Business Continuity Issues Beyond IT - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

Business Continuity Issues Beyond IT

Description:

Business Continuity Issues Beyond IT Business Continuity Forum 2004 Sotiris Papiotis, CISSP, CISA TSRS Manager 27/1/2004 Agenda What is an emergency Events ... – PowerPoint PPT presentation

Number of Views:284
Avg rating:3.0/5.0
Slides: 23
Provided by: Ern31
Category:

less

Transcript and Presenter's Notes

Title: Business Continuity Issues Beyond IT


1
Business Continuity Issues Beyond IT
  • Business Continuity Forum 2004
  • Sotiris Papiotis, CISSP, CISA
  • TSRS Manager

27/1/2004
2
Agenda
  • What is an emergency
  • Events characterized as emergencies
  • Companies vulnerability to disruptions
  • What is the Business Continuity Management (BCM)
    Process
  • Common BCM drivers
  • Fundamental BCM components
  • Additional but critical BCM components
  • Business continuity puzzle and lifecycle

3
What is an Emergency?
  • An emergency is any un-planned event that can
    cause deaths or significant injuries to
    employees, customers, or the public or that can
    shut down your business, disrupt operations,
    cause physical or environmental damage, or
    threaten the facilitys financial standing or
    public image
  • Source Emergency Management Guide for Business
    and Industry, Federal Emergency Management Agency
    (FEMA).

4
Events Characterized As Emergencies
  • Fire
  • Explosion
  • Flood
  • Earthquake
  • Winter storm
  • Communications failure
  • Hardware/software failure
  • Virus incident
  • Hacking incident
  • Terrorist damage
  • Employee misconduct
  • Operational errors
  • Supply chain disruption
  • Business partner misconduct
  • Civil disturbance
  • Employee health and safety scare
  • Loss of people and skills
  • Damaging corporate image story
  • Negative publicity/coverage
  • Unknown cause

5
Companies Vulnerability to Disruptions
  • Disasters are not more common, but different and
    enterprises are increasingly more vulnerable to
    them
  • Increased dependency on technology infrastructure
  • Increased dependency on partners their disaster
    could become your disaster
  • Individual acts can have far reaching
    consequences
  • Dependence on technology and information has
    created new disaster potentials
  • In a de-regulated environment, there is a greater
    competitive risk to downtime

6
Business Continuity Among Top Five Risks
  • Top five risks cited by bankers

1996 2003
Poor management Complex financial instruments
Bad lending Credit risk
Derivatives Macroeconomic conditions
Rogue traders Insurance
Excessive Competition Business continuity
Source Centre for the Study of Financial Innovation, The Economist, January 24th 2004. Source Centre for the Study of Financial Innovation, The Economist, January 24th 2004.
7
What is the Business Continuity Management
Process?
  • a holistic management process that identifies
    potential impacts that threaten an organization
    and provides a framework for building resilience
    and the capability for an effective response that
    safeguards the interests of its key stakeholders,
    reputation, brand and value creating activities
  • Source Business continuity management Good
    practice guidelines, Business Continuity Institute

8
Business Continuity Management Process
Source The Business Continuity Institute (BCI)
Business Continuity Management Good Practice
Guidelines
9
Common BCM Drivers
  • Legal/Regulatory Requirements
  • Disasters Do Occur
  • Satisfy an Audit Concern
  • Customer/Shareholder/Partner/Employee Concern
  • Good Business Practice

10
Fundamental Components of BCM
  • Risk analysis and mitigation
  • Internal and external threats, liabilities and
    exposures
  • Their likelihood of occurring (probability or
    frequency)
  • The vulnerability of your organization on these
    threats
  • Risk mitigation
  • Business impact analysis
  • Financial and non-financial impacts
  • Critical business processes and systems
  • Recovery objectives and minimum required
    resources
  • Business continuity strategies formulation

11
Additional but Critical Components of BCM
  • Crisis management plan
  • Emergency response plan
  • Command and control center
  • Crisis communications
  • Vital records preservation
  • Media relations

