1 / 40

Business Continuity: An introduction

Business Continuity: An introduction. Purpose The sole purpose of Business Continuity is to Maintain a minimum level of service while Restoring the organization to business as usual. Who needs it?

pules
Download Presentation

Business Continuity: An introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Business Continuity: An introduction

  2. Purpose • The sole purpose of Business Continuity is to Maintain a minimum level of service while Restoring the organization to business as usual

  3. Who needs it? Everyone • Commerce and industry need it to protect the customer base • Charities need it to assure continued funding • Government agencies need it to assure continued funding and existence • Managers need it to assure their positions

  4. The difference • The difference between Business Continuity and Disaster Recovery • Business Continuity is PROACTIVE; its focus is to avoid or mitigate the impact of a risk • Disaster Recovery is REACTIVE; its focus is to pick up the pieces and to restore the organization to business as usual after a risk occurs • Disaster Recovery is an integral part of a Business Continuity plan

  5. Why Business Continuity? • An organization which fails to provide a minimum level of service to its clients following a disaster event may not have a business to recover • Customers may go to a competitor • Funding may disappear • A need may be re-evaluated and deemed unnecessary

  6. What to protect • Business functions • Functions which provide products or services • Critical support functions • Functions without which the Business Functions cannot function (e.g. Facilities, IT) • Corporate level support functions • Functions required for effective operation of Business Functions (e.g. HR, Finance)

  7. Most important resource Personnel

  8. Why people? • Although there are other critical resources, the actual product or service in most organizations depends on actions performed by, and decisions made by, people.

  9. Who is involved? In a word, EVERYONE • Executive management • Mid-level managers • Line personnel • Support personnel • Vendors • Municipal Emergency Management

  10. Management involvement Executive management • Support is required for successful plan • Provides high-level overview of organization’s operation • Provides long-range planning to assure the Business Continuity plan compliments the organization’s Business Plan

  11. Mid-level managers • Provide departmental direction • Provide department-level overviews • Provide an insight into external (to the department/function) interdependencies • Offer suggestions on how to enhance critical business processes • Identify risks

  12. Line personnel • Provide operational details • Offer suggestions on how to enhance critical business processes • Identify risks

  13. Support personnel • Provide information about services which assure the critical Business Functions can be performed at a minimum level of service or better • Provide information about protecting resources

  14. Support may include • Accounts receivable • Accounts payable • Communications • Documentation • Facilities • Finance • Human Resources • IT/MIS • Janitorial • Legal • Mail Room • Marketing • Public relations • Sales

  15. Vendors Vendors provide services and products • Courier services and mail • Communications (telephone, fax, email) • Insurance (business, health, property) • Necessities (municipal services) • Utilities (electricity, fuel)

  16. Emergency Management Municipal Emergency management must be included in the plan to • Assure personnel safety • Mitigate damage from risks • Train personnel to avoid risks and to protect themselves and the organization

  17. No man – or department – is an island

  18. Protect all to protect one • In order to protect any single Business Function, the enterprise must be protected. • There are too many easily identifiable dependencies to create successful “function-only” or “resource-only” plans.

  19. A few risks • Espionage • Fire • Flood • Hacked database • HazMat incident • Heat • Hurricane • Ice • Industry image (airlines) • Aircraft accident • Bond rating • Civil unrest • Communications • Competition • Customer failure (K-Mart) • Debris • Drought • Electrical failure • Epidemic

  20. A few more risks • Snow • State law • Stock value • Tornado • Traffic accident • Vendor failure • Wildfire • Work action • Ubiquitous “other” • Internet failure • Intranet failure • IT/MIS • Legal action • Lender reluctance • Local statues • Loss of key personnel • Rail accident • Recession • Regulatory agencies • Reputation

  21. Rating a risk • Not all risks present the same danger to an organization • Risks are rated based on • Probability of occurrence • Impact on the organization

  22. Risk options • Avoid the risk • Usually the most expensive option • Required by some 24*7*365 operations • Mitigate the risk • Less expensive than avoidance • Reduces the impact of the “inevitable” • Absorb the risk • The process or product is antiquated anyway

  23. The plan – Part 2 • Create business continuation processes • Create organization recovery processes • Create a training program • Establish a plan maintenance procedure • Train, train, and train some more

  24. Business continuation • Business continuation processes are designed so the organization maintains “at least a minimum level of service” to assure there will be a business to recover • Each Business and Support function must have a continuation plan • How quickly the process must be functioning depends on the maximum allowable outage

  25. Recover the business • This may be in multiple stages: • Recovery to a minimum level of service • Recovery to business as usual There may be intermediate stages between the two recovery stages shown above

  26. Training program • The training program has two primary goals: • To assure personnel will be able to efficiently and effectively respond following a disaster event • To develop self-confidence in the personnel to perform their assigned functions

  27. Maintenance • A plan that lacks maintenance quickly becomes a “non-plan” • Plan maintenance is based on the calendar • Plan maintenance is based on “trigger” events • Personnel change • Process, procedure change • Etc.

