Anil J Jhumkhawala .

Director-Compliance. Qualification .
B,com(Hons), LL.B, CAIIB, ACS,Company Secretary,
BS-25999 LA,Computer forensic (GOV OF INDIA),cVa™.
Task force member GRC.

©Anil copyright protected 5/22/2009 1

 BCM Program
Management

Business risk
Financial Risk
Technology risk

BCM

Environmental risk
Human risk

©Anil copyright protected 5/22/2009 2

 1. Understanding Definitions
` BCM
2. Identifying critical activity
1. Overview

3. BIA

2.BCM Prog I
4. IMP,IRS,MTPoD,RTO

5. Maintain & Review

3.BCM Imple
6. Exercise BCM

7. Internal audit

8. Certification

©Anil copyright protected 5/22/2009 3

©Anil copyright protected 5/22/2009 4
©Anil copyright protected 5/22/2009 5
 5/22/2009 Source
Standard BS-25999
©Anil copyright protected 6
 5/22/2009 Source BS-
©Anil copyright protected 25999 standard 7
Anil copyright protected 5/22/2009 8
©Anil copyright protected 5/22/2009 9
Understanding the organization: Key product, services,
critical activities, objectives, stakeholder’s obligations,
statutory bodies, BIA, Impact of Disruption, MTPoD, RTO,
continuity Requirements, Staff, people, technology,
suppliers, Risk acceptance,Transfers, changes,
Business Continuity strategy: Reduce Likelihoods,
continuity to critical activity resumptions, People,
permission, technical, Information, supplies,
shareholders, signatories etc.

BCM Programme
Management:organistion approach,
appointment of senior, communicate,
training,
exercise, review, BIA, policy,
BCM scope, IRS, SLA, etc

Developing and Implementing Resource Team: critical

Exercising Maintain, Review, preventive actions, activity, application strategy, Incident Response,
structured plans, control plans, Incident Management
corrective actions and follow-up and training. plans (IMP), Media response, location, Resource
requirements.

©Anil copyright protected 5/22/2009 10

` Understanding need of Continuity-Policy
` Implementing operating control-Overall Risk
` Monitoring review effectiveness-BCMS
` Continual improvement
` Need-
` Risk-
` At par-
` Global Requirements-
` Changing world-

©Anil copyright protected 5/22/2009 11

` Key components-BCMS As per BS-25999

©Anil copyright protected 5/22/2009 12

MASTER PLANNING

BCM culture

confidence stakeholders Risk management

Maintain
Reduce cost ReviewImprove Net Asset Value
Exccercise Internal Audit
Increase Revenue

Incident management Plans Incidence response structure MTPoD?RTO

Likelihood of events

Key Products/services Critical activity Sites/locations Number of Employees

©Anil copyright protected 5/22/2009 13

Anil copyright protected 5/22/2009 14
 ` IMP

©Anil copyright protected 5/22/2009 15

Define scope Policy- Resources
• Acceptable- commitments • Roles-defined-
interest • Minutes- documented
stakeholders address concern • Reinforce
• Limitation - commitments
exclusion

©Anil copyright protected 5/22/2009 16

 Awareness to All

Records
BCM
objective
Training

value
Roles Measure

Necessary competency of
Embedding culture
personals assigned

©Anil copyright protected 5/22/2009 17

Strategy Map-Documentation
BCM-manual scope 3.4.1

Continual Documented
Increase Management Review
Controls

Improvement Procedure
Revenues-Confidence 5.2,
6.2 3.4.1.3
Maintenance

Internal audit-Preventive-corrective actions

5.1-6.1-6.2
INTERNAL PROCESS

Risk assessment
BIA & BCM
improve finance BCP & IMP BCS & IRS
Exercising
Processes 4.3.3 4.2 & 4.3.2
4.1.1 & 4.4.2
4.1.2

Provision of Competency- skills

Scope-Objective BCM-Policy
BCMS

Resources Training
3.2.1 3.2.2
3.2.3 3.2.4

©Anil copyright protected 5/22/2009 18

 Control of
Control Of Records 3.4.2
documentations 3.4.3

©Anil copyright protected 5/22/2009 19

Documented Procedure shall –
control over BCMS Documentation
and records.

Documented Procedure shall-for

preventive actions 6.1.2

Documented Procedure for

corrective actions .6.1.3

©Anil copyright protected 5/22/2009 20

 BCM owner from
the Board

• MR
• Silver Team
• H.R (Trainer)
• Gold Team

©Anil copyright protected 5/22/2009 21

 Suppliers Contractors

Creditors

Shareholders Bankers

©Anil copyright protected 5/22/2009 22

 • IMP
BIA • IRS
MR

• MTPoD
Critical
SILVER GOLD

IMP IRS
• RTO

• Preventive
Maintain • Corrective

©Anil copyright protected 5/22/2009 23

©Anil copyright protected 5/22/2009 24
©Anil copyright protected 5/22/2009 25
 MR GOLD

SILVER BOD

©Anil copyright protected 5/22/2009 26

 audit

maintain

exercise

Review

©Anil copyright protected 5/22/2009 27

UNDESTANDING
Incident management plans

Manage and maintain

Incident strategy Appointed spokesman
Media

Guidance and Templates

Provide Employee-Relatives
Mnagemnt

Restoration
convenient access to Stakeholders Managing issues
of critical activity
communicate. media

Methods-contacts Guideline criteria Consequences

Agencies locations To Invoke Welfare of individuals
INTERNAL PROCESS

Process standing
Once incident is
over

Managing
Identify needs and Media
Improve key reference Define roles and Incidence
Lines response
Information Responsibilities processes
of Communications

Each Plan shall Defined Accessible Relevant arrangement

IMP

Reviewed
Purpose and scope and understood External Organisation
Owned-Responsible

©Anil copyright protected 5/22/2009 28

©Anil copyright protected 5/22/2009 29
Audit plans • Audit Programme shall be
planned,established,implemented for BIA,RA,controls .

Audit Process • Shall-address

responsibilities,competencies,planning,audit criteria.

Audit Records • Shall be maintained for verifications.

• mitigations measures
Evidence

• help to improvise
Audit notes

©Anil copyright protected 5/22/2009 30

Anil copyright protected 5/22/2009 31
©Anil copyright protected 5/22/2009 32
BS-25999

Exercise
Preventive

Procedure BIA

Corrective IMP IRS

Document

© Anil copyright protected 5/22/2009 33

© Anil copyright protected
Thank You Anil.jhumkhawala@gmail.
com,anil@securematrix.in

©Anil copyright protected 5/22/2009 35