BCM Forum Introduction to Government.pptx [Read-Only] Documents...Microsoft PowerPoint - BCM Forum...
Transcript of BCM Forum Introduction to Government.pptx [Read-Only] Documents...Microsoft PowerPoint - BCM Forum...
z
z
National Business Continuity & Resilience Forum 1
BCM NATIONAL CONTINUITY AND SERVICE RESILIENCE
National CommitteeTreasury Oversight
Practitioners
Regulation
Technical Assistance
National Forum Committee - Constituted in2014 at National Treasury – Concept whitepaperCurrently the BCM Committee and NationalForum works with the Accountant General’soffice to Nationalise BCM and ResilienceConceptsThe Practitioners are ISO 22301 or at leastCBCI Certified. Not all risk practitioners havebeen trained on the BCM standards, this posesa risk in itself.Draft Treasury regulation has been amendedto include BCM in the ambit of Riskmanagement.Technical Assistance is supplied by committeemembers through templates and knowledgetransfer.
National Business Continuity & Resilience Forum 2
Patrick MathoboTotyelwa NoncoPitso LinyeloShilavi FurumeleMandla MalindisaDr Clifford FergusonDelana De JonghTshepile MoganediMokapi SelowaRamabele Magoma-NthiteLinda FlemingShilavi FurumeleTshepile MoganediKim LombardTotyelwa NoncoJulia Mdzikwa
STRATEGY 2019-2021Regulate BCM in public sectorEnable The Committee mandateGovernment curriculum for BCMBCM on Board and EXCO agendasInclusive Government wide BCM programme
National Business Continuity & Resilience Forum 3
Three Areas of Capacity Building
PFMATreasury Regulations
PFMATreasury Regulations
MMFATreasury Directives and Practice notes
NATIONAL DEPARTMENTSAND SOE’SPROVINCIAL LEGISLATURES MUNICIPALITIES
National Business Continuity & Resilience Forum 4
10 National Forum Workshops
240 individuals benefitingNationally per event
Information Sharing to BCM and Risk PractitionersAttracting Chief Risk Officers
STATISTICS01 September 2016 Risk Management Forum for Public Entities, 60 delegates in attendance8 September 2016 Risk Management Forum National, Provincial and Local Government, with approximately 70 delegates 09 March 2017 Risk Management Forum for Public Entities, with approximately 65 delegates in attendance24 March 2017 Risk Management Forum National, Provincial and Local Government, 80 delegates4 July 2017 - Government Continuity Concepts, Guideline & Governance, Recovery sites and a Panel Discussion from our esteemed forum members, there were about 60 delegates10 October 2017 - full aspects of a Business Impact Analysis (BIA), there were about 115 delegates23 April 2018 Progress made on the implementation of the BIA, BCM Strategy, BCM Policy, with round 130 delegatesBreakfast 28 September 2018 BC Strategy and Policy23 April 2018, Business Continuity Plan, Disaster Recovery ,DR Shared site (WAR), 124 Delegates15 February 2019, feedback and reflection on the previous forum and practical discussion of the BCP. 150 delegates 11th of September 2019 where we will discuss option available from Microsoft.
National Business Continuity & Resilience Forum 5
PEOPLE
TECHN
OLOGY
PROCESS
OCUPATIONAL HEALTH AND SAFTEY ACT
ENTERPRISE BUSINESS MANDATEAND FOUNDING ACTENTERPRISE BUSINESS MANDATEAND FOUNDING ACT
DISATER RECOVERY ACT
THREE AREAS TO COVER BY BCM
National Business Continuity & Resilience Forum 6
BCM
Risk CommitteeBusiness Continuity Committee
Business Recovery Committee(Process)
DR and Systems Recovery Committee(Technology)
SHEQCommittee(People & Facilities)
National Business Continuity & Resilience Forum 7
1BUSINESSRECOVERYCore functionsService DeliveryClients, Customers and Stakeholders.Supply Chain
2PEOPLE MANAGEMENTEvacuationFire drillFirst AidTrauma management
3FACILITIES MANAGEMENTFacilitiesWaterElectricityWasteTransportPhysical Security
4SYSTEMS RECOVERYApplicationsSystemsNetworksTelephonyMediaHardwareAccess ControlCyber Security
FOUR PILLARS OF BCM
National Business Continuity & Resilience Forum 8
PDCA ModelContinuous Improvement
P D
C A
PLANAccording to Stakeholder requirements and BIA.
ACTAct out the BC Plan in Practice or Emergency.
DODo the BC Strategy
CHECKCheck and Monitor that BC Plan and Strategy deliver on requirements
National Business Continuity & Resilience Forum 9
HOW TO (GPG 2018)PP1
PP2
PP3PP4
PP5
PP6PP1 Policy & ProgrammePP2 Awareness & CulturePP3 Business Impact AnalysisPP4 StrategyPP5 BC PlanPP6 Monitoring & Audit
National Business Continuity & Resilience Forum 10
BUSINESS CONTINUITY PLANS
Simple and self explanatory
Consistent and flowing Prove efficacy and efficiency through exercise
The Business Continuity Plan (End to End)
BEFORE EMERGENCY RESPONSE PLAN
PROTECTION AND MITIGATION PLAN
INVOCATION
CRISIS MANAGEMENT PLAN
Risks identified and mitigation actions, OHS compliance,
detection systems, reducing impact of incidents on
business
Incident management, emergency actions such as
evacuation, first aid and Fire fighting
Roles, responsibilities and authority
Emergency procedures(BC) Crisis CommitteeCrisis Communication
Assessment, Invocation notification and mobilisation of
Systems Recovery, SHERQ, and Business Recovery
teams. Linked to RPO and RTO.
Invocation
RPO and RTO charter on Human movement, Physical & Cyber Security, IT Systems and networks, suppliers, telecommunications, back-up and restore, office space and seating arrangements, products and services versus actual production
RECOVERY PLAN
The plan on the returning to the original or rebuilt site off the recovery site/s.
RETURN TO NORMAL PLAN
Data collected for analysis in a close out report that explains how the invocation saved business versus the actual cost of such.
LESSONS LEARNT
CommunicationsPolicy
& Plan
Contents of the different BC plans
Emergency Response Plan1) Roles and
Responsibilities2) Evacuation Procedure3) Emergency Reporting
Procedure4) Immediate Measures to
limit impact5) Facility and systems
shutdown procedures6) Preventative and
Detective Measures7) Awareness and Training8) Communication
Common Elements
Crisis Management Plan
Roles, Accountability, Responsibility and
authority
1) Emergency Procedures
2)Notification,
Invocation and Escalation.
3)BC Committee
Agenda for Crisis Meeting.
4)Crisis
Communication Plan5)
Pandemic Plan
Definition of a Pandemic
1) Quarantined and non-quarantined Pandemics
2) Social containment Plan
3) Regional Footprint of the disease
4) Impacted areas of business
5) Business region transfer Plan
Systems Recovery Plan
1. Activation of the recovery Site
2. Transfer logistics to the recovery facility
3. Equipment supply or transfer
4. Core Business Process identification and recovery
5. Call Centre and email recovery
6. Data recovery or switching of data centres
7. Recovery of systems priority list
8. Ghost images for Desktop on work Area recovery
Components
Communication Plan
3) Credible4) Informative
1) Responsive2) Appropriate
Truthful Clarification
Dr Cliff FergusonFor and on behalf of the National Continuity Forum
012 319 [email protected]
THANK YOU
National Business Continuity & Resilience Forum 19