www.businessbeam.com

A business case for establishing Business Continuity Plan (BCP) Business Beam

Contents

2

1

What is Business Continuity?

2

Business Benefits

3

Implementation Roadmap Copyrights (C) 2004-2016 Business Beam. All rights reserved.

What is Business Continuity? A business case for establishing a Business Continuity Plan

9/11 for Pakistan

4

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

Happened in Karachi (June 26, 09)

5

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

Suicide Attack in Lahore (May 27, 09)

6

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

Thanks to KESC

7

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

Berger Paints

8

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

Fire at Shahra-e-Faisal Building

9

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

The Reality of Business Continuity 

43% of US companies never reopen after a disaster and 29% more close within 3 years.



20% of small to medium size businesses suffer a major disaster every 5 years.



78% of organizations which lacked contingency plans but suffered catastrophic loss were gone within 2 years…most had insurance, and many had business interruption coverage! (Sources: U.S. National Fire Protection Agency, U.S. Bureau of Labor, Richmond House Group and B2BContinuity.com)

10

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

Is This An Effective Management Strategy In the Face of the KNOWN Risks!

YES!

NO!

Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.

11

Effects of Effective Business Continuity The impact on shareholder value

Effective crisis response Ineffective crisis responses

25

50

75

100

125

150

175

200

225

Trading days after the event Source: “The Impact of Catastrophes on Shareholder Value,” Rory F. Knight & Deborah J. Pretty, Templeton College, University of Oxford, p. 3. 12

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

What is Business Continuity Management? 

Business Continuity Management (BCM) is a holistic management process that:   

13

Identifies potential impacts that threaten an organization, Provides a framework for building resilience and the capability for an effective response, Safeguards the interests of key stakeholders, reputation, brand and value creating activities.

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

Success or Failure? Fully tested effective BCM

A

Level of business

B No BCM – lucky escape

C

No BCM – usual outcome

Critical recovery point

Time 14

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

Business Benefits A business case for establishing a Business Continuity Plan

Key Benefits (1) 

To Business     



To Operations   



Gain reputation as “Safe and Secure Organization” First mover advantage Cost effectiveness = Higher profitability Better compliance with laws and regulations Better continuity in case of any disaster

Better risk management & risk reduction Better cost control Defined SOPs

To IT 

  

16

Identification and control of information assets Better risk management Defined SOPs IT Disaster management Copyrights (C) 2004-2016 Business Beam. All rights reserved.

Key Benefits (2) 

Better policies, procedures and working templates    

  

17

Business continuity Information security Related roles and responsibilities Organization wide awareness SAP related and general IT infrastructure Use of network services Mobile computing

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

Key Benefits (3) 

Identification of Business Critical processes   



Process identification Process ranking according to business criticality Continuity strategies for critical processes

Business Continuity planning   

18

Business Impact Analysis (BIA) BCP for all areas under scope BCP awareness, testing and exercises

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

Key Benefits (4) 

Information Asset Management   



Information Classification Information Asset Identification & Classification Employee Skill Management

Risk Management   

19

Identification and Analysis of Risks Treatment of Risks Development of Risk Management Approach & Criteria

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

Key Benefits (5) 

Better Description of Roles & Responsibilities    



Job description related to information security Pre-hiring controls During employment personnel development Post-employment controls

Physical Security  

20

Identification of Secure Areas Equipment Security

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

Key Benefits (6) 

Communications & Operations Management 

      



Documented SOPs Segregation of duties Third party service delivery management System planning & acceptance Data backup and recovery Network security Media handling e-Commerce

Access Control    21

Access control policy and procedures User, network and OS access control Application and mobile access control Copyrights (C) 2004-2016 Business Beam. All rights reserved.

Key Benefits (7) 

Regulatory compliance  



All applicable laws Intellectual property rights

Framework for Continual Improvement  

22

Regular Internal Audits Corrective & preventive actions

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

Implementation Roadmap A business case for establishing a Business Continuity Plan

23

Implementation Roadmap Phase 1: Scoping & Planning Phase 2: Understanding the Organization Phase 3: Risk Assessment and Control Phase 4: Implementation of Mitigation Strategies Phase 5 Training for Audit and Internal Audit 24

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

25

Establishing Management Steering Group Establishing working groups

Project Scoping

Awareness Sessions Implementer Trainings

Team Formation

Awareness

Phase 1: Scoping & Planning

Identification of geographical scope Identification of functional scope Documenting and agreeing the scope of the assignment

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

26

Identification of business impact if process does not work Prioritizing processes based on time criticality Presenting report to the management

Asset Registration

Identification of functions under scope Identification of processes under scope

BIA

Process Identification

Phase 2: Understanding the Organization

Identification & classification of information assets in the organization Asset value assessment Asset ownership identification

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

27

Calculating risk threshold Defining risk acceptance criteria

Development of SOA

Identification of application threats, and risks Analyzing probability and impact of risks

Risk Threshold

Risk Assessment

Phase 3: Risk Assessment and Control

Selection of right controls to handle the identified risks Implementing risk threshold and acceptance criteria Developing and presenting SOA

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

28

Identifying right mitigation strategies Planning for implementation

Business Continuity Plan

Developing processes and procedures for information security controls

Mitigation Planning

Security Controls

Phase 4: Implementation of Mitigation Strategies

Development of Business Continuity Plan Desktop exercise of BCP

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

29

Conducting first internal audit Developing Internal Audit report

Audit Findings

Hands-on internal audit trainings for selected individuals Internal audit trainings on both standards

Internal Audit

Internal Audit Training

Phase 5: Training for Internal Audit and Internal Audit

Detailed assistance in closure of audit findings Identification of corrective and preventive actions

Copyrights (C) 2004-2016 Business Beam. All rights reserved.

www.businessbeam.com

Thank You! [email protected]