AN APPROACH TO BUSINESS CONTINUITY MANAGEMENT ( FOR THE PEOPLE WHO WORK FOR THE PEOPLE )
PREPARED BY SHIBA SURJYA & TRIDEEP
What is BCM ?
WHAT ARE DISASTERS ?
TERRORIST FIRE ATTACK TSUNAMI
IMPACT OF DISASTER
EARTHQUAKE
FLOOD
TORNADO
STEPS IN BCM 1.Project Initiation and Planning 2.Business impact analysis and risk analysis 3.Business Continuity Planning a.Preparing for possible emergency b.Disaster recovery c.Business recovery
4.Training and awareness 5.Testing 6.Maintenance and managing to keep it up to date.
PROJECT INITIATION & PLANNING
In this phase an agreement is arrived upon by the senior management on the need of Business recovery and continuity planning. Development of BCP should be driven from the board level and a proper budget and an assurance of cooperation is of prime importance. Then this is followed by organization of planning team comprising of individuals of various departments and consultants to undertake detailed technical analysis and business recovery planning. Then the scope and the aim of Business recovery plan is identified and an brief over view of the recovery program is defined.
BUSINESS IMPACT ANALYSIS & RISK ANALYSIS
It involves understanding the business and identifying the key business functions. Data from the middle management is very helpful for the understanding the criticality of the functions of the various departments. Impacts on the business can be divided into qualitative and quantitative aspects.
◦ Quantitative aspects include the financial impacts. ◦ Qualitative aspects is the operational impacts.
CONT….
Risk analysis starts by documenting the threats to these processes, their internal vulnerabilities and the consequences of various failure scenarios. At the end we estimate how to control the impact of the most serious ones. Risk analysis can also b done by using software packages with the database of historical threats and vulnerabilities relevant to the organization’s environment and business.
BUSINESS CONTINUITY PLANNING
PREPARING FOR POSSIBLE EMERGENCIES
IDENTIFYING WAYS TO PREVENT AN EMERGENCY FROM TURNING INTO A DISASTER.
PRIMARY FOCUS SHOULD BE ON KEY BUSINESS PRACTICES.
BACK-UP AND RECOVERY STRATEGIES
ORGANIZATIONS SHOULD BE PREPARED FOR POSSIBLE EMERGENCY SITUATIONS WITH BACK-UP AND PREVENTIVE STRATEGIES.
◦ ALTERNATIVE BUSINESS PROCESS HANDING STRATEGY. ◦ IT SYSTEM BACKUP AND RECOVERY STRATEGY. ◦ PREMISES AND ESSENTIAL EQUIPMENT BACK-UP AND RECOVERY STRATEGY. ◦ CUSTOMER SERVICE BACK-UP AND RECOVERY STRATEGY. ◦ ADMINISTRATION AND OPERATION BACK-UP AND RECOVERY STRATEGY. ◦ INFORMATION AND DOCUMENTATION BACK-UP AND RECOVERY STRATEGY. ◦ INSURANCE COVERAGE.
◦
KEY BCP PERSONNEL AND SUPPLIES.
THERE ARE SOME KEY MEMBERS OF MANAGEMENT AND STAFF WHO WILL PROVIDE THE TECHNICAL AND MANAGEMENT SKILLS NECESSARY TO ACHIEVE A SMOOTH BUSINESS RECOVERY PROCESS. THESE KEY MEMBERS SHOULD BE PICKED ACCORDING TO THE SITUATION TO AVOID A CHAOS AND WILL BE RESPONSIBLE FOR IMPLEMENTATION OF BCP.
◦ FUNCTIONAL ORGANIZATION CHART. ◦ BCP PROJECT COORDINATOR AND DEPUTY FOR EACH KEY FUNCTIONAL AREA. ◦ KEY PERSONNEL, SUPPLIERS, VENDORS AND EMERGENCY CONTACT INFORMATION. ◦ MANPOWER RECOVERY STRATEGY. ◦ THE DISASTER RECOVERY TEAM.
◦
KEY DOCUMENT AND PROCEDURES
ALL ORGANIZATIONS HAVE DOCUMENTS, RECORDS AND PROCEDURES, WHICH ARE, CONSIDERED VITAL PART OF THEIR OPERATION.
