1 / 38

JOHN SHARP POLICY & DEVELOPMENT DIRECTOR CONTINUITY FORUM

JOHN SHARP POLICY & DEVELOPMENT DIRECTOR CONTINUITY FORUM. John Sharp FBCI (hons) FCMI MCIM 1997 until 2004 - CEO of the Business Continuity Institute Chair of the team that produced the BSI Guide to Business Continuity Management (PAS 56)

jovan
Download Presentation

JOHN SHARP POLICY & DEVELOPMENT DIRECTOR CONTINUITY FORUM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. JOHN SHARP POLICY & DEVELOPMENT DIRECTOR CONTINUITY FORUM

  2. John Sharp FBCI (hons) FCMI MCIM 1997 until 2004 - CEO of the Business Continuity Institute Chair of the team that produced the BSI Guide to Business Continuity Management (PAS 56) Member of the London Resilience Business Team Member of the team producing BCM guidance for the CCA Author of many articles on BCM

  3. The Continuity Forum is committed to building the resilience of organisations internationally, regardless of size or sector, through education and the promotion of best practice in Business Continuity Management and its related disciplines. The Forum is dedicated to aiding the growth and the development of the Continuity sector and appropriate standards. www.continuityforum.org

  4. BUSINESS CONTINUITY MANAGEMENT AND THE DUTIES UNDER THE CIVIL CONTINGENCIES ACT

  5. BUSINESS CONTINUITY MANAGEMENT • What is driving BCM today • CCA BCM Requirements • The 5 Stage Model • Elements of Effective BCM

  6. CURRENT DRIVERS • Regulation / Legislation • Government • Auditors • Insurers • Customers • Supply Chain • Corporate Governance • Protection of Brand / Reputation

  7. Current Drivers for BCM CMI Research 2005 www.Continuityforum.org - +44 (0) 208 993 1599

  8. BUSINESS CONTINUITY MANAGEMENT Definition: “BCM is a management process that helps manage the risks to the smooth running of an organisation or delivery of a service, ensuring that the business can continue in the event of a disruption. These risks could be from the external environment or from within an organisation” Civil Contingencies Act – Draft Guidance 2004

  9. BCM in CCA Terms • “BCM provides the strategic framework for improving an organisation’s resilience to interruption.” • “Its purpose is to facilitate the recovery of key business systems and processes within agreed time frames, while maintaining the responder’s critical functions and the delivery of its vital services.” Civil Contingencies Act – Draft Guidance 2004

  10. BCM in CCA Terms • “An ongoing process that helps organisations anticipate, prepare for, prevent, respond to and recover from disruptions, whatever their source and whatever aspect of the business they affect.” • “A generic management framework that is valid across the public, private and voluntary sectors. It is about maintaining the essential business deliverables of an organisation in an emergency “ Civil Contingencies Act – Draft Guidance 2004

  11. CCA REQUIREMENTS - PLANNING “Category 1 responders to maintain plans to ensure that they can continue to perform their functions in the event of an emergency ..… to be able to maintain their own crisis response capabilities and to continue to deliver critical aspects of their day-to-day functions.” Civil Contingencies Act – Draft Guidance 2004

  12. CCA REQUIREMENTS - PLANNING “Category 1 responders to ensure that those organisations delivering services on their behalf or capabilities which underpin service provision can deliver in the event of an emergency.” “These services remain part of an organisation’s functions even if they do not directly provide them.” Civil Contingencies Act – Draft Guidance 2004

  13. CCA REQUIREMENTS - PROMOTION • The Act requires local authorities to provide advice and assistance to those undertaking commercial activities and to voluntary organisations in relation to business continuity management (BCM) in the event of emergencies. • Local authorities must provide general advice and assistance to the business and voluntary sector communities at large; may provide specific advice and assistance to individual organisations; and may give advice and assistance to individual businesses in relation to the engagement of business continuity consultants Civil Contingencies Act – Draft Guidance 2004 www.Continuityforum.org - +44 (0) 208 993 1599

  14. TIMESCALES • Regulations and Guidelines issued mid May 2005 • Implementation of Act (excluding BCM promotion) mid November 2005 • Implementation of BCM Promotion mid May 2006 www.Continuityforum.org - +44 (0) 208 993 1599

  15. THE BUSINESS CONTINUITY MANAGEMENT CYCLE Business Continuity Institute 2002

  16. PROGRAMME MANANGEMENT • A BCM policy statement • Ongoing support from the top of the organisation • BCM structure • Adequate resources to deliver BCM • An assurance process www.Continuityforum.org - +44 (0) 208 993 1599

  17. BCM DELIVERY STRUCTURE Resilience Director (Senior Owner) High Level BCM Working Group Business Continuity Manager Div. Liaison Manager Div. Liaison Manager Div. Liaison Manager Div. Liaison Manager Civil Contingencies Act – Draft Guidance 2004

