1 / 19

November 2005

BUSINESS CONTINUITY PROGRAMME AN INTEGRATED RISK MANAGEMENT APPROACH Bord Gais Eireann Martin Dunlea Chief Information Officer. November 2005. Agenda. Overview of Business Continuity Programme Migrating from “cold site recovery” to business resilience

ermin
Download Presentation

November 2005

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BUSINESS CONTINUITY PROGRAMMEAN INTEGRATED RISK MANAGEMENT APPROACHBord Gais Eireann Martin Dunlea Chief Information Officer November 2005

  2. Agenda • Overview of Business Continuity Programme • Migrating from “cold site recovery” to business resilience • The Strategic values of Business Continuity

  3. Business Continuity - Key Objectives • Core Objective: Put in place the mechanism to facilitate the continued operation of critical company processes in the event of a disaster • Supporting objectives: • Identify the critical company processes • Put in place Enterprise response plans • Assist units in developing process level procedures • Maintain the system • Enhance available technology

  4. Business Continuity Provides • A coordinated response to cater for disaster events affecting business • A special organisation structure tasked to deal with the eventualities • Locations and specialist assistance where business operations can be relocated to. • A dual approach to all business units • A common template for the identification of BCP requirements • A cohesive company wide strategy developed to BCI guidelines • Single source for continuity partnership

  5. Business Continuity Programme • Commenced as an IT Contingency Programme • Massive dependency on IT resources in business response plans • Apply IT programme discipline to BCP • Identified 3 phases and 3 stages in BCP • Cold site to hot site • Hot site to high availability • High availability to business resilience • Challenge to integrate into operational risk model and day-to-day activities • Establish special organisation structure tasked to deal with the eventualities

  6. Business Continuity Programme • Continuity of business operations • Compliance with Regulatory Requirements • Maintain Market Systems • Incorporate evolving security model • Integrate into operational risk model and day-to-day activities

  7. Business Continuity Orientation PROCESS Phase 3 Change Management Education Testing Review Recovery Strategy Phase 2 Group Plans and Procedures Risk Identification Business Impact Planning for Requirements – the project Phase 1 Business Impact Analysis Business Unit Continuity Coordinators Policy Resources Scope Organisation Business Continuity Planning Initiation

  8. BCP Community Organisation Structure

  9. Process Recovery Requirements matched with IT Systems

  10. IT Contingency Infrastructure Pre requirements identification ATM Connection ATM Connection Dial-up Backup

  11. Network Network IBM Dublin User Desks Dedicated Equipment Site ATM Connection IBM Cork User Desks ATM ATM Connection Connection Dial-up Backup Internet Connection Internet Remote TMS Site Internet Connection IT Contingency Provisions - Post requirements identification

  12. IT Contingency & BCP Provisions Provisions made based on IT Contingency & Business Continuity Requirements • Dedicated location for critical systems • Dedicated & Syndicated Servers for Business Systems • Dedicated ATM links to Data centers • Syndicated hot-site desk and associated support facilities • Specialist Personnel for recovery Assistance

  13. BCP – Evolving a business resilience approach Recovery Time 72 hr line Cold Site Recovery Hot Site Recovery Business Resilience 15 MCS 78 BPS 1 MCS 22 BPS 2005 2006 2003 2004 2007

  14. Strategic Value of the Business Continuity Programme • Mapping Organisation Processes • Project Management • Supply Chain Management • Corporate Governance • Regulatory • Operational Risk • Financials

  15. Approaches to Operational Risk Management • Cost of reactive policies is high • Diverting to disaster recovery sites takes time • Put in place preventative measures to minimise chances that DR or Incident Management procedures need to be invoked. • With BCP • anticipate events • Devise procedures to minimise the impact

  16. Approaches to Operational Risk Management • Understand the dependencies of the business and the impact of their failure • List the risks of failure to each dependency • Determine and implement effective countermeasures to those risks • Continuously review the dependency model, the risks and the adequacy and quality of the countermeasures.

  17. “ It is usual to find that countermeasures are in place anticipating most risks. What is unusual is to find a structured approach that covers all identifiable risk” Approaches to Operational Risk Management

  18. Summary • Provide transparency for senior management on appropriate use of organisation assets • Establishes a formal programme for the management and mitigation of risk • Establishes risk aversion & business continuity as a strategic goal of the organisation • Establishes a structured approach to identifying and managing operational risk • Improves standing & rating of the organisation • Programme for frequent evaluation of BCR and IT contingency plan (3 in 2005)

  19. QUESTIONS

More Related