Transcript Slide 1
A briefing about your BCM Programme Programme Overview Why BCM Benefits of BCM Programme Objectives Methodology Tasks & Deliverables BCM definition (BS 25999) “Business Continuity Management is an holistic management process that identifies potential threats to an organisation and the impacts to business operations that those threats, if realised, might cause, and which provides a framework for building organisational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities”. Threats, Impacts, Framework, Response, Stakeholders Principles of BCM • Understanding what could go wrong - threats • Asset Dispersion – backup data, store off-site • Focus on Critical Capabilities and business priorities – know what is URGENT to your business unit / organisation • Teamwork & Mutual Support – understand your dependencies: people, information, IT, suppliers etc • Awareness, training and rehearsals – be familiar with your plans • Flexible response – knowing what to do in an emergency, where to go and who to contact Drivers – why we do BCM Protect reputation Corporate governance Financial regulations International regulations Customer expectations Partner contractual requirements Audit Insurance Known threats Business benefits What are you protecting against The failure event spectrum Regional event Metropolitan area event Building level incident Operator error Causes of downtime Component • • • • • • Source: HP Hardware/software failures Natural disasters and accidents Human error Malicious acts Utility issues Business crises Business benefits Protects • • • Stakeholders Employees 3rd Parties / business partners Shareholders Protects Corporate Image, Reputation & Brand Improves Customer Service Meet customer expectations Improves Market Competitiveness Process for Corporate Survival Added value • • Increased efficiency Full business participation Project objectives The objective of Steelhenge’s programme of activity is to ensure that FEWA can continue to provide an acceptable level of business continuity to all stakeholders, regardless of the cause of disruption. This project will provide FEWA with organisational resilience across its operations in the form of a Business Continuity Management System (BCMS) incorporating: • • • Business continuity and recovery plan Crisis management plan Crisis communication plan Scope of work Provision of Business Continuity Consultancy Services in three phases: Phase 1 • Site visits, gap analysis, maturity modelling, road map development etc Phase • Policy and BCMS development, business impact analysis, risk assessment, crisis, business continuity and communications plans development etc Phase • 2 3 Exercising, training and awareness Sites in scope Phase 1: May – July 2011 Phase 1 details Clear understanding of the FEWA current position – Gap analysis Draft BC Policy – Policy Document Clear scope of the required programme - PID Roadmap for the project – Project Plan as part of the PID (Project Initiation Document) Develop the strategic key services of FEWA and criticalities – Critical Services overview A benchmark report of what has been found - BS 25999 A statement of work for the next phase – SOW A maturity model against which progress can subsequently be measured – Capability assessment Phase 2: Aug – Dec 2011 Phase 2 details Business Impact Analysis – Findings Report Risk Assessment – Findings Report BC Strategy development - Options Paper • People, sites, systems, operations, reputation, supply chain BC Planning - Methodology Crisis plans development - Plans • • • Structure, roles & responsibilities Command and control Procedures EOC Assessment - Report Crisis Communications development - Plans BCMS structuring – System documentation Management presentation and review - Presentation Phase 3: Jan – Sept 2012 Phase 3 details Finalise Communications Plan – Comms Plan Emergency Service, Local Authority and NCEMA liaison and plan integration – Stakeholder Liaison Plan BC Awareness programme – Training programme • Internal and external communications programme Training • • • Senior management Awareness training Practitioner training Desktop and simulation exercises – Rehearsal Programme Management system embedding – Rehearsal Programme Final report and review - Report Additional deliverables Three developmental workshops • • • Operational criticality workshop BC awareness workshop BC validation workshop A Business Continuity Pocket Aide Memoire for all FEWA staff A maturity model covering all phases of the programme A staff induction package and introduction to FEWA Business Continuity Design and development of a FEWA Business Continuity Awareness Package to develop awareness of BC across the organisation ICT recovery test in Phase 3 Exercise evaluation and monitoring in Phase 3 Standards and best practice AE/HSE 7000 – May 2011 BS 25999 Parts 1 and 2 (2006 and 2007) have been developed by practitioners and the BSI to provide a system based on good practice for BCM. Part 1: a Code of Practice that takes the form of guidance and recommendations. Part 2: a Specification - it establishes the process, principles and terminology for a BCMS, providing a basis for understanding, developing and implementing a business continuity management system within an organisation. Optional: Self certification Optional: Formal certification BCM process methodology Context Incident Overall Objective: Back-to-Normal as soon as possible Normal Timeline Incident Response Within minutes to days: Contact staff, customers, suppliers etc. Recover critical processes; Rebuild lost work-in-progress Business Continuity Within minutes to hours: Account for people; Deal with casualties; Contain damage; Assess damage; Invoke Business Continuity From: BS25999-1:2006 British Standard for Business Continuity Management Recovery / Resumption Within weeks to months: Repair / replace damage; Relocate to permanent site Recover costs from insurers Project Governance FEWA Project Sponsor – Mohammad Mohd. Saleh – Director General FEWA Project Manager – Ms Shaikha Yousuf Al Shaer (Central Laboratory Manager & Acting HSE Director HSE Department) Steelhenge Project Director – James Royds FBCI Steelhenge Project Manager – Bill Ogilvie MBCI Steelhenge Account Manager – Phil James SBCI Steelhenge Commercial Services – Dominic Cockram MBCI High level project plan – Phase 1 High level project plan – Phase 2 High level project plan – Phase 3 BCM – a summary Identifying what your critical activities and outputs are Identifying the impact of the loss of those critical activities Identifying the risks and threats to critical activities / key business processes Developing measures to mitigate vulnerabilities Developing a strategy to support the continuity of operations following disruption BCM – a summary Designing plans to respond to disruption to your operations and recover your business Creating an internal crisis management team structure , roles and responsibilities Training staff in BCM awareness and emergency response Rehearsing the plans through scenarios to validate their effectiveness and the abilities of the crisis team Aligning with standards (AE/HSE 7000, BS 25999), self or formal certification Value proposition Knowledge transfer FEWA is ready to respond with right people at the right time with the right plans to reduce the impact or consequences of a crisis with a proven process for managing the crisis Words into action Self sufficiency and long term process (not short term project) Confidence for all your Stakeholders Operational Resilience Value Summary The approval to plan The confidence to cope The reassurance to recover Meeting and exceeding customer and stakeholder expectations A proven continuity management process which is one of the key indicators of effective corporate governance Key messages and conclusions BCM starts as a project and becomes a process Think strategic, act/influence tactical and operational Understand the importance of information and the implications this has for your area of responsibility (business unit / process) Orientate in the direction of threat(s) and think consequences not causes Thank you for reading! James Royds FBCI [email protected]