SlideShare a Scribd company logo

Introduction of Business Continuity Pocesss.ppt

Download as PPT, PDF
J
JEANELYESPERANZA

Lecture on BCP

Internet
1 of 27
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Introduction to Business continuity Planning 06/17/25 Business Continuity Planning 1
Introduction • The purpose of this lecture is to give an overview of what is Business Continuity Planning and provide some guidance and resources for beginner. 06/17/25 Business Continuity Planning 2
Do I need Business Continuity? • You are part of a successful business. • However, in this uncertain world, you need a business that is flexible. • Which can change with differing conditions and be strong through any disaster, be it natural or malicious • What if a crisis prevented delivery to a key customer? • How would a major incident affect the morale of your employees? • Would serious damage to your premises or resources affect your ability to carry on the business? 06/17/25 Business Continuity Planning 3
Small Business • If you are part of a small business then you are more likely to suffer from any incident that prevents your business from functioning normally. • The slightest delay in supporting your customers can and will be costly 06/17/25 Business Continuity Planning 4
What is Business Continuity Plan? • According to SANS definition 1: • Business Continuity refers to the activities required to keep your organization running during a period of displacement or interruption of normal operation. Whereas, • Disaster Recovery is the process of rebuilding your operation or infrastructure after the disaster has passed. 06/17/25 Business Continuity Planning 5
What is Business Continuity Plan? • According to Business Continuity Institute’s Glossary2 : • “Business continuity plan is A collection of procedures and information which is developed, compiled and maintained in readiness for use in the event of an emergency or disaster.” 06/17/25 Business Continuity Planning 6
What is Business Continuity Plan? • Business Continuity Planning (BCP) takes business protection beyond the disaster recovery plan, which just focuses on the short term re-establishment of your business following an incident. • It is a proactive approach, identifying potential threats before they occur and planning an organised response so that the effects of the incident are minimised. 06/17/25 Business Continuity Planning 7
For example • If your business was hit by a fire: • A BCP would cover all anticipated effects of such a disaster and detail plans and actions to minimise the damage to your business. • Most importantly, it would guide you through the incident and direct your resources and efforts in the right direction to bring normality back to your business as soon as possible. • A generic BCP can provide the basis of any response no matter what the nature of the incident is. (specific details can be aimed at particular problems within the plan) 06/17/25 Business Continuity Planning 8
Concerns? • If your premises was hit by a fire, would all the computer systems also be affected? • If so, would you lose vital information about suppliers, customers and orders? • Would documents and paperwork also be destroyed? 06/17/25 Business Continuity Planning 9
Why we need Business Continuity Plan? • Disaster might occur anytime, so we must be prepared. Depend on the size and nature of the business, we design a plan to minimize the disruption of disaster and keep our business remain competitive. • Due to the advancement of Information Technology (IT), business nowadays depends heavily on IT. With the emergence of e-business, many businesses can't even survive without operating 24 hours per day and 7 days a week. A single downtime might means disaster to their business. • Therefore the traditional Disaster Recovery Plan (DRP), which focuses on restoring the centralized data center, might not be sufficient. A more comprehensive and rigorous Business Continuity Plan (BCP) is needed to achieve a state of business continuity where critical systems and networks are continuously available. 06/17/25 Business Continuity Planning 10
When we need Business Continuity Plan? • We need Business Continuity Plan when there is a disruption to our business such as disaster. • The Business Continuity Plan should cover the occurrence of following events: a) Equipment failure (such as disk crash). b) Disruption of power supply or telecommunication. c) Application failure or corruption of database. d) Human error, sabotage or strike. e) Malicious Software (Viruses, Worms, Trojan horses) attack. f) Hacking or other Internet attacks. g) Social unrest or terrorist attacks. h) Fire i) Natural disasters (Flood, Earthquake, Hurricane) 06/17/25 Business Continuity Planning 11
Who should participate in Business Continuity Planning? • With the shift of IT structure from centralized processing to distributed computing and client/server technology, the company’s data are now located across the enterprise. Therefore it is no longer sufficient to rely on IT department alone in Business Continuity Planning, all executives, managers and employee must participate. • Normally Business Continuity Coordinator or Disaster Recovery Coordinator will be responsible for maintaining Business Continuity Plan. However his or her job is not updating the Plan himself or herself alone. His or Her job is to carry out review periodically by distributing relevant parts of the Plan to the owner of the documents and ensure the documents are updated. 06/17/25 Business Continuity Planning 12
Where to carry out Business Continuity Plan during disaster? • Cold Site • An empty facility located offsite with necessary infrastructure ready for installation in the event of a disaster. • Mutual Backup • Two organizations with similar system configuration agreeing to serve as a backup site to each other. • Hot Site • A site with hardware, software and network installed and compatible to production site. • Remote Journaling • Online transmission of transaction data to backup system periodically (normally a few hours) to minimize loss of data and reduce recovery time. • Mirrored Site • A site equips with a system identical to the production system with mirroring facility. Data is mirrored to backup system immediately. Recovery is transparent to users. 06/17/25 Business Continuity Planning 13
Recovery Alternatives 06/17/25 Business Continuity Planning 14
