Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Business Continuity Management
Copyright © 2016, N Plus One Sdn Bhd. All Rights Reserved. 1
Copyright © 2016 N+1. All rights reserved.1
BusinessContinuityManagement
MPMA’s - Crisis Management & ERT Seminar Venue: Dorsett Grand Subang - 22nd November 2016
By: Mr. Murugan BCCE, DRCE, BCCLA, CMCE
Copyright © 2016 N+1. All rights reserved.2
Murugan is the Director – BCM of N PLUS ONE with officebased in Malaysia focuses on Organisation Resiliency.Murugan has vast experience in development and deploymentof Business Continuity, Disaster Recovery, Crisis ManagementProjects/ Program/ Workshops/ Trainings/ Assessments forregulated and non – regulated institutions and organisations(Local & International), Information Technology, and World-Class Event Management.
Murugan BCCE, DRCE, BCCLA, CMCE
He has managed and actively involved in IT Outsourcing engagementlargely for financial institution and other industries namely Data CentreServices, Media Management, Service Desk and Contact Centre Servicesand was also responsible to drive performance across the organization,guiding collaborative teams, to implement strategic initiatives to protect thecompany’s business operation. Murugan is also an appointed Instructor foran international BCM Institutions.
Business Continuity Management
Copyright © 2016, N Plus One Sdn Bhd. All Rights Reserved. 2
Copyright © 2016 N+1. All rights reserved.3
• Overview – Business Continuity Management
• BCM Scope & Definition
• Planning Methodology & ISO22301 Requirements
• Business Continuity Life Cycle
• Major Plan Components
• BCM Standards & Regulators
• BCM Benefits
• Common Challenges
• Key success factors
Objectives
Copyright © 2016 N+1. All rights reserved.4
BCM SystemPlan Do
Check &
Act
BCM
Methodology Project
Management
Risk
Assessment
Business
Impact
Analysis
Business
Continuity
Strategy
Plan
Development
Testing &
Exercising
Program
Management
ERP
BCP
DRP
CMP
CCP
Framework
Policy
RA Report BIA Report BCS Report T&E Plan Audit
Awareness
Training
Business Continuity Management (BCM)
ISO22301:2012
COMMON PLANNING METHODOLOGY
BCM
Documentations
Business Continuity Management
Business Continuity Management
Copyright © 2016, N Plus One Sdn Bhd. All Rights Reserved. 3
Copyright © 2016 N+1. All rights reserved.5
Is an organization-wide discipline, and a complete set
of processes that identifies potential impacts, which
threaten an organization. It provides a capability for,
an effective response that safeguards the interests of
its major stakeholders and reputation.
Business Continuity Management
Copyright © 2016 N+1. All rights reserved.6
Aims to safeguard the interests of an organization and
its key stakeholders by protecting its critical business
functions against predetermined disruptions.
What is Business Continuity?
People Processes Place
Business Continuity Management
Copyright © 2016, N Plus One Sdn Bhd. All Rights Reserved. 4
Copyright © 2016 N+1. All rights reserved.7
Is NOT
� An insurance policy
� Business as usual
� It is a strategy for Your Organisation to survive a disaster!
Business Continuity…
Copyright © 2016 N+1. All rights reserved.8
Is the ability to provide critical Information Technology
(IT) and telecommunications capabilities for some
predetermined minimum period of time by an
organization which is disrupted by an incident,
emergency or disaster.
What is Disaster Recovery?
Business Continuity Management
Copyright © 2016, N Plus One Sdn Bhd. All Rights Reserved. 5
Copyright © 2016 N+1. All rights reserved.9
Is the overall coordination of an organization's
response to a crisis, in an effective, timely manner,
with the goal of avoiding or minimizing damage to the
organization's profitability, reputation, or ability to
operate.
What is Crisis Management?
Copyright © 2016 N+1. All rights reserved.10
� Executive (Top) Management
� BCM Steering Committee
� Project Manager/ Sponsor
� Organization BCM Coordinator
� Business Unit BCM Coordinator
� BC Project Team
BCM Responsibilities
Defined roles, responsibilities and authorities for:
Business Continuity Management
Copyright © 2016, N Plus One Sdn Bhd. All Rights Reserved. 6
Copyright © 2016 N+1. All rights reserved.11
Common Planning Methodology
Project Management
Risk Assessment
Business Impact
Analysis
Business Continuity Strategy
Plan Development
Testing & Exercising
Program Management
Copyright © 2016 N+1. All rights reserved.12
Planning Methodology Align to ISO22301 BCMS Standard
Business Continuity Management
Copyright © 2016, N Plus One Sdn Bhd. All Rights Reserved. 7
Copyright © 2016 N+1. All rights reserved.13
An overview
6 9 10 11 12 1 2 3 4 5 6
RTO (T+5h)
ERP BCP/DRP
RPO
CMP/CCP
MTPD (T+7)RPO 0
Copyright © 2016 N+1. All rights reserved.14
Natural
• Rain / Typhoon
• Earthquake
Man-made
Technological
–Cyber-attacks
Human
–Terrorist attacks
–Power outages
–Pandemics and epidemics
Risk Analysis
Business Continuity Management
Copyright © 2016, N Plus One Sdn Bhd. All Rights Reserved. 8
Copyright © 2016 N+1. All rights reserved.15
Risk Analysis Process
Impact
How does the threat affect
business operations?
What are the adverse events that can occur?
What is the likelihood that the threat will adversely affect
business operations?
What is the effects on people, infrastructure, facilities, and systems?
What is the potential loss exposures to
business?
What is cost for the Controls to be implemented?
What Controls should be in
place?
