1 / 28

ANZUIAG CONFERENCE 2002 Business Continuity Management

ANZUIAG CONFERENCE 2002 Business Continuity Management. Colin Maslen, MBCI. Characteristics of today’s world. Complexity Coupling Scope and size Speed Visibility. ‘For the first time, human-caused crises can now rival natural diasters in scope and magnitude’ (Mitroff, 2001). Examples ….

levana
Download Presentation

ANZUIAG CONFERENCE 2002 Business Continuity Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ANZUIAG CONFERENCE2002Business Continuity Management Colin Maslen, MBCI

  2. Characteristics of today’s world • Complexity • Coupling • Scope and size • Speed • Visibility

  3. ‘For the first time, human-caused crises can now rival natural diasters in scope and magnitude’ (Mitroff, 2001)

  4. Examples … • Challenger Explosion • AT&T Network Breakdown • Exxon Valdez • Lockerbie • Union Carbide and Bhopal • Piper Alpha • Barings • Enron • September 11

  5. ‘Never before had the ability of business to recover been played out in the full glare of the worldwide media’ (Honour, 2002)

  6. Business Continuity & the NY World Trade Centre (cont’d) • Deutsche Bank successfully switched operating system to back-up facility • Lehman Brothers used mirrored site in New Jersey - able to trade equities when New York Stock Exchange reopened on September 17

  7. Business Continuity & the NY World Trade Centre • Comdisco had history of 421 DRP invocations before 11 Sept, then 74 invocations in 48 hours • IBM emergency operations centre already on full alert for a tropical storm in Gulf of Mexico

  8. Crises/Disasters: Some Australian Examples • Hoddle Street massacre • Victorian power crisis • Longford gas plant explosion • Mobil jet fuel contamination • Product tampering in the pharmaceutical industry • Bankstown Civic Centre fire • Knox City Council fire • Auckland CBD power crisis • Childers backpacker hotel fire

  9. Risk management - components Risk Control (Proactive - minimises risk exposure and reduces likelihood, e.g. Security) Risk Transfer (Insurance & Contracts - Manages Cost of Risk) Business Continuity & Contingency Planning (Reactive - Minimises impact or consequences)

  10. Business Continuity Management • Business Continuity • Planning: • to maintain continuity of • critical processes & • functions, e.g.: • customer service • administration • billing IT (Disaster) Recovery Planning: Recovery of critical systems and applications Crisis Management: Organisation & ability to manage any crisis or disaster

  11. business continuity management overall approach to business continuity business continuity plans address continuity of processes IT disaster recovery plan one specific type of plan In context - BCM, BCP and DRP

  12. Crisis management … the organisational capacity to manage a ‘crisis’ or ‘disaster’ through to recovery

  13. Getting Started • BCM Team • Incident/Crisis Management Organisation • BCM Project/Program • Risk identification, assessment & treatment • Identify key business processes • Business Impact Analysis • Division/Faculty BCPs

  14. Establish context Consultation and Communication Monitor and Review Identify risks A S S E S S M E N T A S S E S S M E N T Analyse risks Evaluate and prioritise risks Treat risks The Risk Management Process (AS/NZS 4360:99)

  15. Identifying / Prioritizing Key Business Processes • Vital: Not easily transferred or replaced; low tolerance, high cost of interruption; data may be permanently damaged/lost • Important: Can be partially transferred for limited period; moderate tolerance; potentially high cost of interruption • Deferrable: Can be interrupted for extended period; minor inconvenience

  16. Critical Business Processes: Examples • Student administration: enrolments, fees, student records, examinations, graduations; accommodation • Faculties: Budgeting; programming the academic year; resource allocation • Finance: payroll; accounts; tax • Human resources: HR records, remuneration; superannuation, worker’s compensation • On-line teaching

  17. Business Impact Analysis (BIA) • Examines dependency of Vital & Important processes on Key Resources • Determines Maximum Tolerable Outage(MTO); i.e. the restoration timeframe, for each resource

  18. BIA Example

  19. BCP Components • Objectives, scope, possible scenarios • Organisation, responsibilities & communications • Incident impact assessment, escalation & plan invocation • Procedures & checklists for phases: • Respond • Restore: Vital & Important Processes • Recover • Emergency contact lists • Document control & maintenance

  20. Planning considerations • Emergency Services’ priorities • Staff • Communications: primary & back-up • Public relations • Continuity of Customer Service • Information Technology & Services • Salvage & restoration of documents (e.g. licences), records and artifacts

  21. Incident Is it an IT ‘disaster’? Is it a ‘crisis’? Resume business as usual Incident reporting & escalation Resume normal IT operations Business as usual No No Yes Yes Invoke DRP: Convene DMT to coordinate Convene CCT BCPs DRP Implement BCPs for Business processes Manage Salvage & Repair Manage HR & PR Issues Restore Hardware & Communications Process restoration & data catch-up Applications & Data Recovery Off-site back-up Business resumption & Cost recovery The big picture ...

  22. Incident/Crisis Management • Respond • Identify, report & assess Incident/Crisis • Emergency procedures • Escalate  activate CMT • Isolate/contain damage • Restore • Stabilise - CMT coordinate company wide response • Damage control • Short term restoration of operations & customer service • Work-arounds & BCPs • Manage indirect consequences, e.g. media coverage • Recover • Assess impact (cost) • Repair damage • Recover image & market share • Cost recovery, e.g. insurance

  23. BCM - The Essential Ingredients • Commitment • Organisation • Communication • Testing & training • Plan maintenance & review

  24. Sources of Information • Business Continuity Institute • BCI’s Business Guide to Continuity Management • ANAO’s Best Practice Guide: Business Continuity Management - Keeping the wheels in motion • Standards Australia: OB/7 Working Group Draft Business Continuity Management Guideline

  25. Bombing at Hebrew University • 31 July 2002 • Bomb planted in university cafeteria • Killed 7 and wounded more than 80

  26. Could your university carry on if the unthinkable happened?

  27. Thank You!Any Questions?

More Related