Presentation is loading. Please wait.

Presentation is loading. Please wait.

Business Continuity Planning 101

Similar presentations


Presentation on theme: "Business Continuity Planning 101"— Presentation transcript:

1 Business Continuity Planning 101
Presented to the Main line Association for Continuing Education February 19, 2015

2 Objectives By the end of the presentation, the participants should be able to: Explain the difference between a Business Continuity Plan and a Disaster Recovery Plan List the steps to create a Business Continuity Plan List at least three reasons why every business should have a Business Continuity Plan

3 Why are you here? What do you hope to gain from this presentation?
What are your “burning questions”?

4 Poll – What is the most frequent cause of business interruptions?

5 You need a plan, but what kind?
Business Continuity Plan Disaster Recovery Plan Concerned with the recovery of People Processes Property Concerned with the recovery of Data Business Continuity plans usually incorporate Disaster Recovery plans. Disaster Recovery Plans do not incorporate Business Continuity plans.

6 Ten Step Process for Creating a Business Continuity Plan
Program Initiation and Management Risk Evaluation and Control Business Impact Analysis Develop the Business Continuity Strategy Emergency Preparedness and Response

7 Ten Step Process for Creating a Business Continuity Plan (contd.)
Develop and Implement the Plan Awareness & Training Program BC Plan Exercise, Audit, & Maintenance Crisis Communications Coordination with External Agencies

8 Step 1:Program Initiation
Establish the need for a program Is it required by law or regulatory body? Mandated by industry standards? Required to close any gaps found in an audit?

9 Program Initiation A Business Continuity Plan will:
Help safeguard human life Minimize confusion and enable effective decision making during a crisis Reduce dependency on specific personnel during a crisis Help minimize the loss of assets, revenue, and customers

10 Business Continuity Program Management
To be successful, a Business Continuity program needs a Steering Committee made up of members of Executive Management and Senior Leaders from throughout the business. The Steering Committee becomes the Crisis Management Team during an event.

11 Role of the Steering Committee
Provide oversight and guidance Provides resources Provides input and approval of the program scope, objectives, and timeframe Assists in defining roles and responsibilities Provides support for the Business Continuity Planner

12 Role of the Business Continuity Planner
Obtain Management Support Gathers relevant information for the Program Defines the program objectives and scope Assesses the project’s risks Plans the project in detail Tracks and reports progress up, over, and down

13 Step 2: Risk Evaluation & Control
Identify threats and vulnerabilities and their potential impact on the business Evaluate the effectiveness of existing controls and safeguards Understand the organization’s risk appetite and its exposure to risk and loss Implement appropriate controls to prevent, deter, or mitigate risk

14 Threats and associated risks
Vulnerabilities Controls Impact Assets

15 1st Exercise

16 Step 3: Business Impact Analysis
The purpose of the Business Impact Analysis (BIA) Identify the likely and potential impacts from an event on an organization Identify the criteria that will be used to quantify and qualify those impacts Identify time-sensitive processes and the requirements to recover them in an acceptable period of time

17 Criteria to be Quantified and Qualified
Human Impact Customer Impact Financial Impact Regulatory Impact Operational Impact Reputational Impact

18 Establish the BIA process and methodology
Choose a Business Impact Analysis tool Choose a data collection methodology Analyze the data to establish the Recovery Time Objective (RTO) for processes and the Recovery Point Objective (RPO) for data. Data analysis will help in establishing the order in which processes should be recovered.

19 Recovery Time Objective vs Recovery Point Objective
The amount of time between when a business process is interrupted and when it is restored to an acceptable level The point in time of the last good off-site backup at the time of the disruption It identifies the amount of acceptable data loss

20 RPO RTO Data Backup Initial Data Loss Post Disruption Data Loss
BC Plan Activated Business restored to acceptable level RPO RTO

21 2nd Exercise

22 Step 4: Business Continuity Strategies
2 + 3 = 4 Based on the information gathered in Steps 2 & 3, you can now begin to develop strategies to recover your operations.

23 Examples of Business Continuity Strategies
Develop manual work-around procedures Have staff work from home Contract with 3rd party service providers Transfer work to a surviving site

24 Assess the viability of the strategies against the BIA
What are the advantages? What are the disadvantages? What are the results of a cost/benefit analysis?

25 3rd Exercise

26 Step 5: Emergency Preparedness & Response
How will the organization respond to an emergency situation? An emergency response plan documents how the organization will respond to an emergency in a coordinated, effective, and timely manner.

