A business case for establishing Business Continuity Plan ... Business Case for... · A business...

30
www.businessbeam.com A business case for establishing Business Continuity Plan (BCP) Business Beam

Transcript of A business case for establishing Business Continuity Plan ... Business Case for... · A business...

www.businessbeam.com

A business case for establishing

Business Continuity Plan (BCP)

Business Beam

Contents

2

What is Business Continuity?1

Business Benefits2

Implementation Roadmap3

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

What is Business Continuity?

A business case for establishing a Business Continuity Plan

9/11 for Pakistan

4 Copyrights (C) 2004-2016 Business Beam. All rights reserved.

Happened in Karachi (June 26, 09)

Copyrights (C) 2004-2016 Business Beam. All rights reserved.5

Suicide Attack in Lahore (May 27, 09)

Copyrights (C) 2004-2016 Business Beam. All rights reserved.6

Thanks to KESC

Copyrights (C) 2004-2016 Business Beam. All rights reserved.7

Berger Paints

Copyrights (C) 2004-2016 Business Beam. All rights reserved.8

Fire at Shahra-e-Faisal Building

Copyrights (C) 2004-2016 Business Beam. All rights reserved.9

The Reality of Business Continuity

Copyrights (C) 2004-2016 Business Beam. All rights reserved.10

43% of US companies never reopen after a disaster and 29%

more close within 3 years.

20% of small to medium size businesses suffer a major

disaster every 5 years.

78% of organizations which lacked contingency plans but

suffered catastrophic loss were gone within 2 years…most

had insurance, and many had business interruption

coverage!

(Sources: U.S. National Fire Protection Agency, U.S. Bureau of Labor, Richmond House Group

and B2BContinuity.com)

11

Is This An Effective Management Strategy In the Face of the

KNOWN Risks!

YES!

NO!

Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.

Effects of Effective Business

Continuity

Copyrights (C) 2004-2016 Business Beam. All rights reserved.12

The impact on shareholder value

Source: “The Impact of Catastrophes on Shareholder Value,” Rory F. Knight & Deborah J. Pretty, Templeton College,

University of Oxford, p. 3.

Trading days after the event

25 50 75 100 125 150 175 200 225

Effective crisis response

Ineffective crisis responses

What is Business Continuity

Management?

13

Business Continuity Management (BCM) is a holistic

management process that:

Identifies potential impacts that threaten an organization,

Provides a framework for building resilience and the capability

for an effective response,

Safeguards the interests of key stakeholders, reputation, brand

and value creating activities.

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

Success or Failure?

Copyrights (C) 2004-2016 Business Beam. All rights reserved.14

C No BCM –

usual outcome

B

No BCM – lucky

escape

Time

Leve

l of busi

ness

Critical recovery

point

A

Fully tested

effective BCM

Business Benefits

A business case for establishing a Business Continuity Plan

Key Benefits (1)

Copyrights (C) 2004-2016 Business Beam. All rights reserved.16

To Business Gain reputation as “Safe and Secure Organization”

First mover advantage

Cost effectiveness = Higher profitability

Better compliance with laws and regulations

Better continuity in case of any disaster

To Operations Better risk management & risk reduction

Better cost control

Defined SOPs

To IT Identification and control of information assets

Better risk management

Defined SOPs

IT Disaster management

Key Benefits (2)

Copyrights (C) 2004-2016 Business Beam. All rights reserved.17

Better policies, procedures and working templates

Business continuity

Information security

Related roles and responsibilities

Organization wide awareness

SAP related and general IT infrastructure

Use of network services

Mobile computing

Key Benefits (3)

Copyrights (C) 2004-2016 Business Beam. All rights reserved.18

Identification of Business Critical processes

Process identification

Process ranking according to business criticality

Continuity strategies for critical processes

Business Continuity planning

Business Impact Analysis (BIA)

BCP for all areas under scope

BCP awareness, testing and exercises

Key Benefits (4)

Copyrights (C) 2004-2016 Business Beam. All rights reserved.19

Information Asset Management

Information Classification

Information Asset Identification & Classification

Employee Skill Management

Risk Management

Identification and Analysis of Risks

Treatment of Risks

Development of Risk Management Approach & Criteria

Key Benefits (5)

Better Description of Roles & Responsibilities

Job description related to information security

Pre-hiring controls

During employment personnel development

Post-employment controls

Physical Security

Identification of Secure Areas

Equipment Security

Copyrights (C) 2004-2016 Business Beam. All rights reserved.20

Key Benefits (6)

Copyrights (C) 2004-2016 Business Beam. All rights reserved.21

Communications & Operations Management

Documented SOPs

Segregation of duties

Third party service delivery management

System planning & acceptance

Data backup and recovery

Network security

Media handling

e-Commerce

Access Control

Access control policy and procedures

User, network and OS access control

Application and mobile access control

Key Benefits (7)

Copyrights (C) 2004-2016 Business Beam. All rights reserved.22

Regulatory compliance

All applicable laws

Intellectual property rights

Framework for Continual Improvement

Regular Internal Audits

Corrective & preventive actions

Implementation Roadmap

A business case for establishing a Business Continuity Plan

23

Implementation Roadmap

24

Phase 1:Scoping & Planning

Phase 2:Understanding the Organization

Phase 3: Risk Assessment and Control

Phase 4:Implementation of Mitigation Strategies

Phase 5Training for Audit and Internal Audit

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

Phase 1: Scoping & Planning

25

Aw

areness Awareness

Sessions

Implementer Trainings

Team

Form

atio

n Establishing Management Steering Group

Establishing working groups

Pro

ject

Sco

pin

g Identification of geographical scope

Identification of functional scope

Documenting and agreeing the scope of the assignment

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

Phase 2: Understanding the

Organization

26

Pro

cess

Identifica

tion Identification of

functions under scope

Identification of processes under scope

BIA Identification of

business impact if process does not work

Prioritizing processes based on time criticality

Presenting report to the management

Ass

et

Regi

stra

tion Identification &

classification of information assets in the organization

Asset value assessment

Asset ownership identification

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

Phase 3: Risk Assessment and

Control

27

Ris

k A

ssess

ment Identification of

application threats, and risks

Analyzing probability and impact of risks R

isk T

hre

shold Calculating risk

threshold

Defining risk acceptance criteria

Deve

lopm

ent

of SO

A Selection of right controls to handle the identified risks

Implementing risk threshold and acceptance criteria

Developing and presenting SOA

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

Phase 4: Implementation of Mitigation

Strategies

Copyrights (C) 2004-2016 Business Beam. All rights reserved.28

Secu

rity

Contr

ols Developing

processes and procedures for information security controls M

itig

atio

n P

lannin

g Identifying right mitigation strategies

Planning for implementation

Busi

ness

Conti

nuity

Pla

n Development of Business Continuity Plan

Desktop exercise of BCP

Phase 5: Training for Internal Audit

and Internal Audit

Copyrights (C) 2004-2016 Business Beam. All rights reserved.29

Inte

rnal

Audit T

rain

ing Hands-on

internal audit trainings for selected individuals

Internal audit trainings on both standards

Inte

rnal

Audit Conducting first

internal audit

Developing Internal Audit report A

udit F

indin

gs Detailed assistance in closure of audit findings

Identification of corrective and preventive actions

www.businessbeam.com

Thank You!

[email protected]