CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.

Slides:



Advertisements
Similar presentations
Museum Presentation Intermuseum Conservation Association.
Advertisements

Disaster Planning in Legal Services Disaster Planning in Legal Services June 15,
Business Continuity Planning DavisLogicDavisLogic & All Hands ConsultingAll Hands Consulting.
Business Continuity Planning Presentation to Management.
Business Continuity Training & Awareness by Sulia Toutai (ANZ)
Business Continuity and Disaster Recovery Planning.
Disaster Preparedness I Lessons Learned Don Hall Thomson Prometric 2006 Annual ConferenceAlexandria, Virginia Council on Licensure, Enforcement and Regulation.
ORGANIZATION. 2 Problem scenario  Develop an organizational chart for your laboratory showing lines of authority from the head of the organization to.
1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.
Introduction to Business Continuity Planning An Introduction to the Business Continuity Planning Process Including Developing your Process and the Plans.
1 Continuity Planning for transportation agencies.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.
Continuity of Operations (COOP) Planning McDonnell A Tuesday 1:30 – 2:45 Emergency Preparedness 101: Personal, Organizational, and Community Don Sheldrew.
Business Crisis and Continuity Management (BCCM) Class Session
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Disaster Recovery and Business Continuity Gretchen Grey.
Session 3 – Information Security Policies
Business Preparedness: Best Practices 7 Steps to Protect Your Organization Against 21 st Century Threats.
1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.
Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.
Crisis Management Planning Employee Health Safety and Security Expertise Panel · Presenter Name · 2008.
1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.
EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)
Continuity of Operations Planning COOP Overview for Leadership (Date)
EHS Management System Elements
Developing an Emergency Management Plan Richard G. Zilg Deputy District Director, New Jersey.
RBTC: Business Continuity 101 July 18, What is Business Continuity? Scenario Part 1 Why is BC important? What types of plans are needed? How do.
Module 3 Develop the Plan Planning for Emergencies – For Small Business –
Business Crisis and Continuity Management (BCCM) Class Session
Basics of OHSAS Occupational Health & Safety Management System
Unit 8:COOP Plan and Procedures  Explain purpose of a COOP plan  Propose an outline for a COOP plan  Identify procedures that can effectively support.
ISA 562 Internet Security Theory & Practice
Insurance Institute for Business & Home Safety Even if the worst happens, be prepared to stay.
Rich Archer Partner, Risk Advisory Services KPMG LLP Auditing Business Continuity Plans.
Effectively Managing Transit Emergencies. Nature of Emergencies and Disasters Overview What Is an Emergency? What Is a Disaster? Differences What Is Emergency.
ADM 677 Crisis Management in Educational Settings Karen McCuiston Kentucky Center For School Safety.
Business Continuity and Disaster Recovery Planning.
1 Crisis Management / Emergency Management Overview.
Business Continuity and Disaster Recovery Chapter 8 Part 1 Pages 897 to 914.
Business Continuity Management For Project Managers.
Hazards Identification and Risk Assessment
Business Continuity Program Orientation (insert presentation date) (This presentation is a template that requires adjustments to meet your needs)
NFPA 1600 Disaster/Emergency Management and Business Continuity Programs.
Office of Emergency Management University of Houston-Clear Lake Business Continuity Planning.
Key Terms Business Continuity Plan (BCP) – A comprehensive written plan to maintain or resume business in the event of a disruption Critical Process –
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
Chapter 3: Business Continuity Planning. Planning for Business Continuity Assess risks to business processes Minimize impact from disruptions Maintain.
Tom Lenart & John Field CT DEMHS Region 2.  Department of Emergency Services and Public Protection (DESPP)  Commission on Fire Prevention and Control.
Business Continuity Disaster Planning
Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update July 2008Business and Finance.
OHSAS Occupational health and safety management system.
AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP.
Business Continuity Planning 101
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-I)
Business Continuity Steven S. Keleman, CPM. Emergency Management Prevention Response Preparation Mitigation Recovery.
CONTINUITY OF OPERATIONS PLANNING WORKSHOP #1. Workshop Overview Workshop #1 What is a COOP? The “Plan” Workshop #2 Implementation, Recovery Strategy,

