1 / 45

Sustaining Organizational Resilience

This guide explores the critical role of awareness and training in Business Continuity Management (BCM), outlining types of tests, maintaining and updating BCM plans, and creating a culture of ongoing testing and auditing. Discover how to design effective awareness and training programs, conduct testing and exercising, and ensure plan consistency for organizational resilience.

bbrody
Download Presentation

Sustaining Organizational Resilience

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Sustaining Organizational Resilience

  2. Objectives • Review the role of awareness and training in BCM • Define the types of tests and exercises • Review BCP maintaining and updating

  3. Maintenance involves creating aneducation and awareness culture of BCM and ongoing testing, auditing and change management to ensure the plans remain operable and current.

  4. Maintenance • Awareness and Training • Testing and Exercising • Maintaining and Updating

  5. Awareness and Training provides awareness to respond to crisis events and training to execute plans.

  6. Testing and Exercising assesses the viability of plan.

  7. Maintaining and Updating ensures consistency between the plan and the changes affecting the organization.

  8. Awareness requires knowledge and alertness Training requires instruction to be proficient Awareness and Training

  9. Awareness and Training Direction • Awareness and training should be designed to meet the needs of the organization • Awareness and training will keep focus on business continuity

  10. Awareness and Training Objectives • Provide awareness to respond to crisis events • Provide training to execute the Business Continuity Plan

  11. Awareness and Training Program • Raise awareness • Determine training requirements • Develop training methodology • Train team leaders/members/alternates • Evaluate results

  12. Awareness Topics • What is BCM? • Why is BCM important? • Who participates in BCM? • How is BCM activated?

  13. Awareness Activities • Presentation to senior management • Employee orientation • BCM Awareness Week • BCM website

  14. Promoting Awareness • Identify how employees can participate • Identify awareness opportunities • Publications • Seminars • Use promotional items • T-shirts, mugs, pencils, stationary • Decals, pamphlets, emails, newsletters • Posters, surveys, calendars, videos

  15. Training Methodology • Focus on individuals’ skills • Build up to team training • Train team leaders first

  16. Training Topics • Notification procedures • Escalation procedures • Emergency response procedures • Evacuation and shelter procedures • Safety and security measures • Emergency equipment • Hazardous materials

  17. Training Approaches • Computer • Workshops • Courses • Conferences • Consultants

  18. Training Evaluation • Document training • Review objectives • Evaluate approach • Define gaps • Evaluate program • Employee review • Budget review

  19. Testing and Exercising Goal • The goal of testing and exercising is to determine how the plan can fail. • Do not put the organization at risk from a test or exercise.

  20. Testing - Equipment Computers Power generators Telecommunications Exercising – People Call trees Evacuation Procedures Testing and Exercising

  21. Reasons for Testing and Exercising • Prevent loss of life and injuries • Prevent environmental damage • Promote increased BCM awareness • Identify any gaps in planning • Identify gaps in the skills necessary to execute BCM • Practice working together under unusual circumstances • Identify any mistakes in program execution • Test equipment

  22. Exercise Approach • Exercises should build up in complexity • All aspects of BCP should eventually be included

  23. Exercise Methods • Talk through exercises • Walk through exercises • Tabletop exercises • Drills and Full Scale Exercise

  24. Talk Through Exercise • Discussion of a particular topic. • Used when new procedures are introduced. • Minimum cost and time. • Doesn’t interfere with normal operations.

  25. Walk Through Exercise • Involves physical action. • More rigorous than a Talk Through Exercise. • Minimum cost and time. • Doesn’t interfere with normal operations.

  26. Tabletop Exercise • Crisis is described. • Questions regarding the response are discussed. • Crisis situation is updated and process is repeated. • Participants are broken into teams to discuss. • Requires ERT a few hours. • Outside consultant as facilitator. • Time and financial commitment. • Does not interfere with normal operations.

  27. Drills and Full Scale Exercises • Some normal operations may cease and a response to a crisis is practiced. • Fire drills and shelter-in-place drills may suspend normal business operations for a short time.

  28. Drills and Full Scale Exercises • Full Scale exercises may require teams traveling and recovering operations at a distant location (ex. IT Hot Site activation). • Other teams may remain at main site to maintain normal operations. • Full Scale exercises may be conducted during non-business hours. • Significant time and financial commitment.

  29. Drills and Full Scale Exercises • Role Play Scenarios use great detail • Scripts on timing of incidents • Reports on damage assessment • Participants believe the exercise • Challenges the BCP • High profile

  30. Approach to Exercising • Scope and objective should be realistic • Assumptions and limits should be clear • Practical and cost-effective • External facilitator • Increase effectiveness of BCP • Build confidence

  31. Exercises and Emergency Services • Are emergency services to be involved? • Exercise should not be mistaken for a real disaster. • Do not invoke emergency services accidentally. • Be able to have emergency services respond should a real disaster occur during the exercise.

  32. Surprise Exercise • All parties should be informed of the day and approximate time of an exercise. • A surprise exercise should not be considered until the BCM program is very mature.

  33. Exercise Frequency • At least annually and whenever major changes occur (ex. organization, location, personnel, market, equipment, regulations.) • Interim exercises are often Walk Through or Talk Through.

  34. Exercise Evaluation • Debrief participants. • Document problems and solutions. • Business Continuity Coordinator recommends additional training and exercising. • ERT forwards recommendations to senior management for approval.

  35. Testing and Exercising Benefits • Assess viability of plan • Demonstrate the ability to recover • Satisfy legal and audit requirements • Identify areas that need modification • Enables BCP to remain up-to-date

  36. Maintaining and Updating • Changes occur to business objectives, products and services. • New technologies and processes change business operations. • The BCP needs to be maintained and updated accordingly.

  37. Maintaining and Updating Objectives • To maintain consistency within the plan, between the BCP and the BCM program, and between the plan and the organization.

  38. Plan Review and Audit • Component of plan maintenance • Assessment of the plan documentation • Consistency of program documentation is key

  39. Review and Audit Questions • Is the plan valid? • Is the scope of the plan correct? • Are the plan’s assumptions reasonable? • Is the plan structure appropriate? • Are the teams up to date? • Are the components of the plan integrated? • Are the procedures executable? • Does the plan support the organizational objectives?

  40. Review and Audit Areas • Recovery time objectives • Notification • Invocation • Teams • Contact numbers • Assigned recovery tasks • Recovery procedures • Contingency strategies • Contingency resources • Service agreements • Off-Site procedures

  41. Review and Audit Approach • Review plan documentation • Determine plan’s consistency and usability • Review administrative aspects of BCP • Review documentation control of the BCP • Develop conclusions regarding the plan meeting its objective • Document the review process and any issues that are encountered

  42. Maintenance Responsibilities • Auditors determine if plan is current and satisfies objectives • BCM coordinator is responsible for plan maintenance • Team leaders are responsible for team sections • Business unit managers are responsible for their departments • Senior management reviews and approves plan

  43. Updating Plans • Plan owners update their plans • Coordinate updates with related plans • Establish validation process • Validate that update is completed

  44. Plan Document Control • Establish procedures for document control • Version identification number • Master distribution list • Security and control

  45. Maintaining and Updating Plans In order to meet the objectives, an accurate, current, and executable business continuity plan is critical for an organization to recover from a disaster.

More Related