Recovery Alternatives • From the diagram, we notice that shorter the recovery time, higher the cost. • Do it yourself or use the facility of service provider • Organization can decide whether to set up the backup center on its own or use the facility provided by of business continuity provider. In making the decision, the organization should consider the following point: • Availability of facility (floor space). • Ability to maintain redundant equipment. • Ability to maintain redundant network capacity. • Relationships with vendors to provide immediate replacement or assistance. • Adequacy of funding. • Availability of skilled personnel. 06/17/25 Business Continuity Planning 15
How to prepare Business Continuity Plan? ( Business Continuity Plan Phases) • Project Initiation • Define Business Continuity Objective and Scope of coverage. • Establish a Business Continuity Steering Committee. • Draw up Business Continuity Policies. • Business Analysis (Business Impact Analysis) • Perform Risk Analysis and Business Impact Analysis. • Consider Alternative Business Continuity Strategies. • Carry out Cost-Benefit Analysis and select a Strategy. • Develop a Business Continuity Budget. 06/17/25 Business Continuity Planning 16
How to prepare Business Continuity Plan? ( Business Continuity Plan Phases) • Design and Development (Designing the Plan) • Set up a Business Recovery Team and assign responsibility to the members. • Identify Plan Structure and major components • Develop Backup and Recovery Strategies. • Develop Scenario to Execute Plan. • Develop Escalation, Notification and Plan Activation Criteria. • Develop General Plan Administration Policy. • Implementation (Creating the Plan) • Prepare Emergency Response Procedures. • Prepare Command Center Activation Procedures. • Prepare Detailed Recovery Procedures. • Prepare Vendors Contracts and Purchase of Recovery Resources. • Ensure everything necessary is in place. • Ensure Recovery Team members know their Duties and Responsibilities 06/17/25 Business Continuity Planning 17
How to prepare Business Continuity Plan? ( Business Continuity Plan Phases) • Testing • Exercise Plan based on selected Scenario. • Produce Test Report and Evaluate the Result. • Provide Training and Awareness to all Personnel. • Maintenance (Updating the Plan) • Review the Plan periodically. • Update the Plan with any Changes or Improvement. • Distribute the Plan to Recovery Team members. 06/17/25 Business Continuity Planning 18
BCP Benefits • Business Survival • Prepare for the worst. If well practiced, staff and management will be able to respond to an incident appropriately • Resources necessary to support the business through an incident will be identified and available • Any alternative premises and resources will be ready for use 06/17/25 Business Continuity Planning 19
BCP Benefits • Risk management • Identify, manage and mitigate as many risks as possible • Reduce the risks where necessary • Promotes a safer working environment and improves working conditions • Responsibility • A company that takes BCP seriously will be a more attractive proposition for Bankers, investors, insurers, customers and employees • A business with a BCP will have a responsible management 06/17/25 Business Continuity Planning 20
BCP Benefits • Employee satisfaction • A sound working environment • Welfare and safety concerns of the employee addressed • A BCP shows your employees that they are important to the survival of the company • Training exercises and drills are vital to the successful implementation of a BCP 06/17/25 Business Continuity Planning 21
Additional benefits of Business Continuity Planning • Provides opportunity to evaluate & implement major infrastructure upgrades • Data centers or network changes, system centralization server, consolidation or storage networking • Provides assurances that electronic data protection and accountability compliance regulations can be met • Standardizes business • Administrative cost saving and/or reduction of business risk • Documentation developed can be used as training materials for new employees • Planning process often highlights workflow inefficiencies, training inconsistencies and policy and internal control issues 06/17/25 Business Continuity Planning 22
BCP Process 06/17/25 Business Continuity Planning 23
Risk Management • The purpose of the Risk Management is to determine the events that can adversely affect the company and its facilities, the damage such events can cause and the controls needed to prevent or minimize loss • Process: • Perform interviews and conduct facility & building walkthroughs to gather data • Document organization Al structure and critical processes & systems • Document components of the critical infrastructure. • Identify single points of failure both with internal and external (vendor/partner) infrastructure and systems 06/17/25 Business Continuity Planning 24
Risk Management • Identify potential threats, vulnerabilities and impacts • Determine options and alternatives for controls (mitigations) • Present a Decision matrix for implementing controls 06/17/25 Business Continuity Planning 25
Business Impact Assessment (BIA) • The purpose of the BIA is to identify the impacts of an outage on the business and to establish objectives for recovering critical processes, systems and applications • Process: • Interview business leaders and managers of key departments • Identify time-critical business functions and processes • Identify technology systems, data and workspace required to support critical functions • Determine the impacts of a disruption • Prioritize critical functions and processes, and group into levels • Establish Recovery Objectives • establish levels such as critical, Essential and important group functions by level • When will we recover and to what level of service? • RTO = Recovery Time Objective (tolerance for downtime) • RPO = Recovery Point Objective (tolerance for data loss) 06/17/25 Business Continuity Planning 26
What is a Disaster? • A sudden, unplanned, calamitous event causing great disruption, damage or loss • Plan for a range of outage scenarios • Loss of critical infrastructure or applications- longer term • Loss of access to critical systems – typically short term • Office is uninhabitable and/or the building does not have power- indefinite interruption • Take into account the scope of the disaster • Individual, local, regional or national impact • Make the plan modular to allow greatest flexibility in an outage 06/17/25 Business Continuity Planning 27

