Business continuity management system
subbusai82
1,009 views
16 slides
Sep 19, 2021
Slide 1 of 16
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
About This Presentation
Presentation on Business continuity management system (BCMS)
Slide Content
Topics to be covered
Introduction
Benefits of BCMS
BCMS objectives and how to achieve them?
Business Impact Analysis
Risk Assessment
Business Continuity Strategies and Solutions
BCMS Performance Evaluation
Case Study
Introduction
Benefits of BCMS
BCMS objectives and how to achieve them?
Business Impact Analysis
Risk Assessment
Business Continuity Strategies and Solutions
BCMS Performance Evaluation
Case Study
ISO22301:2019firstpublishedbytheInternationalOrganizationforStandardization(ISO)in2012
andsecondeditionin2019.
BCMSistheprocessofimplementingandmaintainingbusinesscontinuityplaninordertoprevent
lossandprepareorganizationformitigatingandmanagingdisruption.
EstablishingBCMSenablestheorganizationtocontrol,evaluateandcontinuallyimproveits
businesscontinuitycapabilitytoensurecontinuationofcriticalbusinessprocessintheeventof
disaster
Cyberattacks,databreachesandnatural/manmadedisastersetc.aresomeexamplewhichcan
interruptbusinesscontinuity.
BCMS Introduction
andsecondeditionin2019.
BCMSistheprocessofimplementingandmaintainingbusinesscontinuityplaninordertoprevent
lossandprepareorganizationformitigatingandmanagingdisruption.
EstablishingBCMSenablestheorganizationtocontrol,evaluateandcontinuallyimproveits
businesscontinuitycapabilitytoensurecontinuationofcriticalbusinessprocessintheeventof
disaster
Cyberattacks,databreachesandnatural/manmadedisastersetc.aresomeexamplewhichcan
interruptbusinesscontinuity.
BCMS Introduction
Benefits of BCMS
Business
Perspective
•Creating a
competitive
advantage;
•Supporting
Management
strategic
objectives
•Protecting &
enhancing
reputation &
credibility;
•Contributing to
organizational
resilience;
Financial
perspective
•Reducing legal
and financial
exposure;
•Reducing direct
and indirect costs
of disruptions;
Stakeholders
Perspective
•Protecting life,
property and the
environment;
•Considering the
expectations of
interested parties;
•Providing
confidence in the
organization’s
ability to succeed;
Internal processes
Perspective
•Improving its
capability to
remain effective
during
disruptions;
•Demonstrating
proactive control
of risks effectively
and efficiently;
Business
Perspective
•Creating a
competitive
advantage;
•Supporting
Management
strategic
objectives
•Protecting &
enhancing
reputation &
credibility;
•Contributing to
organizational
resilience;
Financial
perspective
•Reducing legal
and financial
exposure;
•Reducing direct
and indirect costs
of disruptions;
Stakeholders
Perspective
•Protecting life,
property and the
environment;
•Considering the
expectations of
interested parties;
•Providing
confidence in the
organization’s
ability to succeed;
Internal processes
Perspective
•Improving its
capability to
remain effective
during
disruptions;
•Demonstrating
proactive control
of risks effectively
and efficiently;
BCMS objectives and how to achieve them?
•EstablishingbusinesscontinuityObjectives-Itshallbeconsistentwithbusinessobjectives;itcanbe
measurable;monitored;communicatedtostakeholder
•DetermineBusinesscontinuityobjectives-likewhatwillbedone;resourcesrequired;whowillbe
responsible;actionforviolationtopolicy;howtheresultswillbeevaluated.
•ChangestoBCMS–anychangesshallbecarriedoutinaplannedmanner;thepurposeofsuch
changecommunicatedtoimpactedstakeholder;availabilityofresourcesforchange;allocationand
reallocationofresponsibilitiesandauthorities;Documentationofthesechanges.
