Transcript Title goes in here

Business Continuity
Training & Awareness
by Sulia Toutai (ANZ)
What would you do if….
• If your office building was on fire or flooded?
• If you lost 50% of your staff members due to a pandemic?
• If your key systems were down?
• If there was a bomb threat to your office building?
• If a critical 3rd party provider could not deliver their service to you?
Welcome to Business Continuity Planning (BCP)
Introduction to BCM
The Overall Business Continuity approach consists of:
1. BCP (Business Continuity Planning) – Aimed at safeguarding critical business
functions against any interruption events.
1. DR (Disaster Recovery) – Ensures recoverability of critical IT systems,
including network communications and data.
1. CM (Crisis Management) – This involves Group Executives convening to
administer corporate contingency strategies to mitigate against catastrophic
events (which is likely to have a significant adverse impact)
Business Continuity Management
Business Continuity
Planning
Disaster Recovery
Crisis Management
What is Business Continuity Planning
The planning process that:

identifies business functions

develops contingency arrangements and procedures so as to enable the
business to respond in a timely and efficient manner

ensures business functions can be continued and

facilitates a prompt return to normal business in the event of an incident.
Why do we need Business Continuity
Sound risk management and
corporate governance,
business management and
best practise
Protect our staff
Protect
customer
interests
To mitigate adverse
impact to our reputation,
brand or shareholder
value
Complying with regulatory
standards
Protect shareholder
interests and meet
expectations
Mitigate impacts on global threats
The Business Continuity Process
Define Business Needs
(BIA) – findings from a
BIA are used to make
decisions concerning BCM
strategy & solutions
Governance & Oversight
– Management signoff of
BCP Dashboard & report
policy breaches
Test & Maintain BC Plan
– test the plan and
review/up-date as changes
occur
Design the Solution –
translate requirements into
executable strategies
(workload, recovery)
BC Plans & Supporting
Strategies – developed to
recover & maintain
functions/processes in a
prolonged event
How does an incident escalate?
Level 4 ‘Crisis’
Level 3 ‘Situation’
Level 2 ‘Event’
Coordinated and managed by Divisional Crisis
Management Team and/or Group Crisis
Management Team.
Incident escalated to and managed by the
BU/Country Situation Management Team (SMT) in
conjunction with the Divisional BC Director.
BU/Country BC Director manages incident at the BU/Country
Management level. Divisional BC Director advised.
Level 1 ‘Incident’
Incident occurs. The BU/Country BC Director/Coordinator is informed.
Managed via normal BU/Country incident management process.
What happens in a disaster?
• Depending on the nature of the disaster, you may be evacuated from the building or
advised that no more processing is possible.
• The announcement will be either via the emergency system or via your line manager.
• It is always important to go to the emergency assembly area and remain there until
advised otherwise – this way we will know you are safe and not trapped in the building.
• If BCP is invoked outside of business hours, your line manager will contact you – this is
why it is important to let them know if you change your telephone number.
• Your BCP site is ………… Your manager or team leader will advise you whether you
need to relocate and assist you with relocation to the BCP site if required.
Business Unit Maintenance Milestones
Business Continuity Maintenance
Milestones
Cycle Activity
Business Impact Analysis (BIA) Review &
Update
• Verify impacts
• Review BC Strategies
• Verify BC Seating
• Review and update of the BIA in line with BU changes
• Review manual workarounds should be developed. If there are no manual workarounds then a
Risk Acceptance should be obtained at BU Risk Forum
• Review of function materiality and criticality where appropriate
• Verification that existing seating arrangements are still appropriate
Plan Review & Update
• Business Unit BC Manual
• Revert Back Plans
•
•
•
•
BCP Rehearsals
• Business Unit BCM
• Alternate Site Capability
• Revert Back Plans
• Conduct Situation Management Team Rehearsal with key personnel and remediate any negative
findings in a timely manner
• Conduct & document BC desktop rehearsal for non material functions
• Conduct & document local BC rehearsals to demonstrate both capability & capacity to maintain
critical business operations for up to 10 business days
• Revert Back Testing to demonstrate both capability & capacity to maintain critical business
operations
BCP Training & Awareness
• Training and awareness modules to be completed for all staff with BC Responsibilities
Supplier/3rd
• Completion of third party provider assessments for all new relationships
• Ensure contractual obligations is captured for establishment & ongoing review (where
appropriate)
• Review of existing third party providers (at least annually)
Party BC Verification
Review of BC Manual [strategies & plans]
Make amendments to BC Manual where necessary
Review & update Revert Back Plans in line with business growth/change
Review and update of contact lists
Questions?