1 / 28

Business Continuity Decision Making Methodology

Business Continuity Decision Making Methodology. ERMAN TAŞKIN www.ermantaskin.com/bcm. ERMAN TAŞKIN. İş Sürekliliği Yönetim Süreci ve Karar Verme Metodolojisi. RİSK YÖNETİMİNDE BAŞARI FAKTÖRÜ “İŞ SÜREKLİLİĞİ YÖNETİMİ” SUCCESS IN RISKMANAGEMENT: “BUSINESS CONTINUITY MANAGEMENT”.

vaughan
Download Presentation

Business Continuity Decision Making Methodology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Business Continuity Decision Making Methodology ERMAN TAŞKIN www.ermantaskin.com/bcm

  2. ERMAN TAŞKIN İş Sürekliliği Yönetim Süreci ve Karar Verme Metodolojisi RİSK YÖNETİMİNDE BAŞARI FAKTÖRÜ “İŞ SÜREKLİLİĞİ YÖNETİMİ” SUCCESS IN RISKMANAGEMENT: “BUSINESS CONTINUITY MANAGEMENT” 19-20.09.2009 İstanbul Teknik Üniversitesi, Ayazağa Kampüsü, Süleyman Demirel Kültür Merkezi Maslak – ISTANBUL TÜRKİYE / TURKEY

  3. BC Decision Making Methodology • AGENDA • BCM Organization Understanding • BCM Impact Analysis Process • BCM Strategy • BCM Implementation Methodology Documentation www.ermantaskin.com/bcm

  4. ITIL(ITSCM) & BS25999

  5. BCM Program Management Based on BS2599

  6. BCM Documentation

  7. Understanding the organization

  8. BCM Decision Making

  9. BCM Decision Making Identification of critical activities Determining Continuity Requirements Risk assessment Determining choices Business Impact Analysis • Assess cirtical services impacts • Establish maximum tolerable period of disruption • Idenfity any inter-dependent activities • Service Catalog investigation • CMDB usage for relationships definition

  10. BCM Decision Making Business Impact Analysis Determining Continuity Requirements Risk assessment Determining choices Identification of critical activities • Assess operational processes • Determine financial values of services and activities • Consider SLA targets • Use Availability Plan • Use Availability Reports

  11. BCM Decision Making Business Impact Analysis Identification of critical activities Risk assessment Determining choices Determining Continuity Requirements • Staff resources • Work site • Supporting technology • Provison of information • External services and suppliers

  12. BCM Decision Making Business Impact Analysis Identification of critical activities Determining Continuity Requirements Determining choices Risk assessment • Level of risk should be understood specifically • Choosing risk assessment approach • Elements that risk assessment process include • Determination of criteria for risk acceptance • Identification of acceptable levels of risk • Analysis of the risks

  13. BCM Decision Making Business Impact Analysis Identification of critical activities Determining Continuity Requirements Risk assessment Determining choices • Do nothing • Manual Work-arounds • Reciprocal arrangements • Gradual Recovery (cold stand by) • Intermediate Recovery (warm stand by) • Immediate Recovery (hot stand by)

  14. Business Impact Analysis Process

  15. Set up an impact analysis project • Identify a project coordinator to carry out the business impact analysis. • Define the objectives and scope of the business impact analysis project. • Choose an appropriate methodology or tool for carrying out BIA. • Create a work schedule and project plan. • Launch the business impact analysis project.

  16. Evaluate the effects of disruption and the impacts on operations • Effects of disruption • Loss of assets • Key personnel • Physical assets • Information assets • Market share • Disruption to the continuity of services and operations • Violation of a law or regulation • Negative public perception

  17. Evaluate the effects of disruption and the impacts on operations • Effects of disruption on the company’s operations • Financial • Clients and suppliers • Public relations • Legal • Regulatory considerations and requirements • Environmental • Operational • Delays • Credibility • Other resources

  18. Evaluate the effects of disruption and the impacts on operations Determine loss exposure Quantitative Revenue loss Financial penalties Gross cash flow Accounts payable Legal liabilities Human resources Additional expenses Higher cost of work • Qualitative • Human resources • Morale • Confidence • Legal • Social and corporate image • Financial credibility

  19. Business impact analysis - data collection Gathering data using a questionnaire • Understand the importance of the questionnaire’s conception and distribution. • Clearly explain the rationale for the questionnaire. • Offer support to personnel while they complete the questionnaire. • Review completed questionnaires. • Conduct follow-up discussions to obtain clarifications

  20. Business impact analysis - data collection Gathering data through interviews • Explain the purpose of the interview. • Clearly establish the type of information that is being looked for. • Compile a list of elements to cover during the interview • Consult the list throughout the meeting to ensure none are omitted. • Plan follow-up interviews

  21. Business impact analysis - data collection • Gathering data through workshops • Set up a workshop schedule • Compile a list of objectives to be met. • Identify the appropriate level of participation from managers • Identify an appropriate evaluation area, • Identify the equipment needed and personnel availability. • Interact with personnel during the workshops and discussions. • Ensure that workshop objectives are met. • Ensure that all possible impacts raised during workshops are written down.

  22. Business impact analysis - data collection • Decide upon data analysis methods (manually or using a computer). • Assess the potential financial and non-financial impacts of the risks compiled. • Prepare business impact analysis report • Prepare drafts of the business impact analysis report, including the list of impacts. • Provide participating managers with a draft report and ask for their comments. • Review the managers’ feedback • Plan a meeting with participating managers to discuss the initial findings. • Prepare and make formal presentations to colleagues and executives regarding the findings

  23. Define business functions and critical data • Establish a definition of what is “critical” for the organization • With management, identify one or more critical levels. • financial (loss of revenue, cost of recovery) • recovery time. With these two criteria, it is possible to classify impacts as: critical & major & minor. • Identify vital data for ensuring BC and the recovery of the organization’s operations. • Identify support teams. • Identify interdependencies • Prioritize critical elements for the organization in the impact mitigation process.

  24. Determine the time and resources necessary for recovery • Define recovery processes for critical business functions based on criticality criteria • Determine the order of recovery for critical business functions • Determine the minimum resource requirements for recovery • Internal and external resources. • Resources owned or not • Existing and accessible resources. • Evaluate the maximum period of time • Evaluate the maximum period of time during which information can remain unavailable. • Evaluate how long information can be allowed to “age” without being updated. • Evaluate the amount of information that can be lost without causing major prejudice to the organization. • Evaluate the limit beyond which the company’s operations will sustain major prejudice due to the disruption.

  25. Identify business processes • Interrelation between business processes • Processes dependencies • Internal • External • In terms of technology

  26. Determine replacement times • Equipment • Sostwares • Data • Key personnel • Raw material

  27. Determining BC Strategy • People • Locations • Technology • Information • Supplies • Stakeholders • Civil emergencies

  28. BCM Implementation Methodology • BCM implementation documentation • www.ermantaskin.com/bcm

More Related