Transcript Slide 1
A briefing about your
BCM
Programme
Programme Overview
Why
BCM
Benefits of BCM
Programme Objectives
Methodology
Tasks & Deliverables
BCM definition (BS 25999)
“Business Continuity Management is an holistic management
process that identifies potential threats to an organisation and
the impacts to business operations that those threats, if
realised, might cause, and which provides a framework for
building organisational resilience with the capability for an
effective response that safeguards the interests of its key
stakeholders, reputation, brand and value creating activities”.
Threats, Impacts, Framework, Response, Stakeholders
Principles of BCM
• Understanding
what could go wrong - threats
• Asset Dispersion – backup data, store off-site
• Focus on Critical Capabilities and business priorities –
know what is URGENT to your business unit /
organisation
• Teamwork & Mutual Support – understand your
dependencies: people, information, IT, suppliers etc
• Awareness, training and rehearsals – be familiar with
your plans
• Flexible response – knowing what to do in an
emergency, where to go and who to contact
Drivers – why we do BCM
Protect
reputation
Corporate governance
Financial regulations
International regulations
Customer expectations
Partner contractual requirements
Audit
Insurance
Known threats
Business benefits
What are you protecting against
The failure event spectrum
Regional event
Metropolitan
area event
Building level
incident
Operator error
Causes of downtime
Component
•
•
•
•
•
•
Source: HP
Hardware/software failures
Natural disasters and accidents
Human error
Malicious acts
Utility issues
Business crises
Business benefits
Protects
•
•
•
Stakeholders
Employees
3rd Parties / business partners
Shareholders
Protects
Corporate Image, Reputation & Brand
Improves Customer Service
Meet customer expectations
Improves Market Competitiveness
Process for Corporate Survival
Added value
•
•
Increased efficiency
Full business participation
Project objectives
The
objective of Steelhenge’s programme of activity is
to ensure that FEWA can continue to provide an
acceptable level of business continuity to all
stakeholders, regardless of the cause of disruption.
This project will provide FEWA with organisational
resilience across its operations in the form of a
Business Continuity Management System (BCMS)
incorporating:
•
•
•
Business continuity and recovery plan
Crisis management plan
Crisis communication plan
Scope of work
Provision of Business Continuity Consultancy Services
in three phases:
Phase 1
•
Site visits, gap analysis, maturity modelling, road map
development etc
Phase
•
Policy and BCMS development, business impact analysis,
risk assessment, crisis, business continuity and
communications plans development etc
Phase
•
2
3
Exercising, training and awareness
Sites in scope
Phase 1: May – July 2011
Phase 1 details
Clear
understanding of the FEWA current position –
Gap analysis
Draft BC Policy – Policy Document
Clear scope of the required programme - PID
Roadmap for the project – Project Plan as part of the
PID (Project Initiation Document)
Develop the strategic key services of FEWA and
criticalities – Critical Services overview
A benchmark report of what has been found - BS
25999
A statement of work for the next phase – SOW
A maturity model against which progress can
subsequently be measured – Capability assessment
Phase 2: Aug – Dec 2011
Phase 2 details
Business Impact
Analysis – Findings Report
Risk Assessment – Findings Report
BC Strategy development - Options Paper
•
People, sites, systems, operations, reputation, supply chain
BC
Planning - Methodology
Crisis plans development - Plans
•
•
•
Structure, roles & responsibilities
Command and control
Procedures
EOC
Assessment - Report
Crisis Communications development - Plans
BCMS structuring – System documentation
Management presentation and review - Presentation
Phase 3: Jan – Sept 2012
Phase 3 details
Finalise
Communications Plan – Comms Plan
Emergency Service, Local Authority and NCEMA liaison
and plan integration – Stakeholder Liaison Plan
BC Awareness programme – Training programme
•
Internal and external communications programme
Training
•
•
•
Senior management
Awareness training
Practitioner training
Desktop
and simulation exercises – Rehearsal Programme
Management system embedding – Rehearsal Programme
Final report and review - Report
Additional deliverables
Three developmental workshops
•
•
•
Operational criticality workshop
BC awareness workshop
BC validation workshop
A Business Continuity Pocket Aide Memoire for all FEWA staff
A maturity model covering all phases of the programme
A staff induction package and introduction to FEWA Business
Continuity
Design and development of a FEWA Business Continuity
Awareness Package to develop awareness of BC across the
organisation
ICT recovery test in Phase 3
Exercise evaluation and monitoring in Phase 3
Standards and best practice
AE/HSE
7000 – May 2011
BS 25999 Parts 1 and 2 (2006 and 2007) have been
developed by practitioners and the BSI to provide a
system based on good practice for BCM.
Part 1: a Code of Practice that takes the form of
guidance and recommendations.
Part 2: a Specification - it establishes the process,
principles and terminology for a BCMS, providing a
basis for understanding, developing and
implementing a business continuity management
system within an organisation.
Optional: Self certification
Optional: Formal certification
BCM process methodology
Context
Incident
Overall Objective:
Back-to-Normal as soon as possible
Normal
Timeline
Incident Response
Within minutes to days:
Contact staff, customers, suppliers etc.
Recover critical processes;
Rebuild lost work-in-progress
Business Continuity
Within minutes to hours:
Account for people;
Deal with casualties;
Contain damage;
Assess damage;
Invoke Business Continuity
From: BS25999-1:2006 British Standard for Business
Continuity Management
Recovery / Resumption
Within weeks to months:
Repair / replace damage;
Relocate to permanent site
Recover costs from insurers
Project Governance
FEWA
Project Sponsor – Mohammad Mohd. Saleh –
Director General
FEWA
Project Manager – Ms Shaikha Yousuf Al Shaer
(Central Laboratory Manager & Acting HSE Director HSE
Department)
Steelhenge Project
Director – James Royds FBCI
Steelhenge Project
Manager – Bill Ogilvie MBCI
Steelhenge Account
Manager – Phil James SBCI
Steelhenge Commercial
Services – Dominic Cockram MBCI
High level project plan – Phase 1
High level project plan – Phase 2
High level project plan – Phase 3
BCM – a summary
Identifying
what your critical activities and outputs are
Identifying
the impact of the loss of those critical activities
Identifying
the risks and threats to critical activities / key
business processes
Developing
measures to mitigate vulnerabilities
Developing a
strategy to support the continuity of
operations following disruption
BCM – a summary
Designing
plans to respond to disruption to your operations
and recover your business
Creating
an internal crisis management team structure ,
roles and responsibilities
Training
staff in BCM awareness and emergency response
Rehearsing
the plans through scenarios to validate their
effectiveness and the abilities of the crisis team
Aligning
with standards (AE/HSE 7000, BS 25999), self or
formal certification
Value proposition
Knowledge transfer
FEWA is ready to respond with right people at the right time
with the right plans to reduce the impact or consequences of a
crisis with a proven process for managing the crisis
Words into action
Self sufficiency and long term process (not short term project)
Confidence for all your Stakeholders
Operational Resilience
Value Summary
The
approval to plan
The
confidence to cope
The
reassurance to recover
Meeting
and exceeding customer and stakeholder
expectations
A
proven continuity management process which is one
of the key indicators of effective corporate governance
Key messages and conclusions
BCM
starts as a project and becomes a process
Think
strategic, act/influence tactical and operational
Understand
the importance of information and the
implications this has for your area of responsibility
(business unit / process)
Orientate
in the direction of threat(s) and think
consequences not causes
Thank you for reading!
James Royds FBCI
[email protected]