1 Kathleen Lucey Montague Technology Management, Inc. tel: 1.516.676.9234 Telling the Truth in Business Continuity.

Slides:



Advertisements
Similar presentations
Preparing for the Unexpected
Advertisements

IT Service Continuity Management
Museum Presentation Intermuseum Conservation Association.
1 Introduction to Safety Management April Objective The objective of this presentation is to highlight some of the basic elements of Safety Management.
Session No. 4 Implementing the State’s Safety Programme Implementing Service Providers SMS
Aviation Security Training Module 4 Design and Conduct Exercise II 1.
Lisa Brown and Charles Thomas LAWNET 2002 Taking the Mystery Out of Project Management.
Module N° 7 – Introduction to SMS
Title Subtitle.
Transport for London Supplier Diversity Stonewall Presentation Clive Saunders Equality & Inclusion Delivery Manager Group Services.
IAEA Training in Emergency Preparedness and Response Module L-051 General Concepts of Exercises to Test Preparedness Lecture.
Gaining Senior Leadership Support for Continuity of Operations
Site Safety Plans PFN ME 35B.
1 Implementing Internet Web Sites in Counseling and Career Development James P. Sampson, Jr. Florida State University Copyright 2003 by James P. Sampson,
1 According to PETROSAFE safety policy, the company is keen that: Introduction All Egyptian Petroleum companies and foreign companies working in A.R.E.
IBM Corporate Environmental Affairs and Product Safety
EMS Checklist (ISO model)
Vision: A strong and capable civil society, cooperating and responsive to Cambodias development challenges 1.
1 Risk Reasoning Ltd Risk Management Made Easy Mark Swabey & Stuart Gruszka If I were you, I wouldnt start from here Getting Enterprise Risk Management.
Leadership and Strategic Planning
Effectively applying ISO9001:2000 clauses 6 and 7.
Checking & Corrective Action
Determining the Significant Aspects
SAI Performance Measurement Framework
Directions for this Template  Use the Slide Master to make universal changes to the presentation, including inserting your organization’s logo –“View”
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
How to commence the IT Modernization Process?
Chapter 2 Using Information Technology for Competitive Advantage Copyright 2001, Prentice-Hall, Inc. MANAGEMENT INFORMATION SYSTEMS 8/E Raymond McLeod,
2 3 There are two basic areas where there is a need to have resources available. Internal:  Financial  Personnel  Assets  Time External  Consultants.
25 seconds left…...
Business Continuity Training & Awareness by Sulia Toutai (ANZ)
We will resume in: 25 Minutes.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 2.
Auditing Governance Functions
Disaster Preparedness I Lessons Learned Don Hall Thomson Prometric 2006 Annual ConferenceAlexandria, Virginia Council on Licensure, Enforcement and Regulation.
Introduction to Business Continuity Planning An Introduction to the Business Continuity Planning Process Including Developing your Process and the Plans.
Security Controls – What Works
Chapter 5 IT Processes Presented by Dr. Mohamed Sammouda.
Managing the Information Technology Resource Jerry N. Luftman
Disaster Recovery and Business Continuity Gretchen Grey.
Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.
Crisis Management Planning Employee Health Safety and Security Expertise Panel · Presenter Name · 2008.
Services Tailored Around You® Business Contingency Planning Overview July 2013.
EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)
© 2010 Plexent – All rights reserved. 1 Change –The addition, modification or removal of approved, supported or baselined CIs Request for Change –Record.
EHS Management System Elements
RBTC: Business Continuity 101 July 18, What is Business Continuity? Scenario Part 1 Why is BC important? What types of plans are needed? How do.
Module 3 Develop the Plan Planning for Emergencies – For Small Business –
Making Business Continuity Child’s Play Solutions Ltd Business Continuity Management Contact details: Contact : Mick O’Regan Mobile :
ISA 562 Internet Security Theory & Practice
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.
Montague Technology Management1 Contingency Planning for Year 2000 Montague Technology Management November 19, 1998.
Business Continuity Program Orientation (insert presentation date) (This presentation is a template that requires adjustments to meet your needs)
 2006 Montague Technology Management, Inc. All Rights Reserved Case Studies in Business Continuity: What NOT to Do May 26, 2006 Kathleen A. Lucey
NFPA 1600 Disaster/Emergency Management and Business Continuity Programs.
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
Swedish Risk Management System Internal management and control Aiming to Transport Administration with reasonable certainty to.
Tom Lenart & John Field CT DEMHS Region 2.  Department of Emergency Services and Public Protection (DESPP)  Commission on Fire Prevention and Control.
Business Continuity Disaster Planning
Alex Ezrakhovich Process Approach for an Integrated Management System Change driven.
CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.
AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP.
Business Continuity Planning 101
#327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.
THINK DIFFERENT. THINK SUCCESS.
Chris Lintern Co-operative Financial Services
Making Incident Management Work for Your Organization
Business Contingency Planning
Business Continuity Basics
Presentation transcript:

1 Kathleen Lucey Montague Technology Management, Inc. tel: Telling the Truth in Business Continuity

2 What is your BCM Programs Reason to Live What is the primary reason for the existence of your BCM program? –Regulatory requirement –Audit requirement –Technology recovery capability –Prudent business control –An integral and ongoing part of the firms business

3 Risks, Mitigation, and Scenarios Do you know your risks and their impacts: –Infrastructure: fire, loss of power, equipment failure –Production Line Single Points of Failure –Employees –Reputation –Outsourcers and Suppliers –Climate-related regional events –Civil Disorder/Attack Are strategies in place to lower the probability of controllable risks– and continue critical operations within tolerance levels if an interruption does occur? Which interruption scenarios have you included?

