380 likes | 566 Views
JOHN SHARP POLICY & DEVELOPMENT DIRECTOR CONTINUITY FORUM. John Sharp FBCI (hons) FCMI MCIM 1997 until 2004 - CEO of the Business Continuity Institute Chair of the team that produced the BSI Guide to Business Continuity Management (PAS 56)
E N D
JOHN SHARP POLICY & DEVELOPMENT DIRECTOR CONTINUITY FORUM
John Sharp FBCI (hons) FCMI MCIM 1997 until 2004 - CEO of the Business Continuity Institute Chair of the team that produced the BSI Guide to Business Continuity Management (PAS 56) Member of the London Resilience Business Team Member of the team producing BCM guidance for the CCA Author of many articles on BCM
The Continuity Forum is committed to building the resilience of organisations internationally, regardless of size or sector, through education and the promotion of best practice in Business Continuity Management and its related disciplines. The Forum is dedicated to aiding the growth and the development of the Continuity sector and appropriate standards. www.continuityforum.org
BUSINESS CONTINUITY MANAGEMENT AND THE DUTIES UNDER THE CIVIL CONTINGENCIES ACT
BUSINESS CONTINUITY MANAGEMENT • What is driving BCM today • CCA BCM Requirements • The 5 Stage Model • Elements of Effective BCM
CURRENT DRIVERS • Regulation / Legislation • Government • Auditors • Insurers • Customers • Supply Chain • Corporate Governance • Protection of Brand / Reputation
Current Drivers for BCM CMI Research 2005 www.Continuityforum.org - +44 (0) 208 993 1599
BUSINESS CONTINUITY MANAGEMENT Definition: “BCM is a management process that helps manage the risks to the smooth running of an organisation or delivery of a service, ensuring that the business can continue in the event of a disruption. These risks could be from the external environment or from within an organisation” Civil Contingencies Act – Draft Guidance 2004
BCM in CCA Terms • “BCM provides the strategic framework for improving an organisation’s resilience to interruption.” • “Its purpose is to facilitate the recovery of key business systems and processes within agreed time frames, while maintaining the responder’s critical functions and the delivery of its vital services.” Civil Contingencies Act – Draft Guidance 2004
BCM in CCA Terms • “An ongoing process that helps organisations anticipate, prepare for, prevent, respond to and recover from disruptions, whatever their source and whatever aspect of the business they affect.” • “A generic management framework that is valid across the public, private and voluntary sectors. It is about maintaining the essential business deliverables of an organisation in an emergency “ Civil Contingencies Act – Draft Guidance 2004
CCA REQUIREMENTS - PLANNING “Category 1 responders to maintain plans to ensure that they can continue to perform their functions in the event of an emergency ..… to be able to maintain their own crisis response capabilities and to continue to deliver critical aspects of their day-to-day functions.” Civil Contingencies Act – Draft Guidance 2004
CCA REQUIREMENTS - PLANNING “Category 1 responders to ensure that those organisations delivering services on their behalf or capabilities which underpin service provision can deliver in the event of an emergency.” “These services remain part of an organisation’s functions even if they do not directly provide them.” Civil Contingencies Act – Draft Guidance 2004
CCA REQUIREMENTS - PROMOTION • The Act requires local authorities to provide advice and assistance to those undertaking commercial activities and to voluntary organisations in relation to business continuity management (BCM) in the event of emergencies. • Local authorities must provide general advice and assistance to the business and voluntary sector communities at large; may provide specific advice and assistance to individual organisations; and may give advice and assistance to individual businesses in relation to the engagement of business continuity consultants Civil Contingencies Act – Draft Guidance 2004 www.Continuityforum.org - +44 (0) 208 993 1599
TIMESCALES • Regulations and Guidelines issued mid May 2005 • Implementation of Act (excluding BCM promotion) mid November 2005 • Implementation of BCM Promotion mid May 2006 www.Continuityforum.org - +44 (0) 208 993 1599
THE BUSINESS CONTINUITY MANAGEMENT CYCLE Business Continuity Institute 2002
PROGRAMME MANANGEMENT • A BCM policy statement • Ongoing support from the top of the organisation • BCM structure • Adequate resources to deliver BCM • An assurance process www.Continuityforum.org - +44 (0) 208 993 1599
