business continuity planning
TRANSCRIPT
![Page 1: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/1.jpg)
Business Continuity Planning
DavisLogic & All Hands Consulting
![Page 2: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/2.jpg)
What is Business Continuity Planning? Planning to ensure the continuation of operations in
the event of a catastrophic event.
Business continuity planning goes beyond disaster recovery planning to include the actions to be taken, resources required, and procedures to be followed to ensure the continued availability of essential services, programs, and operations in the event of unexpected interruptions.
![Page 3: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/3.jpg)
Key ElementsDisaster Recovery Business Recovery Contingency Planning Crisis Management
![Page 4: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/4.jpg)
Business Continuity Plan Identify Risks - Triage to assess all processes
All business functions Data Suppliers Infrastructure
Develop Plans for Everything Test and Exercise the Plans Layer Business Plan & Disaster Plan
![Page 5: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/5.jpg)
Create a Business Continuity Management Team
Lead by Top Management Project BoD Monitors Regular Status Reporting to
Management Broad-based Awareness for Everyone
Key PlayersSenior OfficialsInternal AuditRisk ManagementLegalFinance/BudgetProcurementSafety
Others?
![Page 6: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/6.jpg)
Business Continuity Process Assess - identify and triage all threats (BIA) Evaluate - assess likelihood and impact of
each threat Prepare – plan for contingent operations Mitigate - identify actions that may eliminate
risks in advance Respond – take actions necessary to minimize
the impact of risks that materialize Recover – return to normal as soon as possible
![Page 7: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/7.jpg)
Project Reporting/Tracking Use summary reports for management
Measurable and quantifiable progress Risk rating Prioritization Regular reporting (weekly or bi-weekly) Sort on priority, progress, time-to-
completion
![Page 8: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/8.jpg)
Process Inventory and TriageThe purpose of the BIA is to:
Identify critical systems, processes and functions;
Establish an estimate of the maximum tolerable downtime (MTD) for each business process
Assess the impact of incidents that result in a denial of access to systems, services or processes; and,
Determine the priorities and processes for recovery of critical business processes.
![Page 9: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/9.jpg)
BIA Review Factors All Hazards Analysis
Likelihood of Occurrence
Impact of Outage on Operations
System Interdependence
Revenue Risk
Personnel and Liability Risks
![Page 10: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/10.jpg)
Prioritize Risk Factors
Personal Safety Risk Services Risk Operational Risk Revenue Risk Liability Risk Good Will (Societal) Risk
![Page 11: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/11.jpg)
Risk Analysis MatrixP
rob
abil
ity
of
Lik
elih
oo
d
Severity of Consequence
High
Medium
Low
Low Medium High
Area of Major
Concern
![Page 12: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/12.jpg)
Risk Risk NumericFactor Rating Score
Degree of H 8 Process must function for core operationsOrganizational M 6 Process required for daily settlementDependence L 3 Process is not critical to daily operations
Probability H 0 Probability > 0.5 that alternative process will work of Successful M 2 Probability < 0.5 that alternative process will workAlternative L 3 No plans for alternative process
Dependence H 5 Business functions depend highly on processon M 3 Business functions depend somewhat Automation L 1 Manual operation possible w/o penalty
Criticality of H 4 Critical business function - core processBusiness M 2 Secondary line-of-businessProcess L 0 Not a critical process
Explanation
BCP Risk Rating Methodology
Risk Rating Methodology
![Page 13: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/13.jpg)
What Are External Risks?
External Risks are risks presented by factors outside the enterprise; these include risk present in natural disaster, labor strife, the possible failures of business partners, suppliers, public utilities, transportation, telecommunications, and other businesses.
![Page 14: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/14.jpg)
Ris
kHigh
Low
Threat Areas
Ap
pli
cati
on
s
Infr
astr
uct
ure
Ext
ern
al F
acto
rs
Risk Areas
![Page 15: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/15.jpg)
Review External Dependencies
Suppliers
Subcontractors
Vendors
Your
Organization
Clients /
Customers
Conduit
Organizations
Infrastructure Dependence (power, telecom, etc.)
System Up Time (computing, data,networks, etc.)
![Page 16: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/16.jpg)
Loss of Lifelines What will we do if there is
not power? No phone service? No Water? Government services? How will the public react?
![Page 17: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/17.jpg)
Emergency Management Planning
Work with local and regional disaster agencies Assess special problems with disasters
Loss of lifelines Emergency response
Review and revise existing disaster plans Look for new areas for disaster plans Include Disaster Recovery Planning
![Page 18: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/18.jpg)
Contingency Planning Issues
Power and Telecommunication Failures
System Failures
Natural Disasters
Local Emergencies
Workplace Violence
Supply Chain Disruptions
![Page 19: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/19.jpg)
Contingency Planning Process Phases Assessment - organizing the team, defining the scope,
prioritizing the risks, developing failure scenarios
Planning - building contingency plans, identifying trigger events, testing plans, and training staff on the plan
Plan Execution - based on a trigger event, implementing the plan (either preemptively or reactively)
Recovery - disengaging from contingent operations mode and restarting primary processes of normal operations by moving from contingency operations to a permanent solution as soon as possible.
![Page 20: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/20.jpg)
Develop Scenarios How bad will the “big one” be?
Extended Power, Water, or Telecom Outages?
Supply Chain Disruptions? Civil unrest?
Develop various scenarios and pick which ones to plan for.
![Page 21: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/21.jpg)
Evaluating Alternatives Functionality - provides an acceptable level
of service Practicality - is reasonable in terms of the
time and resources needed to acquire, test, and implement the plan
Cost Benefit - cost is justified by the benefit to be derived from the plan
![Page 22: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/22.jpg)
It’s Not Enough Just to Plan
Use focus groups and brainstorming Seek “what can go wrong” Find alternate plans & manual work arounds Find innovative solutions to risks
Contingency plans must be exercised Hold table top exercises for disasters Conduct “fire drills” of plans Train staff for action during emergencies
![Page 23: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/23.jpg)
Trigger Event Occurs
Execute Plan
Execution
Event Ends Activate Recovery Plan
Recovery
Develop Plans
Planning
Identify EventTriggers
Develop Scenarios
Conduct Risk Assessment
Risk Scoping & Prioritization
Assessment
Test Plans
Organize Risk Assessment
Team
Train on Plans
Contingency Planning Phases
![Page 24: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/24.jpg)
Risk Management Formula
Risk Assessments
+
Contingency and Recovery Planning
+
Validation and Training
Risk Assessments
+
Contingency and Recovery Planning
+
Validation and Training
Due Diligence
Best Practices
Good Business Judgement
![Page 25: Business Continuity Planning](https://reader035.vdocuments.us/reader035/viewer/2022081516/558ba86dd8b42ae8278b4668/html5/thumbnails/25.jpg)
For More Information Steve Davis, Principal
DavisLogic
POB 394
Simpsonville, MD 21150
DavisLogic.com
AllHandsConsulting.com