Business Continuity Plan Development
- 1. BUSINESS CONTINUITY PLANNING What is Business Continuity Planning? Business Continuity Planning is the development of plans to handle issues that may cause business interruptions.
- 2. BUSINESS CONTINUITY PLANNING What is Business Continuity Planning? Business Continuity Planning is the development of plans to handle issues that may cause business interruptions. What is Business Interruption? Business Interruption is defined as abnormal business operations due to any event. Power outage – what is the plan for the manufacturing operation, what is the plan for the office staff? Tornado – what is the plan for the manufacturing operation, what is the plan for shipping?
- 3. Maximum Tolerable Downtime (MTD) or Maximum Allowable Downtime (MAD) Based on the ‘impact timelines’, this is the maximum length of time each function can be suspended in a disaster scenario without putting the business at unacceptable risk. VALUABLE TERMS
- 4. Maximum Tolerable Downtime (MTD) or Maximum Allowable Downtime (MAD) Based on the ‘impact timelines’, this is the maximum length of time each function can be suspended in a disaster scenario without putting the business at unacceptable risk. Recovery Time Objective (RTO) The period of time within which systems, technologies, or functions must be recover after an outage. VALUABLE TERMS
- 5. Maximum Tolerable Downtime (MTD) or Maximum Allowable Downtime (MAD) Based on the ‘impact timelines’, this is the maximum length of time each function can be suspended in a disaster scenario without putting the business at unacceptable risk. Recovery Time Objective (RTO) The period of time within which systems, technologies, or functions must be recover after an outage. Recovery Point Objective (RPO) The point in time to which a system and its data must be recovered. VALUABLE TERMS
- 6. AGENDA 6 Threats to Business Functions 5 Levels of Threats 12 Steps to Developing an Effective Business Continuity Plan
- 7. 6 THREATS TO BUSINESS FUNCTIONS
- 8. Natural Threats 6 THREATS TO BUSINESS FUNCTIONS Floods, Tornadoes, Hurricanes, Earthquakes, Snow Storms, Ice Storms, Wildfires
- 9. Natural Threats 6 THREATS TO BUSINESS FUNCTIONS Facility Threats Floods, Tornadoes, Hurricanes, Earthquakes, Snow Storms, Ice Storms, Wildfires Fire, Explosion, Power Failure, Water Damage, Loss of Access, Mechanical Failures
- 10. Natural Threats 6 THREATS TO BUSINESS FUNCTIONS Facility Threats Personnel Threats Floods, Tornadoes, Hurricanes, Earthquakes, Snow Storms, Ice Storms, Wildfires Fire, Explosion, Power Failure, Water Damage, Loss of Access, Mechanical Failures Strikes, Epidemics, Hazardous Materials, Transportation Problems, Loss of Key Personnel ON STRIKE
- 11. Natural Threats 6 THREATS TO BUSINESS FUNCTIONS Facility Threats Personnel Threats Technology Threats Floods, Tornadoes, Hurricanes, Earthquakes, Snow Storms, Ice Storms, Wildfires Fire, Explosion, Power Failure, Water Damage, Loss of Access, Mechanical Failures Strikes, Epidemics, Hazardous Materials, Transportation Problems, Loss of Key Personnel Viruses, Hacking, Data Loss, Hardware Failure, Software Failure, Network Failure, Phone System Failure
- 12. Natural Threats 6 THREATS TO BUSINESS FUNCTIONS Facility Threats Personnel Threats Technology Threats Operational Threats Floods, Tornadoes, Hurricanes, Earthquakes, Snow Storms, Ice Storms, Wildfires Fire, Explosion, Power Failure, Water Damage, Loss of Access, Mechanical Failures Strikes, Epidemics, Hazardous Materials, Transportation Problems, Loss of Key Personnel Viruses, Hacking, Data Loss, Hardware Failure, Software Failure, Network Failure, Phone System Failure Financial crises, Loss of Key Customers or Suppliers, Equipment Failure, Regulatory Issues, Bad Publicity, Lack of Due Diligence
- 13. Natural Threats 6 THREATS TO BUSINESS FUNCTIONS Facility Threats Personnel Threats Technology Threats Operational Threats Social Threats Floods, Tornadoes, Hurricanes, Earthquakes, Snow Storms, Ice Storms, Wildfires Fire, Explosion, Power Failure, Water Damage, Loss of Access, Mechanical Failures Strikes, Epidemics, Hazardous Materials, Transportation Problems, Loss of Key Personnel Viruses, Hacking, Data Loss, Hardware Failure, Software Failure, Network Failure, Phone System Failure Financial crises, Loss of Key Customers or Suppliers, Equipment Failure, Regulatory Issues, Bad Publicity, Lack of Due Diligence Riots, Protests, Sabotage, Vandalism, Bomb Threats, Workplace Violence, Terrorism, Threat of Labor Unions
- 14. 5 LEVELS OF THREATS
- 15. 5 LEVELS OF THREATS Level 1 A threat to the continuation of one or more business unit functions due to the loss of a single, but critical, resource at one of the company’s facilities.