More Related Content

PPTX
Smart simple inc_bcp_aug_2014
Joel Gomes
 
PPTX
Business Continuity as a Career
Bonnie Canal
 
DOCX
Running head BUSINESS COUTINUITY PLAN1BUSINESS CONTINUTIY PLAN.docx
susanschei
 
PPTX
BCI & Plan B DR best practice presentation 110914
Plan B Disaster Recovery Ltd
 
PPTX
Disaster Recovery vs. Business Continuity
RapidScale
 
PPT
businesscontinuityworkshop-final-090525141447-phpapp01 (1).ppt
Lara323614
 
PDF
Developing and Managing Business Continuity Plan (BCP)
Goutama Bachtiar
 
PDF
10 Critical Aspects of IT Service Continuity to Protect Your Company's Digita...
Jesse Andrew
 
Smart simple inc_bcp_aug_2014
Joel Gomes
 
Business Continuity as a Career
Bonnie Canal
 
Running head BUSINESS COUTINUITY PLAN1BUSINESS CONTINUTIY PLAN.docx
susanschei
 
BCI & Plan B DR best practice presentation 110914
Plan B Disaster Recovery Ltd
 
Disaster Recovery vs. Business Continuity
RapidScale
 
businesscontinuityworkshop-final-090525141447-phpapp01 (1).ppt
Lara323614
 
Developing and Managing Business Continuity Plan (BCP)
Goutama Bachtiar
 
10 Critical Aspects of IT Service Continuity to Protect Your Company's Digita...
Jesse Andrew
 

Similar to Introduction of Business Continuity Pocesss.ppt (20)