  18. UNDERSTANDING THE ORGANISATION • What are the statutory requirements? • Who are the key stakeholders? • What are the critical activities? • What processes are used to deliver critical activities? • Who and what is used in these processes? • Internally • Externally • The impact if critical activities are interrupted – for whatever reason www.Continuityforum.org - +44 (0) 208 993 1599

  19. IDENTIFYING CRITICAL ACTIVITIES Community Services Education Environment Social Services ICT Suppliers People Facilities www.Continuityforum.org - +44 (0) 208 993 1599

  20. IDENTIFYING CRITICAL ACTIVITIES Community Services Education Environment Social Services ICT Suppliers People Facilities www.Continuityforum.org - +44 (0) 208 993 1599

  21. BCM STRATEGIES • Cannot fail – full availability • How soon to recover - recovery time • At what level of recovery - recovery point • Do nothing • Signed off strategies to meet obligations www.Continuityforum.org - +44 (0) 208 993 1599

  22. BCM PLANNING • Cover critical activities • High level plans • Departmental plans • Unit plans • Crisis Management plans • Full recovery plans www.Continuityforum.org - +44 (0) 208 993 1599

  23. WHAT DO PLANS COVER? CMI Research 2005

  24. BCM PLANNING • Cover critical activities • High level plans • Departmental plans • Unit plans • Crisis Management plans • Full recovery plans • Involve all elements of organisation www.Continuityforum.org - +44 (0) 208 993 1599

  25. THE UNIFYING PROCESS - BUSINESS CONTINUITY MANAGEMENT Business Continuity Management HUMAN RESOURCES KNOWLEDGE MANAGEMENT CRISIS COMMUNICATIONS & PR EMERGENCY MANAGEMENT IT DISASTER RECOVERY FACILITIES MANAGEMENT SUPPLY CHAIN MANAGEMENT QUALITY MANAGEMENT SECURITY ENVIRONMENTAL MANAGEMENT HEATH & SAFETY RISK MANAGEMENT

  26. BCM CULTURE • Raise awareness • Inform stakeholders • Create invocation teams www.Continuityforum.org - +44 (0) 208 993 1599

  27. INVOCATION TEAMS • The organisations must move at the speed of the crisis • Separate teams to cover: • The emergency situation • Continuity of the crisis response capabilitiesand the organisation’s critical activities. www.Continuityforum.org - +44 (0) 208 993 1599

  28. BCM CULTURE • Raise awareness • Inform stakeholders • Create invocation teams • Train appropriate staff • Ongoing support from Executive • Communicate www.Continuityforum.org - +44 (0) 208 993 1599

  29. EXERCISING, MAINTENANCE & AUDIT • Test systems • Exercise plans • Rehearse people www.Continuityforum.org - +44 (0) 208 993 1599

  30. In 2005 27% of UK Companies have Acceptable Plans CMI Research 2005

  31. CMI Research 2005

  32. EXERCISING, MAINTENANCE & AUDIT • Test systems • Exercise plans • Rehearse people • Vital to keep plan up to date • Determine measures for assurance • Internal and external audit • Against Audit Commission requirements • BSI PAS 56 – Guide to BCM (and eventual BSI standard) • External benchmarks www.Continuityforum.org - +44 (0) 208 993 1599

  33. CPA 2005 OVERVIEW Under: Stronger and Safer Communities • Key Question………. Is the Council well prepared for internal or external emergency situations? • Inspection……….. Evidence that continuity arrangements would allow the council to respond to emergencies, support emergency service partners, and continue to deliver critical local services www.Continuityforum.org - +44 (0) 208 993 1599

  34. EFFECTIVE BCM IS BUILT ON 7 PS Programme - the total BCM strategy People - Roles and responsibilities, H&S, awareness and education Processes - all organisational processes including ICT Premises - buildings & facilities Providers - supply chain inc. outsourcing Profile - brand, image and reputation Performance - benchmarking, evaluation & audit

  35. EFFECTIVE BCM IS BUILT ON 7 PS Programme - the total BCM strategy People- Roles and responsibilities, H&S, awareness and education Processes- all organisational processes including ICT Premises- buildings & facilities Providers- supply chain inc. outsourcing Profile - brand, image and reputation Performance - benchmarking, evaluation & audit

  36. ESSENTIAL ELEMENTS OF BCM • Take a holistic approach • ‘End to End’ • Effects, not causes • Prevention, not just cure • Culture of BCM • Need to measurement

  37. THE BENEFITS OF BCM • Enables a clearer understanding of how the organisations works • Cost benefits • Protects the community • Protects the organisation • Compliance

  38. THANK YOU ANY QUESTIONS? JOHN SHARP john.sharp@continuityforum.org

More Related