Click here to load reader
Upload
jhumkhawala
View
1.421
Download
3
Embed Size (px)
DESCRIPTION
BS-25999 is Business continiuty management standard.
Citation preview
Anil J Jhumkhawala .Director-Compliance. Qualification .
B,com(Hons), LL.B, CAIIB, ACS,Company Secretary,BS-25999 LA,Computer forensic (GOV OF INDIA),cVa™.
Task force member GRC.
5/22/2009©Anil copyright protected 1
5/22/2009©Anil copyright protected 2
BCM Program Management
Financial Risk
Business risk
Technology risk
Environmental riskHuman risk
BCM
2. Identifying critical activity
3. BIA
4. IMP,IRS,MTPoD,RTO
5. Maintain & Review
BCM
5/22/2009©Anil copyright protected 3
6. Exercise BCM
7. Internal audit
1. Understanding Definitions
8. Certification
1. Overview
2.BCM Prog I
3.BCM Imple
5/22/2009©Anil copyright protected 4
5/22/2009©Anil copyright protected 5
5/22/2009 Source Standard BS-25999
©Anil copyright protected 6
5/22/2009 Source BS-25999 standard©Anil copyright protected 7
5/22/2009Anil copyright protected 8
5/22/2009©Anil copyright protected 9
5/22/2009©Anil copyright protected 10
Understanding the organization: Key product, services, critical activities, objectives, stakeholder’s obligations,
statutory bodies, BIA, Impact of Disruption, MTPoD, RTO, continuity Requirements, Staff, people, technology,
suppliers, Risk acceptance,Transfers, changes,
Business Continuity strategy: Reduce Likelihoods, continuity to critical activity resumptions, People,
permission, technical, Information, supplies, shareholders, signatories etc.
Exercising Maintain, Review, preventive actions, corrective actions and follow-up and training.
Developing and Implementing Resource Team: critical activity, application strategy, Incident Response,
structured plans, control plans, Incident Management plans (IMP), Media response, location, Resource
requirements.
BCM Programme Management:organistion approach,
appointment of senior, communicate, training,
exercise, review, BIA, policy,BCM scope, IRS, SLA, etc
Understanding need of Continuity-PolicyImplementing operating control-Overall RiskMonitoring review effectiveness-BCMSContinual improvementNeed-Risk-At par-Global Requirements-Changing world-
5/22/2009©Anil copyright protected 11
Key components-BCMS As per BS-25999
5/22/2009©Anil copyright protected 12
BCM culture
stakeholdersconfidence Risk management
Improve Net Asset ValueReduce cost Increase RevenueMaintain Review Exccercise Internal Audit
Key Products/services Critical activity Sites/locations Number of Employees
Incidence response structure MTPoD?RTOIncident management Plans
Likelihood of events
MASTER PLANNING
5/22/2009©Anil copyright protected 13
5/22/2009Anil copyright protected 14
5/22/2009©Anil copyright protected 15
IMP
Define scope• Acceptable-
interest stakeholders
Policy-commitments• Minutes-
address concern• Limitation -
exclusion
Resources• Roles-defined-
documented• Reinforce
commitments
5/22/2009©Anil copyright protected 16
Necessary competency of personals assigned Embedding culture
Records
Roles
Training
Measure
Awareness to All
BCM objective
value
5/22/2009©Anil copyright protected 17
Strategy Map-DocumentationBCM-manual scope 3.4.1
BCM
SIN
TERN
AL P
ROCE
SSCo
ntro
lsM
aint
enan
ce
IncreaseRevenues-Confidence
Continual Improvement
6.2
Management Review5.2,
DocumentedProcedure3.4.1.3
Internal audit-Preventive-corrective actions5.1-6.1-6.2
Risk assessmentimprove finance
Processes4.1.2
BCM-Policy3.2.2
Provision of Resources
3.2.3
Competency- skillsTraining
3.2.4
BIA & BCM Exercising
4.1.1 & 4.4.2
BCS & IRS4.2 & 4.3.2
Scope-Objective3.2.1
BCP & IMP4.3.3
5/22/2009©Anil copyright protected 18
Control Of Records 3.4.2 Control of documentations 3.4.3
5/22/2009©Anil copyright protected 19
5/22/2009©Anil copyright protected 20
Documented Procedure shall –control over BCMS Documentation and records.
Documented Procedure shall-for preventive actions 6.1.2
Documented Procedure for corrective actions .6.1.3
5/22/2009©Anil copyright protected 21
BCM owner from the Board
•MR•Silver Team•H.R (Trainer)•Gold Team
Suppliers Contractors
Shareholders Bankers
Creditors
5/22/2009©Anil copyright protected 22
BIA
Critical
Maintain
•IMP• IRS
•MTPoD•RTO
•Preventive•Corrective
5/22/2009©Anil copyright protected 23
MR
GOLD
IRSIMP
SILVER
5/22/2009©Anil copyright protected 24
5/22/2009©Anil copyright protected 25
MR GOLD
SILVER BOD
5/22/2009©Anil copyright protected 26
audit
maintain
exercise
Review
5/22/2009©Anil copyright protected 27
Med
ia
UNDESTANDINGIncident management plans
Incident strategy Manage and maintain Guidance and TemplatesAppointed spokesman
Restorationof critical activity
Relevant arrangementExternal Organisation
Managing issues Employee-Relatives
Stakeholdersmedia
Provide convenient access to
communicate.
Methods-contactsAgencies locations
Guideline criteria To Invoke
ConsequencesWelfare of individuals
Process standingOnce incident is
over
Improve key referenceInformation
Define roles and Responsibilities
Managing Incidenceprocesses
Media responseIdentify needs and
Lines of Communications
ReviewedOwned-Responsible
Accessible and understood
Each Plan shall DefinedPurpose and scope
Mna
gem
ntIN
TERN
AL P
ROCE
SSIM
P
5/22/2009©Anil copyright protected 28
5/22/2009©Anil copyright protected 29
5/22/2009©Anil copyright protected 30
Audit notes
Evidence
Audit Records
Audit Process
Audit plans • Audit Programme shall be planned,established,implemented for BIA,RA,controls .
• Shall-address responsibilities,competencies,planning,audit criteria.
• Shall be maintained for verifications.
• mitigations measures
• help to improvise
5/22/2009Anil copyright protected 31
5/22/2009©Anil copyright protected 32
BS-25999
Preventive
Corrective
Exercise
Procedure
Document
BIA
IMP IRS
5/22/2009© Anil copyright protected 33
© Anil copyright protected