View
95
Download
1
Category
Preview:
Citation preview
Continuity and Resilience (CORE)
ISO 22301 BCM Consulting Firm
Presentations by speakers at the 6th Middle East Business & IT Resilience Summit
Mar 30, 2017 at The Address – Dubai Mall
Our Contact Details:
UAE INDIA
Continuity and Resilience P. O. Box 127557
Abu Dhabi, United Arab Emirates Mobile:+971 50 8460530
Tel: +971 2 8152831 Fax: +971 2 8152888
Email: info@coreconsulting.ae
Continuity and Resilience Level 15,Eros Corporate Tower
Nehru Place ,New Delhi-110019 Tel: +91 11 41055534/ +91 11 41613033
Fax: ++91 11 41055535 Email: info@coreconsulting.ae
ROI in BCM – Benefits and alternatives Use of tools to manage BCM: overview of benefit and alternatives
in the various phases of the BCM process
Roberto Perego – Founder - Chief Sales & Marketing Officer – ORBIT Italy
How many tools are there in the world?1
1 Just those inserted in the Business Continuity Software Report 2015
Definition
Process (or Business Process): a set of interrelated or interacting activities which transforms input to output (ISO 22301:2012). Examples:
Trading room service (banking) Accounts service (banking) Company’s investments (insurance) Customer billing (telecom) Internet service (telecom) Energy services (municipality) Waste collection (municipality) Ambulatory management (health care) Emergency room (First aid) service (health care) Painting activities (automotive)
BCM Process – P.M.O.: The “three” phases
BC operational Management
Exercising Management
Incidents Management
Crisis Management
Communication during the crisis
Data Maintenance
BCP Print
BIA /BCP RIA
Risk Impact Analysis linked to
the assets
Organization Mapping
Inventories (sites, people, ICT,
outsourcers…)
Critical Business Process
Perimeter
Business Impact Analysis
BC Plan design
Planning Phase
Organisation
Company business processes
People involved in the business process
execution
Sites in which the business processes are
executed
Equipment needed to the business process
Interrelations among business processes
(input – output)
Economical, Reputational and Regulatory
impacts Emergency scenarios to be considered
Emergency Plans for each of the various scenarios
BCP Structure
Risks Analysis for the business processes’
assets
Organisations have to collect and structure data regarding:
Planning Phase
Organisation
Company business processes
People involved in the business process
execution
Sites in which the business processes are
executed
Equipment needed to the business process
Interrelations among business processes
(input – output)
Economical, Reputational and Regulatory
impacts Emergency scenarios to be considered
Emergency Plans for each of the various scenarios
BCP Structure
Risks Analysis for the business processes’
assets
Organisations have to collect and structure data regarding:
There are about 200 attributes whose variation affects the validity of the BCP: – +/- 40 attributes per business process – +/- 105 attributes for each emergency
solution – 55 attributes for each inventory’s item
(site, application subsystems, Outsourcers, Contracts, People)
With highly complex interrelations among them
Planning Phase
Organisation
Company business processes
People involved in the business process
execution
Sites in which the business processes are
executed
Equipment needed to the business process
Interrelations among business processes
(input – output)
Economical, Reputational and Regulatory
impacts Emergency scenarios to be considered
Emergency Plans for each of the various scenarios
BCP Structure
Risks Analysis for the business processes’
assets
Organisations have to collect and structure data regarding:
What do companies use?
1) Excel
2) BCM Specific Tools
BCM Process in Planning – BIA/BCP
Organization Mapping
Inventories (sites, people, ICT,
outsourcers…)
Critical Business Process
Perimeter
Business Impact Analysis
BC Plan design
BIA /BCP BCM Specific Tools Manual / Office
Guided insertion of data
Imported
Linked to BP Analysis Tools
Guided insertion of data
Imported from External sources
Guided algorithm for selection
With specific algorithm
Guided insertion of data
Imported
With HTML questionnaires
Guided insertion of data
Imported
With HTML questionnaires
With “pdf” to annex as document
Automated on pre defined templates
Linked to traditional reporting tools
like Cristal Report
Interviews
Excel spreadsheet loading
Interviews
Excel spreadsheet loading
Experience, estimations
Manual
Interviews
Manual loading
Interviews
Manual loading
Manual creation
Copy and paste
Benchmark done with a large Banks with more than 2000 branches Data has been internally elaborated to expose data as business process dependent and assuming a list price cost of the software
BIA / BCP – Our benchmark
Data Collection for BIA
Data type-in
BIA Data Update
Emergency plan creation
BCP Printing
Top Management Reporting
BCM Tool (ORBIT®) Manual / Office
Data collection via internet /intranet directly typed-in by the process owners
Build the questionnaires. Interviews to process owners with questionnaires
Data are already on electronic support by the previous phase
Re-organization, assemblage, data verification and placing them on a electronic support
Data collection via internet /intranet directly typed-in by the process owners
Revision / drafting new questionnaires to capture any changes. Rereading the questionnaires. Type-in new data
Guided creation on the base of the BIA data, made automatically available by the software
Manual creation analyzing BIA data on screen or on paper
Automatic printing out on the base of data available in the BIA and in the Emergency Plans Design sections.
Manual editing of the various BCP paragraphs: BIA results, emergency measures, procedures, contact lists and so on.
Automatic printing out of reports requested by the Top Management
Manual creation of the reports requested by the Top Management
Break-even - BIA + BCP
First Year
Maintenance Phase
The real problem: why to keep BC data maintained when company’s data changes?
It has been demonstrated when a BCP
is not updated it’s even worse than not
having a BCP.
