130 likes | 247 Views
BUSINESS CONTINUITY PLANNING. TREVOR DEAN. Business Continuity Planning.
E N D
BUSINESS CONTINUITY PLANNING TREVOR DEAN
Business Continuity Planning Is defined as an holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation and value creating activity
Drivers for BCP • Customer demand • Insurance premiums • Regulation • Brand damage
Business Risks FIRE FLOOD THEFT LOSS OF DATA LOSS OF IT POWER FAILURE LOSS OF SUPPLIER LOSS OF STAFF LOSS OF TELECOMMS LOSS OF EQUIPMENT
Business Risks The most common cause of business loss is still FIRE! Over 3 years ago, the Association of British Insurers said that businesses and their Insurers were losing £1.6m a day as a result of fire damage!
Solution:- BCP System • Policy • Business Impact Analysis (BIA) • Risk Analysis (RA) • Develop Business Continuity Plans • Test Plans • Update & Maintain Plans
Policy • Create the BCP Policy • Management commitment • Refer to business objectives • Determine the scope of BCP • Approved & communicated • Reviewed at regular intervals
Business Impact Analysis • Identify business critical: - • Processes • People • Systems • Suppliers • IT • Single Points of failure • Produce BIA report
Risk Analysis • Determine impact and likelihood of risks to critical: • Processes • People • Systems • Suppliers • IT • Produce RA report
Develop BC Plans • Develop response plans to resume critical processes/activities • Plans must meet resumption objectives • Plans must be available to relevant personnel • Business Continuity Management Team (BCMT) should be trained in the use of the plans
Test Plans • Plans should be tested to ensure that they work • Tests should not disrupt or damage the business • Tests should take place at least annually • Tests should be reported and lessons learned used to improve the business
Update & Maintain Plans • Plans should be controlled to ensure they are:- • Available at point of use • Updated and distributed to copy holders • Obsolete plans destroyed