PPTX
Business continuity presentation
SteveKutzer
 
DOC
Disaster Recovery Policy
Continuity Control
 
PDF
Amalfi core coop-v5a
AmalfiCORE, LLC
 
PPTX
2016.04.06.Business Continuity Planning
NDeLaurentis
 
PDF
P&C business interruption ten questions
Heath D. Owens, AAI, AFIS
 
PPTX
ISO-22301-Presentation Business Continuity Management System latest.pptx
JustinNickaf3
 
PDF
Covid-19 Countermeasures for Startups
Eslam Darwish
 
PDF
How to Transform your Capacity Planning Process: Step-by-Step Guide
Shannon Kearns
 
PPTX
Backups and Disaster Recovery for Nonprofits
Community IT Innovators
 
PPTX
Maximize your Lean ROI
SIMUL8 Corporation
 
PPTX
Top Ten Reasons For Project Failure - PMP Webinar
Whizlabs
 
PDF
Bluecruxtalks in March: Plant reliability in times of COVID-19
Bluecrux
 
PPT
Chap6 2007 C I S A Review Course
Desmond Devendran
 
PPT
Chap6 2007 Cisa Review Course
Desmond Devendran
 
PPTX
ISO-22301-Presentation [Recovered]recent.pptx
JustinBNickaf
 
PDF
Incident managment plan
Safwan Hashmi
 
PPTX
ITSM Policies Presention and details for implementation
ssuser01634e
 
PDF
Business Continuity Management
Jacky Hodges
 
PPTX
Supply Chain Management Workshop
Tom Sauder, P.Eng.
 
PPT
business_continuity_management_presentation.ppt
LucintaLuna4
 
Business continuity presentation
SteveKutzer
 
Disaster Recovery Policy
Continuity Control
 
Amalfi core coop-v5a
AmalfiCORE, LLC
 
2016.04.06.Business Continuity Planning
NDeLaurentis
 
P&C business interruption ten questions
Heath D. Owens, AAI, AFIS
 
ISO-22301-Presentation Business Continuity Management System latest.pptx
JustinNickaf3
 
Covid-19 Countermeasures for Startups
Eslam Darwish
 
How to Transform your Capacity Planning Process: Step-by-Step Guide
Shannon Kearns
 
Backups and Disaster Recovery for Nonprofits
Community IT Innovators
 
Maximize your Lean ROI
SIMUL8 Corporation
 
Top Ten Reasons For Project Failure - PMP Webinar
Whizlabs
 
Bluecruxtalks in March: Plant reliability in times of COVID-19
Bluecrux
 
Chap6 2007 C I S A Review Course
Desmond Devendran
 
Chap6 2007 Cisa Review Course
Desmond Devendran
 
ISO-22301-Presentation [Recovered]recent.pptx
JustinBNickaf
 
Incident managment plan
Safwan Hashmi
 
ITSM Policies Presention and details for implementation
ssuser01634e
 
Business Continuity Management
Jacky Hodges
 
Supply Chain Management Workshop
Tom Sauder, P.Eng.
 
business_continuity_management_presentation.ppt
LucintaLuna4
 
Ad

Recently uploaded (20)

PPTX
Introuction about ICD -10 and ICD-11 PPT.pptx
naveenithkrishnan
 
PDF
Paper PDF World Game (s) Great Redesign.pdf
Steven McGee
 
PPTX
Module 1 - Cyber Law and Ethics 101.pptx
anantyakhrisna1
 
PPTX
522797556-Unit-2-Temperature-measurement-1-1.pptx
msar8888
 
PPTX
artificial intelligence overview of it and more
yafotin445
 
PPTX
SAP Ariba Sourcing PPT for learning material
NKKumar16
 
PPTX
innovation process that make everything different.pptx
SoumyadipPaul18
 
PDF
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
 
PDF
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
 
PDF
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
PDF
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
PPTX
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
 
