Embed Size (px)
Citation preview
Business Continuity
17 March 2015Presented by Adele Sands
The Department of Human Services
Page 3
The department provides:
– policy/programme management, and
– service delivery of payments on behalf of the Australian Government
– for three master programmes:
• Centrelink• Medicare• Child Support
Page 4
Page 5
Page 6
401 service centres
26 smart centres
38 support or processing sites
13 Child Support Call Centres.
ICT
Page 7
Page 8DHS delivers $2.8 billion each week into the Australian economy.
$148 billion per annum
around 11% of Australia’s GDP
We have to be smart in our delivery of Business Continuity
The First Round – lessons learnt
Page 10
2012 - A change in BCM
This resulted in:
•a top down approach
•BCPs ONLY required for critical functions, assessed by:
– MTPD is five days or less
– the department would incur a major or extreme consequence within this time
Page 11
Complexities
Considering the size and complexity of the department, the new process resulted in:
•confusion
•never ending questions regarding the different variables
•“Why’s” and “What if’s”
•frustration regarding duplication of work
The BCM Review – Accountability vs. Service Delivery vs. Service Continuity
Page 13
Accountability
The policy or programme divisions are always ACCOUNTABLE for the function. They:
•are (usually) not responsible for service delivery
• are not responsible for the service continuity of the enabling ICT systems
Page 14
Accountability
• provide intelligence around associated service level agreements or legislative requirements
• incident manage disruptions to the delivery of the function
• liaise with and relationship manage key stakeholders
• as function “owners”, are best placed to determine RTOs and MTPDs
Page 15
Service Delivery
• The department’s Service Delivery Operations Group is responsible for the SERVICE DELIVERY of the majority of critical functions
• Service delivery is performed via multiple channels, from different sites all across Australia
Page 16
Service Delivery
• Some functions are delivered from multiple sites and are able to be easily shifted around depending on the type of disruption
• In the above situation there is no need to obtain detailed information on staffing resources
Page 17
Service Delivery
• If a function is identified as being delivered from four or less sites, it is classified as high risk
• High risk = more thorough analysis of resource dependencies
Page 18
Service Continuity
• The department’s CIO group is accountable and responsible for the SERVICE CONTINUITY of enabling ICT systems
• The BIA captures critical ICT dependencies and single points of failure for ALL critical functions
• This information is presented to the ICT BC team
Page 19
Service Continuity
The ICT BC team will then:
•identify the responsible ICT teams
•analyse existing service continuity arrangements, including the capability to:
Protect ~ Detect ~ Respond ~ Recover
•identify and report on gaps
Page 20
Service Delivery
Incident/Programme Management
of Critical Function
Resource Availability(ICT Programme)
Service Continuityof
Resource
CORECRITICAL FUNCTION
Accountability Accountability
Critical Function
Critical Function
Inner CircleFunction is always critical
Outer CircleFunction is only critical when the core function is disrupted
Page 21
Improvements
• Review and update templates
• Develop informative guides on different aspects of the process
• Develop step-by-step process documents to ensure transparency, and to provide assurance that staff deliver the programme consistently = data integrity
Page 22
Improvements
• Develop pre-populated templates for frequently used continuity procedures
Having this work already prepared has streamlined the process, resulting in efficiencies and improved focus on strategic aspects.
The Second Round of BIA/BCPs –
Strategic Focus
Page 24
Strategic Focus
Business continuity management for the department now takes a more strategic approach with:
• improved and streamlined guides and templates
• a greater focus on identifying vulnerabilities and single points of failure
Page 25
Strategic Focus
This enables us to:
1.Report significant risks to:
• our accountable executive level staff
• our risk management section
• our governance committee
2.Inform service delivery divisions of the criticality of the functions they deliver
Page 26
Strategic Focus
3. Provide intelligence to response and recovery committees about incidents impacting DHS Canberra sites
4. Provide intelligence to service delivery zones about functions delivered within their geographical footprint
Page 27
Strategic focus
5. Inform ICT of the systems that support critical functions
ICT can then work to ensure that these systems have appropriate service continuity measures in place to support their availability and performance.
Questions?