What is Continuity of Operations Planning?
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Business Continuity / Recovery
Business Continuity Plan Training
Berry College Disaster Recovery Soft Exit
Business Continuity Planning
Continuity of Operations Planning
Business Continuity Program Overview
Developing and testing the Plan
INPUT OUTPUT ASSURANCE
Presentation transcript:

CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement FEBRUARY 18, 2016

2 Disruptions to Your Business StormsFireNetwork Outage FloodEarthquakeCivil Disturbance PandemicSnow StormBomb Threat Road ClosureVendor IncidentCyber Incident

3 Clients, Regulatory Agencies and Board Committees are Seeking to Mitigate Risk Organizations are having to demonstrate their abilities in the following areas:  Develop plans that will address widespread events and interruptions  Ensure personnel are trained on the plan  Store plans and critical files remotely for easy access  Communicate with clients and employees  Update plans regularly  Test regularly

4 How do you react? How do you RESPOND to an incident? How do you RECOVER from an incident?

5 Having a Plan to Deal with the Unexpected… A process whereby businesses can  Respond to an incident  Recover critical business operations, including services to customers when confronted with adverse events such as natural disasters, technological failures, human error or other unplanned incidents.

6 Having a Plan to Deal with the Unexpected… More simply described… It is a coordinated strategy involving plans that assures your business has the ability to continually meet your customers’ needs if faced with an unplanned business disruption.

7 Why Have a Plan?  Reduce reliance on key personnel  Protect assets  Increase the safety of all personnel  Minimize decision making during the recovery  Reduce delays during the recovery process  Provide a sense of security  Limit potential exposure and reduce legal liability  Provide organizational stability

8 Why Have a Plan?  Maintain continuity of operations, stay in business!  Maintain customer service  Relocate critical operations quickly  Minimize financial losses  Reduce disruptions to critical operations  Achieve an orderly recovery  Comply with legal, contractual, audits, and government regulations

9 Different Types of Plans  Incident Management Plan Response & Communication  Business Continuity Plan Business Recovery  IT Disaster Recovery Plan Technology Recovery  Evacuation Plan Life and Safety Procedures

10 Incident Management Plan (Response)  Incident Management Team & Roles  Reference Life/Safety Procedures  Responding to an Incident-Tasks & Assignments  Damage Assessment Procedures  Declaring An Incident  Command Center/Alternate Work Site Location  Communication Planning- Notification Procedures  Initiate BCP Recovery Team

11 Business Impact Analysis (BIA)  Interview key business process owners and leadership within the company to identify functions, risks and recovery objectives.  Document findings by functional areas-departments  Identify recovery strategies  Summarize approach into Business Continuity Plan

12 Business Continuity Plan (Recovery)  Assigned BCP Recovery Team & Roles  Prioritized Critical Functions & Recovery Time Objectives  Critical Roles, Assignments, Backup Lead/Staff Resources  Critical IT Equipment, Systems & Data Files-Prioritized  Loss of Facility-Alternate Work Space Strategy  Loss of Vendor/Service Provider Dependencies Strategy  Loss of People Strategy  Loss of Technology Strategy

13 IT Disaster Recovery Plan  IT Infrastructure Overview  Systems Overview  IT Recovery Strategies  Inventories  System Recovery Procedures  Tasks & Assignments  Technical Specifications  Vendor Dependencies

14 Usability Is the implementation of the Plan easy to understand by everyone?  Can Executive Management & Crisis Team easily assess the emergency?  Do Department heads understand their roles during an incident?  Does the Plan prioritizes the most critical business functions? (Controls unnecessary documentation)  Are testing/training programs in place to review overall readiness?  Are /procedures developed for manual processing? (Is recoverability dependent on systems availability?)  Can procedures be followed by someone outside the critical function? (You cannot expect availability of all subject matter experts during an incident)

