merit event - preventing business disaster
DESCRIPTION
The fear caused by global terrorism has made many organisations more closely examine their Disaster Recovery and Business Continuity plans. Of course factors far more ordinary than terrorism can cause major disruption to an organisations’ ability to operate (e.g. theft, fire, flood, fraud, etc.). Although many organisations have contingency plans in place, many more have given little consideration to this possibility. Those that have made some provision may have done so without undertaking a full risk assessment and this could result in their plans being ineffective in the case they need to implement them. A key function within any business these days is the IT systems and it is important that any continuity plan considers this area of activity. To assist organisations to better understand what steps they can take to plan for, and mitigate the impact of, issues which may effect their organisation’s IT and eBusiness systems we have invited a number of expert speakers to present at this event. The seminar will include: • An introduction to Disaster Recovery and Continuity Planning. An overview of what is meant by the terminology as it applies to business in general before focusing on IT and eBusiness related issues. • Identifying the risk and developing a plan Practical guidance and examples on how you can identify the potential risk to the IT systems within your businesses. This review will also explain what steps you can take to minimise this risk potential impact caused by any failure or disruption to the systems. • Server Clustering, Consolidation and Mirroring A brief introduction to this technology which can be implemented as part of a plan to prevent disruption of service. • Exhibition To supplement the speakers at this event we have also invited a number of exhibitors who have product offering which could form part of a continuity plan. These include, amongst others: offsite storage & data backup providers, consultancy services, technical solution providers and anti-virus software specialist.TRANSCRIPT
04/10/23 Merit BCM 1
Business Continuity Management
Peter Case-Upton
School of Business Information
04/10/23 Merit BCM 2
Background to BCM
Risk Analysis
The BCM Process
Business Continuity ManagementThe Plan
04/10/23 Merit BCM 3
Business Continuity Management Business continuity - what is it? Planning for potential disasters which could
effect the normal operation of the business Why Bother?
– Minimising the cost impact– Reducing regulatory/statutory effects– Preserving image/credibility– Demonstrate leadership
04/10/23 Merit BCM 4
The Origins
BCM came from an IT systems background
Typical exponents of BCM were:-– IBM, DEC, HP, ICL, etc– Banks, commercial, industrial, etc
Found to rely on business processes Companies have learned the hard way via
their own disasters
04/10/23 Merit BCM 5
Types of Risk and Threat
Denial of access Chemical spillages Fire, bombs, terrorist attacks Sickness/epidemic Natural disasters Threats from the skies
(Accident/Intentional)
04/10/23 Merit BCM 6
Examples
World Trade Centre Sept 11 & 1992 Manchester Bomb Docklands Etc
04/10/23 Merit BCM 7
The Manchester Bomb
1000 kg Lorry bomb
200 people injured
04/10/23 Merit BCM 8
Some Facts - Business Disasters
80% of UK businesses have no plan– The ‘It won’t happen to me syndrome!’
68% of businesses who experience a disaster and don’t have a plan - go out of business within 2 years
One in five organisations will suffer a major IT disaster in five years
04/10/23 Merit BCM 9
Dis
aste
r R
eco
ve
ry
Su
pp
ly C
hai
n M
an
ag
em
en
t
Qu
alit
y M
an
age
me
nt
He
ath
an
d S
afe
ty
Kn
ow
led
ge
Ma
nag
em
en
t
IT &
Se
cu
rity
Em
erg
en
cy M
an
age
me
nt
Business Continuity ManagementA Wide Ranging Subject Area
Ris
k M
ana
gem
ent
Cri
sis
Ma
na
ge
men
t a
nd
PR
Fa
cilit
ies
Man
ag
eme
nt
04/10/23 Merit BCM 10
Understand the Business
Develop and Implement a BCM
Response
Develop Business Continuity Strategies
Build and Embed a BCM Culture
Exercise, Maintenance and
Audit
Programme Management
Business Continuity Life Cycle
1
5 2
34
6
BCM
04/10/23 Merit BCM 11
The Major Events in BCMRisk Analysis Review
andBusiness Impact Analysis
Disaster Management
Fallback Provision
Recovery Management
SalvageProvision
Test the
plan
04/10/23 Merit BCM 12
Implementation
Involvement - must have corporate commitment at board level
Use a structured approach Set up a steering group Arrange working groups Provide awareness training for groups Include budget for BCM Add contingency item to budget (5%?)
04/10/23 Merit BCM 13
Typical Company Structure
Quality /BCPM anager
Departm entalStaff
FinanceDirector
Departm entalStaff
OperationsDirector
Departm entalStaff
M arketingDirector
Departm entalStaff
T echnicalDirector
ChiefExecutive
04/10/23 Merit BCM 14
Typical Company Structure
Quality /BCPM anager
Departm entalStaff
FinanceDirector
Departm entalStaff
OperationsDirector
Departm entalStaff
M arketingDirector
Departm entalStaff
TechnicalDirector
ChiefExecutive Steering
Group
04/10/23 Merit BCM 15
Typical Company Structure
Quality /BCPM anager
Departm entalStaff
FinanceDirector
Departm entalStaff
OperationsDirector
Departm entalStaff
M arketingDirector
Departm entalStaff
TechnicalDirector
ChiefExecutive Working
Group 2
04/10/23 Merit BCM 16
Risk Assessment
Risk Identification– What is the risk?
Risk Assessment– What level of risk exists?
Risk Management– What are the priorities of all risks?
Risk Reduction– How can the risks be reduced?
04/10/23 Merit BCM 17
Risk The Zaphod Beeblebrox Approach
“Zaphod put on the glasses. They were a double pair of Joo Janta 200 Superchromatic Peril-Sensitive Sunglasses, which had been
specifically designed to help people develop a relaxed attitude to danger. At the first hint of
trouble they turn totally black and thus prevent you from seeing anything that might
harm you”From Adams ‘The Restaurant at the end of the universe’
04/10/23 Merit BCM 18
How Can Risk be Measured
Using probability (range of 0.0 to 1.0) Once in every x years, e.g. 1 in 20 year
storm Odds (2/1, 10/1) Occurrence (event per ‘000 people) Percentage (10%, 50%) High/ Medium/Low Risk Rating
04/10/23 Merit BCM 19
High, Medium and Low Risk Items
Consequence
Lik
elih
ood
04/10/23 Merit BCM 20
Risk Control Techniques
Risk Avoidance - To eliminate uncertainty
Transfer - Move ownership
Reduction - Down grade risk level
Absorption - Accept responsibility
04/10/23 Merit BCM 21
Business Impact Overview
A departmental specific document which defines:-– The Risk Analysis
– Organisational structures/numbers
– IT requirements
– Business Procedures
– Rationale for criticality
– Effect of disasters
How could levels of service be maintained
04/10/23 Merit BCM 22
The Disaster Phase - Day One
Assess the type and extent of disaster Invoke multi-level disaster management
teams and initiate plans Communicate with - staff, media, other
sites Mobilise contingency resource Inform salvage/insurance people Don't change the method of working
04/10/23 Merit BCM 23
The Fallback Phase - Day 1+
Try and use the plans Move to alternative locations Prioritise high criticality processes first Communicate with others Use replacement IT systems + data backups Alternative communications provision Prepare for recovery
04/10/23 Merit BCM 24
Recovery Management
Getting back to normal operation Phased return to the provision of full service Consider environmental aspects re-establish communications links Communicate with others Counselling Test the plan - learn from experience
04/10/23 Merit BCM 25
Background to BCM
Risk Analysis
The BCM Process
Business Continuity ManagementSummary