Business Impact Analysis
description
Transcript of Business Impact Analysis
![Page 1: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/1.jpg)
A Reliance Capital company
Business Impact Analysis
S.V. Sunder Krishnan
29th November 2007
![Page 2: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/2.jpg)
2 of 48 A Reliance Capital company
Disaster is an event, often unexpected, that seriously disrupts your usual operations or processes and can have long term impact on your normal way of life or that of your organization
Here is a sample list disasters:Environmental
Fire
Earthquake
Heavy Rains
Flooding
Lightning Surge
Severe Weather
Epidemics
Tsunami
Hurricane
Others
Legal Problem
Vendor Breakdown
Disaster
Loss of Utility and Services
Building Collapse
Communication Breakdown
Electric Short Circuits
Electricity / UPS Failure
Transportation Strike
Telecommunications Vendors
Organized Deliberate
Terrorism
War
Riots
Sabotage
Labor Disputes
Data Center Theft
Equipment Service Failure
Internal Power Failure
AC Failure
Equipment Failure
IT System Failure
Server Hang
Power Surge
Info Security Incident Virus Attack
Cyber Crime
Hacking
Dos attack
SPOF breakdown
System Corruption
![Page 3: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/3.jpg)
3 of 48 A Reliance Capital company
![Page 4: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/4.jpg)
4 of 48 A Reliance Capital company
The Fatal Impact!
Disasters could cause an organisation to suffer:
• Inability to maintain critical customer services
• Damage to market share, reputation or brand
• Failure to protect the company assets including intellectual properties and personnel
• Business control failure
• Failure to meet legal or regulatory requirements
![Page 5: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/5.jpg)
5 of 48 A Reliance Capital company
WHAT IS - BUSINESS CONTINUITY PLANNING?
BCP is about identifying and, where appropriate, reducing your internal and external business risks & exposures and implementing an affective business recovery strategy
BCP ensures that you can provide an acceptable level of service to your clients / customers and other business ‘stakeholders’ regardless of any events or incidents that occur
BCP should be an integral part of your business risk management strategy BCP addresses the whole business continuity management process from risk & business impact analysis through strategy & plan development to implementation, testing and ongoing change control
![Page 6: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/6.jpg)
6 of 48 A Reliance Capital company
Why Have a Business Continuity Plan?
Ensure that you can provide an acceptable level of service to your clients, customers and other business partners regardless of any events or incidents that occur
BCP is not a ‘box ticking’ exercise to satisfy the regulators it is about ensuring continuity of your business
Effective BCP is in the interest of all staff at all levels. This requires you to take ownership of BCP for your business unit
Recovery or Failure
Time
Level of
Business
INCIDENT
Critical Recovery
Point
B
No Plan – Lucky Escape
C No Plan – Possible Outcome
AFully Tested
Effective Plan
Managed Short-termInterruption
![Page 7: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/7.jpg)
7 of 48 A Reliance Capital company
WHAT IS - BUSINESS CONTINUITY PLANNING?
BCP is the responsibility of the Business it is not just an IT issue!BCP encompasses a DRP (Disaster Recovery Plan) which is an IT plan
1. Analyse your
Business
2. Analyse the Risks
3. Develop Recovery Strategy
4. Test & Update
Analyse your Business Business Impact Analysis
Analyse the RisksBusiness Continuity Risk Assessment
Develop Recovery Strategy Business Continuity Plan
Test & Update Periodically test and update BCP
![Page 8: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/8.jpg)
8 of 48 A Reliance Capital company
How do you develop a Business Continuity Plan?
Development of a Business Continuity plan is not ‘rocket science’ – it’s really just common sense
Essentially, it consists of:
identifying tasks which your team may need to perform if an incident occurs
documenting those tasks
organizing the tasks logically by phase and activity
compiling team contact info and any other supporting documentation
![Page 9: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/9.jpg)
9 of 48 A Reliance Capital company
What assumptions should you make?