15 Recoverability The most important recoverability requirements are often defined by your customers (internally and externally). What are their expectations?  Addresses requirement needs of clients and prospects – Business Continuity Planning and program maintenance is not an option with customers  Must be an ‘Actionable’ plan – continued availability of your services and support that is verifiable  Distinguishes you from your competitors

16 Business Continuity Plan Life Cycle  What is in place today?  Define the Business Continuity Plan Project Objectives and Requirements, Scope, & Cost  Executive Support  Identify BCP Team Assignments  Establish Business Continuity Policies Discovery – Functional Requirements Strategies Planning Crisis Communications Exercise/Testing Maintaining/Updating Training/Awareness Project Initiation

17 Business Continuity Plan Life Cycle  Identify client servicing needs and current regulation requirements  Site/Operational assessment/interviews (Business Impact Analysis)  What are the hazards/ threats/vulnerabilities? (Risk Assessment)  Key personnel interviews Strategies Planning Crisis Communications Exercise/Testing Maintaining/Updating Training/Awareness Project Initiation Discovery – Functional Requirements

18 Business Continuity Plan Life Cycle  Where will we go?  How will we operate?  What will we do for our employees? Planning Crisis Communications Exercise/Testing Maintaining/Updating Training/Awareness Project Initiation Discovery – Functional Requirements Strategies

19 Business Continuity Plan Life Cycle Create Business Continuity Plans:  Crisis Management-Incident Response  Site/Operational Recovery  IT/Systems Recovery Crisis Communications Exercise/Testing Maintaining/Updating Training/Awareness Project Initiation Discovery – Functional Requirements Strategies Planning

20 Business Continuity Plan Life Cycle  Who approves the messages and when they are published?  How will we communicate to media?  How will we communicate with employees?  How will we communicate with customers? Exercise/Testing Maintaining/Updating Training/Awareness Project Initiation Discovery – Functional Requirements Strategies Planning Crisis Communications

21 Business Continuity Plan Life Cycle  How often do we test?  Who will be involved?  What are the objectives?  Follow-up and lessons learned  Tabletop Exercise for developed plans Maintaining/Updating Training/Awareness Project Initiation Discovery – Functional Requirements Strategies Planning Crisis Communications Exercise/Testing

22 Business Continuity Plan Life Cycle  Who is responsible?  How often should it be updated?  How do we communicate changes to the plan? Training/Awareness Project Initiation Discovery – Functional Requirements Strategies Planning Crisis Communications Exercise/Testing Maintaining/Updating

23 Business Continuity Plan Life Cycle  Training people for preparedness  Home  Work  Understand their roles in recovery  Understand the business commitment to employees and clients Training/Awareness Project Initiation Discovery – Functional Requirements Strategies Planning Crisis Communications Exercise/Testing Maintaining/Updating

24 Elements of an ‘Actionable’ BCP Program  Risk Evaluation Results and Controls  Business Continuity Defined Strategies  Emergency Response and Operational Procedures  Business Continuity Plans (Site /Dept), IT DR Plans  Testing and Exercises  Awareness & Training Program  Public Relations & Crisis Communication Procedures  Coordination with Public Authorities

25 Business Continuity Planning An Ongoing Approach This is a process, not just a project.  Annual risk assessment/BIA, plus plan reveiws  Efforts for next year identified before budget cycle  Annual testing of at least some aspect of the plan  Ongoing BCP coordination

26 Summary: Today (Year 1) Focus on:  Assessing impacts and risks.  Establish crisis management-response protocols to react to disruption.  Developing business recovery strategies that respond to assessed risks and impacts.  Testing strategies for viability, effectiveness, and to ensure solutions meet requirements.

27 Summary: Business Continuity Tomorrow Evolve the Business Continuity Program to:  Utilize program as a way to establish risk control  Incorporate the program as part of business-as-usual and an extension of normal operations rather than reactive project.

28 Thank You Mark Madar Financial Services Director CBIZ Risk & Advisory Services P: (216) E:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.