- 16. 5 LEVELS OF THREATS Level 1 A threat to the continuation of one or more business unit functions due to the loss of a single, but critical, resource at one of the company’s facilities. Level 2 A threat to the continuation of many business unit functions due to an event that prevents access to one of the company’s facilities, but does not damage any critical resources.
- 17. 5 LEVELS OF THREATS Level 1 A threat to the continuation of one or more business unit functions due to the loss of a single, but critical, resource at one of the company’s facilities. Level 2 A threat to the continuation of many business unit functions due to an event that prevents access to one of the company’s facilities, but does not damage any critical resources. Level 3 A threat to the continuation of many business unit functions due to an event that damages or destroys a number of critical resources at one of the company’s facilities. This is a combination of multiple Level 1 threats.
- 18. 5 LEVELS OF THREATS Level 1 A threat to the continuation of one or more business unit functions due to the loss of a single, but critical, resource at one of the company’s facilities. Level 2 A threat to the continuation of many business unit functions due to an event that prevents access to one of the company’s facilities, but does not damage any critical resources. Level 3 A threat to the continuation of many business unit functions due to an event that damages or destroys a number of critical resources at one of the company’s facilities. This is a combination of multiple Level 1 threats. Level 4 A threat to the continuation of many business unit functions due to an event that totally destroys one of the company facilities and most, if not all, of the critical resources in that facility. For a company in a single facility, this is the highest threat level.
- 19. 5 LEVELS OF THREATS Level 1 A threat to the continuation of one or more business unit functions due to the loss of a single, but critical, resource at one of the company’s facilities. Level 2 A threat to the continuation of many business unit functions due to an event that prevents access to one of the company’s facilities, but does not damage any critical resources. Level 3 A threat to the continuation of many business unit functions due to an event that damages or destroys a number of critical resources at one of the company’s facilities. This is a combination of multiple Level 1 threats. Level 4 A threat to the continuation of many business unit functions due to an event that totally destroys one of the company facilities and most, if not all, of the critical resources in that facility. For a company in a single facility, this is the highest threat level. Level 5 A threat to the continuation of many business unit functions due at multiple facilities.
- 20. 12 Steps to Developing an Effective Business Continuity Plan
- 21. Initiating the Program The Board of Directors agree that a Business Continuity Plan is necessary. Understanding that a BCP is not a project but “a way of business”. The Board of Directors issue a “Directive” / “Mission Statement”. Appoint a BCP Program Manager. Select a BCP Planning Team. Establish objectives and milestones.