27 Identify applicable emergency response regulations
FEMA Department of Homeland Security State Office of Emergency Preparedness County/City Emergency Preparedness agencies

28 Identify potential types of emergencies and their impact
Causes Impacts Natural Human Technological Casualties Property Damage Operational Interruption Environmental Contamination

29 Is it a Disruption or a Disaster?
Incident duration is less than your RTO Impacts are limited and controlled Disruption has a small financial impact Incident duration is greater than your RTO Impacts are extensive and outside of your control Disaster has a major financial impact

30 Develop an Incident Management System
Have clear lines of authority and succession Responsible for internal and external resources Protocols and procedures for escalation Procurement of additional resources

31 Step 6: Develop & Implement your Business Continuity Plan
The Business Continuity Plan is a set of documented processes and procedures which enable the organization to continue or recover time-sensitive processes at an acceptable level within an acceptable time frame.

32 Design the Framework Organization of the plan
Teams needed to provide information for the plan Types of plans to be documented Damage Assessment Plan Technology Recovery Business Continuity Plan Planning scenarios to be used in developing the plan Loss of Building Loss of People

33 Plan the Table of Contents
Introduction Policy Statements For the Business Continuity Plan For Confidentiality Scope and Objectives Tied to the organizational strategy Identification of time-sensitive processes and technology Assumptions and exclusions Recovery team descriptions, organization, and responsibilities Plan activation procedures

34 4th Exercise

35 Step 7: Training and Awareness Programs
A Training and Awareness Program will establish and maintain the means to keep the Program top of mind and to ensure the organization’s staff are trained to effectively respond to an event.

36 Where to Start? Obtain Senior Management support
Secure a training budget Define the program management approach and implementation timeline Obtain the commitment from managers and staff who will implement the Business Continuity plan

37 Step 8: BC Plan Exercise, Audit & Maintenance
To continue to be effective, a Business Continuity Plan should be exercised at least annually to ensure that it can be properly and effectively implemented. The Plan needs to be maintained on a regular basis to ensure the information it contains is current. The Plan should be audited to ensure its completeness, accuracy, and compliance with internal and external policies.

38 Where to start a Business Continuity Exercise Program?
Get executive sponsorship Identify the participants, their roles, and their responsibilities Define the objectives of the exercise program Select appropriate, plausible scenarios Schedule and conduct the exercise/test Conduct a post exercise/test review

39 Types of Exercises Life Safety Table Top Review Table Top Exercise
Call Notification Alternate Site Activation N.B. Tests are done with hardware/software. Exercises are done with people.

40 Establish a Plan Maintenance Program
Define the method and schedule Define the change control process

41 Establish a Business Continuity Plan Audit Process
Create a schedule for self-assessment Prepare to support other audits Internal Audit Staff Federal or State Regulators Companies for which your organization is a vendor

42 5th Exercise

43 Step 9: Crisis Communications Program
The purpose of the Crisis Communications program is to ensure effective, timely, consistent communications between the organization and all stakeholders during a crisis.

44 Where to Start? Obtain executive support for the program
Define the scope, objectives, and program structure Review any existing plans and identify any gaps Establish the roles and responsibilities of the Crisis Communications Team Identify all the stakeholders in the Crisis Communications process

45 Crisis Communications Plan Elements
A public relations policy and procedure including social media policy Organizational profile with details on the core business(as) Reference files on potential crises Position Statements Call and emergency contact lists Designated spokesperson(s) Media directory Media contact log Contacts for government agencies

46 Exercise and Update the Crisis Communications Plan
Determine the frequency of review Establish a schedule to exercise the plan Review the results of each exercise Implement a change control process

47 Step 10: Coordinate with External Agencies
The reason for coordinating with external agencies is to establish the policies and procedures to coordinate the response, continuity, and recovery activities with external local, state, and federal agencies.

48 Why coordinate with external agencies?

49 To coordinate with external agencies:
Identify and create emergency preparedness and response procedures Identify all applicable regulations (local, state, federal) Review your emergency procedures with external agencies

50 Ten Step Process for Creating a Business Continuity Plan
Program Initiation and Management Risk Evaluation and Control Business Impact Analysis Develop the Business Continuity Strategy Emergency Preparedness and Response

51 Ten Step Process for Creating a Business Continuity Plan (contd.)
Develop and Implement the Plan Awareness & Training Program BC Plan Exercise, Audit, & Maintenance Crisis Communications Coordination with External Agencies

52 Questions?

53 Thank You!


Download ppt "Business Continuity Planning 101"

Similar presentations


Ads by Google