To create a BCP typically requires a
huge amount of resources, but keep it
aligned with the organizational
changes is 10 times more expensive
Rapid changes in personnel data,
assets, technological resources, the
business process documentation are
not in the knowledge domain of BC
Officers
People involved in the BC process are so many
that it's almost impossible to avoid duplication of
actions or loss of information which may relate to
the BC
Maintenance Phase
The real problem: why to keep BC data maintained when company’s data changes?
It has been demonstrated when a BCP
is not updated it’s even worse than not
having a BCP.
To create a BCP typically requires a
huge amount of resources, but keep it
aligned with the organizational
changes is 10 times more expensive
Rapid changes in personnel data,
assets, technological resources, the
business process documentation are
not in the knowledge domain of BC
Officers
People involved in the BC process are so many
that it's almost impossible to avoid duplication of
actions or loss of information which may relate to
the BC
What do companies use? 1) Excel
2) Specific BCM Tool
ONLY Manual Update
BCM Process in Data Maintenance
BIA /BCP Data Maintenance
BCM Specific Tools Manual / Office
Automatic updating streams with connection to systems for: 1. Business Process
Management 2. HR 3. Procurement 4. Site Management 5. ICT That updates on scheduled time and send update alerts for all updates and changed situation involving: Organization Business Processes Staff Outsourcers Services and Contracts Sites IT applications
Organization Mapping
Inventories (sites, people, ICT,
outsourcers…)
Critical Business Process
Perimeter
Business Impact Analysis
BCP Print
Maintenance – Benchmark elaboration
Organisational and business processes
Variation
Inventory variations
Business Impact Analysis variations
Risk Impact Analysis variations
Emergency plans variations
BCM Tools (ORBIT®) Manual / Office
Automatic flows Linked to Business Process Analysis tools
Automatic flows Link with external systems (HR, ICT, Sites, Procurement, etc)
Automatic flows Link with external systems (HR, ICT, Sites, Procurement, etc)
Automatic flows Link with external systems (HR, ICT, Sites, Procurement, etc)
Automatic flows Link with external systems (HR, ICT, Sites, Procurement, etc)
Manual – only if BC staff will be informed about changes
Manual – only if BC staff will be informed about changes
Manual – only if BC staff will be informed about changes
Manual – only if BC staff will be informed about changes
Manual – only if BC staff will be informed about changes
Maintenance – Benchmark elaboration
Organisational and business processes
Variation
Inventory variations
Business Impact Analysis variations
Risk Impact Analysis variations
Emergency plans variations
BCM Tools (ORBIT®) Manual / Office
Regardless of the number of changes, some types of updates can be made on a daily basis (or on request) at ZERO cost. Furthermore, the BC Team is informed in real time, at no cost, about changes that may impact the emergency solutions that needed human intervention for the review (eg. Change of processes). Just some time for the review
It depends on many factors such as how many times per year updates are planned, how many business processes remain unchanged, the time for changes, sequencing changes, etc. On average for two reviews per year are estimated between 4 to 6 months / man
Break-even – Data Maintenance
Manual
ORBIT
Second Year on
2 Reviews per year (Organization, BIA, RIA and Emergency Plans)
Even daily changes’ collection and application (Organization, BIA, RIA and Emergency Plans)
Operations Phase
To manage situation of: • Emergency procedure Exercising • Exercising perimeter definition • Exercising planning • Participants’ selection • Communication to the people
involved • Exercising execution monitoring • Exercising reporting creation • Corrective actions tracking and
execution • Incidents and crisis • Crisis perimeter definition • Crisis level definition • And, much more ……………….
Operations Phase
To manage situation of: • Emergency procedure Exercising • Exercising perimeter definition • Exercising planning • Participants’ selection • Communication to the people
involved • Exercising execution monitoring • Exercising reporting creation • Corrective actions tracking and
execution • Incidents and crisis • Crisis perimeter definition • Crisis level definition • And, much more ……………….
What do companies use: 1) Manual management of
exercising, crisis and incidents
2) BCM specific tools
BCM Process - Operations
Exercising Management
Incident Management
Communication during crisis
Operations in BCM BCM Specific Tools Manual / Office
Guided procedure for: Exercising preparation / perimeter Communication Execution Outcome reporting Corrective actions management
Automated procedure for: Capturing incident from help desk Collecting information on business
processes for each ticket Control admin panel to define incidents
to pass to BC Manager Dashboard for controlling the progress in
incidents’ resolution
Guided procedure for: Crisis perimeter definition Opening the crisis Choice of the adequate
emergency plans Emergency plans execution Progress dashboard Integrated communication Crisis closing and reporting
Manual management of preparation, communication, execution, outcome reporting and corrective actions tracking
«Mission Impossible»
Manual management of various phase in crisis management. Manual management of the communication.
Crisis Management
Make decisions and act quickly when
an incident or crisis is reported.
Alternatives:
Focus on crisis management
Crisis Management
Communication during Crisis
Conclusions
Conclusions
… and last but not least
How to choose a tool: Proof of Concept
The POC allows a thorough evaluation of each functionality of the tool compared
to expectations of a BCMS project.
The POC should include:
In-house installation of a BCM tools or web access;
Configuration according to the guidelines of the customer;
Loading of one or more business processes (with the customer support);
Loading a sample of data relating to inventories (sites, personnel, etc.)
pertaining to the business processes chosen (with customer support);
Business Impact Analysis, Business Continuity Plan and Disaster Recovery
Plan based on the requirements;
Exercising and simulation of a sample of information relevant to the selected
business processes
Reporting
Thank you for the attention
info@coreconsulting.ae
Recommended