Copyright © 2016 N+1. All rights reserved.16
Is the process of analyzing the
effect of interruptions to business
operations or processes on all
business functions.
Business Impact Analysis
Business Continuity Management
Copyright © 2016, N Plus One Sdn Bhd. All Rights Reserved. 9
Copyright © 2016 N+1. All rights reserved.17
� Minimum Business Continuity Objective (MBCO)
� Business Impact Areas
� Recovery Time Objective (RTO)
� Recovery Point Objective (RPO)
� Maximum Tolerable Period of Disruption (MTPD)
� Critical Business Function (CBF)
� Vital Records Management
� Dependencies
Impact Analysis Outcome
Copyright © 2016 N+1. All rights reserved.18
Business Continuity Strategy
Is the process of selecting a set of interim operating
strategies to maintain continuity of critical functions
(prioritised activities) during a disaster.
Business Continuity Management
Copyright © 2016, N Plus One Sdn Bhd. All Rights Reserved. 10
Copyright © 2016 N+1. All rights reserved.19
� Do nothing
� Process manually
� Degrade services or defer actions
� Suspend or transfer function
� Close shop
� Provide alternative source of products or
services
� Provide continuous processing
� Draw quick re-supply contract
� Work from alternate site/ office
Alternative Strategy Options
Copyright © 2016 N+1. All rights reserved.20
Major Plan Components
Recovery Activity & Timeline
Business Continuity Management
Copyright © 2016, N Plus One Sdn Bhd. All Rights Reserved. 11
Copyright © 2016 N+1. All rights reserved.21
RestoreReturn
Major Plan Components
Reduce RespondRecoverResume
Copyright © 2016 N+1. All rights reserved.22
Respond
Major Plan Components
RestoreReturn
ReduceRecoverResume
Safeguards
� Physical security & surveillance
� Power & utilities
� Environmental protection – Hazmat
� Fire detection & protection systems
� Construction
Building Resiliency
Business Continuity Management
Copyright © 2016, N Plus One Sdn Bhd. All Rights Reserved. 12
Copyright © 2016 N+1. All rights reserved.23
Major Plan Components
RestoreReturn
Reduce RespondRecoverResume
� Emergency response
operations
� Evacuation drill
� Damage assessment
� Coordination with
public authorities
� Activate alternate site
� Crisis Management
Disaster
Strikes
Copyright © 2016 N+1. All rights reserved.24
Major Plan Components
RestoreReturn
Reduce RespondRecoverResume
� Recover
� Critical business
functions
� IT applications & data
� Occupy alternate site
� Resume
� Not business as usual!
Business Continuity Management
Copyright © 2016, N Plus One Sdn Bhd. All Rights Reserved. 13
Copyright © 2016 N+1. All rights reserved.25
Major Plan Components
RestoreReturn
Reduce RespondRecoverResume
� Restore
� All business functions
� All IT applications & data
� Return
� Rebuilt site / construct new site
Copyright © 2016 N+1. All rights reserved.26
Testing and Exercising
� Ensure the plan is consistent with the scope and objectives of BCMS
� Confirm if the plan can be executed
� Familiarize staff with the plan
� Demonstrate that the plan is accurate and complete
� Minimize the risk of disruption of operations
Business Continuity Management
Copyright © 2016, N Plus One Sdn Bhd. All Rights Reserved. 14
Copyright © 2016 N+1. All rights reserved.27
Program Management
Program Management
Plan Maintenance
Advanced Testing and Exercising
Review and Audit
BCM Mindset & Culture
Copyright © 2016 N+1. All rights reserved.28
Global BCM Standards
ISO22301 SS540
ANZ5050 NFPA1600
Among others…
Business Continuity Management
Copyright © 2016, N Plus One Sdn Bhd. All Rights Reserved. 15
Copyright © 2016 N+1. All rights reserved.29
BCM Regulators - Malaysia
Copyright © 2016 N+1. All rights reserved.30
� Minimise operational disruptions
� Minimise financial and reputational losses
� Fulfil obligations to stake holders
� Fulfil regulatory requirements
� React to a disaster/crisis with an understanding of:
�Organisation Vision & Mission
�Critical, functional priorities
�Sources of support and services
Not having a Plan could mean delays which may be
fatal to Your Organisation
Why Business Continuity Management?
Business Continuity Management
Copyright © 2016, N Plus One Sdn Bhd. All Rights Reserved. 16
Copyright © 2016 N+1. All rights reserved.31
�Protect organisation against potential threats
�Minimise impact and losses of disruptions on
operations
�Enhance confidence of employees, investors,
shareholders and customers
� Improve organizational process resiliency and
operational robustness
Benefits of BCM
Copyright © 2016 N+1. All rights reserved.32
� Why do need BCM?
� How much?
� What’s the ROI?
� Where to get the budget.
� Where should we park this
portfolio?
� We are SAFE
Common Challenges
� Who should be accountable?
� We already have ERM in
place.
� Our IT is doing a good job.
� There are no audit findings.
� No regulatory requirement.
� NO Top Management
Commitment
Business Continuity Management
Copyright © 2016, N Plus One Sdn Bhd. All Rights Reserved. 17
Copyright © 2016 N+1. All rights reserved.33
� Top Management commitment and funding support
� Well trained BCM/Project Manager with mandate and sufficient
competencies
� Appointed business unit (e.g. division/department) representatives with
appropriate authority
� Adopting a standard or guidelines
� Obtain professional assistance
� Good BCM awareness
� Focused approach
� Clear Ownership
� Strong BCM Program
Key Success Factors
Copyright © 2016 N+1. All rights reserved.34
Thank you.