8 phases of Business Continuity Plan 37 Pre-Planning activities Testing program Maintenance program Vulnerability assessment & general definition of Requirements Plan development Initial Plan Testing & Plan Implementation Business Impact Analysis (BIA) Detailed definition of Requirements

38 Phase 1 Pre-Planning Activities (Project Initiation) Obtain an understanding of the existing and projected systems environment Enables the project team to: A Steering Committee is established with the overall responsibility for providing direction and guidance to the project team. Refine the scope of business continuity planning, associated work program Develop project schedules Identify and address any issues that could have an impact on the project

39 Phase 1 Pre-Planning Activities (Project Initiation) Business Continuity Manager works with the Steering Committee in finalising the detailed work plan and developing schedules for conducting Security Assessment and Business Impact Analysis (BIA). Two other key deliverables are: Development of a policy to support the recovery programs An awareness program to educate management and senior individuals.

40 Phase 2 Vulnerability Assessment and General Definition of Requirement Vulnerability assessment Thorough Security Assessment of the system and communications environment Improve any existing emergency plans and disaster prevention measures Implement required emergency plans and disaster prevention measures where none exist Present findings and recommendations to the Steering Committee

41 Phase 2 Vulnerability Assessment and General Definition of Requirement General definition of Requirement Define the scope of the planning effort. Acquire recovery planning and maintenance software. Develop a Plan Framework. Assemble business continuity team and conduct awareness sessions.

Phase 3 Business Impact Assessment 42 Identify critical systems, processes and functions Assess the economic impact of incidents and disasters Assess the pain threshold - the length of time business units can survive without access to the system, services and facilities

43 Phase 4 Detailed Definition of Requirements To be used as a basis for analysing alternative recovery strategies A profile of recovery requirements is developed: By identifying resources required to support critical functions Recovery strategies will be based on short term, intermediate term and long term outages Includes hardware, software, documentation, outside support, facilities and personnel for each business unit. Another key deliverable of this phase is the definition of the plan scope, objectives and assumptions.

Phase 5 Plan Development 44 The recovery plans components are defined and plans are documented It includes the implementation of changes to user procedures, operating procedures, vendor contract negotiations and definition of Recovery Teams Recovery standards are also developed during this phase

Phase 6 Testing Program 45 Testing/exercising goals are established Alternative testing strategies are evaluated Testing strategies tailored to environment are selected An on-going testing program is established

Phase 7 Maintenance Program 46 Maintenance of the plans is critical to the success of an actual recovery The plans must reflect changes to the environments Change management procedures will be recommended and implemented Many recovery software products take this requirement into account

47 Phase 8 Initial Plan Testing and Implementation Defining the test purpose/approach Identifying test teams Structuring the test Conducting the test Analysing test results Modifying the plans as appropriate

Question 48 Describe the methodology of developing a Business Continuity Plan. (5 Marks) (Nov 2008)

49 Answer The methodology for developing a business continuity plan can be sub-divided into eight different phases. The extent of applicability of each of the phases has to be tailored to the respective organisation. The methodology emphasises on the following: Providing management with a comprehensive understanding of the total efforts required to develop and maintain an effective recovery plan Obtaining commitment from appropriate management to support and participate in the effort

Answer 50 Defining recovery requirements from the perspective of business functions Documenting the impact of an extended loss to operations and key business functions Focusing appropriately on disaster prevention and impact minimisation, as well as orderly recovery Selecting business continuity teams that ensure the proper balance required for plan development

51 Answer Developing a business continuity plan that is understandable, easy to use and maintain Defining how business continuity considerations must be integrated into ongoing business planning and system development processes in order that the plan remains viable over time.

52 Risk Model

Summary 53 PART-1 4.1 Introduction 4.2 Need for Business Continuity Management 4.3 BCM Policy 4.4 Business Continuity Planning 4.5 Developing a Business Continuity Plan

54 Thank you!

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information