Business Continuity Management

1、 Business Continuity Management(BCM)Best Practices25 August 2008By Ros YusoffNUBE-confidential-OVERALL IMPLEMENTATION APPROACHStaff / Management Awareness & TrainingTraining Matrix & Master PlanShort Training SessionsWorkshops / Awareness SessionsOrganizational RolesIncorporate R&R into

2、JDsDefining Roles & ResponsibilitiesDefining the Committees & TeamsTesting & ReviewUpdateReviewTestingDevelop RTPRisk assessmentWorkshopsEmergency ResponseEscalation & NotificationDamage AssessmentLife & SafetyCrisis MgmtDisaster DeclarationData & Record RecoveryPlan Developm

3、entProcedure DevelopmentChecklist DevelopmentContact InformationRequirements & StrategyPoliciesBusiness ImpactRisk AssessmentContinuity StrategiesInitiationProgram ManagementProject StatementTimelineMaturity AssessmentPreventive MeasuresAssurance-confidential-Building the Team & Capabilities

4、 Identify the ChampionMust be a person who has the overall view of all the processes involved Identify the key personnel & the backup personnel for each critical process Incorporate BC roles & responsibilities into JDsMake them as part of KPIs Develop a skill matrix that your organization ne

5、edsDraft annual training planHold lots and lots of awareness sessionsFocus on specific skills required for the different team members-confidential-Understanding Your Business Initiation stage In-house vs. Outsource (make the decision) In-house: Get well-trained; get the experience required Outsource

6、: Never outsource fully Perform a maturity assessment (gap analysis) Should be brief and simple Develop the project/program based on the results of the maturity assessment Do not rush to get it done. Get it done right -confidential-Understanding Your Business Requirements & strategy Define the p

7、olicies The policies must be implementable during disasters Perform risk assessment & BIA Only high-level risk assessment to determine critical threats in relation to Availability BIA - to determine the criticality of systems Identify preventive measures that exist already Propose recovery strat

8、egies Go back to the manual way when possible Minimally, should have off-site storage for critical data Go back and review BIA-confidential-Implementation Emergency response Life and safety first Identify an alternate place to work at Determine requirements at the alternate place (voice communicatio

9、ns is crucial during disaster) Notification & escalation procedures must be simple Ensure that contact information is accurate (requires frequent updates) Determine documents & records required to recover critical business War chest-confidential-Implementation Plan development Recovery plans

10、 When possible, only use checklists Should be developed by the team members that would be involved in the recovery activities The goal is never to recover 100% of the business, but to an acceptable level Use simple, straight forward sentences Incorporate information security requirements into your p

11、lans Do not forget to draft the restoration plans Back to the original site Do not forget to develop plans for the mobilization of staff to the alternate site Transportation, office supply, food, accommodation -confidential-Continual Improvement Testing (exercising) & reviewEvent PhaseSituationC

12、risis Management PlanBusiness Management PlanOneImmediate aftermathMedia managementStrategic assessmentDamage assessmentFormal invocation of BC servicesCasualty managementTwoDamage containedMedia managementMonitoring of BC teamsMobilizing alternate resourcesStaff communicationsThreeResumption beginn

13、ingStood downRegular meetings for updatesManaging alternate resourcesResumption of critical functionsFourConsolidationReviewResumption of further functionsBack to originate site-confidential-Continual Improvement Compliance & Audit Must have a thorough understanding of the business, individual f

14、unctions, and interdependent relationships Challenge management related to potential risk Participate in BIA workshops Challenge recovery strategies Participate during testing Involve the right people as Subject Matter Experts-confidential-Hallmarks of a World-class BCP Centralized at the enterprise level Identify a Control Champion Committed and visible support from ma