institute of hospital engineering, australia infrastructure business continuity planning practical...
Post on 19-Jan-2016
213 Views
Preview:
TRANSCRIPT
Institute Of Hospital Engineering, Australia
Infrastructure Business Continuity Planning
Practical Problems Encountered
Neil Whittington (Arnold Risk Consulting)
Neil.Whittington@ArnoldRiskConsulting.com.au
Crisis Management
Business Continuity
PlansIncident
Response
(Findings)
Advanced Incident
Investigation
IT Disaster Recovery
Strategic, Operational and
Project Risk
ARC Enterprise Risk Management
Range of Analytical Techniques,
Applicable to All Business Risks
Controls:
•Robustness
•Criticality
•Performance measurement
Prevention RecoveryResponse
Inci
dent!Hazard 1
Hazard 2 Control 3
Control 2Control 1
Insurance
BCP POLICY
• Driver: Good governance• Purpose: Focus on external customers• Problem: Internal staff needs
FINANCIAL RESOURCES
• Shortage in many industry sectors• Constrains BCP development• Seen as low priority (“couldn't happen”)• Solution: share costs with similar
organisations
HUMAN RESOURCES
•Shortage: to develop and maintain•Solution: shared effort with others; external maintainer•Issue: can limit staff buy-in
IDENTIFICATION OF POTENTIAL EVENTS
• Deficiency: available staff time• Prompts: insufficient for wide-ranging
thinking• Commonality: similar events in same
industry sector
BCP PROCEDURES FOR RECOVERY
• Weakness: Long winded script • Result: Procedures ignored and hard to
find key actions• Solution: Quick reference cards
CONFUSION WITH EMERGENCY RESPONSE
• Emergency: short phase, objectives mostly “make safe”
• Recovery: Restore critical business processes
• Teams involved: different skills
NO LINK WITH CRISIS MANAGEMENT (CMT)
•Senior management role (CMT): stakeholders, authorizations
•BCP: recovery actions w/o stakeholder distractions
TRAINING & TESTING
•Skills: inadequate, decline with organization changes•Solution: low cost, table-top format•Learnings: not included in BCP updates•Solution: easier with quick reference cards
GAPS & OVERLAPS
• Result: key actions missed (or duplicated)• Solutions:
• team priorities vs individual action • tabletop tests• adhere to listed actions
OVERVIEW
• Achievable with reduced resources• Share: development, testing, maintenance
top related