In developing your business unit’s plan, you should make the following assumptions:
The incident may occur at the worst possible time
The incident may be a ‘worst case’ scenario, or it may be a lesser incident (e.g. loss of computer systems, temporary loss of access to the facility, telecommunications failure)
Some or many of your staff may be unavailable for work following the incident
An alternate location would be available for your critical business unit within 4 hours of an incident, with the number of workstations specified
The alternate location would be within driving distance
The Business Enterprise has a formal Business Continuity Team structure in place, consisting of a Business Continuity Coordinator, a ‘Corporate Crisis Management Team’ (CCMT) and support teams (in addition to the business unit teams)
Only the BCP Coordinator and CCMT can authorize teams to activate their Business Continuity plans
![Page 10: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/10.jpg)
10 of 48 A Reliance Capital company
BCP RISK ANALYSIS – BUSINESS IMPACT
Four Variables that affect the Level of Business Exposure and Impact: Likelihood of risk occurring Vulnerability to the risk Severity of risk Time taken to recover
Time taken to recover relates to the Severity of the Risk: Short-term impact (up to 1 working day) resulting from denial of access to place of
work / data (e.g. due to power failure)
To: Long-term impact (several weeks / months) resulting from total destruction of place of
work / staff / data (e.g. 9/11)
Quantifying Risk - how do we Prioritise the Risk? : Risk Weighting = Business Impact Assessment x Degree of Vulnerability x Likelihood
of each Threat
![Page 11: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/11.jpg)
11 of 48 A Reliance Capital company
BCP RISK ANALYSIS – LIKELIHOOD / IMPACT CHART
LowLikelihood
Low Impact
HighLikelihood
High Impact
Pandemic
Epidemic
War
TerrorismPlane Crash
Major Fire
Power Failure
Virus
Limited IT Failure
Theft
Water Leak
Minor Fire
Confidentiality BreachMajor Fraud
Minor Fraud
Major IT Failure
Supplier Failure
Four Variables that affect the Scale of Business Impact: Likelihood of risk occurringVulnerability to the riskSeverity of riskTime taken to recover
![Page 12: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/12.jpg)
12 of 48 A Reliance Capital company
Business Process Criticality Definition
A Company’s revenue generating ability and corporate image are supported by the timely execution of its business processes. However, the degree of criticality that some business processes carry are more than others on account of their importance to the business operations either in terms of their revenue generation capability or their ability to sustain the corporate image.
Provided below are guidelines, which have been considered at the time of assigning criticality to RLIC’s business processes:
Critical (High)
Inability to perform this process within the indicated cycle time would significantly affect revenue-generating capability and / or the operating effectiveness of the other business processes.
Important (Medium)
Inability to perform this process on a timely basis would affect revenue-generating activities and / or the operating effectiveness of the other business processes. These processes normally support the execution of critical processes, but are not directly part of the critical business process itself.
Minor (Low)
Inability to perform this process for a significant period of time in excess of the indicated cycle time would impact the efficiency of other business processes and affect revenue-generating activities.
![Page 13: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/13.jpg)
13 of 48 A Reliance Capital company
Factors to be considered for determining the criticality
Financial Factors Non Financial Factors
Delay / loss of revenues Corporate Image
Delay in recognition of revenues Customer Confidence
Fines for regulatory non compliance Employee Morale
Lost interest / interest paid on borrowed funds
Shareholder / Investor confidence
Resumption Expenses Legal Contractual obligation
Penalties for delayed processing Competitive Advantage
Lost Opportunity
![Page 14: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/14.jpg)
14 of 48 A Reliance Capital company
The generally observed classification
Criteria Critical (High) Important (Medium)
Minor (Low)
Impact on revenue Long term Medium / Short term X
Effect on business processes
Severe Moderate Affects efficiency only
Contractual obligations
Breached X X
Competitive advantage
Immediate loss Loss over a period of time X
Regulatory Compliance
Non-compliance Non-compliance Non-compliance
Loss of goodwill and customer confidence
Loss of goodwill and customer confidence
Reputation loss X
![Page 15: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/15.jpg)
15 of 48 A Reliance Capital company
BCP – Invocation Flowchart / Call Tree
Business Recovery
4 to 24 hrs
INCIDENT ALERT to BCP Team
RecoveryTimescales
Incident Alert
0 to 2 hrs
INCIDENT DETECTED
(Security Alerted)
• EMERGENCY SERVICES