•Otherimportantaspectsare–Awareness;Communication;Identificationofcompetentresoruces
•EstablishingbusinesscontinuityObjectives-Itshallbeconsistentwithbusinessobjectives;itcanbe
measurable;monitored;communicatedtostakeholder
•DetermineBusinesscontinuityobjectives-likewhatwillbedone;resourcesrequired;whowillbe
responsible;actionforviolationtopolicy;howtheresultswillbeevaluated.
•ChangestoBCMS–anychangesshallbecarriedoutinaplannedmanner;thepurposeofsuch
changecommunicatedtoimpactedstakeholder;availabilityofresourcesforchange;allocationand
reallocationofresponsibilitiesandauthorities;Documentationofthesechanges.
•Otherimportantaspectsare–Awareness;Communication;Identificationofcompetentresoruces
Business Impact Analysis
•Criticalactivitiesareidentifiedinanorganizationthatsupportsthekeyproductsandservices
•Understandingtheriskofdisruptiononkeyactivities
•Impactsareidentifiedfromdisruptionofthesecriticalactivities;
•Recoveryobjectivesoftheseactivitiesaredefined(priorities,timeframes,capacities,andstrategies
forresumingtheactivity)–alsoreferredasRTO(Recoverytimeobjective)
•Determinewhichresourcesareneededtosupportprioritizedactivities;
•Determineactivitiesthathavedependencyonpartnersorsupplier
•Organizationsneedstoimplement,maintainandkeeprefining/updatingtheirbusinesscontinuity
managementsystem(BCMS)sothattheywillbeeffectiveinallcircumstances.
•Criticalactivitiesareidentifiedinanorganizationthatsupportsthekeyproductsandservices
•Understandingtheriskofdisruptiononkeyactivities
•Impactsareidentifiedfromdisruptionofthesecriticalactivities;
•Recoveryobjectivesoftheseactivitiesaredefined(priorities,timeframes,capacities,andstrategies
forresumingtheactivity)–alsoreferredasRTO(Recoverytimeobjective)
•Determinewhichresourcesareneededtosupportprioritizedactivities;
•Determineactivitiesthathavedependencyonpartnersorsupplier
•Organizationsneedstoimplement,maintainandkeeprefining/updatingtheirbusinesscontinuity
managementsystem(BCMS)sothattheywillbeeffectiveinallcircumstances.
•TheprocessforriskassessmentisaddressedinISO31000
•The organization shall:
a) Identify the risks of disruption to the organization’s
b) Prioritized activities and to their required resources;
c) Analyseand evaluate the identified risks;
d) Determine which risks require treatment.
•Increasethelikelihoodofachievingobjectives,improvetheidentificationofopportunitiesandthreats
andeffectivelyallocateanduseresourcesforrisktreatment.
Risk assessment
•The organization shall:
a) Identify the risks of disruption to the organization’s
b) Prioritized activities and to their required resources;
c) Analyseand evaluate the identified risks;
d) Determine which risks require treatment.
•Increasethelikelihoodofachievingobjectives,improvetheidentificationofopportunitiesandthreats
andeffectivelyallocateanduseresourcesforrisktreatment.
Risk assessment
List the AssetsIdentify the Risk
Natural DisasterSystem FailureAccidental Error
Malicious
Activities
Assess Potential
Consequences
Priorities the
Risk
Document the
Risk
Steps to Risk Assessment Process
Natural DisasterSystem FailureAccidental Error
Malicious
Activities
Assess Potential
Consequences
Priorities the
Risk
Document the
Risk
Steps to Risk Assessment Process
IMPACT
/
RISK
Reputational
Loss
Business
Downtime
Lost sales or
opportunity
costs
Regulatory
non
compliance
Loss of stake
holder or
investor
confidence
Work
stoppage
& idle
work force
Customer
service
Financial
loss
Employee
Morale/
Retention
Impact/ Risk to an Organisation
/
RISK
Reputational
Loss
Business
Downtime
Lost sales or
opportunity
costs
Regulatory
non
compliance
Loss of stake
holder or
investor
confidence
Work
stoppage
& idle
work force
Customer
service
Financial
loss
Employee
Morale/
Retention
Impact/ Risk to an Organisation
Actions Planning –Risk Handling Strategy
•Preventivemeasuresreducetheprobabilityoftheevent
•Correctivemeasuresreducetheconsequenceofthe
event
Alter the risk
•Disclaim responsibility in contract; outsourcing etc.
