You are on page 1of 35

Anil J Jhumkhawala .

Director-Compliance. Qualification .
B,com(Hons), LL.B, CAIIB, ACS,Company Secretary,
BS-25999 LA,Computer forensic (GOV OF INDIA),cVa™.
Task force member GRC.

©Anil copyright protected 5/22/2009 1


BCM Program
Management

Business risk
Financial Risk
Technology risk

BCM

Environmental risk
Human risk

©Anil copyright protected 5/22/2009 2


1. Understanding Definitions
` BCM
2. Identifying critical activity
1. Overview

3. BIA

2.BCM Prog I
4. IMP,IRS,MTPoD,RTO

5. Maintain & Review


3.BCM Imple
6. Exercise BCM

7. Internal audit

8. Certification

©Anil copyright protected 5/22/2009 3


©Anil copyright protected 5/22/2009 4
©Anil copyright protected 5/22/2009 5
5/22/2009 Source
Standard BS-25999
©Anil copyright protected 6
5/22/2009 Source BS-
©Anil copyright protected 25999 standard 7
Anil copyright protected 5/22/2009 8
©Anil copyright protected 5/22/2009 9
Understanding the organization: Key product, services, Business Continuity strategy: Reduce Likelihoods,
critical activities, objectives, stakeholder’s obligations, continuity to critical activity resumptions, People,
statutory bodies, BIA, Impact of Disruption, MTPoD, RTO, permission, technical, Information, supplies,
continuity Requirements, Staff, people, technology, shareholders, signatories etc.
suppliers, Risk acceptance,Transfers, changes,

BCM Programme
Management:organistion approach,
appointment of senior, communicate,
training,
exercise, review, BIA, policy,
BCM scope, IRS, SLA, etc

Developing and Implementing Resource Team: critical


Exercising Maintain, Review, preventive actions, activity, application strategy, Incident Response,
structured plans, control plans, Incident Management
corrective actions and follow-up and training. plans (IMP), Media response, location, Resource
requirements.

©Anil copyright protected 5/22/2009 10


` Understanding need of Continuity-Policy
` Implementing operating control-Overall Risk
` Monitoring review effectiveness-BCMS
` Continual improvement
` Need-
` Risk-
` At par-
` Global Requirements-
` Changing world-

©Anil copyright protected 5/22/2009 11


` Key components-BCMS As per BS-25999

©Anil copyright protected 5/22/2009 12


MASTER PLANNING

BCM culture

confidence stakeholders Risk management

Maintain
Reduce cost ReviewImprove Net Asset Value
Exccercise Internal Audit
Increase Revenue

Incident management Plans Incidence response structure MTPoD?RTO

Likelihood of events

Key Products/services Critical activity Sites/locations Number of Employees

©Anil copyright protected 5/22/2009 13


Anil copyright protected 5/22/2009 14
` IMP

©Anil copyright protected 5/22/2009 15


Define scope Policy- Resources
• Acceptable- commitments • Roles-defined-
interest • Minutes- documented
stakeholders address concern • Reinforce
• Limitation - commitments
exclusion

©Anil copyright protected 5/22/2009 16


Awareness to All

Records
BCM
objective
Training

value
Roles Measure

Necessary competency of
Embedding culture
personals assigned

©Anil copyright protected 5/22/2009 17


Strategy Map-Documentation
BCM-manual scope 3.4.1

Continual Documented
Increase Management Review
Controls

Improvement Procedure
Revenues-Confidence 5.2,
6.2 3.4.1.3
Maintenance

Internal audit-Preventive-corrective actions


5.1-6.1-6.2
INTERNAL PROCESS

Risk assessment
BIA & BCM
improve finance BCP & IMP BCS & IRS
Exercising
Processes 4.3.3 4.2 & 4.3.2
4.1.1 & 4.4.2
4.1.2

Provision of Competency- skills


Scope-Objective BCM-Policy
BCMS

Resources Training
3.2.1 3.2.2
3.2.3 3.2.4

©Anil copyright protected 5/22/2009 18


Control of
Control Of Records 3.4.2
documentations 3.4.3

©Anil copyright protected 5/22/2009 19


Documented Procedure shall –
control over BCMS Documentation
and records.

Documented Procedure shall-for


preventive actions 6.1.2

Documented Procedure for


corrective actions .6.1.3

©Anil copyright protected 5/22/2009 20


BCM owner from
the Board

• MR
• Silver Team
• H.R (Trainer)
• Gold Team

©Anil copyright protected 5/22/2009 21


Suppliers Contractors

Creditors

Shareholders Bankers

©Anil copyright protected 5/22/2009 22


• IMP
BIA • IRS
MR

• MTPoD
Critical
SILVER GOLD

IMP IRS
• RTO

• Preventive
Maintain • Corrective

©Anil copyright protected 5/22/2009 23


©Anil copyright protected 5/22/2009 24
©Anil copyright protected 5/22/2009 25
MR GOLD

SILVER BOD

©Anil copyright protected 5/22/2009 26


audit

maintain

exercise

Review

©Anil copyright protected 5/22/2009 27


UNDESTANDING
Incident management plans

Manage and maintain


Incident strategy Appointed spokesman
Media

Guidance and Templates

Provide Employee-Relatives
Mnagemnt

Restoration
convenient access to Stakeholders Managing issues
of critical activity
communicate. media

Methods-contacts Guideline criteria Consequences


Agencies locations To Invoke Welfare of individuals
INTERNAL PROCESS

Process standing
Once incident is
over

Managing
Identify needs and Media
Improve key reference Define roles and Incidence
Lines response
Information Responsibilities processes
of Communications

Each Plan shall Defined Accessible Relevant arrangement


IMP

Reviewed
Purpose and scope and understood External Organisation
Owned-Responsible

©Anil copyright protected 5/22/2009 28


©Anil copyright protected 5/22/2009 29
Audit plans • Audit Programme shall be
planned,established,implemented for BIA,RA,controls .

Audit Process • Shall-address


responsibilities,competencies,planning,audit criteria.

Audit Records • Shall be maintained for verifications.

• mitigations measures
Evidence

• help to improvise
Audit notes

©Anil copyright protected 5/22/2009 30


Anil copyright protected 5/22/2009 31
©Anil copyright protected 5/22/2009 32
BS-25999

Exercise
Preventive

Procedure BIA

Corrective IMP IRS


Document

© Anil copyright protected 5/22/2009 33


© Anil copyright protected
Thank You Anil.jhumkhawala@gmail.
com,anil@securematrix.in

©Anil copyright protected 5/22/2009 35