• BCP PLAN• RECOVERY SITE• VOICE DIVERT - TO MESSAGE• BCP WEBSITE MESSAGE UPDATE• STAFF MESSAGE LINE UPDATE
IT RECOVERY CORPORATE
COMMUNICATIONBUSINESS
RECOVERY OTHER
LOCATIONSTEAM LEADERS
CRISISMANAGEMENT TEAM (CMT)
CALL OUT
CALL OUT
IT BCP PLANBACKUP TAPE DELIVERY‘BATTLEBOX’ DELIVERY
VOICE DIVERT - TO RECOVERY SITE
DEPARTMENT BCP PLANIMPACT ASSESSMENT
2 to 4 hrs
CMT BCP PLAN IMPACT ASSESSMENTLOCAL BCP PLAN
INVOKE
DEPARTMENT BCP PLAN
CLIENT / PUBLICRELATIONS STRATEGY
INVOKE
INVOKEINVOKEINVOKEINVOKE
IA process - Incident / Damage & Salvage Assessment- Invoke Recovery Site or put on Standby- Call-out the CMT and Confirm Invocation- Invoke Voice Divert & Message Updates (Staff Line & BCP
Website)- Call-out Recovery Team Leaders or their Alternates- Manage Invocation and IT / Services Recovery and Support
CMT - Liaise with IA teams and Confirm Invocation- Set-up Command Centre / Conference Call- Conduct Business Impact Assessment & Determine Recovery Priorities- Assume Ongoing Crisis Management Responsibility
RECOVERY - Team Leaders to Call-out Team Members & Invoke BCP PlanProcesses - Conduct Business Impact Assessment & Advise CMT
- Recover Business / IT / Service Functions
Incident Invocation
CALL OUT
![Page 16: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/16.jpg)
16 of 48 A Reliance Capital company
Recovery Timeframes (RTO)
Recovery timeframes refer to the period by which each business process needs to be recovered / resumed to avoid disruption to business i.e. a business process may not be critical at the time of disaster striking the organization.
However if such process is not recovered within the stipulated period subsequent to the disaster then such process may also become critical at the end of such identified period
For e.g. process for payment of salaries if not resumed / recovered within 15 days would become critical.
There are two factors to be considered Recovery time:
Refers to the time taken to ensure that key business processes are up and running
Currency of data: Refers to the currency of data (i.e how latest the data should be – yesterday’s back up or information keyed in two hours before the disaster or every SECOND! no data lost)
![Page 17: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/17.jpg)
17 of 48 A Reliance Capital company
confidentia
l
Executive Summary
Introduction Essentials of BIA Incident Management Impact Analysis RTO / RPO Recovery Strategies / Alternatives Threat Scenarios and assumptions The teams Summing up
![Page 18: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/18.jpg)
18 of 48 A Reliance Capital company
Phases of the business continuity planning process
• Creation of a business continuity and disaster recovery policy
• Business impact analysis
• Classification of operations and criticality analysis
• Development of a business continuity plan and disaster recovery procedures
• Training and awareness program
• Testing and implementation of plan
• Monitoring
BCP Process
![Page 19: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/19.jpg)
19 of 48 A Reliance Capital company
• Rigorous planning and commitment of resources• Risk assessment to identify critical business processes• Reduction of risk for unexpected disruption to critical
functions• Assure continuity of minimum level of service for critical
operations• Responsibility of senior management• Address all functions and assets to continue as a viable
organization
The Essentials:
![Page 20: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/20.jpg)
20 of 48 A Reliance Capital company
Disasters Disrupt the operation of critical information processing Adversely impact business operations
• Not all disruptions are disasters• Causes of service disruption
Natural Expected services no longer supplied
• BCP must take into account all types of events impacting IS processing facilities and end users functionality
BIA - Elements
![Page 21: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/21.jpg)
21 of 48 A Reliance Capital company
The management of incidents need be dynamic, proactive and documented
All types of incidents need to be categorized Negligible: causing no significant damage Minor: produce no negative material or financial impact Major: cause negative material impact on business
processes Crisis: serious material impact on the functioning of the
business
BCP Incident Management
![Page 22: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/22.jpg)
22 of 48 A Reliance Capital company
Identifying the various events that could impact the continuity of operations and their impact on the organization
Issues to consider for BIA:• Different business processes• Critical information resources related to critical business
processes• Critical recovery time period before significant losses are
incurred• Systems risk ranking
Business Impact Analysis
![Page 23: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/23.jpg)
23 of 48 A Reliance Capital company
Recovery Point Objective (RPO) Based on acceptable data loss Indicates earliest point in time in which it is acceptable to recover
the data Recovery Time Objective (RTO)
Based on acceptable downtime Indicates earliest point in time at which the business operations