•Insurance coverage
Risk Transfer
•Eliminate by stopping the activityRisk Avoidance
•Continue as before; the activity remains unchanged
(Inherent Risk) –No action requiredRisk Acceptance
•Preventivemeasuresreducetheprobabilityoftheevent
•Correctivemeasuresreducetheconsequenceofthe
event
Alter the risk
•Disclaim responsibility in contract; outsourcing etc.
•Insurance coverage
Risk Transfer
•Eliminate by stopping the activityRisk Avoidance
•Continue as before; the activity remains unchanged
(Inherent Risk) –No action requiredRisk Acceptance
Probability of Risk -Examples
ScoreOccurrence rate Illustrated examples
1 Once in 10 year or moreMajor earthquake, Tsunami etc
2 Every 5 –10 years Major office closure for longer period due to flooding; Strike
3 Every 1-5 years Major change in Government Policy affecting the
organisation, sudden decline or change in an important
economic sector
4 Almost certainly happen
within next 12 months
Major travel dislocation, permanent loss of key staff, key
company failure, has happened once
5 Probably happen several
times inayear
IT Network failure, theft, temporary loss of key staff
ScoreOccurrence rate Illustrated examples
1 Once in 10 year or moreMajor earthquake, Tsunami etc
2 Every 5 –10 years Major office closure for longer period due to flooding; Strike
3 Every 1-5 years Major change in Government Policy affecting the
organisation, sudden decline or change in an important
economic sector
4 Almost certainly happen
within next 12 months
Major travel dislocation, permanent loss of key staff, key
company failure, has happened once
5 Probably happen several
times inayear
IT Network failure, theft, temporary loss of key staff
Business Continuity Strategies and Solutions
Identification of
strategies
•Recover
prioritized
activities within
the identified
timeframes and
agreed capacity;
•Reduce the
likelihood of
disruption; (eg.
Prevent from fire)
•Shorten the
period of
disruption;
Selection of
strategies
•Consider the
amount and type
of risk the
organization may
or may not take;
•Consider
associated costs
and benefits.
•Limit the impact
of disruption.
Resource
requirements
•people;
information and
data;
•Infrastructure
•Information and
communication
technology
(ICT) systems;
•Transportation
and logistics;
•Finance;
•Partners and
suppliers
Identification of
strategies
•Recover
prioritized
activities within
the identified
timeframes and
agreed capacity;
•Reduce the
likelihood of
disruption; (eg.
Prevent from fire)
•Shorten the
period of
disruption;
Selection of
strategies
•Consider the
amount and type
of risk the
organization may
or may not take;
•Consider
associated costs
and benefits.
•Limit the impact
of disruption.
Resource
requirements
•people;
information and
data;
•Infrastructure
•Information and
communication
technology
(ICT) systems;
•Transportation
and logistics;
•Finance;
•Partners and
suppliers
BCMS Performance review
Monitoring,Measurement,AnalysisofcurrentBCMS
EvaluationofBCMS
InternalAudit/ExternalAudit/Selfreview
Managementreview
Nonconformityandcorrectiveaction
Input/Feedbackfromstakeholders
ContinualImprovementbasisfeedback
Monitoring,Measurement,AnalysisofcurrentBCMS
EvaluationofBCMS
InternalAudit/ExternalAudit/Selfreview
Managementreview
Nonconformityandcorrectiveaction
Input/Feedbackfromstakeholders
ContinualImprovementbasisfeedback
Case Studies
CaseStudy1:TerroristattackonGlasgowairport
•On30June2007,avehiclewasdeliberatelydrivenintothemainterminalbuildingatGlasgowAirportandset
alight
•Thecrisisteamwasinitiatedandoperationalwithin45minuteswithabusinessrecoveryteamoperationalan
hourlater
•TrafficwasbannedfromtheforecourtareaoftheAirport,around3,500passengerswereevacuatedtoallow
thePolicetointerviewthemaspotentialwitnesses.
