Вы находитесь на странице: 1из 29

Your office was set to fire!

Human Resource RISKED !! Data!! Facilities & Infrastructure!! Capabilities!! Customer base AFFECTED !! Stakeholders!!


Resumption of services! Preparedness by learning from the loopholes! HOW? Distribute tasks asCritical Vital/Necessary Desired

Identify the (i)person(s) (ii) resources responsible for each of these tasks. Identify interdependencies within and outside the organisation. Identifying the Information flow and channelising it. Determine resource and supporting facility requirements in the context of space, proximity and function. Develop various continuity teams.

WILL happen, and as long as you can get 'in front of' the incident and control it you will control the outcome. However, it will control you if you do not command the situation from the off.

BCP/Disaster Recovery/Crisis Management

Crisis Managementincludes the immediate activities which need to be considered when the 'incident' occurs. CM: WHAT will happen, WHO is involved and HOW to take the measures for that? BCPis the holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience and the capability for an effective response that safeguards the interests. DR contain information on how relocation would be managed at an operational level. It also includes damage assessment details etc for facilities. So, please don't think that DR relates only to the IT department.

Risk Management Identifying and Preventing The Causes before they happen

Risk vs. Continuity

Risk Management Business Continuity Management

Key method Key parameters

Risk Analysis Impact & Probability

Business Impact Analysis Impact and Time

Type of incident

All types of events - though usually segmented All sizes (costs) of events although usually segmented All from gradual to sudden

Events causing significant business disruption to critical services and capabilities For strategy planning: survival threatening incidents only Sudden or rapid events (though response may also be appropriate if a creeping incident becomes severe)

Size of events


Elements Of Corporate Business Continuity Management Corporate Business Continuity

Pre-Event Phase

Event Phase

Post Event Phase

Enterprise Risk Management

Enterprise Risk Management

Crisis Management

Business Continuity Management

Business Continuity Management

Elements Of Corporate Business Continuity Management

Corporate Business Continuity 7

Pre-Event Phase

Event Phase

Post Event Phase

Enterprise Risk Management: Risk Assessment Risk Strategy Risk Appetite Crisis Management: Escalation Follow up

Enterprise Risk Management: Review Assessment Strategies

Business Continuity Management: BIA BCP Test BCP

Business Continuity Management: Update BCP Test BCP

Stages Of BCP Life-cycle And Their Deliverables

1. Launch BCP Project 2. Review Mission and Business Functions 3. Conduct a Business Impact Analysis 4. Develop Needed Policies, Procedures and Protocols 5. Create a Written BCP 6. Test and Maintain Your BCP 7. Inspire a Continuity Culture

1. Launch BCP Project

Board and Executive Management Team

Project Team Employees

2. Review Mission and Business Functions

Mission-Critical Services

Maximum Acceptable Downtime Source of Interruption Service Delivery

3. Conduct a Business Impact Analysis

Purpose of BIA Effects on business function Criticality of business function

4. Develop Needed Policies, Procedures and Protocols

What should be included Document Stakeholders

5. Create a Written BCP


of Contents

Distribution strategy

6. Test and Maintain Your BCP

Realistic Conditions Approach Tabletop Exercise Simulated Event Exercise Debriefing Participants Plan Maintenance

7. Inspire a Continuity Culture



Regular Testing Periodic evaluation of BCP


Hackers claimed they are from

Tried to maximise the disruption -popular online retailers, -payment processing businesses -credit card companies during the busy Christmas shopping period.

Web presence was separated from the core payment functions. Behind-the-scenes payment channels Christmas shopping transactions + high levels of protection. Only-online retailers saw losses Traditional High Street retailers could benefit as some shoppers may well be driven in-store.

Awards and Recognitions for the BCP Minds

C(ontinuity) I(nsurance) & R(isk) Magazine

Business Continuity Manager of the year Arab National Bank Business Continuity Strategy of the Year Scottish Borders Council Most Effective Recovery of the Year BAA Glasgow Airport Ltd Lifetime Achievement Dennis Thomas (Former MD, NDR) ICM Computer Group Business Coninuity & Disaster Recovery Company of the year Nicole Carballeiro and Sharad Saggar of Core Consultancy Business Continuity Consultant of the Year Paul Robertson, Business Continuity Consultant, Marsh Ltd Student of the Year Erez Herman, Graduate Trainee, Crisis Solutions Ltd Excellence in Business Continuity in the Insurance Industry Marsh Ltd

Glasgow Airport- A Case Study

8. 8 million passengers a year; busiest of the three BAA-owned Scottish Airports. 30 June 2007, the second busiest day of the year due to the school holidays commencing the previous day. Target for a car bomb attack. Initial Fire Fire & rescue (using Hose Pipes + Foam Monitor) 30 minutes! Support mechanism calling off-duty people to support front line staff. Crisis Management Tactical Command | Business Recovery StrategiCommand Initiated & Operational : 45 minutes | Initiated & Operational : One hour ISSUE: Complex Situation + Large number of Stakeholders involved RESPONSE: we were able to work ahead of the police to be operationally ready when the area was handed over. (personal ) * PERFORMANCE STANDARD* - states what is required for each business unit to ensure compliance.

MEDIA : 800 calls in the first 24 hours

PR team were to protect the image and avoid any undue criticism on airport! Message sent across Airport Authority website Glasgow city centre big screens E bulletins Four week ad campaign on local radio.

The Airport Authority Website received over 560,000 visits in the 14 days following the event that was 6% more than the entire month of June. Glasgow Airport website received 130,000 visits compared to 6,000 the previous week. CHALLENGES Approximately 1,100 passengers held on board aircraft for several hours to allow police and other teams to implement plans. the sprinkler heads resulted in a great deal of water pouring into the building over several hours until the area was declared safe. *The first flight arrived at 07:37 on Sunday 1 July, a mere 16 hours 26 minutes after the initial fire.*

BCP Scenario in India!

BANKING Regulatory requirements FIN & INSURANCE Corporate Governance TECHNOLOGY, & MEDIA & COMM. Business Strategy Companies assume they have effective continuity plans! After a comprehensive survey, loopholes. Inadequate allocation of resources in terms of both budget and personnel for the BCM program. More of IT centric rather than having a holistic perspective of the organisations, taking into account People, Process and Infrastructure. Organisations across different sectors and consisting of large, small and medium enterprises have indicated growing awareness of B.C.M.

Business Continuity Preparedness in different sectors

Not just Senior! Include the mid-level management people too. Awareness & Formal training! (outsourced to core BCP institutes or regulators) *Tech, Media & Comm Strong focus. TESTING !!

Remove the barrier of awareness & understanding about WHAT A COMPREHENSIVE BCP REALLY ENTAILS! -X- Senior management (only) A Business Strategy! XIts more than just IT !!

A better BCP culture needs to be inculcated!

BCM on a limited budget!

Plan Development / Crisis Mgmt - compromised!


An Ideal World Real World

Unlimited Funds & LIMITED Resources ! Resources

A Compromised/No Comprehensive BCP BCP

3 situations (i) Plan Dev = CM (ii) PD > CM (iii) PD < CM Miniminsed Plan Maximised Team 9/11 Cantor Fitzgerald

Your well thought out Business Continuity Plan is ready and will adapt to any incident or crisis for your company!