Scribd Logo
Upload

Welcome to Scribd!

  • 8 Business Continuity Management Dragutin Bosnjakovic

    Uploaded by

    Ana
    154 views22 pages
    Business Continuity Management

    Original Title

    20131003 8 Business Continuity Management Dragutin Bosnjakovic

    Copyright

    © © All Rights Reserved

    Available Formats

    PPSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Business Continuity Management

    Copyright:

    © All Rights Reserved
    Download as PPSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    154 views22 pages

    8 Business Continuity Management Dragutin Bosnjakovic

    Uploaded by

    Ana
    Business Continuity Management

    Copyright:

    © All Rights Reserved
    Download as PPSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 22

    4.

    qualityaustria Forum
    Stvaranje mogućnosti
    kroz nove zahteve!

    Business Continuity Management


    Ivana Tepčević

    02.10.2013.g.
    What is ISO 22301?

    Source: IS&BCA, 2013

    02-okt-13 4. qualityaustria Forum, Beograd 2


    Standards
    British standards
    • Business Continuity Institute (BCI), British Standard Institute (BSI)

    • PAS 56 Publicly Available Specification – Guide to Business Continuity


    Management

    • BS 25999-1:2006, Business continuity management — Code of practice


    • BS 25999-2:2007, Business continuity management — Specification

    International standards
    • ISO 22301:2012 Societal security — Business continuity management
    systems — Requirements

    • ISO 22313 Societal security — Business continuity management systems —


    Guidance

    • ISO 22398 Societal security — Guidelines for exercises and testing

    • ISO 31000 Risk Management Principles and Guidelines

    02-okt-13 4. qualityaustria Forum, Beograd 3


    Business Continuity
    Management – definition
    • Holistic management process
    • Framework for resilience and response capability
    • Safeguard interests of key stakeholders
    • Identifies potential risks, threats and impacts

    Business Continuity aims to safeguard the


    interests of an organisation and its key
    stakeholders by protecting its critical business
    functions against predetermined disruptions (ISO
    22301:2012).

    02-okt-13 4. qualityaustria Forum, Beograd 4


    Principal drivers
    Corporate governance; Central Government;
    Local Government 92%
    Regulation/legislation; Central Government
    Corporate 85%
    governance;
    Central Government Public sector procurement
    Corporate governance; Regulation/legislation;
    Finance Insurance 85%
    Regulation/legislation; Utilities
    Corporate 81%
    governance;
    Auditors Customers
    Corporate governance; Corporate governance;
    Health and Social Care 74%
    Regulation/legislation; Transport and Logistics 69%
    Regulation/legislation;
    Public sector procurement Customers
    Customers; Corporate governance;
    ManufacturingInsurers;
    and Production 58% Education
    Customers;52%
    Corporate governance Regulation/legislation
    Customers;
    Customers;
    Business
    CorporateServices 40%
    governance; Construction 31%
    Corporate governance;
    Regulation/legislation and
    Insurers
    Investors/shareholders

    02-okt-13 4. qualityaustria Forum, Beograd 5


    Major crisis for mobile-phone
    giants Source: Logistics Europe February 2004
    • Background
    – Booming mobile phone industry
    – Philips semiconductor plant in
    Albuquerque (USA)
    – Produced mobile phone chips,
    crucial components
    – 40% of output to:
    • Nokia, Finland
    • Ericsson, Sweden
    • The incident
    – Furnace fire caused by lightning
    bolt Nokia
    – Brought under control in minutes •Monitored supply chain
    – Smoke and water damage •Took immediate action to secure supply
    •Reconfigured manufacturing to accommodate
    • The impact different specification
    – Flow of chips suddenly stopped
    – Weeks to get plant up to capacity Ericsson
    •Took supplier word that not a major problem
    •Delayed taking remedial action (2 weeks)

    02-okt-13 4. qualityaustria Forum, Beograd 6


    Key risk areas – business
    impact

    • People
    • Information and Data
    • Buildings, work environment and associated
    utilities
    • Facilities equipment and consumables
    • ICT Systems
    • Transportation
    • Finance
    • Partners and Suppliers

    02-okt-13 4. qualityaustria Forum, Beograd 7


    What to plan for?