BCM DELIVERY STRUCTURE Resilience Director (Senior Owner) High Level BCM Working Group Business Continuity Manager Div. Liaison Manager Div. Liaison Manager Div. Liaison Manager Div. Liaison Manager Civil Contingencies Act – Draft Guidance 2004
UNDERSTANDING THE ORGANISATION • What are the statutory requirements? • Who are the key stakeholders? • What are the critical activities? • What processes are used to deliver critical activities? • Who and what is used in these processes? • Internally • Externally • The impact if critical activities are interrupted – for whatever reason www.Continuityforum.org - +44 (0) 208 993 1599
IDENTIFYING CRITICAL ACTIVITIES Community Services Education Environment Social Services ICT Suppliers People Facilities www.Continuityforum.org - +44 (0) 208 993 1599
IDENTIFYING CRITICAL ACTIVITIES Community Services Education Environment Social Services ICT Suppliers People Facilities www.Continuityforum.org - +44 (0) 208 993 1599
BCM STRATEGIES • Cannot fail – full availability • How soon to recover - recovery time • At what level of recovery - recovery point • Do nothing • Signed off strategies to meet obligations www.Continuityforum.org - +44 (0) 208 993 1599
BCM PLANNING • Cover critical activities • High level plans • Departmental plans • Unit plans • Crisis Management plans • Full recovery plans www.Continuityforum.org - +44 (0) 208 993 1599
WHAT DO PLANS COVER? CMI Research 2005
BCM PLANNING • Cover critical activities • High level plans • Departmental plans • Unit plans • Crisis Management plans • Full recovery plans • Involve all elements of organisation www.Continuityforum.org - +44 (0) 208 993 1599
THE UNIFYING PROCESS - BUSINESS CONTINUITY MANAGEMENT Business Continuity Management HUMAN RESOURCES KNOWLEDGE MANAGEMENT CRISIS COMMUNICATIONS & PR EMERGENCY MANAGEMENT IT DISASTER RECOVERY FACILITIES MANAGEMENT SUPPLY CHAIN MANAGEMENT QUALITY MANAGEMENT SECURITY ENVIRONMENTAL MANAGEMENT HEATH & SAFETY RISK MANAGEMENT
BCM CULTURE • Raise awareness • Inform stakeholders • Create invocation teams www.Continuityforum.org - +44 (0) 208 993 1599
INVOCATION TEAMS • The organisations must move at the speed of the crisis • Separate teams to cover: • The emergency situation • Continuity of the crisis response capabilitiesand the organisation’s critical activities. www.Continuityforum.org - +44 (0) 208 993 1599
BCM CULTURE • Raise awareness • Inform stakeholders • Create invocation teams • Train appropriate staff • Ongoing support from Executive • Communicate www.Continuityforum.org - +44 (0) 208 993 1599
EXERCISING, MAINTENANCE & AUDIT • Test systems • Exercise plans • Rehearse people www.Continuityforum.org - +44 (0) 208 993 1599
In 2005 27% of UK Companies have Acceptable Plans CMI Research 2005
EXERCISING, MAINTENANCE & AUDIT • Test systems • Exercise plans • Rehearse people • Vital to keep plan up to date • Determine measures for assurance • Internal and external audit • Against Audit Commission requirements • BSI PAS 56 – Guide to BCM (and eventual BSI standard) • External benchmarks www.Continuityforum.org - +44 (0) 208 993 1599
CPA 2005 OVERVIEW Under: Stronger and Safer Communities • Key Question………. Is the Council well prepared for internal or external emergency situations? • Inspection……….. Evidence that continuity arrangements would allow the council to respond to emergencies, support emergency service partners, and continue to deliver critical local services www.Continuityforum.org - +44 (0) 208 993 1599
EFFECTIVE BCM IS BUILT ON 7 PS Programme - the total BCM strategy People - Roles and responsibilities, H&S, awareness and education Processes - all organisational processes including ICT Premises - buildings & facilities Providers - supply chain inc. outsourcing Profile - brand, image and reputation Performance - benchmarking, evaluation & audit
EFFECTIVE BCM IS BUILT ON 7 PS Programme - the total BCM strategy People- Roles and responsibilities, H&S, awareness and education Processes- all organisational processes including ICT Premises- buildings & facilities Providers- supply chain inc. outsourcing Profile - brand, image and reputation Performance - benchmarking, evaluation & audit
ESSENTIAL ELEMENTS OF BCM • Take a holistic approach • ‘End to End’ • Effects, not causes • Prevention, not just cure • Culture of BCM • Need to measurement
THE BENEFITS OF BCM • Enables a clearer understanding of how the organisations works • Cost benefits • Protects the community • Protects the organisation • Compliance
THANK YOU ANY QUESTIONS? JOHN SHARP john.sharp@continuityforum.org