must resume after a disaster
Recovery Point Objective and Recovery Time Objective
![Page 24: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/24.jpg)
24 of 48 A Reliance Capital company
RPO and RTO are based on time parameters The lower the time requirements, the higher the cost of recovery
strategies Parameters to consider when defining recovery strategies:
Interruption window Service delivery objective (SDO) Maximum tolerable outages
Recovery Point Objective and Recovery Time Objective (continued)
![Page 25: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/25.jpg)
25 of 48 A Reliance Capital company
Like all threats, the most effective action would be:
To remove the threat altogether
To minimize the likelihood and effect of occurrence A recovery strategy is a combination of preventive, detective and
corrective measures. The selection of a recovery strategy would depend upon:
The criticality of the business process and the applications supporting the processes
Cost
Time required to recover
Security
Recovery Strategies
![Page 26: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/26.jpg)
26 of 48 A Reliance Capital company
Recovery strategies based on the risk level identified for recovery
would include developing:
• Hot sites
• Warm sites
• Cold sites
• Duplicate information processing facilities
• Mobile sites
• Reciprocal arrangements with other organizations
Recovery Strategies (continued)
![Page 27: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/27.jpg)
27 of 48 A Reliance Capital company
Types of offsite backup facilities
• Hot sites - Fully equipped facility
• Warm sites - Partially equipped but lacking processing power
• Cold sites - Basic environment
• Duplicate information processing facility
• Mobile sites
• Reciprocal agreement
– Contract with hot, warm or cold site
– Procuring alternative hardware facilities
Recovery Alternatives
![Page 28: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/28.jpg)
28 of 48 A Reliance Capital company
Procuring alternative hardware facilities• Vendor or third-party
• Off-the-shelf
• Credit agreement or emergency credit cards
Recovery Alternatives (continued)
![Page 29: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/29.jpg)
29 of 48 A Reliance Capital company
What is a Potentially Disastrous incident?
A potentially disastrous incident (hereafter referred to as an ‘incident’) is any internal or external incident which may cause an unacceptable interruption in the company’s critical and important business processes.
![Page 30: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/30.jpg)
30 of 48 A Reliance Capital company
Threat scenarios
Threat Impact Scenario
Environmental Incidents•Water Damage•Earthquake
Loss and Damage of records, premises Inaccessibility of premises
Fire Loss and Damage of records, premises Inaccessibility of premises
Power Outages Temporary disruption of services/operations Critical IT Systems non availability
Sabotage / Terrorist activity Loss, Damage Inaccessibility of premises
Civil Disturbances Loss, Damage Inaccessibility of premises
Loss or theft of key data Loss, Damage and disclosure of confidential information
Critical IT Systems non availability (due to disruption in the integrity of the data)
Failure of IT and/or Telecom Infrastructure Disruption of services Non availability of critical IT Systems
IT Security Incident Disruption of services,Loss of data
Non availability of critical IT Systems
Logistical failures for centralized operations Disruption of services Inaccessibility of premises
![Page 31: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/31.jpg)
31 of 48 A Reliance Capital company
What assumptions should you make?
In developing your business unit’s plan, you should make the following assumptions:
The incident may occur at the worst possible time The incident may be a ‘worst case’ scenario, or it may be
a lesser incident (e.g. loss of computer systems, temporary loss of access to the facility, telecommunications failure)
Some or many of your staff may be unavailable for work following the incident
![Page 32: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/32.jpg)
32 of 48 A Reliance Capital company
What assumptions should you make?
You can also make the following assumptions: An alternate location would be available for your critical
business unit within 4 hours of an incident, with the number of workstations specified
The alternate location would be within driving distance The Company has a formal Business Continuity Team
structure in place, consisting of a Business Continuity Coordinator, a ‘Corporate Crisis Management Team’ (CCMT) and support teams (in addition to the business unit teams)
Only the the BCP Coordinator and CCMT can authorize teams to activate their Business Continuity plans
![Page 33: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/33.jpg)
33 of 48 A Reliance Capital company
What is aBusiness Continuity Team?
![Page 34: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/34.jpg)
34 of 48 A Reliance Capital company
What is a Business Continuity Team?
