Baixe o app para aproveitar ainda mais
Esta é uma pré-visualização de arquivo. Entre para ver o arquivo original
BUSINESS CONTINUITY GUIDE PLANNING AGENDA • Introduction • Objectives of BCP • Approaches to BCP • Dimensions of Scope • Entry Points 2 • Q&A INTRODUCTION So…you’ve decided to embark on a business continuity planning (BCP) project …but where do you start? • Define the objectives • Determine the dimensions of scope • Select an appropriate approach • Proceed from an entry point 3 OBJECTIVES (1/2) Satisfy audit or regulatory requirements1 Rebuild the infrastructure2 Resumption of business activities3 Continuity in customer service4 Four possible objectives of BCP: 4 OBJECTIVES (2/2) 5 Audit or Regulatory Requirements • If your focus is on: – Passing an audit or getting points cleared – Minimizing costs • Then your objective is to satisfy audit or regulatory requirements. Rebuild the Infrastructure • If your focus is on: – Alternative facilities and sites – Solutions to minimize downtime of key infrastructure and systems • Then your objective is to rebuild the infrastructure. Resumption of Business Activities • If your focus is on: – Setting up an organization and the required facilities to enable key staff to resume their activities • Then your objective is the resumption of business activities. Continuity in Customer Service • If your focus is on: – Defining what level of customer service must be maintained throughout a disaster – What is required to achieve that level of customer service • Then your objective is to ensure continuity in customer service at an acceptable level. APPROACHES TO BCP 6 Approaches to BCP based on the objectives: Objective Approach Satisfy audit or regulatory requirements Tick-box approach Rebuild the infrastructure Infrastructure approach Resumption of business activities Gradual/subplans approach Continuity in customer service Business approach (holistic) SCOPE 7 • Event Interrupting Operations – Asset protection Protection of assets (e.g., people, building, etc.) – BCP Preparation of critical elements for business continuity • Enterprise-wide versus IT… ...be clear on the scope of your BCP project 8 DIMENSIONS OF SCOPE Business Network Control Room IT DRP Network Resilience Server Mirroring Dealing Room Office Relocation Equipment Failures Infrastructure Business Interruption Risks (BIR) Infrastructure Risk Long-Term Business Viability Brand Image Client Satisfaction Capacity Regulatory INFRASTRUCTURE 9 • …the identification and protection of critical (IT) infrastructure required to maintain an acceptable level of business, • ...to ensure the survival of the organization in times of business disruption. • Critical infrastructure can include: – Mainframe – Networks – Applications – PCs and desktops – Manufacturing infrastructure – Logistical infrastructure – Office locations BUSINESS 10 • …the identification and protection of critical business processes required to maintain an acceptable level of business, • ...to ensure the survival of the organization in times of business disruption. • Critical business processes can include – Manufacturing – Sales/order entry – Payroll – Dealing room activities – Delivery – Client communication – Accounting and finance BUSINESS INTERRUPTION RISK 11 • …the identification and protection against business risks resulting from a business interruption jeopardizing • ... the survival of the organization in times of business disruption. ENTRY POINTS 12 There are four possible entry points depending on the drivers of the approach. If your approach is… Then your entry point is... Event driven Evaluate threats Business risk driven Assess risks from interruptions Business driven Analyze critical processes Applications or systems driven Dependency on (IT) infrastructure THREATS 13 Classification of threats according to the type of event: • Acts of nature – hurricane, flood, earthquake, etc. • External man-made events – terrorism, evacuation, security intrusion, etc. • Internal unintentional events – accidental loss of files, computer failure, etc. • Internal intentional events – strike, sabotage, data deletion, etc. RISKS 14 Competitor Catastrophic Loss Sensitivity Sovereign/Political Shareholder Relations Legal Capital Availability Industry Financial Markets Information For Decision Making Risk Operational Pricing Contract Commitment Measurement Alignment Completeness and Accuracy Regulatory Reporting Financial Budget and Planning Completeness and Accuracy Accounting Information Financial Reporting Evaluation Taxation Pension Fund Investment Evaluation Regulatory Reporting Strategic Environmental Scan Business Portfolio Valuation Measurement Organization Structure Resource Allocation Planning Life Cycle Operations Risk Customer Satisfaction Human Resources Product Development Efficiency Capacity Performance Gap Cycle Time Sourcing Commodity Pricing Obsolescence Shrinkage Compliance Business Interruption Product Service Failure Environmental Health & Safety Trademark/Brand Name Erosion Empowerment Risk Leadership Authority Limit Performance Incentives Communications Information Processing/Technology Risk Access Integrity Relevance Availability Integrity Risk Management Fraud Employee Fraud Illegal Acts Unauthorized Use Reputation Financial Risk Currency Interest Rate Liquidity Cash Transfer/Velocity Derivative Settlement Reinvestment/Rollover Credit Collateral Counterparty Process Risk Environment Risk Business Risk Model 15 ENTRY POINT: INFRASTRUCTURE Business Network Control Room IT DRP Network Resilience Server Mirroring Dealing Room Office Relocation Equipment Failures Infrastructure Business Interruption Risks (BIR) • Traditional approach. • Very often limited to IT, then extended to "departmental" infrastructure or office infrastructure. • Very often the business perspective is used to assess criticality of infrastructure elements, and to justify the cost (business impact analysis). • The risk scope is limited to infrastructure risks through analysis of threats (potential events). Infrastructure Risk Long-Term Business Viability Brand Image Client Satisfaction Capacity Regulatory 16 ENTRY POINT: BUSINESS Business Infrastructure Business Interruption Risks (BIR) Network Control Room IT DRP Network Resilience Server Mirroring Dealing Room Office Relocation Equipment Failures • Top-down approach. • Starting from a top-down analysis of the critical business domains or processes. • For the critical business processes, assess the dependencies and criticality. • Often, the business interruption risk dimension is included into the business impact assessment, although not always made explicit or limited to the obvious business interruption risks. Infrastructure Risk Long-Term Business Viability Brand Image Client Satisfaction Capacity Regulatory 17 ENTRY POINT: BUSINESS RISKS Business Infrastructure Business Interruption Risks (BIR) 1. 2. Network Control Room IT DRP Network Resilience Server Mirroring Dealing Room Office Relocation Equipment Failures • Entering from looking at the business risks created by a business interruption. • Allows to include more than only the operational impact, e.g., product quality, brand image, health & safety, cash flow, etc. • To manage these risks, next to BCP, other actions may be included, e.g., asset protection, supply chain management, crisis management, media management, etc. • Here we can provide the best added value. Infrastructure Risk Long-Term Business Viability Brand Image Client Satisfaction Capacity Regulatory RISKS The “five As” of risk management : Assess Risk1 Accept or reject risk2 Avoid risk, transfer risk or reduce risk to an acceptable level 3 Analyze performance gaps4 Act to improve5 18 Business Processes Information Flows Infrastructure & Resources 19 Identify key dependencies and vulnerabilities within the business organization, top-down: • What does the company depend on to be successful? • What are the key business processes driving the business? • What are the flows within these business processes? • What are the vulnerabilities and dependencies within these flows and business operations? BUSINESS PROCESSES Key Business Drivers (IT) INFRASTRUCTURE 20 Identifying recovery solutions Assessing the possible threats Selecting the critical infrastructure Analyzing the potential business impact Obtaining an inventory of (IT) infrastructure Achieved by BCP METHODOLOGIES 21 Two main BCP methodologies: Entry Points BCP Methodology Infrastructure Infrastructure-oriented, threat-based Threat Business Business-oriented, risk-based Risk
Compartilhar