PPTX
QR Codes Qr codecodecodecodecocodedecodecode
SRMediaZone
 
PDF
Sims 4 Historia para lo sims 4 para jugar
lolpopy34
 
DOCX
Unit-3 cyber security network security of internet system
shivangisharma636228
 
PDF
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
PPT
tcp ip networks nd ip layering assotred slides
pakadamfdp
 
PDF
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
 
PPTX
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
 
PPTX
Introduction about ICD -10 and ICD11 on 5.8.25.pptx
naveenithkrishnan
 
Introuction about ICD -10 and ICD-11 PPT.pptx
naveenithkrishnan
 
Paper PDF World Game (s) Great Redesign.pdf
Steven McGee
 
Module 1 - Cyber Law and Ethics 101.pptx
anantyakhrisna1
 
522797556-Unit-2-Temperature-measurement-1-1.pptx
msar8888
 
artificial intelligence overview of it and more
yafotin445
 
SAP Ariba Sourcing PPT for learning material
NKKumar16
 
innovation process that make everything different.pptx
SoumyadipPaul18
 
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
 
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
 
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
 
QR Codes Qr codecodecodecodecocodedecodecode
SRMediaZone
 
Sims 4 Historia para lo sims 4 para jugar
lolpopy34
 
Unit-3 cyber security network security of internet system
shivangisharma636228
 
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
tcp ip networks nd ip layering assotred slides
pakadamfdp
 