    02-okt-13 4. qualityaustria Forum, Beograd 8


    Major cause of organizational
    disruption in 2012
    Source: CMI, BCM Survey 2013

    • Winter weather –
    77%
    • Loss of people due to
    illness – 42%
    • Loss of IT – 40%
    • Loss of
    telecommunications –
    27%

    4. qualityaustria Forum, Beograd


    02-okt-13 9
    Value of crisis management

    Crisis
    event

    Lost time/productivity

    With Without
    It reduces the crisis management crisis management Time
    negative
    impact and
    Negative impact

    speeds
    recovery from Damage to
    all kinds of financial results,
    corporate
    crises reputation and
    key relationships

    02-okt-13 4. qualityaustria Forum, Beograd 10


    BCM compatibility PDCA
    Risk
    Treatment

    Avoid/
    Increase /
    Remove/ Share
    Retain
    Change

    Residual Business
    Risk Continuity

    02-okt-13 4. qualityaustria Forum, Beograd 11


    BCM checklist

    • Scope and Objective


    • Gain a understanding of your business
    • Assess the Risk
    • Evaluate potential continuity arrangements
    • Define your strategy
    • Develop your continuity plans
    • Maintain, train and exercise continuity plans

    02-okt-13 4. qualityaustria Forum, Beograd 12


    Organization and its context

    02-okt-13 4. qualityaustria Forum, Beograd 13


    02-okt-13 4. qualityaustria Forum, Beograd 14
    02-okt-13 4. qualityaustria Forum, Beograd 15
    BCM objectives
    • Clearly stated;
    • Be consistent with the policy; SMART
    • Take account of applicable needs and requirements;
    • Enable opportunities to maintain or improve
    performance;
    • Be monitored and updated as appropriate.

    In order to ensure that these objectives will be achieved,


    the organizations should determine:

    • Who will be responsible;


    • What will be done and when it will be completed; and
    • How the results will be evaluated.

    02-okt-13 4. qualityaustria Forum, Beograd 16


    Components of BCM
    arrangements
    90

    80

    70

    60

    50

    40

    30

    20

    10

    0
    Access to
    Media
    Arrangement Site Moving staff alternative
    IT backup Contact response to Alternative
    s for remote emergency to alternative utility services
    arrangements cascade continuity suppliers
    working plan site (backup
    issues
    generator)
    Series1 84 79 70 62 58 49 45 34

    Source: CMI, BCM Survey 2013

    02-okt-13 4. qualityaustria Forum, Beograd 17


    Be prepared
    Business continuity plan

    Emergency
    Response
    • Initial control of
    emergency situation
    • Safeguarding human life, Crisis
    protecting physical Management
    assets, minimizing
    damage/business impact • Strategic direction/policy
    avoiding environmental issues
    contamination •Crisis communications –
    Business
    • Stabilizing, security, internal and external Recovery
    damage assessment (media) • Phased recovery of
    •Outward facing liaison - business-critical
    stakeholders, users etc. processes
    • Co-ordination of service
    recovery efforts Disaster
    Recovery
    • Recovery of infrastructure
    and services
    • Returning to “business
    as normal”

    02-okt-13 4. qualityaustria Forum, Beograd 18


    Benefits of BCM

    • Improves business resilience (86%)


    • Helps protect their reputation (74%)
    • Meets customer requirements (72%)
    • It helped their organization to recover from
    disruption more quickly than would otherwise have
    been the case (85%).
    Source: CMI, BCM Survey 2013

    02-okt-13 4. qualityaustria Forum, Beograd 19


    Evaluating BCM against
    established standards

    • Legislation (e.g. statutory requirements)


    • Regulations (e.g. industry specific requirements)
    • ISO 22301, ISO 27001, ITIL/ISO 20000
    • BCI’s Good Practice Guidelines
    • BS 25999
    • Other organizations

    02-okt-13 4. qualityaustria Forum, Beograd 20


    Resume

    • Start with an understanding of your business, not with


    the threat - business impact analysis takes precedence
    over risk assessment
    • Review and test BCM regularly
    • Keep informed
    • Do not neglect the supply chain
    • Be clear about management roles and responsibilities
    • SMEs in particular should consider how they can use
    BCM in a proportionate way to improve their resilience

    02-okt-13 4. qualityaustria Forum, Beograd 21


    Hvala na pažnji!

    www.qa-center.net

    4. qualityaustria Forum, Beograd

    You might also like