- 22. Initiating the Program Risk Assessment Assess potential for interruption of operations due to: • Loss of Facilities • Loss of Computer Systems • Loss of Data • Loss of Communications • Loss of Key Personnel
- 23. Initiating the Program Risk Assessment Business Impact Analysis Identify time-dependent impacts of business interruptions, such as: • Loss of Revenue • Loss of Market Share • Loss of Reputation • Loss of Productivity • Regulatory Non-Compliance
- 24. Initiating the Program Risk Assessment Business Impact Analysis Continuity Strategy Selection Select and implement appropriate strategies for: • Reducing Risks • Mitigating Impacts • Recovering Systems and Data • Resuming Operations
- 25. Initiating the Program Risk Assessment Business Impact Analysis Continuity Strategy Selection Computer Recovery Plan Development Develop plans for recovering critical computer systems, which address: • Alternate data center facilities • Computer hardware replacement • Software and data recovery • System Connectivity • Physical and Logical Security
- 26. Initiating the Program Risk Assessment Business Impact Analysis Continuity Strategy Selection Computer Recovery Plan Development Establish BCP Teams Establish a BCP Team Structure consisting of: • Crisis Management Team • Response Teams • Business Unit Teams • IT Teams • Support Teams
- 27. Initiating the Program Risk Assessment Business Impact Analysis Continuity Strategy Selection Computer Recovery Plan Development Establish BCP Teams Develop Crisis Management Framework Develop a framework for managing an incident, including: • Emergency Response Procedures • Communication Procedures • Decision Making Criteria • Management Succession • HR Policies
- 28. Initiating the Program Risk Assessment Business Impact Analysis Continuity Strategy Selection Computer Recovery Plan Development Establish BCP Teams Develop Crisis Management Framework Business Resumption Plan Development Develop detailed plans for resuming critical functions, which include: • Resource requirement definition • Team member contact information • Activity Lists • Detailed activity documentation • Off-site materials lists
- 29. Initiating the Program Risk Assessment Business Impact Analysis Continuity Strategy Selection Computer Recovery Plan Development Establish BCP Teams Develop Crisis Management Framework Business Resumption Plan Development Testing And Exercising Establish processes for testing plans and exercising teams such as: • Desk checks, Peer Reviews • Structured Walkthroughs • Call Tree Tests, Operational Tests • Table Top and Simulation • Drills, Mock Disasters
- 30. Initiating the Program Risk Assessment Business Impact Analysis Continuity Strategy Selection Computer Recovery Plan Development Establish BCP Teams Develop Crisis Management Framework Business Resumption Plan Development Testing And Exercising Maintenance And Evaluation Establish on-going processes for: • Updating plan contents • Distributing plan updates • Controlling plan access • Evaluating Plan Effectiveness • Auditing BCP Processes • Maintaining Contracts
- 31. Initiating the Program Risk Assessment Business Impact Analysis Continuity Strategy Selection Computer Recovery Plan Development Establish BCP Teams Develop Crisis Management Framework Business Resumption Plan Development Testing And Exercising Maintenance And Evaluation Awareness And Training Establish an on-going program for: • Training BCP Planners and BCP Team Members • Maintaining employee and Management Awareness
- 32. Initiating the Program Risk Assessment Business Impact Analysis Continuity Strategy Selection Computer Recovery Plan Development Establish BCP Teams Develop Crisis Management Framework Business Resumption Plan Development Testing And Exercising Maintenance And Evaluation Awareness And Training Program Management Establish a permanent framework for managing the on-going program: • Issue Policies and Standards • Assign Accountability • Create a Steering Committee • Set Annual Budgets and Objectives • Monitor and Enforce Compliance
- 33. The development of a quality Business Continuity Plan
- 34. The development of a quality Business Continuity Plan Developed by a team, not one person; the collective minds and ideas of a team.
- 35. The development of a quality Business Continuity Plan Developed by a team, not one person; the collective minds and ideas of a team. Outside sources such as Police and Fire Department, the Mayor Office, Red Cross, Health Department, local Hospital, etc… can provide ideas on how to protect under circumstances. Use these agencies to provide lectures to teach your team on how to structure your plan and train the team on what to look for under certain conditions.
- 36. DISADVANTAGES OF A BUSINESS CONTINUITY PLAN ?
- 37. ADVANTAGES OF A BUSINESS CONTINUITY PLAN Your company will know the steps to be taken during an emergency. Vendors, customers, employees, banks, and insurance agencies will see your seriousness on continuing your business in wake of business interruption.
- 38. If this Slide Presentation was helpful, please Like It and Share It with your Community. BUSINESS CONTINUITY PLAN Do you know the Business Continuity Plan of yourVendors, Suppliers, and Customers? No. Why not? Do they help your business survive today? Will they help your business survive tomorrow?