Anil J Jhumkhawala . Director-Compliance. Qualification . B,com(Hons), LL.B, CAIIB, ACS,Company Secretary, BS-25999 LA,Computer forensic (GOV OF INDIA),cVa™. Task force member GRC.
©Anil copyright protected
5/22/2009
1
BCM Program Management Business risk Technology risk
Financial Risk
BCM Environmental risk Human risk
©Anil copyright protected
5/22/2009
2
`
BCM
1. Overview
1. Understanding Definitions 2. Identifying critical activity 3. BIA
2.BCM Prog I
3.BCM Imple
4. IMP,IRS,MTPoD,RTO 5. Maintain & Review 6. Exercise BCM 7. Internal audit 8. Certification ©Anil copyright protected
5/22/2009
3
©Anil copyright protected
5/22/2009
4
©Anil copyright protected
5/22/2009
5
©Anil copyright protected
5/22/2009 Source Standard BS-25999
6
©Anil copyright protected
5/22/2009 Source BS25999 standard
7
Anil copyright protected
5/22/2009
8
©Anil copyright protected
5/22/2009
9
Understanding the organization: Key product, services, critical activities, objectives, stakeholder’s obligations, statutory bodies, BIA, Impact of Disruption, MTPoD, RTO, continuity Requirements, Staff, people, technology, suppliers, Risk acceptance,Transfers, changes,
Business Continuity strategy: Reduce Likelihoods, continuity to critical activity resumptions, People, permission, technical, Information, supplies, shareholders, signatories etc.
BCM Programme Management:organistion approach, appointment of senior, communicate, training, exercise, review, BIA, policy, BCM scope, IRS, SLA, etc
Exercising Maintain, Review, preventive actions, corrective actions and follow-up and training.
Developing and Implementing Resource Team: critical activity, application strategy, Incident Response, structured plans, control plans, Incident Management plans (IMP), Media response, location, Resource requirements.
©Anil copyright protected
5/22/2009
10
` ` ` ` ` ` ` ` `
Understanding need of Continuity-Policy Implementing operating control-Overall Risk Monitoring review effectiveness-BCMS Continual improvement NeedRiskAt parGlobal RequirementsChanging world-
©Anil copyright protected
5/22/2009
11
`
Key components-BCMS As per BS-25999
©Anil copyright protected
5/22/2009
12
MASTER PLANNING
BCM culture
Risk management
confidence
stakeholders
Maintain Reduce cost
ReviewImprove Net Asset Value Exccercise
Incident management Plans
Incidence response structure
Internal Audit Increase Revenue
MTPoD?RTO
Likelihood of events
Key Products/services
Critical activity
Sites/locations
©Anil copyright protected
Number of Employees
5/22/2009
13
Anil copyright protected
5/22/2009
14
`
IMP
©Anil copyright protected
5/22/2009
15
Define scope • Acceptableinterest stakeholders
Policycommitments • Minutesaddress concern • Limitation exclusion
Resources • Roles-defineddocumented • Reinforce commitments
©Anil copyright protected
5/22/2009
16
Awareness to All Records
BCM objective
Training
Roles
Measure
Necessary competency of personals assigned
value
Embedding culture ©Anil copyright protected
5/22/2009
17
Strategy Map-Documentation
Increase Revenues-Confidence
BCMS
INTERNAL PROCESS
Maintenance
Controls
BCM-manual scope 3.4.1
Continual Improvement 6.2
Documented Procedure 3.4.1.3
Management Review 5.2,
Internal audit-Preventive-corrective actions 5.1-6.1-6.2
Risk assessment improve finance Processes 4.1.2
Scope-Objective 3.2.1
BCP & IMP 4.3.3
BCM-Policy 3.2.2
BCS & IRS 4.2 & 4.3.2
Provision of Resources 3.2.3
©Anil copyright protected
BIA & BCM Exercising 4.1.1 & 4.4.2
Competency- skills Training 3.2.4
5/22/2009
18
Control Of Records 3.4.2
Control of documentations 3.4.3 ©Anil copyright protected
5/22/2009
19
Documented Procedure shall – control over BCMS Documentation and records. Documented Procedure shall-for preventive actions 6.1.2
Documented Procedure for corrective actions .6.1.3
©Anil copyright protected
5/22/2009
20
BCM owner from the Board • MR • Silver Team • H.R (Trainer) • Gold Team
©Anil copyright protected
5/22/2009
21
Suppliers
Contractors Creditors
Shareholders
Bankers ©Anil copyright protected
5/22/2009
22
• IMP
BIA
• IRS
MR
SILVER
IMP
GOLD
Critical
IRS
Maintain
• MTPoD • RTO • Preventive • Corrective
©Anil copyright protected
5/22/2009
23
©Anil copyright protected
5/22/2009
24
©Anil copyright protected
5/22/2009
25
MR
GOLD
SILVER
BOD
©Anil copyright protected
5/22/2009
26
audit maintain exercise
Review
©Anil copyright protected
5/22/2009
27
UNDESTANDING
IMP
INTERNAL PROCESS
Mnagemnt
Media
Incident management plans
Incident strategy
Provide convenient access to communicate.
Appointed spokesman
Employee-Relatives Stakeholders media
Methods-contacts Agencies locations
Managing issues
Guideline criteria To Invoke
Manage and maintain Guidance and Templates
Restoration of critical activity
Consequences Welfare of individuals
Process standing Once incident is over Identify needs and Lines of Communications
Each Plan shall Defined Purpose and scope
Improve key reference Information
Accessible and understood
Define roles and Responsibilities
Reviewed Owned-Responsible ©Anil copyright protected
Managing Incidence processes
Media response
Relevant arrangement External Organisation
5/22/2009
28
©Anil copyright protected
5/22/2009
29
Audit plans
• Audit Programme shall be planned,established,implemented for BIA,RA,controls .
Audit Process
• Shall-address responsibilities,competencies,planning,audit criteria.
Audit Records
• Shall be maintained for verifications.
Evidence
Audit notes
• mitigations measures
• help to improvise
©Anil copyright protected
5/22/2009
30
Anil copyright protected
5/22/2009
31
©Anil copyright protected
5/22/2009
32
BS-25999
Preventive
Exercise Procedure
Corrective
Document
BIA IMP
© Anil copyright protected
IRS
5/22/2009
33
© Anil copyright protected
Thank You
Anil.jhumkhawala@gmail. com,
[email protected]
©Anil copyright protected
5/22/2009
35