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
 
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
 
Introduction about ICD -10 and ICD11 on 5.8.25.pptx
naveenithkrishnan
 
Ad

Introduction of Business Continuity Pocesss.ppt

  • 2. Introduction • The purpose of this lecture is to give an overview of what is Business Continuity Planning and provide some guidance and resources for beginner. 06/17/25 Business Continuity Planning 2
  • 3. Do I need Business Continuity? • You are part of a successful business. • However, in this uncertain world, you need a business that is flexible. • Which can change with differing conditions and be strong through any disaster, be it natural or malicious • What if a crisis prevented delivery to a key customer? • How would a major incident affect the morale of your employees? • Would serious damage to your premises or resources affect your ability to carry on the business? 06/17/25 Business Continuity Planning 3
  • 4. Small Business • If you are part of a small business then you are more likely to suffer from any incident that prevents your business from functioning normally. • The slightest delay in supporting your customers can and will be costly 06/17/25 Business Continuity Planning 4
  • 5. What is Business Continuity Plan? • According to SANS definition 1: • Business Continuity refers to the activities required to keep your organization running during a period of displacement or interruption of normal operation. Whereas, • Disaster Recovery is the process of rebuilding your operation or infrastructure after the disaster has passed. 06/17/25 Business Continuity Planning 5
  • 6. What is Business Continuity Plan? • According to Business Continuity Institute’s Glossary2 : • “Business continuity plan is A collection of procedures and information which is developed, compiled and maintained in readiness for use in the event of an emergency or disaster.” 06/17/25 Business Continuity Planning 6
  • 7. What is Business Continuity Plan? • Business Continuity Planning (BCP) takes business protection beyond the disaster recovery plan, which just focuses on the short term re-establishment of your business following an incident. • It is a proactive approach, identifying potential threats before they occur and planning an organised response so that the effects of the incident are minimised. 06/17/25 Business Continuity Planning 7
  • 8. For example • If your business was hit by a fire: • A BCP would cover all anticipated effects of such a disaster and detail plans and actions to minimise the damage to your business. • Most importantly, it would guide you through the incident and direct your resources and efforts in the right direction to bring normality back to your business as soon as possible. • A generic BCP can provide the basis of any response no matter what the nature of the incident is. (specific details can be aimed at particular problems within the plan) 06/17/25 Business Continuity Planning 8
  • 9. Concerns? • If your premises was hit by a fire, would all the computer systems also be affected? • If so, would you lose vital information about suppliers, customers and orders? • Would documents and paperwork also be destroyed? 06/17/25 Business Continuity Planning 9
  • 10. Why we need Business Continuity Plan? • Disaster might occur anytime, so we must be prepared. Depend on the size and nature of the business, we design a plan to minimize the disruption of disaster and keep our business remain competitive. • Due to the advancement of Information Technology (IT), business nowadays depends heavily on IT. With the emergence of e-business, many businesses can't even survive without operating 24 hours per day and 7 days a week. A single downtime might means disaster to their business. • Therefore the traditional Disaster Recovery Plan (DRP), which focuses on restoring the centralized data center, might not be sufficient. A more comprehensive and rigorous Business Continuity Plan (BCP) is needed to achieve a state of business continuity where critical systems and networks are continuously available. 06/17/25 Business Continuity Planning 10
  • 11. When we need Business Continuity Plan? • We need Business Continuity Plan when there is a disruption to our business such as disaster. • The Business Continuity Plan should cover the occurrence of following events: a) Equipment failure (such as disk crash). b) Disruption of power supply or telecommunication. c) Application failure or corruption of database. d) Human error, sabotage or strike. e) Malicious Software (Viruses, Worms, Trojan horses) attack. f) Hacking or other Internet attacks. g) Social unrest or terrorist attacks. h) Fire i) Natural disasters (Flood, Earthquake, Hurricane) 06/17/25 Business Continuity Planning 11
  • 12. Who should participate in Business Continuity Planning? • With the shift of IT structure from centralized processing to distributed computing and client/server technology, the company’s data are now located across the enterprise. Therefore it is no longer sufficient to rely on IT department alone in Business Continuity Planning, all executives, managers and employee must participate. • Normally Business Continuity Coordinator or Disaster Recovery Coordinator will be responsible for maintaining Business Continuity Plan. However his or her job is not updating the Plan himself or herself alone. His or Her job is to carry out review periodically by distributing relevant parts of the Plan to the owner of the documents and ensure the documents are updated. 06/17/25 Business Continuity Planning 12
  • 13. Where to carry out Business Continuity Plan during disaster? • Cold Site • An empty facility located offsite with necessary infrastructure ready for installation in the event of a disaster. • Mutual Backup • Two organizations with similar system configuration agreeing to serve as a backup site to each other. • Hot Site • A site with hardware, software and network installed and compatible to production site. • Remote Journaling • Online transmission of transaction data to backup system periodically (normally a few hours) to minimize loss of data and reduce recovery time. • Mirrored Site • A site equips with a system identical to the production system with mirroring facility. Data is mirrored to backup system immediately. Recovery is transparent to users. 06/17/25 Business Continuity Planning 13
