Business Continiuty Standard Bs-25999

Anil J Jhumkhawala . Director-Compliance. Qualification . B,com(Hons), LL.B, CAIIB, ACS,Company Secretary, BS-25999 LA,Computer forensic (GOV OF INDIA),cVa™. Task force member GRC.

©Anil copyright protected

5/22/2009

1

BCM Program Management Business risk Technology risk

Financial Risk

BCM Environmental risk Human risk

©Anil copyright protected

5/22/2009

2

`

BCM

1. Overview

1. Understanding Definitions 2. Identifying critical activity 3. BIA

2.BCM Prog I

3.BCM Imple

4. IMP,IRS,MTPoD,RTO 5. Maintain & Review 6. Exercise BCM 7. Internal audit 8. Certification ©Anil copyright protected

5/22/2009

3

©Anil copyright protected

5/22/2009

4

©Anil copyright protected

5/22/2009

5

©Anil copyright protected

5/22/2009 Source Standard BS-25999

6

©Anil copyright protected

5/22/2009 Source BS25999 standard

7

Anil copyright protected

5/22/2009

8

©Anil copyright protected

5/22/2009

9

Understanding the organization: Key product, services, critical activities, objectives, stakeholder’s obligations, statutory bodies, BIA, Impact of Disruption, MTPoD, RTO, continuity Requirements, Staff, people, technology, suppliers, Risk acceptance,Transfers, changes,

Business Continuity strategy: Reduce Likelihoods, continuity to critical activity resumptions, People, permission, technical, Information, supplies, shareholders, signatories etc.

BCM Programme Management:organistion approach, appointment of senior, communicate, training, exercise, review, BIA, policy, BCM scope, IRS, SLA, etc

Exercising Maintain, Review, preventive actions, corrective actions and follow-up and training.

Developing and Implementing Resource Team: critical activity, application strategy, Incident Response, structured plans, control plans, Incident Management plans (IMP), Media response, location, Resource requirements.

©Anil copyright protected

5/22/2009

10

` ` ` ` ` ` ` ` `

Understanding need of Continuity-Policy Implementing operating control-Overall Risk Monitoring review effectiveness-BCMS Continual improvement NeedRiskAt parGlobal RequirementsChanging world-

©Anil copyright protected

5/22/2009

11

`

Key components-BCMS As per BS-25999

©Anil copyright protected

5/22/2009

12

MASTER PLANNING

BCM culture

Risk management

confidence

stakeholders

Maintain Reduce cost

ReviewImprove Net Asset Value Exccercise

Incident management Plans

Incidence response structure

Internal Audit Increase Revenue

MTPoD?RTO

Likelihood of events

Key Products/services

Critical activity

Sites/locations

©Anil copyright protected

Number of Employees

5/22/2009

13

Anil copyright protected

5/22/2009

14

`

IMP

©Anil copyright protected

5/22/2009

15

Define scope • Acceptableinterest stakeholders

Policycommitments • Minutesaddress concern • Limitation exclusion

Resources • Roles-defineddocumented • Reinforce commitments

©Anil copyright protected

5/22/2009

16

Awareness to All Records

BCM objective

Training

Roles

Measure

Necessary competency of personals assigned

value

Embedding culture ©Anil copyright protected

5/22/2009

17

Strategy Map-Documentation

Increase Revenues-Confidence

BCMS

INTERNAL PROCESS

Maintenance

Controls

BCM-manual scope 3.4.1

Continual Improvement 6.2

Documented Procedure 3.4.1.3

Management Review 5.2,

Internal audit-Preventive-corrective actions 5.1-6.1-6.2

Risk assessment improve finance Processes 4.1.2

Scope-Objective 3.2.1

BCP & IMP 4.3.3

BCM-Policy 3.2.2

BCS & IRS 4.2 & 4.3.2

Provision of Resources 3.2.3

©Anil copyright protected

BIA & BCM Exercising 4.1.1 & 4.4.2

Competency- skills Training 3.2.4

5/22/2009

18

Control Of Records 3.4.2

Control of documentations 3.4.3 ©Anil copyright protected

5/22/2009

19

Documented Procedure shall – control over BCMS Documentation and records. Documented Procedure shall-for preventive actions 6.1.2

Documented Procedure for corrective actions .6.1.3

©Anil copyright protected

5/22/2009

20

BCM owner from the Board • MR • Silver Team • H.R (Trainer) • Gold Team

©Anil copyright protected

5/22/2009

21

Suppliers

Contractors Creditors

Shareholders

Bankers ©Anil copyright protected

5/22/2009

22

• IMP

BIA

• IRS

MR

SILVER

IMP

GOLD

Critical

IRS

Maintain

• MTPoD • RTO • Preventive • Corrective

©Anil copyright protected

5/22/2009

23

©Anil copyright protected

5/22/2009

24

©Anil copyright protected

5/22/2009

25

MR

GOLD

SILVER

BOD

©Anil copyright protected

5/22/2009

26

audit maintain exercise

Review

©Anil copyright protected

5/22/2009

27

UNDESTANDING

IMP

INTERNAL PROCESS

Mnagemnt

Media

Incident management plans

Incident strategy

Provide convenient access to communicate.

Appointed spokesman

Employee-Relatives Stakeholders media

Methods-contacts Agencies locations

Managing issues

Guideline criteria To Invoke

Manage and maintain Guidance and Templates

Restoration of critical activity

Consequences Welfare of individuals

Process standing Once incident is over Identify needs and Lines of Communications

Each Plan shall Defined Purpose and scope

Improve key reference Information

Accessible and understood

Define roles and Responsibilities

Reviewed Owned-Responsible ©Anil copyright protected

Managing Incidence processes

Media response

Relevant arrangement External Organisation

5/22/2009

28

©Anil copyright protected

5/22/2009

29

Audit plans

• Audit Programme shall be planned,established,implemented for BIA,RA,controls .

Audit Process

• Shall-address responsibilities,competencies,planning,audit criteria.

Audit Records

• Shall be maintained for verifications.

Evidence

Audit notes

• mitigations measures

• help to improvise

©Anil copyright protected

5/22/2009

30

Anil copyright protected

5/22/2009

31

©Anil copyright protected

5/22/2009

32

BS-25999

Preventive

Exercise Procedure

Corrective

Document

BIA IMP

© Anil copyright protected

IRS

5/22/2009

33

© Anil copyright protected

Thank You

Anil.jhumkhawala@gmail. com,[email protected]

©Anil copyright protected

5/22/2009

35