incident management framework - ebrp solutions · pdf filecertification planning plan...
TRANSCRIPT
Incident Management Framework
Plans should not be the only goal of Business Continuity Management (BCM) programs. The true end-state of BCM should be assurance that your organization can successfully manage its response to any disruption - effective Incident Management.
An Incident Management Framework has 4 components:
Planning – More than just BIAs and Risk Assessments, planning is the process of gathering, analysis and presentation of data crucial to Incident Managers’ and senior executives’ Decision Support. These include: assessment of current capabilities, vulnerabilities and gaps, single points of failure, process and IT services’ critical resources, RTO’s and RPO requirements.
Plan Development – Plans must be developed to meet objectives and foster collaboration, not to fill checklists or comply with ‘standards’. Plans have to be actionable and executable. One of the critical components of actionable plans is its ability to ensure smooth and efficient execution of the planned strategy to achieve business objectives (some in the industry refer to these plans as ‘playbooks’) Preparedness – Plans are necessary, but alone they do not inspire senior executives’ confidence in your organization’s ability to respond effectively to an incident. They will gain confidence if Plans are exercised frequently, tested in different scenarios, consistently meet recovery objectives and demonstrate quantifiable continuous improvement.
Program Management – Streamlining and automation of repetitive tasks allows more time for better execution of the other 3 Ps. Repetitive tasks such as data refresh and plan review notification can be automated. A well run BCM Program includes scheduled tasks such as exercises & tests and user training, program metrics, KPI’s, users access management, audit & compliance reporting and decision support for management through interactive Dashboards.
4 Ps of the Incident Management Framework
Preparedness
ProgramManagement
RiskAssessment
Dependencies
What If?
Maps
BIA
ProcessPlans
Reviews
Checklists
Strategies TaskSequencing
Exercise
IssueManagement
Workflow
RTOMonitor
EmergencyOperations
Centre
AccessControl
DataAutomation
Reports
1
Alerts
100%
75%
50%
25%
0%
Dashboards
AUDIT
AuditCompliance
Notification
Certification
PlanningPlanDevelopment
Incident Management Framework
PlanningPlan DevelopmentPreparednessProgram Management
Planning P
Before creating Business Continuity plans, the important Planning process must occur. The Planning process helps identify criticalities (ranking or tiers – including dependencies) and impacts on Reputation, Customers and Regulatory requirements.
Planning results should also unearth gaps, vulnerabilities and single points of failure in current operations.
Accordingly, Planning should help determine RTO’s for critical technology and business processes, and should also include ‘what if?’ analyses to identify domino effects (or causality chains) of potential disruptions to those critical functions.
Effective Planning goes beyond the traditional BIA to encompass upstream and downstream dependencies, geospatial information (mapping), the implications of time zones, currencies and other supply chain and regulatory considerations.
Ultimately, the Planning process must lead to more than Plans. Planning should supply Senior Executives and Incident Managers with the information needed to support decision-making in response to any operational disruption.
Incident Management Framework
PlanningPlan DevelopmentPreparednessProgram Management
Plan Development P
One of Planning’s critical outcomes should be identification of critical products and services – and what strategies are likely to successfully restore or resume each service. In their simplest terms, Plans are the implementation of those strategies.
• The goal of every plan should be the efficient and predictable resumption of a disrupted service. • Plans should be a single source of reference for responders to act upon in response to any business disruption. • Plans should be a concise, unambiguous sequence of tasks. • Tasks should be documented, tested and approved. • During execution, the status of individual tasks can be monitored so execution of the plan can be managed. • Plans should facilitate collaboration and foster dissemination of vital information to all interested stakeholders: Incident Managers, Recovery Teams, Product/Service owners, Business Process managers, and Executive managers (and anyone else appropriate). • Plans should be reviewed & updated periodically to ensure they are both current and viable.
Plan completion shouldn’t just be a checkbox on a BCM audit or standards list. A ‘standardized’ plan outline could make review and audit easier, but a fill-in-the-blanks form – or a checklist – will never be effective enough to assure a successful recovery.
Incident Management Framework
PlanningPlan DevelopmentPreparednessProgram Management
Preparedness P
Planning enables Plan development. Plans will help carry out those strategies in response to outages. But Plans should not be the end-state of a BCM program. The next step in the Incident Management Framework is Preparedness – to assure ability and readiness to respond: • Awareness: Let stakeholders (executives, managers, employees, regulators and customers) know what you’ve planned, and how a disruption – and recovery – will impact them.
• Exercise and Test: Do it frequently enough to build ‘muscle memory’. And exercise using a variety of scenarios.
• Continuous improvements: Track exercise results to uncover gaps in Planning assumptions, and progress toward recovery improvement goals – reducing response times, RTO’s and limiting impacts.
• Build Confidence: Develop senior executives’ willingness to invoke those Plans in response to any disruption (rather than depend upon an ad hoc response).
The Preparedness P should be a concerted effort to create confidence in your BCM Program – and the resources expended on planning and plans.
Incident Management Framework
PlanningPlan DevelopmentPreparednessProgram Management
Program Management P
Building an effective Enterprise-wide Business Continuity program requires much more than BIAs and some Plans. Successful implementation of an Incident Management Framework requires Planning, Plan Development and Preparedness in a structured, repeatable and accessible environment. None of that can be effective without a Program Management structure that makes BCM Managers more efficient:
• With automated Notification processes for Plan reviews, BIA updates and approvals, exercise schedules, alerts, etc.
• With automatic updates of underlying data: Employee contacts, Vendors, Facilities and IT CMDB components.
• With the ability to manage diverse time zones, currencies and languages where necessary.
• With Access Controls and Authentication (SSO, ADS, SAML2) that allow authorized users easy access – but protects information from unauthorized uses.
• With Reporting capabilities for management and compliance: gaps, dashboards, maps, program metrics, etc.
Building a successful Incident Management-ready BCM Program requires much more than conducting BIAs and writing Plans. The 4 P’s of the Incident Management Framework – Planning, Plan Development, Preparedness and Program Management – can raise your organization’s confidence in its ability to respond to and recover from any disruption.
Incident Management Framework
PlanningPlan DevelopmentPreparednessProgram Management