Upload
brian-andrews
View
610
Download
8
Embed Size (px)
DESCRIPTION
Business Continuity Planning, Irish Management Institute Presentation.
Citation preview
Business Continuity Planning
by Brian Andrews
Business Continuity Planning
• What is it?
• Why do it?
• How do you do it?
• Who does it?
Strategic Approach to Business Continuity
Cost of Downtime
• Productivity
• Damaged Reputation
Testing of Business Continuity Plans
• Create Enterprise Testing Strategy
• Prepare for Plan Tests
• Test Scenarios
• Test Cases
• Execute Plan Tests
• Revise Plans (as required)
Risk and Business Impact Analysis
• Review Existing Documents
• Validate / Prioritize Mission Critical Business Functions
• Perform Risk Assessment
• Conduct Business Impact Analysis
• Analyze Alternative Solutions
• Present Findings and Recommendations
Business Continuity Plan Development
• Master Business Continuity Plan:
• Crisis Management, Command Center
• Disaster Recovery, Hot Site
• Business Resumption
• High Availability
• Plan Monitoring Strategy
Phase
1
Phase
2
Phase
4
Phase
3
Risk Impact Analysis
Formulating Continuity Strategies
Without a plan, a natural or man made disasters are;
•Loss of work to competitors
•Failures within the supply chain
•Loss of reputation
•HR Issues
•Health and Safety Liabilities
•Increased Insurance Premiums
Worst Case: Failure of Business
Business Impact Analysis
Understanding the Balance between Costs, Likelihood of a Disruption
and Business Impact
• Likelihood
• Magnitude
• Financial Impact
• Prevention / Preparation
Strategy Based on ROI
• Plan and Response
Development
• Scope of Protection
• Ongoing Incremental
Expense
• Recovery Performance
• Time to Recover
• Scope of Recovery
• Crisis Management
• Identify Critical
Functions
• Risk Assessment
• Business Impact
Analysis • Lost Revenue
• Customer / Partner Confidence
• Regulatory / Legal Issues
Disruption
Occurs
Event Protection Investment Normal
Ops
Recovery Cost Resume
Ops
Business Impact
Business Continuity Plan Development
Business Impact Analysis
Risk Analysis
Recovery Strategy
Group Plans
and Procedures
Business Continuity Planning Initiation
Risk
Reduction Implement
Standby Facilities
Create Planning Organization
Testing
PROCESS
Change Management Education Testing Review
Policy Scope Resources Organization
Ongoing
Process
Project
7
Updating & Testing Plans
• Your Continuity plan MUST BE EMBEDDED in how
each business unit operates every day
• Business Function Managers MUST BE
RESPONSIBLE for ensuring that strong change
management controls are in place!
• Change Control ensures that NOTHING GETS INTO
PRODUCTION without Continuity Team sign-off!
• Constant TESTING IS IMPERATIVE!
• QUARTERLY AUDITS & executive reporting are
essential!
• Training off staff is imperative
Revenue
Know your downtime
costs per-hour, -day, -two
days ...
Productivity • Number of
employees impacted X hours out X burdened hourly rate
Damaged Reputation
• Customers • Suppliers • Financial markets • Banks • Business partners
Financial Performance
• Revenue recognition • Cash flow • Lost discounts (A/P) • Payment guarantees • Credit rating • Stock price
Other Expenses Temporary employees, equipment rental, overtime costs, extra shipping costs, travel expenses
What Is Your Cost of Downtime?
• Direct loss • Compensatory payments • Lost future revenue • Billing losses • Investment losses
Conclusion
• Development and implementation of BCP
maintenance processes are critical to ensure
that the BCP is in a state-of-readiness
• Management will only realise the value of
their investment in business continuity
when a real disaster situation strikes the
organisation