guest speaker february meeting

15
Business Continuity Planning Overview Clarence Elliott, MBCP

Upload: nostrad

Post on 13-May-2015

1.614 views

Category:

Documents


1 download

TRANSCRIPT

Page 1: Guest Speaker February Meeting

Business Continuity Planning

OverviewClarence Elliott, MBCP

Page 2: Guest Speaker February Meeting

What is Business Continuity Planning?BUSINESS CONTINUITY MANAGEMENT

PROGRAM: An ongoing management and governance process, supported by senior management, and resourced to ensure that the necessary steps are taken to identify the impact of potential losses, maintain viable recovery strategies and plans, and ensure continuity of products/services, through exercising, rehearsal, testing, training, maintenance and assurance.

Source: Disaster Recovery Journal/Disaster Recovery Institute

Page 3: Guest Speaker February Meeting

Benefits of Continuity Planning• Maintain continuity of operations – stay in business!• Maintain customer service• Relocate critical operations quickly• Minimize financial losses• Reduce disruptions to critical operations• Achieve an orderly recovery• Provide organizational stability• Limit potential exposure and reduce legal liability• Lower the probability of occurrence• Reduce reliance on key personnel• Protect assets• Increase the safety of all personnel• Minimize decision making during the recovery• Reduce delays during the recovery process• Provide a sense of security• Comply with legal, contractual, audits, and government regulations

Page 4: Guest Speaker February Meeting

Elements of Business Continuity Planning – the Complete Program

1. PROJECT INITIATION AND MANAGEMENT 2. RISK EVALUATION AND CONTROL3. BUSINESS IMPACT ANALYSIS4. BUSINESS CONTINUITY STRATEGIES5. EMERGENCY RESPONSE AND OPERATIONS6. BUSINESS CONTINUITY PLANS, IT DR PLAN7. AWARENESS AND TRAINING PROGRAMS8. MAINTAIN AND EXERCISE BUSINESS

CONTINUITY PLANS9. PUBLIC RELATIONS AND CRISIS

COMMUNICATION, CRISIS MANAGEMENT PLAN

10. COORDINATION WITH PUBLIC AUTHORITIES

Page 5: Guest Speaker February Meeting

All Elements fit together to form a complete Business Continuity Program

Page 6: Guest Speaker February Meeting

BCP is an ongoing process cycle

Project Initiation & Mgmt

Risk AnalysisBusiness Impact

Analysis

Develop/ Maintain Plans:Business, IT etc.

Exercise Plans

Emergency Response, Crisis Mgmt

Awareness,Communication

Page 7: Guest Speaker February Meeting

BCP approach: sequenceThese should be done in sequence if at all possible:1. PROJECT INITIATION AND MANAGEMENT 2. RISK EVALUATION AND CONTROL3. BUSINESS IMPACT ANALYSIS4. BUSINESS CONTINUITY STRATEGIES

These may be done simultaneously:• EMERGENCY RESPONSE PLANS• BUSINESS CONTINUITY PLANS• IT DR PLAN• CRISIS MANAGEMENT PLAN• AWARENESS AND TRAINING PROGRAMS

This follows plan completion:• MAINTAIN AND EXERCISE BUSINESS CONTINUITY PLANS• PUBLIC RELATIONS AND CRISIS COMMUNICATION,

COORDINATION WITH PUBLIC AUTHORITIES

Page 8: Guest Speaker February Meeting

Consider these as Building Blocks, in SequencePROJECT INITIATION AND MANAGEMENT

RISK ANALYSISBUSINESS IMPACT ANALYSIS BUSINESS CONTINUITY STRATEGIES

BUSINESS CONTINUITY PLANS, IT PLAN, CRISIS MGMT PLAN, EMERGENCY RESPONSE PLANS

MAINTAIN AND TEST PLANS

TOTAL QUALITY BUSINESS CONTINUITY PLAN!

=

Page 9: Guest Speaker February Meeting

Business Continuity Planning Approach

• Initial Components• Project Plan• Risk Assessment• Business Impact Analysis• Review Strategies for Recovery• Review Emergency Response Plan• Plan for IT Disaster Recovery Plan• Plan for Business Continuity Plans

Page 10: Guest Speaker February Meeting

BCP Approach

• Process vs. just a Project• Annual Risk Assessment/BIA, plus Plan

Reviews• Efforts for Next Year identified before

budget cycle• Annual testing of at least some aspect of

the plan• BCP Coordination ongoing

Page 11: Guest Speaker February Meeting

BCP Approach

• Next Steps• Select Strategy for recovery Business and IT alternate sites etc.• Draft Business Continuity/IT Plans• Integrate Emergency Response Plans• Complete/distribute Plans• Exercise Plans

Page 12: Guest Speaker February Meeting

Risk AssessmentScope:• Complete a Risk Assessment for the geographic area and

facilities. This Risk Assessment will be a site “threats and hazards” assessment.

Methodology:• Develop a plan for this effort, and Business Continuity

Planning overall• Utilize BCP “Industry Standard” templates for Risk

Assessment/Survey• Customize survey templates, with risks pre-defined• Keep survey short/concise, yet complete (cover all areas)• Complete most of survey ourselves, with Facilities input• Utilize available public information (e.g., VDEM, geographical

risk info)• Review findings with project team, business representatives• Present findings to management, set stage for next efforts

(BIA etc.)

Page 13: Guest Speaker February Meeting

Business Impact Analysis (BIA)Scope:• Complete a BIA for the entire organization, all functions. The BIA will

be an assessment of business functions, to complement the Risk Assessment. It quantifies financial and operational impacts of disruptions, and helps determine recovery priorities.

Methodology:• Develop a plan for the BIA, and Business Continuity Planning overall –

incorporate project team with business representatives• Utilize BCP “Industry Standard” templates for BIA/Survey• Customize survey templates, with areas of analysis and IT applications

pre-defined• Include both business functions and computer applications in analysis• Keep survey short/concise, yet complete (cover all areas)• Provide overview (memo, explanation) for Business Unit

representatives• Conduct BIA by Business Unit – survey plus follow-up interview• Collect data for Business Continuity Plans as part of the BIA• Minimize business resource requirements• Verify results with business representatives• Present findings to management, set stage for next efforts

Page 14: Guest Speaker February Meeting

Emergency Response Plans• Approach

• Review existing plan(s)• Conduct Physical facility review• Collect additional information• Incorporate into Business Continuity Plan• Review, approve completed plans• Publish plans• Train employees• Test plans• Maintain plans

Page 15: Guest Speaker February Meeting

Business Continuity Plan(s)• Approach

• Base plan(s) on BIA and Risk Assessment• Agree on outline of plan• Get plan template• Get management guidance/approval• Collect information (note – part of BIA)• Determine any BCP software use• Draft plan(s) – IT and business• Review, approve completed plans• Publish plans• Train employees• Test plans• Maintain plans