12
Crisis Management Plan
  • Have you developed a crisis management plan to
    assist you
  • Maintain organization's reputation and brand
    image
  • Maintain public, customer, shareholder, market
    and regulatory confidence and trust
  • Demonstrate effective crisis management and
    governance to all stakeholders
  • Limit/prevent the impact of a crisis event
  • Does it contain
  • Plan overview (Scope, objectives, assumptions,
    ownership, process flowchart etc.)
  • Emergency procedures
  • Roles, accountability, responsibilities and
    authority
  • Notification, invocation and escalation
    procedures
  • Team members and alternates
  • Command and control center location, contact
    details and
    resource profile
  • Required internal and external contacts
  • Task checklists
  • Form/document templates
  • Other supporting information

13
Emergency Response Plan
  • Have you identified and established roles,
    responsibility, accountability and authority?
  • Have you defined procedures and plans for
  • Emergency assessment and notification
    of relevant parties
  • Evacuation vs Invacuation
  • First aid and medical care
  • Hazardous material response
  • Fire fighting
  • Co-operation with public authorities

14
Command and Control Center
  • Have you provided for the establishment and
    equipment of a Command and Control Center (on
    site and/or off site) as well as appropriate
    communication protocols and procedures?
  • Command and decision authority roles
  • Reporting lines and command channels
  • Situation assessment
  • Formulation of response strategies
  • Activation of appropriate resources
  • Coordination of outside response teams
  • Logging and documentation methods
  • (e.g. pre-formatted documents,
  • forms, etc.)

15
Crisis Communications
  • Communication between
  • Emergency responders
  • Responders and CC center
  • Responders and employees
  • CC and external parties (customers,
    shareholders, vendors, suppliers)
  • CC and external agencies (local, governmental,
    emergency responders, regulators)
  • CC and media
  • Communication methods
  • Messengers
  • Telephone
  • Two-way radio
  • Pagers
  • FAX machines
  • Microwave Comms
  • Satellite Comms
  • Dial-up modems
  • LANs WANs
  • Hand signals
  • Warning systems
  • Audible/Visual alarms
  • Internal public announcement systems

Have you provided for backup communication
methods?
16
Vital Records Preservation
  • Identify and prioritize various documents/forms
    required to resume critical processes
  • Formulas and trade secrets
  • Engineering plans and drawings
  • Personnel files
  • Contracts
  • Forms
  • Develop strategies for their preservation and
    maintenance
  • Making copies and moving to backup site
    periodically
  • Evacuating to backup facilities during emergency
  • Develop procedures for protecting and controlling
    access to vital records
  • Develop procedures for retrieving, distributing
    and preparing to use

17
Media Relations
  • Designate a trained spokesperson and an alternate
    one
  • Setup a media briefing area
  • Establish procedures to ensure that information
    is complete, accurate and approved for public
    release
  • Determine an appropriate and useful way of
    communicating technical information
  • Conduct press briefings and interviews (when
    appropriate)
  • Provide press releases when possible
  • Do not permit unauthorized personnel to release
    information

18
Business Continuity Plan
Business Continuity Plan
Overview Roles Responsibilities
Supporting material
Notification, Invocation Escalation Procedures
Plan testing, maintenance, distribution and
control procedures
BCM team, CCC Contact Info, RRP
BUR ITDR Plans
Emergency Response and Crisis Management Plans
19
Other Issues To Consider
  • Exercising, testing and auditing business
    continuity plans
  • Maintenance of business continuity and crisis
    management plans
  • Business continuity culture development and
    awareness program
  • Insurance coverage and policies
  • Business continuity program management
  • Business continuity policies and standards

20
The Business Continuity Puzzle
Emergency Management Plan
Physical Information Security
Insurance Plan
Communication Plans
BC Program Management And Culture Development
Crisis Management Plan
Business Unit Recovery
Third Party Relations
IT Infrastructure Recovery
21
The Business Continuity Lifecycle
22
Thank you for your attention!
  • Sotiris Papiotis, CISSP, CISA
  • TSRS Manager
  • Tel 210 2886000
  • E-Mail Sotiris.Papiotis_at_gr.ey.com

27/1/2004
Write a Comment
User Comments (0)
About PowerShow.com