180 likes | 344 Views
Business Continuity Planning Trends and Best Practices. Kansas City Computer Measurement Group April 5, 2005. Trends and Best Practices. Key Trends. Regulations will stiffen as government agencies endeavor to reduce economic risk.
E N D
Business Continuity Planning Trends and Best Practices Kansas City Computer Measurement Group April 5, 2005
Trends and Best Practices Key Trends • Regulations will stiffen as government agencies endeavor to reduce economic risk. • Robust continuity and resilience plans will be essential in creating investor confidence and provide a competitive advantage. • A stronger dependence on strategic partners will require integrated testing to assure continuity of operations. • Consolidation removes layers of redundancy but will increase overall systemic risks. • Geographic dispersal will gain favor as a business continuation strategy. • Globalization will force organizations to rethink continuity and resilience.
Trends and Best Practices Current Environment • Key company stakeholders are stressing the need to secure the world’s infrastructures through improved operational resiliency. • Broader set of business rules, regulations and risks that affect the underpinnings of the global economy. • The robustness of industries are under scrutiny. • Incorporating proactive design into corporate environments to deliver the resilience required by customers and boards of directors. Business Continuation has become a Board issue
Guidelines for Moving Forward • Adopt stricter recovery and resumption guidelines and use as a competitive advantage. • Current regulations and recommendations have clearly raised the bar to new levels of resiliency and availability. • Validate recovery and resumption throughout the organization and supply chain. • Find balance between acceptable risk and the costs to mitigate the risk. • What is reasonable risk in light of fiduciary responsibility to customers? • How best to invest resources to mitigate risk? • Balancing protection, recovery costs and risk.
Guidelines for Moving Forward • Align and execute risk management efforts within the Company. • Establish a risk management strategy for managing cross-enterprise risks. • Classify risks according to tiers to determine cost effective mitigation solutions. • Integrate within the strategic planning process.
Trends and Best Practices The issues facing most companies are: • The identification and prioritization of potential risks that affect the companies ability to continue doing business • Understanding the financial and reputation impacts, time sensitivity and duration of those risks. • Developing effective risk reduction strategies.
Trends and Best Practices THE PROBLEM….. • Assuring resiliency and continuation are important business issues, but departments within companies are too siloed to be effective. • Overall awareness is poor and there is little research on how best to manage business risks. • There is no standard methodology for managing risks.
Today, multiple groups evaluate and mitigate risks within our company. Business Continuation Planning Disaster Recovery Planning Audit Security Application Development Risk Management Environmental Health & Safety Finance Corporate Governance How do we unify our approach to support the business?
Trends and Best Practices THE DILEMMA……. Managers of companies seek to improve shareholder equity through operational efficiencies and strategies partnerships. Business Continuation practitioners seek to “fail safe” the company by recommending diversification, redundancies, and increased inventories.
Trends and Best Practices Four issues facing companies….. • It takes all of the company’s resources to effectively “safe guard” the company. • Dealing with business continuation risks is not “top of mind”. • Departments are “uniquely focused” when it comes to managing risks. • Companies are reactive rather than proactive when dealing with business continuation risks. Successful Business Continuation planning minimizes negative impacts and financial damage to the Brand.
Trends and Best Practices Companies must begin to….. • View business continuation risks more “holistically”. • Combine risk reduction strategies within Strategic Business Plans. • Integrate risk reduction strategies within the business operations. Companies must practice Business Continuation Planning every day.
RISK IDENTIFICATION & ASSESSMENT RISK REDUCTION STRATEGIES STRATEGIC RISK MITIGATION REDUCTION PROACTIVE STRATEGIES Each risk may have a Proactive and Reactive Strategy based on the significance of the risk’s impact to the company AVOIDANCE RISK TRANSFER POLITICAL RISK CALCULATED ACCEPTANCE OF MORE RISK OPERATIONAL RISK Business Continuation Methodology MANAGEMENT DECISION MAKING FRAMEWORK Cross-functional teams implement strategies and plans. FINANCIAL RISK EMERGENCY MANAGEMENT Strategic alignment of key stakeholders around major risks, their prioritization and implementation strategies EMERGENCY RESPONSE REACTIVE STRATEGIES DISASTER RECOVERY TECHNOLOGY RISK BUSINESS RESUMPTION HAZARD RISK RISK FEEDBACK & ASSESSMENT EMPLOYEE RISK
Executive Leadership Team Business Continuation Planning Structure Officer’s Business Continuation Committee External Inputs NRIC DHS Bio-Terrorism SARS - SOX Sub-Committees Business Continuation Committee CORPORATE INFRASTRUCTURE ITS, NS SPRINT BUSINESS SOLUTIONS SPRINT CONSUMER SOLUTIONS LTD CORPORATE STAFF
Emergency Management Structure Company Jeopardy Executive Command Team Corporate Emergency Management Group National Incidents Disaster Emergency Management Groups Regional & Local Incidents Disaster Recovery Plans Emergency Response Plans Business Resumption Plans Property & People Impacts Infrastructure Impacts Business Unit Impacts Business as Usual Call Centers Retail Stores Data Centers Distribution Mail Centers Switches Headquarters Network Outages Technology Outages Core Business Processes Brand Impact
Trends and Best Practices Utilize cross-functional teams to identify risks to make recommendations and to develop plans Responsibilities • Validate work completed • Identify potential business impacts • Assess impact and duration of events • Develop proactive and reactive plans • Implement the plan, if necessary
Trends and Best Practices 20/80 RULE….. • Focus your efforts on the 20% that covers 80% of what is done. • Don’t over complicate the strategy or process • Develop a strategy that focuses on the 80% ... and that can respond to the 20% should it ever occur. The process is more important than event.
Trends and Best Practices Integrate, Integrate, Integrate • Stay within the company’s operating culture • Add value to what already exists • Never design a plan that is outside company practices • you will spend many hours trying to maintain the process • it will not be supported • it will erode very quickly
Conclusion • Business Continuation Planning must add value to what already exists. • Integrate within daily business operations and decision-making. • Develop a Management Decision Making Framework to continually monitor, identify, assess and prioritize business risks. • Must receive high-level management involvement. • Continue to dominate industry discussions and future regulatory guidance. Balance operational resilience - industry expectations - realities of budgets.