  • 15. Recovery Alternatives • From the diagram, we notice that shorter the recovery time, higher the cost. • Do it yourself or use the facility of service provider • Organization can decide whether to set up the backup center on its own or use the facility provided by of business continuity provider. In making the decision, the organization should consider the following point: • Availability of facility (floor space). • Ability to maintain redundant equipment. • Ability to maintain redundant network capacity. • Relationships with vendors to provide immediate replacement or assistance. • Adequacy of funding. • Availability of skilled personnel. 06/17/25 Business Continuity Planning 15
  • 16. How to prepare Business Continuity Plan? ( Business Continuity Plan Phases) • Project Initiation • Define Business Continuity Objective and Scope of coverage. • Establish a Business Continuity Steering Committee. • Draw up Business Continuity Policies. • Business Analysis (Business Impact Analysis) • Perform Risk Analysis and Business Impact Analysis. • Consider Alternative Business Continuity Strategies. • Carry out Cost-Benefit Analysis and select a Strategy. • Develop a Business Continuity Budget. 06/17/25 Business Continuity Planning 16
  • 17. How to prepare Business Continuity Plan? ( Business Continuity Plan Phases) • Design and Development (Designing the Plan) • Set up a Business Recovery Team and assign responsibility to the members. • Identify Plan Structure and major components • Develop Backup and Recovery Strategies. • Develop Scenario to Execute Plan. • Develop Escalation, Notification and Plan Activation Criteria. • Develop General Plan Administration Policy. • Implementation (Creating the Plan) • Prepare Emergency Response Procedures. • Prepare Command Center Activation Procedures. • Prepare Detailed Recovery Procedures. • Prepare Vendors Contracts and Purchase of Recovery Resources. • Ensure everything necessary is in place. • Ensure Recovery Team members know their Duties and Responsibilities 06/17/25 Business Continuity Planning 17
  • 18. How to prepare Business Continuity Plan? ( Business Continuity Plan Phases) • Testing • Exercise Plan based on selected Scenario. • Produce Test Report and Evaluate the Result. • Provide Training and Awareness to all Personnel. • Maintenance (Updating the Plan) • Review the Plan periodically. • Update the Plan with any Changes or Improvement. • Distribute the Plan to Recovery Team members. 06/17/25 Business Continuity Planning 18
  • 19. BCP Benefits • Business Survival • Prepare for the worst. If well practiced, staff and management will be able to respond to an incident appropriately • Resources necessary to support the business through an incident will be identified and available • Any alternative premises and resources will be ready for use 06/17/25 Business Continuity Planning 19
  • 20. BCP Benefits • Risk management • Identify, manage and mitigate as many risks as possible • Reduce the risks where necessary • Promotes a safer working environment and improves working conditions • Responsibility • A company that takes BCP seriously will be a more attractive proposition for Bankers, investors, insurers, customers and employees • A business with a BCP will have a responsible management 06/17/25 Business Continuity Planning 20
  • 21. BCP Benefits • Employee satisfaction • A sound working environment • Welfare and safety concerns of the employee addressed • A BCP shows your employees that they are important to the survival of the company • Training exercises and drills are vital to the successful implementation of a BCP 06/17/25 Business Continuity Planning 21
  • 22. Additional benefits of Business Continuity Planning • Provides opportunity to evaluate & implement major infrastructure upgrades • Data centers or network changes, system centralization server, consolidation or storage networking • Provides assurances that electronic data protection and accountability compliance regulations can be met • Standardizes business • Administrative cost saving and/or reduction of business risk • Documentation developed can be used as training materials for new employees • Planning process often highlights workflow inefficiencies, training inconsistencies and policy and internal control issues 06/17/25 Business Continuity Planning 22
  • 24. Risk Management • The purpose of the Risk Management is to determine the events that can adversely affect the company and its facilities, the damage such events can cause and the controls needed to prevent or minimize loss • Process: • Perform interviews and conduct facility & building walkthroughs to gather data • Document organization Al structure and critical processes & systems • Document components of the critical infrastructure. • Identify single points of failure both with internal and external (vendor/partner) infrastructure and systems 06/17/25 Business Continuity Planning 24
  • 25. Risk Management • Identify potential threats, vulnerabilities and impacts • Determine options and alternatives for controls (mitigations) • Present a Decision matrix for implementing controls 06/17/25 Business Continuity Planning 25
  • 26. Business Impact Assessment (BIA) • The purpose of the BIA is to identify the impacts of an outage on the business and to establish objectives for recovering critical processes, systems and applications • Process: • Interview business leaders and managers of key departments • Identify time-critical business functions and processes • Identify technology systems, data and workspace required to support critical functions • Determine the impacts of a disruption • Prioritize critical functions and processes, and group into levels • Establish Recovery Objectives • establish levels such as critical, Essential and important group functions by level • When will we recover and to what level of service? • RTO = Recovery Time Objective (tolerance for downtime) • RPO = Recovery Point Objective (tolerance for data loss) 06/17/25 Business Continuity Planning 26
  • 27. What is a Disaster? • A sudden, unplanned, calamitous event causing great disruption, damage or loss • Plan for a range of outage scenarios • Loss of critical infrastructure or applications- longer term • Loss of access to critical systems – typically short term • Office is uninhabitable and/or the building does not have power- indefinite interruption • Take into account the scope of the disaster • Individual, local, regional or national impact • Make the plan modular to allow greatest flexibility in an outage 06/17/25 Business Continuity Planning 27