◦ DOCUMENTS AND RECORDS VITAL TO BUSINESS PROCESSES. ◦ EMERGENCY STATIONARY AND OFFICE SUPPLIES. ◦ MEDIA HANDLING PROCEDURES. ◦ EMERGENCY AUTHORIZATION PROCEDURES. ◦ BUDGET FOR BACK-UP AND RECOVERY PHASE.
THE PRIORITY OF DURING THE DISASTER RECOVERY PHASE ARE
◦ THE SAFETY AND WELL BEING OF THE EMPLOYEES AND OTHER INVOLVED PERSONS, ◦ COMPLETION OF DAMAGE ASSESSMENT FORM, ◦ THE MINIMIZATION OF EMERGENCY ITSELF, ◦ THE MINIMIZATION OF THE THREAT OF FURTHER DAMAGE, ◦ REESTABLISHMENT OF EXTERNAL SERVICES SUCH AS POWER, COMMUNICATION, WATER ETC.
HANDLING TE EMERGENCY SITUATION ASSESSMENT OF INITIAL EMERGENCY SITUATION. MOBILIZING THE DISASTER RECOVERY TEAM AND ASSESSING THE SCALE OF EMERGENCY. IDENTIFICATION OF POTENTIAL DISASTER STATUS. INVOLVEMENT OF EMERGENCY SERVICES. ASSESSING THE POTENTIAL BUSINESS IMPACT OF THE EMERGENCY.
NOTIFICATION AND REPORTING DURING DISASTER RECOVERY PHASE.
COMMUNICATION IS ONE OF THE MOST IMPORTANT INGREDIENTS. ◦ IT IS NECESSARY TO KEEP VARIOUS GROUPS INFORMED LIKE: DISASTER RECOVERY TEAM, BUSINESS RECOVERY TEAM, SENIOR &MIDDLE MANAGEMENT, FAMILIES OF AFFECTED EMPLOYEES, MEDIA ETC.
MOBILIZING THE DISASTER RECOVERY TEAM. DISASTER RECOVERY PHASE REPORT.
Business recovery
THE BUSINESS RECOVERY INVOLVES THE RESTORATION OF NORMAL BUSINESS OPERATION AFTER AN UNEXPECTED EVENT.
THE EFFICIENCY AND THE EFFECTIVENESS OF THE PROCEDURES COULD HAVE A DIRECT BEARING ON ORGANIZATION’S ABILITY TO SURVIVE THE EMERGENCY.
MANAGING THE BUSINESS RECOVERY
MOBILIZING THE BUSINESS RECOVERY TEAM. ASSESSING EXTENT OF DAMAGE AND BUSINESS IMPACT. PREPARING SPECIFIC RECOVERY PLAN. MONITORING PROGRESS. KEEPING EVERYONE INFORMED. HANDING BUSINESS OPERATION BACK TO REGULAR MANAGEMENT. PREPARING BUSINESS RECOVERY PHASE REPORT.
TRAINING & AWARENESS
PDCA CYCLE PLAN DO CHECK ACT
Key aspect A documented BCP awareness Awareness program should embrace the culture & language of the enterprise Train-the-Trainer sessions should be provided
TEST PLANNING
Objective & scope of tests Simulating & setting the Test Environment Preparation of Test Data Identifying who is to conduct the Tests Identifying who is to control & Monitor the Tests Preparing Feedback Questionnaires Preparing Budget For Testing Phase Training the core Testing team for each Business unit Preparing the testing Policy & Guidelines
CONDUCTING THE TESTS Test Each part of Business Recovery Process Test Accuracy of Employee & Vendor Emergency Contact Numbers Assess test results
PLAN MAINTENANCE & KEEPING IT UP - TO - DATE
Maintaining & keeping the BCP up-to-date ensuring its effectiveness is a continuous process Maintenance procedures & schedules should be established A schedule for regular, systematic review of the content of the disaster recovery/business resumption plan should also be provided along with defining a procedure for making appropriate changes to plan
Key Success factors
Getting management buy-in & commitment evidenced by the provision of adequate resources & budget with the responsibility of BCP resting with top executives Clearly spelling out management’s objective BCF should be designed from start as a business requirement “Whole-System” continuity should be planned Plans should be continuously tested It should be ensured that continuity plans are accessible
GARTNER ESTIMATES 85% of large organization have some sort of disaster recovery plan, a broader business recovery plan, & only 10% to 15 % of those are up to date 2 of 5 business experiencing a disaster are likely to be gone in 5 years
There is an Old Saying…
No one plans to fail, they just fail to plan. Ø Ø •