•Theirholisticstrategyisbasedaround“7R’s”.
Risk
Resilience
Rehearse
Response
Recovery
Review
Reputation
•Thisenabledtoreopenedtheterminalbuildingin23hours59minutesaftertheattack.
•BusinessContinuityAwardsinMay2008,winningthe“BusinessContinuityRecoveryoftheYear”.
CaseStudy1:TerroristattackonGlasgowairport
•On30June2007,avehiclewasdeliberatelydrivenintothemainterminalbuildingatGlasgowAirportandset
alight
•Thecrisisteamwasinitiatedandoperationalwithin45minuteswithabusinessrecoveryteamoperationalan
hourlater
•TrafficwasbannedfromtheforecourtareaoftheAirport,around3,500passengerswereevacuatedtoallow
thePolicetointerviewthemaspotentialwitnesses.
•Theirholisticstrategyisbasedaround“7R’s”.
Risk
Resilience
Rehearse
Response
Recovery
Review
Reputation
•Thisenabledtoreopenedtheterminalbuildingin23hours59minutesaftertheattack.
•BusinessContinuityAwardsinMay2008,winningthe“BusinessContinuityRecoveryoftheYear”.
Case Studies
CaseStudy2:EarthquakeinJapan-OnJuly16,2007anEarthquakeofmagnitude6.8inJapan
•NTTFACILITIES,INC.whichisasubsidiaryofNipponTelegraphandTelephoneCorporation,managesthe
maintenanceofthepowerandbuildingfacilitiesfortelecommunications.
•Itestablishesabusinesscontinuityplanforcontinuedpowersupply,andconductstheannualexercise,
assumingalarge-scaleearthquake
•Disasterrecoveryteamdeterminedthepriorityforpreparingmobileenginegenerators,consideringthe
batterybackuptime
•Within3hoursafterthemainshock,eighttruck-mountedenginegeneratorsreachedsiteandstaredsupplied
power
•Commercialpowersupplytothebuildingsresumedaftertwodaysofthedisaster
•Nofailureoftelecommunicationsservicesaroseduetoshutdownofpower
•Thisispossibleduetorobustbusinesscontinuityplan,theyconductstheannualexercise,assumingalarge-
scaleearthquakeandpoweroutrage
•Linktoreadmorecasestudies:
CaseStudy2:EarthquakeinJapan-OnJuly16,2007anEarthquakeofmagnitude6.8inJapan
•NTTFACILITIES,INC.whichisasubsidiaryofNipponTelegraphandTelephoneCorporation,managesthe
maintenanceofthepowerandbuildingfacilitiesfortelecommunications.
•Itestablishesabusinesscontinuityplanforcontinuedpowersupply,andconductstheannualexercise,
assumingalarge-scaleearthquake
•Disasterrecoveryteamdeterminedthepriorityforpreparingmobileenginegenerators,consideringthe
batterybackuptime
•Within3hoursafterthemainshock,eighttruck-mountedenginegeneratorsreachedsiteandstaredsupplied
power
•Commercialpowersupplytothebuildingsresumedaftertwodaysofthedisaster
•Nofailureoftelecommunicationsservicesaroseduetoshutdownofpower
•Thisispossibleduetorobustbusinesscontinuityplan,theyconductstheannualexercise,assumingalarge-
scaleearthquakeandpoweroutrage
•Linktoreadmorecasestudies:
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 1,009
- Slides 16
- Favorites 2
- Age 1536 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
30 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
31 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
31 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
27 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
29 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
32 views