  28. Creating a plan • Do it yourself • Can you think of everything? • Can you think objectively? • Who will review your plan? • Call a professional • Experience • Network to help think of almost everything • Only objective is to create a successful plan

  29. 1) Develop a business continuity / disaster recovery plan - Establish a disaster-recovery team of employees who know your business best, and assign responsibilities for specific tasks. - Identify your risks (kinds of disasters you're most likely to experience). - Prioritize critical business functions and how quickly these must be recovered.- Establish a disaster recovery location where employees may work off-site and access critical back-up systems, records and supplies.- Obtain temporary housing for key employees, their families and pets.- Update and test your plan at least annually.

  30. 2) Alternative operational locationsDetermine which alternatives are available. For example: - A satellite or branch office of your business.- The office of a business partner or even an employee.- Home or hotel.

  31. 3) Backup site. Equip your backup operations site with critical equipment, data files and supplies: - Power generators. - Computers and software. - Critical computer data files (payroll, accounts payable and receivable, customer orders, inventory). - Phones/radios/TVs. - Equipment and spare parts. - Vehicles, boats and spare parts. - Digital cameras. - Common supplies. - Supplies unique to your business (order forms, contracts, etc.). - Basic first aid/sanitary supplies, potable water and food.

  32. 4) Safeguard your property Is your property prepared to survive a hurricane or other disaster: - Your building? - Your equipment? - Your computer systems? - Your company vehicles? - Your company records? - Other company assets?

  33. 5) Contact information Do you have current and multiple contact information (e.g., home and cell phone numbers, personal e-mail addresses) for: - Employees? - Key customers? - Important vendors, suppliers, business partners? - Insurance companies? - Is contact information accessible electronically for fast access by all employees?

  34. 6) Communications Do you have access to multiple and reliable methods of communicating with your employees: - Emergency toll-free hotline? - Website? - Cell phones? - Satellite phones? - Pagers? - BlackBerry(TM)? - Two-way radios? - Internet? - E-mail?

  35. 7) Employee preparation Make sure your employees know: - Company emergency plan. - Where they should relocate to work. - How to use and have access to reliable methods of communication, such as satellite/cell phones, e-mail, voice mail, Internet, text messages, BlackBerry(TM), PDAs. - How they will be notified to return to work. - Benefits of direct deposit of payroll and subscribe to direct deposit. - Emergency company housing options available for them and their family.

  36. 8) Customer preparation Make sure your key customers know: - Your emergency contact information for sales and service support (publish on your website). - Your backup business or store locations (publish on your website). - What to expect from your company in the event of a prolonged disaster displacement. - Alternate methods for placing orders. - Alternate methods for sending invoice payments in the event of mail disruption.

  37. 9) Evacuation order When a mandatory evacuation is issued, be prepared to grab and leave with critical office records and equipment: - Company business continuity / disaster recovery plan and checklist. - Insurance policies and company contracts. - Company checks, plus a list of all bank accounts, credit cards, ATM cards. - Employee payroll and contact information. - Desktop/laptop computers. - Customer records, including orders in progress. - Photographs/digital images of your business property. - Post disaster contact information inside your business to alert emergency workers how to reach you. - Secure your building and property.

  38. 10) Cash management Be prepared to meet emergency cash-flow needs: - Take your checkbook and credit cards in the event of an evacuation. - Keep enough cash on hand to handle immediate needs. - Use Internet banking services to monitor account activity, manage cash flow, initiate wires, pay bills. - Issue corporate cards to essential personnel to cover emergency business expenses. - Reduce dependency on paper checks and postal service to send and receive payments (consider using electronic payment and remote deposit banking services).

  39. 11) Post-disaster recovery procedures - Consider how your post-disaster business may differ from today. - Plan whom you will want to contact and when. - Assign specific tasks to responsible employees. - Track progress and effectiveness. - Document lessons learned and best practices.

More Related