4

5

6

7

8

9 Supplier Outage or Transport Issue Employee Unavailability Power Disruption Weather Events Regulatory Mandate Mission-critical IT Systems Maintenance and Service Contracts Contingency Plans Disaster Recovery Plans Insurance Policies Mission-Critical Physical Infrastructure Information Security Testing and Training Incident Procedures and Review Processes Audit and Reporting Functions Stay In Business Requirements Change Control Process Environmental Topology Mission-critical IT Systems Denied Facility Access Civil Unrest, War Business Continuity © Montague Technology Management, Inc. 2006, All rights reserved.

10 Worst-Case Scenario Minor Interruptions Everyday Blips Process Dysfunctions SOLUTIONS Disaster Recovery Availability Availability Reliability Engineering Core Business Value Chain Processes INTERRUPTION 2006 Montague Technology Management, Inc. All rights reserved.

11 Interruption Scenario Characteristics Time / day of incident Damages type: Building infrastructure, reputation, regional infrastructure Personnel injuries Effects on critical operations Area: premises, building, small area, region Duration

12 IT Recovery Coordination Business Recovery Coordination INTERRUPTION MANAGEMENT MODEL Business Continuity Teams Information Technology Recovery Teams Interruption Management Team Executive Oversight Team Media Relations Team Command Center Support Team Business Continuity Coordination Initial Crisis Management Recovery Management Employee Support EMT Government Liaison Emergency Funding Physical Security Transportation, Communications Site Repair and Restoration HAZMAT Admin. Services Damage Assessment Emergency Logistics Site Relocation and Re-creation Site Repair or Relocate Purchasing 2006 Montague Technology Management, Inc. All rights reserved. Insurance Liaison

13 BCM Program Content Does your BCM contain the following: –Crisis Communication and Management Procedures? –Business Unit Recovery Procedures? –Technology Recovery Procedures? –Supplier Failure Compensatory procedures? –Restore/Relocation procedures? Are all involved parties trained and committed to their BC responsibilities? How do you know? How do you know that all of these will be effective when needed?

14 BCM Program Approvals Is your BCM Program approved by: –Internal and External Audit? –Regulator(s)? –CIO? –Risk Committee of the Board? –You? Which of these matters most and why?

15 Walking the Walk Can you demonstrate that your program is a successful ongoing permanent business function? –Annual budget? –Status Reporting to annual objectives? –Sufficient human and financial resources? –Inclusion of BCM in Performance Evaluations? –Appropriate Reporting Relationship?

16 Walking the Walk –Achievement of high verisimilitude in test scenarios? –Proven ability to meet RPOs? Resolving all data synchronization issues? –Proven ability to meet RTOs for App service continuity in high verisimilitude scenarios? Including all interfaces? –Supplier SLAs for BCM? Penalties? –Inclusion of BCM on task forces for strategic firm actions, such as acquisitions, strategic software implementations, HR Policies, Insurance, etc. etc.?

17 BCM Program Testing In your exercise program, do you: Test to discover inadequacies? or Test to meet achievable objectives?

18 BCM Program Manager Objectives What are your real objectives: –Ensure your firm survives any interruption. –Keep the auditors/regulators happy. –Keep your boss happy. –Keep your job.

19 Confirmation of Objectives What are the objectives of your management, board, stockholders: –Do what is necessary to proactively lower risks and protect employees, while ensuring that the firm survives any interruption with the least damage. –Meet the requirements of an external standard, such as NFPA 1600 or BS –Spend the least possible to keep the auditors/regulators off their backs. –BCM is an IT-only issue and it is the responsibility of the CIO to balance this against competing IT priorities.

20 Discontinuity of Objectives Clues that there are problems: –Objectives identified by inference –Underdeveloped emergency communications and procedures –No BCM Program budget or annual objectives –Testing program inadequate but successful –BCM function reports to IT –BCM is not discussed at Sr. Management or Board Meetings –High BCM Program Manager anxiety

21 Identification of Gaps Verify existence and completeness of BCM Program components: see standards Use table-top testing to illustrate gaps Confirm objectives of all parties Calculate costs for BCM Program Calculate benefits of the existing BCM Program (hint: there may be an ROI problem here.)

22 Propose a Plan to Close Gaps Identify priorities of stakeholders Identify sponsors and work with them Offer corrective plan at 3 levels: nothing, necessary improvements over time, much improvement in a short time Present to the right audience Document approved BCM Program objectives for the next budget period Propose a budget; adjust to cutbacks Document the detailed effect of budget cutbacks: dont try to be a hero! Improve the Cost/Benefit ratio!

23 Implement the Approved Operating Plan and Budget Make all costs visible Make progress to approved operating plan visible Document EVERY incident; do whatever possible to ensure that it does NOT happen again. Request BCM operating plan/budget changes when priorities or conditions change; work with sponsors Dont try to be a hero! Improve the Cost/Benefit ratio by calculating all costs and benefits Measure and document all progress achieved by year-end.

24 Keys to Success Confirm objectives of all stakeholders and resolve discontinuities Implement the will of Senior Management: –Help them to frame their requirements –Do the work –Make it visible –Document it –Report back to stakeholders Insist on managing your own budget, whatever its size Dont try to be a hero! If you treat this like any other permanent ongoing business function, others will eventually come around to the views of your sponsors.

25 Keys to Success A false sense of safety from an inadequate BCM Program is DANGEROUS. Dont be a source of danger. Be reliable and visible: do what you say, say what you do –Set objectives and meet them –Look for ways to improve and implement them –Be visible: Status Reports, Newsletters, Awareness Programs –Avoid surprises wherever and whenever possible Educate and create awareness

26 And in closing Be reliable Tell the truth as you know it, but be smart in how you do it. Dont be a HERO! tel:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.