Business Continuity Management PHILIPPINES :: MALAYSIA :: VIETNAM :: INDONESIA :: INDIA :: CHINA
Learning Bites Understand the context and relevance of BCM A Philippine & Telco Perspective Comprehend how an effective BCP will benefit the organization Gain insights into the best practices for implementing an effective BCM Know firsthand the key challenges and success factors involved to have a strong BCMS
Where Myth Meets Fact A Pint of Sweat will save a Gallon of Blood.
Introduction BCM is a relatively new management discipline. Increasingly getting importance due to competition (increased customer expectations) & turbulent environment (Terrorism, failure of utilities, disruption in supply chain, threat to human lives etc.). Future poses greater challenges Pandemic, Oil & Gas shortage, Extreme climatic changes, Terrorism with greater impact, etc. What is BCM? BCM is a structured approach to achieving operational resilience and ensures that an organisation: Can continue to provide its customers with required services or products, within an agreed time frame Has an appropriate level of competency to manage the organisation from disruption to 'business as usual Embeds appropriate practices into the cultural fabric of the organisation to ensure that Business Continuity capabilities always reflect the needs, technology and structure of the business.
Need for Business Continuity Management Unplanned business interruptions account for $588 billion in revenue each year.* In addition to life-safety, property, and environment, we have revenue and a reputation to protect. Business Continuity Management is a decisive marketplace advantage. Lessons from disaster show that even relatively short business interruptions can be expensive both in terms of real dollars and lost potential. Source: http://www.keepmedia.com
Major Drivers of BCM Auditors 11% Central Government 15% Existing Customers 17% Regulators 8% Corporate Governance 28% Insurers 21% Corporate Governance Insurers Existing Customers Central Government Auditors Regulators 6
BCM Framework The BCM implementation process While NO one size fits all, the framework and basis for designing the BCMS is universal. The BS 25999 (soon to be ISO 22301) is a standard accepted world-wide for design and implementation of an organizational BCM framework. While there are several means to get to the answer, its best to start from the most critical reason for making our business resilient and the pieces that can spell out its success or lack thereof.
BCM Programme Management Programme Management is at the heart of BCM process. Effective programme management simply establishes the approach to BCM BCM programme management should involve the following 3 key steps 1 Set Governance 3 Ongoing Management 2 Implement BCM
Understanding the Organization Understanding the Organization can be carried out in the form of two major activities: BIA Business Impact Analysis Documented Analysis of the impact that a disruption could cause to the activities that support the delivery of an organization s products / services Critical Activities Non- Critical Activities RA Risk Assessment This entails understanding the critical activities in an organization and the level of risk associated with it by identifying the various threats Determination of criteria for the risk acceptance Identification of acceptable levels of risk Must be recovered rapidly Maximum Tolerable Period of Disruption Analysis of the risks 9
Determining the BCM Strategy An organizations approach to determine the BCM strategy should: Implement appropriate measures to reduce the likelihood of incidents Take due account of the resilience and mitigation measures Provide continuity for its critical activities during and following an incident People Take account of the activities which were not identified as critical Stakeholders Premises Supplies Technology Information 10
Developing and Implementing BCM response Plans for BCM There are a number of plans that can / must be created when implementing the BCM Some of the common features that all these plans must possess include Identified lines of communication Defined purpose and scope Defined roles, responsibilities with authority for people and teams Guidelines and criteria defining to invoke plan Method for invoking plan, and procedure describing system for invoking plan Reference to contact details of key stakeholders
The business continuity plan Emergency response plan A successful outcome Activity Crisis management/ communication plan A Business recovery plan
Exercising, Maintaining & Reviewing BCM Arrangements Exercises should be: realistic, carefully planned, agreed with stakeholders, BCM maintenance program, the organization should: Review and challenge any assumptions made in any components of BCM throughout the organization, Distribute updated, amended or changed BCM policy, strategies, solutions, processes and plans to key personnel under a formal change control process. The organization's top management should review the organization's BCM ccapability to ensure its; continuing suitability, adequacy effectiveness. 13
Outcomes of an effective BCM Critical activities are identified and protected An incident management capability is enabled Challenges The organization s understanding of itself, and its relationships with other organizations are properly developed, documented, and understood Plans are worthless unless they are rehearsed Study shows (source : Chartered Management Institute UK 2007) Staffs are properly trained to respond effectively to an Only 46 % of Organizations with plans test their plans incident or business interruption annually The organization remains legal and compliant and its 21 % of Organizations have never tested their Plans reputation is protected 89 % of Organizations that rehearsed their plans found errors in their plans Have a regular exercise programmed approved by Top Management. Maintain (and improve) plans via regular assessments / audits.
Thank you very much! facebook.com/eccinternational linkedin.com/company/ecc-international eccinternational.wordpress.com