A Business Continuity Team is a designated group of individuals responsible, at time of incident, for: determining which tasks need to be performed coordinating the execution of those tasks communicating and coordinating with other Business
Continuity Teams Each team must have a team leader and alternate(s),
and an appropriate number of members
![Page 35: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/35.jpg)
35 of 48 A Reliance Capital company
Typical Business Continuity Team Structure
Support Team
IT Team
Support Team
Corporate Crisis Management
Team
Business Resumption Teams
Critical Process 1
Critical Process 2
Critical Process 3
LocalIncident
ManagementTeams
Business Continuity Coordinator
![Page 36: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/36.jpg)
36 of 48 A Reliance Capital company
The Specific BCP Teams for Reliance Life Insurance Company Limited
Corporate CrisisManagement Team
BusinessContinuity
Coordinator
Support TeamInformationTechnology
Team
BusinessResumption
Team
![Page 37: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/37.jpg)
37 of 48 A Reliance Capital company
What is a Crisis Management Team? A Corporate Crisis Management Team (CCMT) is a
designated group of senior individuals responsible for overall management of a potentially disastrous incident
Typical responsibilities include: Activation of Business Continuity and support teams Coordination of all communication between teams High level decision making (including ‘incident
declaration’) Prioritization of activities De-activation of Business Continuity and support teams
![Page 38: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/38.jpg)
38 of 48 A Reliance Capital company
What are Support Teams? Support Teams are specialized groups that may be
activated by the CCMT to help manage the incident Typical support teams include:
Information Technology team - Systems and Application Support Members and Communications and Infrastructure Support Members
Support Team (including Facilities, Services, Finance, Functional representatives (SPOCs), Corporate Communications and so on)
![Page 39: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/39.jpg)
39 of 48 A Reliance Capital company
What is the role of Information Technology Teams?
Typically, Information Technology Support Teams would handle all of the ‘technology issues’ associated with a potentially disastrous incident
Responsibilities could include: Recovering mainframe, mid-range, and server-based
systems at the alternate location(s) Restoring data from latest off-site backups Re-establishing voice and data communications Commissioning employees’ desktop systems Restoring technology at the original location Activating connections from Alternate Operations Center
![Page 40: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/40.jpg)
40 of 48 A Reliance Capital company
What is the role of the Support Team? Typically, the support team provides the damage assessment following
an event, and assists with the site restoration process. Responsibilities would include:
- Coordinating preparation of detailed damage assessments- Facility- Business Process and- Systems
- Overseeing damage assessment and control activities- Coordinating site cleanup and salvage activities- The Support Team will provide the CCMT and the BCP Coordinator with a comprehensive assessment of damage after disaster has occurred, including: - Missing staff, injuries and loss of life; - Extent of facility damage; and - Damaged equipment (Computer Hardware, Network Components, UPS, etc.)
![Page 41: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/41.jpg)
41 of 48 A Reliance Capital company
What is the role of Support Team?
Handle all of the ‘public relations’ issues associated with a potentially disastrous incident
Responsibilities could include: Preparing press releases and public announcements Coordinating news conferences, interviews Interfacing with media personnel Issuing communiqués to employees and stakeholders Managing the Company's image and reputation during
the crisis
![Page 42: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/42.jpg)
42 of 48 A Reliance Capital company
What is the role of Administration Personnel in the Support Team?
Handle all of the ‘facility issues’ associated with a potentially disastrous incident
Responsibilities could include:
Liaison with civil authorities
Damage assessment, salvage, and restoration
Preparing the alternate location(s) for occupancy
Physical security
Transportation of equipment and materials
Redirecting of mail and courier service
Management of interim phone systems
![Page 43: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/43.jpg)
43 of 48 A Reliance Capital company
What is the role of Human Resources Department Personnel in the Support Team?
Handle all of the ‘people issues’ associated with a potentially disastrous incident
Responsibilities could include: Ensuring all employees are accounted for
Contacting employees’ families
Coordinating temporary relocation of staff, including travel and accommodation arrangements
Hiring contract personnel
Providing assistance to individual employees
Ensuring continuance of salaries and benefits
![Page 44: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/44.jpg)
44 of 48 A Reliance Capital company
What is the role of Finance Department Members in the Support Team?
Handle all of the ‘accounting issues’ associated with a potentially disastrous incident
Responsibilities could include: Authorizing and tracking expenditures Ensuring appropriate accounting controls are
maintained Identifying losses Processing insurance claims
![Page 45: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/45.jpg)
45 of 48 A Reliance Capital company
The Phases in a Business Continuity Plan
To sum up
![Page 46: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/46.jpg)
46 of 48 A Reliance Capital company
The Five BCP Phases
ReturnTo Normal
BusinessResumption
Resource Recovery & Commissioning
Interim Contingencies
Initial Response And Assessment
BUSINESS IMPACT ANALYSIS
![Page 47: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/47.jpg)
47 of 48 A Reliance Capital company
Acknowledgement
ISACA
![Page 48: Business Impact Analysis](https://reader034.fdocuments.us/reader034/viewer/2022051516/56814404550346895db0976c/html5/thumbnails/48.jpg)
A Reliance Capital company
Thank you
November 29 2007